diff options
214 files changed, 59668 insertions, 420 deletions
@@ -39,11 +39,7 @@ interface_definitions: $(config_xml_obj) # XXX: delete top level node.def's that now live in other packages rm -f $(TMPL_DIR)/firewall/node.def - rm -f $(TMPL_DIR)/system/node.def - rm -f $(TMPL_DIR)/vpn/node.def - rm -f $(TMPL_DIR)/vpn/ipsec/node.def - rm -rf $(TMPL_DIR)/vpn/nipsec - + rm -rf $(TMPL_DIR)/nfirewall # XXX: test if there are empty node.def files - this is not allowed as these # could mask help strings or mandatory priority statements find $(TMPL_DIR) -name node.def -type f -empty -exec false {} + || sh -c 'echo "There are empty node.def files! Check your interface definitions." && exit 1' @@ -62,12 +58,10 @@ op_mode_definitions: $(op_xml_obj) rm -f $(OP_TMPL_DIR)/delete/node.def rm -f $(OP_TMPL_DIR)/generate/node.def rm -f $(OP_TMPL_DIR)/monitor/node.def - rm -f $(OP_TMPL_DIR)/reset/vpn/node.def rm -f $(OP_TMPL_DIR)/set/node.def rm -f $(OP_TMPL_DIR)/show/interfaces/node.def rm -f $(OP_TMPL_DIR)/show/node.def rm -f $(OP_TMPL_DIR)/show/system/node.def - rm -f $(OP_TMPL_DIR)/show/vpn/node.def # XXX: ping must be able to recursivly call itself as the # options are provided from the script itself diff --git a/data/configd-include.json b/data/configd-include.json index f241d0cb6..dc82b3dd7 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -1,5 +1,7 @@ [ "bcast_relay.py", +"conntrack.py", +"conntrack_sync.py", "dhcp_relay.py", "dhcpv6_relay.py", "dns_forwarding.py", @@ -37,6 +39,7 @@ "protocols_igmp.py", "protocols_isis.py", "protocols_mpls.py", +"protocols_nhrp.py", "protocols_ospf.py", "protocols_ospfv3.py", "protocols_pim.py", @@ -64,6 +67,7 @@ "tftp_server.py", "vpn_l2tp.py", "vpn_pptp.py", +"vpn_rsa-keys.py", "vpn_sstp.py", "vrf.py", "vrrp.py", diff --git a/data/mibs/AGENTX-MIB.txt b/data/mibs/AGENTX-MIB.txt new file mode 100644 index 000000000..f9e5acd52 --- /dev/null +++ b/data/mibs/AGENTX-MIB.txt @@ -0,0 +1,527 @@ +AGENTX-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, mib-2 + FROM SNMPv2-SMI + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + TEXTUAL-CONVENTION, TimeStamp, TruthValue, TDomain + FROM SNMPv2-TC; +agentxMIB MODULE-IDENTITY + LAST-UPDATED "200001100000Z" -- Midnight 10 January 2000 + ORGANIZATION "AgentX Working Group" + CONTACT-INFO "WG-email: agentx@dorothy.bmc.com + Subscribe: agentx-request@dorothy.bmc.com + WG-email Archive: ftp://ftp.peer.com/pub/agentx/archives + FTP repository: ftp://ftp.peer.com/pub/agentx + http://www.ietf.org/html.charters/agentx-charter.html + + Chair: Bob Natale + ACE*COMM Corporation + Email: bnatale@acecomm.com + + WG editor: Mark Ellison + Ellison Software Consulting, Inc. + Email: ellison@world.std.com + + Co-author: Lauren Heintz + Cisco Systems, + EMail: lheintz@cisco.com + + Co-author: Smitha Gudur + Independent Consultant + Email: sgudur@hotmail.com + " + DESCRIPTION "This is the MIB module for the SNMP Agent Extensibility + Protocol (AgentX). This MIB module will be implemented by + the master agent. + " + + REVISION "200001100000Z" -- Midnight 10 January 2000 + DESCRIPTION + "Initial version published as RFC 2742." + ::= { mib-2 74 } + + -- Textual Conventions + + AgentxTAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Denotes a transport service address. This is identical to + the TAddress textual convention (SNMPv2-SMI) except that + zero-length values are permitted. + " + SYNTAX OCTET STRING (SIZE (0..255)) + + -- Administrative assignments + + agentxObjects OBJECT IDENTIFIER ::= { agentxMIB 1 } + agentxGeneral OBJECT IDENTIFIER ::= { agentxObjects 1 } + agentxConnection OBJECT IDENTIFIER ::= { agentxObjects 2 } + agentxSession OBJECT IDENTIFIER ::= { agentxObjects 3 } + agentxRegistration OBJECT IDENTIFIER ::= { agentxObjects 4 } + + agentxDefaultTimeout OBJECT-TYPE + SYNTAX INTEGER (0..255) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The default length of time, in seconds, that the master + agent should allow to elapse after dispatching a message + to a session before it regards the subagent as not + responding. This is a system-wide value that may + override the timeout value associated with a particular + session (agentxSessionTimeout) or a particular registered + MIB region (agentxRegTimeout). If the associated value of + agentxSessionTimeout and agentxRegTimeout are zero, or + impractical in accordance with implementation-specific + procedure of the master agent, the value represented by + this object will be the effective timeout value for the + + master agent to await a response to a dispatch from a + given subagent. + " + DEFVAL { 5 } + ::= { agentxGeneral 1 } + + agentxMasterAgentXVer OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The AgentX protocol version supported by this master agent. + The current protocol version is 1. Note that the master agent + must also allow interaction with earlier version subagents. + " + ::= { agentxGeneral 2 } + + -- The AgentX Subagent Connection Group + + agentxConnTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the last row creation or deletion + occurred in the agentxConnectionTable. + " + ::= { agentxConnection 1 } + + agentxConnectionTable OBJECT-TYPE + SYNTAX SEQUENCE OF AgentxConnectionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The agentxConnectionTable tracks all current AgentX transport + connections. There may be zero, one, or more AgentX sessions + carried on a given AgentX connection. + " + ::= { agentxConnection 2 } + + agentxConnectionEntry OBJECT-TYPE + SYNTAX AgentxConnectionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An agentxConnectionEntry contains information describing a + single AgentX transport connection. A connection may be + + used to support zero or more AgentX sessions. An entry is + created when a new transport connection is established, + and is destroyed when the transport connection is terminated. + " + INDEX { agentxConnIndex } + ::= { agentxConnectionTable 1 } + + AgentxConnectionEntry ::= SEQUENCE { + agentxConnIndex Unsigned32, + agentxConnOpenTime TimeStamp, + agentxConnTransportDomain TDomain, + agentxConnTransportAddress AgentxTAddress } + + agentxConnIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "agentxConnIndex contains the value that uniquely identifies + an open transport connection used by this master agent + to provide AgentX service. Values of this index should + not be re-used. The value assigned to a given transport + connection is constant for the lifetime of that connection. + " + ::= { agentxConnectionEntry 1 } + + agentxConnOpenTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when this connection was established + and, therefore, its value when this entry was added to the table. + " + ::= { agentxConnectionEntry 2 } + + agentxConnTransportDomain OBJECT-TYPE + SYNTAX TDomain + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transport protocol in use for this connection to the + subagent. + " + ::= { agentxConnectionEntry 3 } + + agentxConnTransportAddress OBJECT-TYPE + SYNTAX AgentxTAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transport address of the remote (subagent) end of this + connection to the master agent. This object may be zero-length + for unix-domain sockets (and possibly other types of transport + addresses) since the subagent need not bind a filename to its + local socket. + " + ::= { agentxConnectionEntry 4 } + + -- The AgentX Subagent Session Group + + agentxSessionTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the last row creation or deletion + occurred in the agentxSessionTable. + " + ::= { agentxSession 1 } + + agentxSessionTable OBJECT-TYPE + SYNTAX SEQUENCE OF AgentxSessionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of AgentX subagent sessions currently in effect. + " + ::= { agentxSession 2 } + + agentxSessionEntry OBJECT-TYPE + SYNTAX AgentxSessionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single open session between the AgentX + master agent and a subagent is contained in this entry. An + entry is created when a new session is successfully established + and is destroyed either when the subagent transport connection + has terminated or when the subagent session is closed. + " + INDEX { agentxConnIndex, agentxSessionIndex } + ::= { agentxSessionTable 1 } + + AgentxSessionEntry ::= SEQUENCE { + agentxSessionIndex Unsigned32, + agentxSessionObjectID OBJECT IDENTIFIER, + agentxSessionDescr SnmpAdminString, + agentxSessionAdminStatus INTEGER, + agentxSessionOpenTime TimeStamp, + agentxSessionAgentXVer INTEGER, + agentxSessionTimeout INTEGER + } + + agentxSessionIndex OBJECT-TYPE + SYNTAX Unsigned32 (0..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A unique index for the subagent session. It is the same as + h.sessionID defined in the agentx header. Note that if + a subagent's session with the master agent is closed for + any reason its index should not be re-used. + A value of zero(0) is specifically allowed in order + to be compatible with the definition of h.sessionId. + " + ::= { agentxSessionEntry 1 } + + agentxSessionObjectID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is taken from the o.id field of the agentx-Open-PDU. + This attribute will report a value of '0.0' for subagents + not supporting the notion of an AgentX session object + identifier. + " + ::= { agentxSessionEntry 2 } + + agentxSessionDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the session. This is analogous to + sysDescr defined in the SNMPv2-MIB in RFC 1907 [19] and is + taken from the o.descr field of the agentx-Open-PDU. + This attribute will report a zero-length string value for + subagents not supporting the notion of a session description. + " + ::= { agentxSessionEntry 3 } + + agentxSessionAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The administrative (desired) status of the session. Setting + the value to 'down(2)' closes the subagent session (with c.reason + set to 'reasonByManager'). + " + ::= { agentxSessionEntry 4 } + + agentxSessionOpenTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when this session was opened and, + therefore, its value when this entry was added to the table. + " + ::= { agentxSessionEntry 5 } + + agentxSessionAgentXVer OBJECT-TYPE + SYNTAX INTEGER (1..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version of the AgentX protocol supported by the + session. This must be less than or equal to the value of + agentxMasterAgentXVer. + " + ::= { agentxSessionEntry 6 } + + agentxSessionTimeout OBJECT-TYPE + SYNTAX INTEGER (0..255) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time, in seconds, that a master agent should + allow to elapse after dispatching a message to this session + before it regards the subagent as not responding. This value + is taken from the o.timeout field of the agentx-Open-PDU. + This is a session-specific value that may be overridden by + values associated with the specific registered MIB regions + (see agentxRegTimeout). A value of zero(0) indicates that + the master agent's default timeout value should be used + + (see agentxDefaultTimeout). + " + ::= { agentxSessionEntry 7 } + + -- The AgentX Registration Group + + agentxRegistrationTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the last row creation or deletion + occurred in the agentxRegistrationTable. + " + ::= { agentxRegistration 1 } + + agentxRegistrationTable OBJECT-TYPE + SYNTAX SEQUENCE OF AgentxRegistrationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of registered regions. + " + ::= { agentxRegistration 2 } + + agentxRegistrationEntry OBJECT-TYPE + SYNTAX AgentxRegistrationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Contains information for a single registered region. An + entry is created when a session successfully registers a + region and is destroyed for any of three reasons: this region + is unregistered by the session, the session is closed, + or the subagent connection is closed. + " + INDEX { agentxConnIndex, agentxSessionIndex, agentxRegIndex } + ::= { agentxRegistrationTable 1 } + + AgentxRegistrationEntry ::= SEQUENCE { + agentxRegIndex Unsigned32, + agentxRegContext OCTET STRING, + agentxRegStart OBJECT IDENTIFIER, + agentxRegRangeSubId Unsigned32, + agentxRegUpperBound Unsigned32, + agentxRegPriority Unsigned32, + agentxRegTimeout INTEGER, + agentxRegInstance TruthValue } + + agentxRegIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "agentxRegIndex uniquely identifies a registration entry. + This value is constant for the lifetime of an entry. + " + ::= { agentxRegistrationEntry 1 } + + agentxRegContext OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The context in which the session supports the objects in this + region. A zero-length context indicates the default context. + " + ::= { agentxRegistrationEntry 2 } + + agentxRegStart OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The starting OBJECT IDENTIFIER of this registration entry. The + session identified by agentxSessionIndex implements objects + starting at this value (inclusive). Note that this value could + identify an object type, an object instance, or a partial object + instance. + " + ::= { agentxRegistrationEntry 3 } + + agentxRegRangeSubId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "agentxRegRangeSubId is used to specify the range. This is + taken from r.region_subid in the registration PDU. If the value + of this object is zero, no range is specified. If it is non-zero, + it identifies the `nth' sub-identifier in r.region for which + this entry's agentxRegUpperBound value is substituted in the + OID for purposes of defining the region's upper bound. + " + ::= { agentxRegistrationEntry 4 } + + agentxRegUpperBound OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "agentxRegUpperBound represents the upper-bound sub-identifier in + a registration. This is taken from the r.upper_bound in the + registration PDU. If agentxRegRangeSubid (r.region_subid) is + zero, this value is also zero and is not used to define an upper + bound for this registration. + " + ::= { agentxRegistrationEntry 5 } + + agentxRegPriority OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The registration priority. Lower values have higher priority. + This value is taken from r.priority in the register PDU. + Sessions should use the value of 127 for r.priority if a + default value is desired. + " + ::= { agentxRegistrationEntry 6 } + + agentxRegTimeout OBJECT-TYPE + SYNTAX INTEGER (0..255) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The timeout value, in seconds, for responses to + requests associated with this registered MIB region. + A value of zero(0) indicates the default value (indicated + by by agentxSessionTimeout or agentxDefaultTimeout) is to + be used. This value is taken from the r.timeout field of + the agentx-Register-PDU. + " + ::= { agentxRegistrationEntry 7 } + + agentxRegInstance OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of agentxRegInstance is `true' for + registrations for which the INSTANCE_REGISTRATION + was set, and is `false' for all other registrations. + " + ::= { agentxRegistrationEntry 8 } + + -- Conformance Statements for AgentX + + agentxConformance OBJECT IDENTIFIER ::= { agentxMIB 2 } + agentxMIBGroups OBJECT IDENTIFIER ::= { agentxConformance 1 } + agentxMIBCompliances OBJECT IDENTIFIER ::= { agentxConformance 2 } + + -- Compliance Statements for AgentX + + agentxMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities that implement the + AgentX protocol. Note that a compliant agent can implement all + objects in this MIB module as read-only. + " + MODULE -- this module + MANDATORY-GROUPS { agentxMIBGroup } + + OBJECT agentxSessionAdminStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. + " + ::= { agentxMIBCompliances 1 } + + agentxMIBGroup OBJECT-GROUP + OBJECTS { + agentxDefaultTimeout, + agentxMasterAgentXVer, + agentxConnTableLastChange, + agentxConnOpenTime, + agentxConnTransportDomain, + agentxConnTransportAddress, + agentxSessionTableLastChange, + agentxSessionTimeout, + agentxSessionObjectID, + agentxSessionDescr, + agentxSessionAdminStatus, + agentxSessionOpenTime, + agentxSessionAgentXVer, + agentxRegistrationTableLastChange, + agentxRegContext, + agentxRegStart, + agentxRegRangeSubId, + agentxRegUpperBound, + agentxRegPriority, + agentxRegTimeout, + agentxRegInstance + } + STATUS current + DESCRIPTION + "All accessible objects in the AgentX MIB. + " + ::= { agentxMIBGroups 1 } + + END diff --git a/data/mibs/BGP4-MIB.txt b/data/mibs/BGP4-MIB.txt new file mode 100644 index 000000000..c911316c2 --- /dev/null +++ b/data/mibs/BGP4-MIB.txt @@ -0,0 +1,929 @@ + BGP4-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + IpAddress, Integer32, Counter32, Gauge32, mib-2 + FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF; + + bgp MODULE-IDENTITY + LAST-UPDATED "9902100000Z" + ORGANIZATION "IETF IDR Working Group" + CONTACT-INFO "E-mail: idr@merit.net + + Susan Hares (Editor) + Merit Network + 4251 Plymouth Road + Suite C + Ann Arbor, MI 48105-2785 + Tel: +1 734 936 2095 + Fax: +1 734 647 3185 + E-mail: skh@merit.edu + + Jeff Johnson (Editor) + RedBack Networks, Inc. + 1389 Moffett Park Drive + Sunnyvale, CA 94089-1134 + Tel: +1 408 548 3516 + Fax: +1 408 548 3599 + E-mail: jeff@redback.com" + DESCRIPTION + "The MIB module for BGP-4." + REVISION "9902100000Z" + DESCRIPTION + "Corrected duplicate OBJECT IDENTIFIER + assignment in the conformance information." + REVISION "9601080000Z" + DESCRIPTION + "1) Fixed the definitions of the traps to + make them equivalent to their initial + definition in RFC 1269. + 2) Added compliance and conformance info." + ::= { mib-2 15 } + + bgpVersion OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (1..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Vector of supported BGP protocol version + numbers. Each peer negotiates the version + from this vector. Versions are identified + via the string of bits contained within this + object. The first octet contains bits 0 to + 7, the second octet contains bits 8 to 15, + and so on, with the most significant bit + referring to the lowest bit number in the + octet (e.g., the MSB of the first octet + refers to bit 0). If a bit, i, is present + and set, then the version (i+1) of the BGP + is supported." + ::= { bgp 1 } + + bgpLocalAs OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local autonomous system number." + ::= { bgp 2 } + + + + -- BGP Peer table. This table contains, one entry per BGP + -- peer, information about the BGP peer. + + bgpPeerTable OBJECT-TYPE + SYNTAX SEQUENCE OF BgpPeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "BGP peer table. This table contains, + one entry per BGP peer, information about the + connections with BGP peers." + ::= { bgp 3 } + + bgpPeerEntry OBJECT-TYPE + SYNTAX BgpPeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entry containing information about the + connection with a BGP peer." + INDEX { bgpPeerRemoteAddr } + ::= { bgpPeerTable 1 } + + BgpPeerEntry ::= SEQUENCE { + bgpPeerIdentifier + IpAddress, + bgpPeerState + INTEGER, + bgpPeerAdminStatus + INTEGER, + bgpPeerNegotiatedVersion + Integer32, + bgpPeerLocalAddr + IpAddress, + bgpPeerLocalPort + INTEGER, + bgpPeerRemoteAddr + IpAddress, + bgpPeerRemotePort + INTEGER, + bgpPeerRemoteAs + INTEGER, + bgpPeerInUpdates + Counter32, + bgpPeerOutUpdates + Counter32, + bgpPeerInTotalMessages + Counter32, + bgpPeerOutTotalMessages + Counter32, + bgpPeerLastError + OCTET STRING, + bgpPeerFsmEstablishedTransitions + Counter32, + bgpPeerFsmEstablishedTime + Gauge32, + bgpPeerConnectRetryInterval + INTEGER, + bgpPeerHoldTime + INTEGER, + bgpPeerKeepAlive + INTEGER, + bgpPeerHoldTimeConfigured + INTEGER, + bgpPeerKeepAliveConfigured + INTEGER, + bgpPeerMinASOriginationInterval + INTEGER, + bgpPeerMinRouteAdvertisementInterval + INTEGER, + bgpPeerInUpdateElapsedTime + Gauge32 + } + + bgpPeerIdentifier OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The BGP Identifier of this entry's BGP peer." + ::= { bgpPeerEntry 1 } + + bgpPeerState OBJECT-TYPE + SYNTAX INTEGER { + idle(1), + connect(2), + active(3), + opensent(4), + openconfirm(5), + established(6) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The BGP peer connection state." + ::= { bgpPeerEntry 2 } + + bgpPeerAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + stop(1), + start(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The desired state of the BGP connection. A + transition from 'stop' to 'start' will cause + the BGP Start Event to be generated. A + transition from 'start' to 'stop' will cause + the BGP Stop Event to be generated. This + parameter can be used to restart BGP peer + connections. Care should be used in providing + write access to this object without adequate + authentication." + ::= { bgpPeerEntry 3 } + + bgpPeerNegotiatedVersion OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated version of BGP running between + the two peers." + ::= { bgpPeerEntry 4 } + + bgpPeerLocalAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local IP address of this entry's BGP + connection." + ::= { bgpPeerEntry 5 } + + bgpPeerLocalPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local port for the TCP connection between + the BGP peers." + ::= { bgpPeerEntry 6 } + + bgpPeerRemoteAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote IP address of this entry's BGP + peer." + ::= { bgpPeerEntry 7 } + + bgpPeerRemotePort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote port for the TCP connection between + the BGP peers. Note that the objects + bgpPeerLocalAddr, bgpPeerLocalPort, + bgpPeerRemoteAddr and bgpPeerRemotePort + provide the appropriate reference to the + standard MIB TCP connection table." + ::= { bgpPeerEntry 8 } + + bgpPeerRemoteAs OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote autonomous system number." + ::= { bgpPeerEntry 9 } + + bgpPeerInUpdates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of BGP UPDATE messages received on + this connection. This object should be + initialized to zero (0) when the connection is + established." + ::= { bgpPeerEntry 10 } + + bgpPeerOutUpdates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of BGP UPDATE messages transmitted + on this connection. This object should be + initialized to zero (0) when the connection is + established." + ::= { bgpPeerEntry 11 } + + bgpPeerInTotalMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages received from the + remote peer on this connection. This object + should be initialized to zero when the + connection is established." + ::= { bgpPeerEntry 12 } + + bgpPeerOutTotalMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages transmitted to + the remote peer on this connection. This object + should be initialized to zero when the + connection is established." + ::= { bgpPeerEntry 13 } + + bgpPeerLastError OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The last error code and subcode seen by this + peer on this connection. If no error has + occurred, this field is zero. Otherwise, the + first byte of this two byte OCTET STRING + contains the error code, and the second byte + contains the subcode." + ::= { bgpPeerEntry 14 } + + bgpPeerFsmEstablishedTransitions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times the BGP FSM + transitioned into the established state." + ::= { bgpPeerEntry 15 } + + bgpPeerFsmEstablishedTime OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This timer indicates how long (in seconds) this + peer has been in the Established state or how long + since this peer was last in the Established state. + It is set to zero when a new peer is configured or + the router is booted." + ::= { bgpPeerEntry 16 } + + bgpPeerConnectRetryInterval OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Time interval in seconds for the ConnectRetry + timer. The suggested value for this timer is + 120 seconds." + ::= { bgpPeerEntry 17 } + + bgpPeerHoldTime OBJECT-TYPE + SYNTAX INTEGER ( 0 | 3..65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time interval in seconds for the Hold Timer + established with the peer. The value of this + object is calculated by this BGP speaker by + using the smaller of the value in + bgpPeerHoldTimeConfigured and the Hold Time + received in the OPEN message. This value + must be at lease three seconds if it is not + zero (0) in which case the Hold Timer has + not been established with the peer, or, the + value of bgpPeerHoldTimeConfigured is zero (0)." + ::= { bgpPeerEntry 18 } + + bgpPeerKeepAlive OBJECT-TYPE + SYNTAX INTEGER ( 0 | 1..21845 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time interval in seconds for the KeepAlive + timer established with the peer. The value of + this object is calculated by this BGP speaker + such that, when compared with bgpPeerHoldTime, + it has the same proportion as what + bgpPeerKeepAliveConfigured has when compared + with bgpPeerHoldTimeConfigured. If the value + of this object is zero (0), it indicates that + the KeepAlive timer has not been established + with the peer, or, the value of + bgpPeerKeepAliveConfigured is zero (0)." + ::= { bgpPeerEntry 19 } + + bgpPeerHoldTimeConfigured OBJECT-TYPE + SYNTAX INTEGER ( 0 | 3..65535 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Time interval in seconds for the Hold Time + configured for this BGP speaker with this peer. + This value is placed in an OPEN message sent to + this peer by this BGP speaker, and is compared + with the Hold Time field in an OPEN message + received from the peer when determining the Hold + Time (bgpPeerHoldTime) with the peer. This value + must not be less than three seconds if it is not + zero (0) in which case the Hold Time is NOT to be + established with the peer. The suggested value for + this timer is 90 seconds." + ::= { bgpPeerEntry 20 } + + bgpPeerKeepAliveConfigured OBJECT-TYPE + SYNTAX INTEGER ( 0 | 1..21845 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Time interval in seconds for the KeepAlive timer + configured for this BGP speaker with this peer. + The value of this object will only determine the + KEEPALIVE messages' frequency relative to the value + specified in bgpPeerHoldTimeConfigured; the actual + time interval for the KEEPALIVE messages is + indicated by bgpPeerKeepAlive. A reasonable + maximum value for this timer would be configured to + be one third of that of bgpPeerHoldTimeConfigured. + If the value of this object is zero (0), no + periodical KEEPALIVE messages are sent to the peer + after the BGP connection has been established. The + suggested value for this timer is 30 seconds." + ::= { bgpPeerEntry 21 } + + bgpPeerMinASOriginationInterval OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Time interval in seconds for the + MinASOriginationInterval timer. + The suggested value for this timer is 15 seconds." + ::= { bgpPeerEntry 22 } + + bgpPeerMinRouteAdvertisementInterval OBJECT-TYPE + SYNTAX INTEGER (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Time interval in seconds for the + MinRouteAdvertisementInterval timer. + The suggested value for this timer is 30 seconds." + ::= { bgpPeerEntry 23 } + + bgpPeerInUpdateElapsedTime OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Elapsed time in seconds since the last BGP + UPDATE message was received from the peer. + Each time bgpPeerInUpdates is incremented, + the value of this object is set to zero (0)." + ::= { bgpPeerEntry 24 } + + + + bgpIdentifier OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The BGP Identifier of local system." + ::= { bgp 4 } + + + + -- Received Path Attribute Table. This table contains, + -- one entry per path to a network, path attributes + -- received from all peers running BGP version 3 or less. + -- This table is obsolete, having been replaced in + -- functionality with the bgp4PathAttrTable. + + bgpRcvdPathAttrTable OBJECT-TYPE + SYNTAX SEQUENCE OF BgpPathAttrEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "The BGP Received Path Attribute Table contains + information about paths to destination networks + received from all peers running BGP version 3 or + less." + ::= { bgp 5 } + + bgpPathAttrEntry OBJECT-TYPE + SYNTAX BgpPathAttrEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "Information about a path to a network." + INDEX { bgpPathAttrDestNetwork, + bgpPathAttrPeer } + ::= { bgpRcvdPathAttrTable 1 } + + BgpPathAttrEntry ::= SEQUENCE { + bgpPathAttrPeer + IpAddress, + bgpPathAttrDestNetwork + IpAddress, + bgpPathAttrOrigin + INTEGER, + bgpPathAttrASPath + OCTET STRING, + bgpPathAttrNextHop + IpAddress, + bgpPathAttrInterASMetric + Integer32 + } + + bgpPathAttrPeer OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The IP address of the peer where the path + information was learned." + ::= { bgpPathAttrEntry 1 } + + bgpPathAttrDestNetwork OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The address of the destination network." + ::= { bgpPathAttrEntry 2 } + + bgpPathAttrOrigin OBJECT-TYPE + SYNTAX INTEGER { + igp(1),-- networks are interior + egp(2),-- networks learned via EGP + incomplete(3) -- undetermined + } + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The ultimate origin of the path information." + ::= { bgpPathAttrEntry 3 } + + bgpPathAttrASPath OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2..255)) + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The set of ASs that must be traversed to reach + the network. This object is probably best + represented as SEQUENCE OF INTEGER. For SMI + compatibility, though, it is represented as + OCTET STRING. Each AS is represented as a pair + of octets according to the following algorithm: + + first-byte-of-pair = ASNumber / 256; + second-byte-of-pair = ASNumber & 255;" + ::= { bgpPathAttrEntry 4 } + + bgpPathAttrNextHop OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The address of the border router that should + be used for the destination network." + ::= { bgpPathAttrEntry 5 } + + bgpPathAttrInterASMetric OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The optional inter-AS metric. If this + attribute has not been provided for this route, + the value for this object is 0." + ::= { bgpPathAttrEntry 6 } + + + + -- BGP-4 Received Path Attribute Table. This table contains, + -- one entry per path to a network, path attributes + -- received from all peers running BGP-4. + + bgp4PathAttrTable OBJECT-TYPE + SYNTAX SEQUENCE OF Bgp4PathAttrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The BGP-4 Received Path Attribute Table contains + information about paths to destination networks + received from all BGP4 peers." + ::= { bgp 6 } + + bgp4PathAttrEntry OBJECT-TYPE + SYNTAX Bgp4PathAttrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a path to a network." + INDEX { bgp4PathAttrIpAddrPrefix, + bgp4PathAttrIpAddrPrefixLen, + bgp4PathAttrPeer } + ::= { bgp4PathAttrTable 1 } + + Bgp4PathAttrEntry ::= SEQUENCE { + bgp4PathAttrPeer + IpAddress, + bgp4PathAttrIpAddrPrefixLen + INTEGER, + bgp4PathAttrIpAddrPrefix + IpAddress, + bgp4PathAttrOrigin + INTEGER, + bgp4PathAttrASPathSegment + OCTET STRING, + bgp4PathAttrNextHop + IpAddress, + bgp4PathAttrMultiExitDisc + INTEGER, + bgp4PathAttrLocalPref + INTEGER, + bgp4PathAttrAtomicAggregate + INTEGER, + bgp4PathAttrAggregatorAS + INTEGER, + bgp4PathAttrAggregatorAddr + IpAddress, + bgp4PathAttrCalcLocalPref + INTEGER, + bgp4PathAttrBest + INTEGER, + bgp4PathAttrUnknown + OCTET STRING + } + + bgp4PathAttrPeer OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the peer where the path + information was learned." + ::= { bgp4PathAttrEntry 1 } + bgp4PathAttrIpAddrPrefixLen OBJECT-TYPE + SYNTAX INTEGER (0..32) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Length in bits of the IP address prefix in the + Network Layer Reachability Information field." + ::= { bgp4PathAttrEntry 2 } + + bgp4PathAttrIpAddrPrefix OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An IP address prefix in the Network Layer + Reachability Information field. This object + is an IP address containing the prefix with + length specified by bgp4PathAttrIpAddrPrefixLen. + Any bits beyond the length specified by + bgp4PathAttrIpAddrPrefixLen are zeroed." + ::= { bgp4PathAttrEntry 3 } + + bgp4PathAttrOrigin OBJECT-TYPE + SYNTAX INTEGER { + igp(1),-- networks are interior + egp(2),-- networks learned via EGP + incomplete(3) -- undetermined + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The ultimate origin of the path information." + ::= { bgp4PathAttrEntry 4 } + + bgp4PathAttrASPathSegment OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The sequence of AS path segments. Each AS + path segment is represented by a triple + <type, length, value>. + + The type is a 1-octet field which has two + possible values: + 1 AS_SET: unordered set of ASs a + route in the UPDATE message + has traversed + 2 AS_SEQUENCE: ordered set of ASs + a route in the UPDATE message + has traversed. + + The length is a 1-octet field containing the + number of ASs in the value field. + + The value field contains one or more AS + numbers, each AS is represented in the octet + string as a pair of octets according to the + following algorithm: + + first-byte-of-pair = ASNumber / 256; + second-byte-of-pair = ASNumber & 255;" + ::= { bgp4PathAttrEntry 5 } + + bgp4PathAttrNextHop OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The address of the border router that should + be used for the destination network." + ::= { bgp4PathAttrEntry 6 } + + bgp4PathAttrMultiExitDisc OBJECT-TYPE + SYNTAX INTEGER (-1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This metric is used to discriminate between + multiple exit points to an adjacent autonomous + system. A value of -1 indicates the absence of + this attribute." + ::= { bgp4PathAttrEntry 7 } + + bgp4PathAttrLocalPref OBJECT-TYPE + SYNTAX INTEGER (-1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The originating BGP4 speaker's degree of + preference for an advertised route. A value of + -1 indicates the absence of this attribute." + ::= { bgp4PathAttrEntry 8 } + + bgp4PathAttrAtomicAggregate OBJECT-TYPE + SYNTAX INTEGER { + lessSpecificRrouteNotSelected(1), + lessSpecificRouteSelected(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Whether or not a system has selected + a less specific route without selecting a + more specific route." + ::= { bgp4PathAttrEntry 9 } + + bgp4PathAttrAggregatorAS OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The AS number of the last BGP4 speaker that + performed route aggregation. A value of zero (0) + indicates the absence of this attribute." + ::= { bgp4PathAttrEntry 10 } + + bgp4PathAttrAggregatorAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the last BGP4 speaker that + performed route aggregation. A value of + 0.0.0.0 indicates the absence of this attribute." + ::= { bgp4PathAttrEntry 11 } + + bgp4PathAttrCalcLocalPref OBJECT-TYPE + SYNTAX INTEGER (-1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The degree of preference calculated by the + receiving BGP4 speaker for an advertised route. + A value of -1 indicates the absence of this + attribute." + ::= { bgp4PathAttrEntry 12 } + + bgp4PathAttrBest OBJECT-TYPE + SYNTAX INTEGER { + false(1),-- not chosen as best route + true(2) -- chosen as best route + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication of whether or not this route + was chosen as the best BGP4 route." + ::= { bgp4PathAttrEntry 13 } + + bgp4PathAttrUnknown OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "One or more path attributes not understood + by this BGP4 speaker. Size zero (0) indicates + the absence of such attribute(s). Octets + beyond the maximum size, if any, are not + recorded by this object." + ::= { bgp4PathAttrEntry 14 } + + + -- Traps. + + -- note that in RFC 1657, bgpTraps was incorrectly + -- assigned a value of { bgp 7 }, and each of the + -- traps had the bgpPeerRemoteAddr object inappropriately + -- removed from their OBJECTS clause. The following + -- definitions restore the semantics of the traps as + -- they were initially defined in RFC 1269. + + -- { bgp 7 } is unused + + bgpTraps OBJECT IDENTIFIER ::= { bgp 0 } + + bgpEstablished NOTIFICATION-TYPE + OBJECTS { bgpPeerRemoteAddr, + bgpPeerLastError, + bgpPeerState } + STATUS current + DESCRIPTION + "The BGP Established event is generated when + the BGP FSM enters the ESTABLISHED state." + ::= { bgpTraps 1 } + + bgpBackwardTransition NOTIFICATION-TYPE + OBJECTS { bgpPeerRemoteAddr, + bgpPeerLastError, + bgpPeerState } + STATUS current + DESCRIPTION + "The BGPBackwardTransition Event is generated + when the BGP FSM moves from a higher numbered + state to a lower numbered state." + ::= { bgpTraps 2 } + + -- conformance information + + bgpMIBConformance OBJECT IDENTIFIER ::= { bgp 8 } + bgpMIBCompliances OBJECT IDENTIFIER ::= { bgpMIBConformance 1 } + bgpMIBGroups OBJECT IDENTIFIER ::= { bgpMIBConformance 2 } + + -- compliance statements + + bgpMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which + implement the BGP4 mib." + MODULE -- this module + MANDATORY-GROUPS { bgp4MIBGlobalsGroup, + bgp4MIBPeerGroup, + bgp4MIBPathAttrGroup, + bgp4MIBNotificationGroup } + ::= { bgpMIBCompliances 1 } + + -- units of conformance + + bgp4MIBGlobalsGroup OBJECT-GROUP + OBJECTS { bgpVersion, + bgpLocalAs, + bgpIdentifier } + STATUS current + DESCRIPTION + "A collection of objects providing information + on global BGP state." + ::= { bgpMIBGroups 1 } + + bgp4MIBPeerGroup OBJECT-GROUP + OBJECTS { bgpPeerIdentifier, + bgpPeerState, + bgpPeerAdminStatus, + bgpPeerNegotiatedVersion, + bgpPeerLocalAddr, + bgpPeerLocalPort, + bgpPeerRemoteAddr, + bgpPeerRemotePort, + bgpPeerRemoteAs, + bgpPeerInUpdates, + bgpPeerOutUpdates, + bgpPeerInTotalMessages, + bgpPeerOutTotalMessages, + bgpPeerLastError, + bgpPeerFsmEstablishedTransitions, + bgpPeerFsmEstablishedTime, + bgpPeerConnectRetryInterval, + bgpPeerHoldTime, + bgpPeerKeepAlive, + bgpPeerHoldTimeConfigured, + bgpPeerKeepAliveConfigured, + bgpPeerMinASOriginationInterval, + bgpPeerMinRouteAdvertisementInterval, + bgpPeerInUpdateElapsedTime } + STATUS current + DESCRIPTION + "A collection of objects for managing + BGP peers." + ::= { bgpMIBGroups 2 } + + bgp4MIBRcvdPathAttrGroup OBJECT-GROUP + OBJECTS { bgpPathAttrPeer, + bgpPathAttrDestNetwork, + bgpPathAttrOrigin, + bgpPathAttrASPath, + bgpPathAttrNextHop, + bgpPathAttrInterASMetric } + STATUS obsolete + DESCRIPTION + "A collection of objects for managing BGP + path entries. + + This conformance group is obsolete, + replaced by bgp4MIBPathAttrGroup." + ::= { bgpMIBGroups 3 } + + bgp4MIBPathAttrGroup OBJECT-GROUP + OBJECTS { bgp4PathAttrPeer, + bgp4PathAttrIpAddrPrefixLen, + bgp4PathAttrIpAddrPrefix, + bgp4PathAttrOrigin, + bgp4PathAttrASPathSegment, + bgp4PathAttrNextHop, + bgp4PathAttrMultiExitDisc, + bgp4PathAttrLocalPref, + bgp4PathAttrAtomicAggregate, + bgp4PathAttrAggregatorAS, + bgp4PathAttrAggregatorAddr, + bgp4PathAttrCalcLocalPref, + bgp4PathAttrBest, + bgp4PathAttrUnknown } + STATUS current + DESCRIPTION + "A collection of objects for managing + BGP path entries." + ::= { bgpMIBGroups 4 } + + bgp4MIBNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { bgpEstablished, + bgpBackwardTransition } + STATUS current + DESCRIPTION + "A collection of notifications for signaling + changes in BGP peer relationships." + ::= { bgpMIBGroups 5 } + + END diff --git a/data/mibs/BRIDGE-MIB.txt b/data/mibs/BRIDGE-MIB.txt new file mode 100644 index 000000000..1e77a190f --- /dev/null +++ b/data/mibs/BRIDGE-MIB.txt @@ -0,0 +1,1472 @@ +BRIDGE-MIB DEFINITIONS ::= BEGIN + +-- ---------------------------------------------------------- -- +-- MIB for IEEE 802.1D devices +-- ---------------------------------------------------------- -- +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + Counter32, Integer32, TimeTicks, mib-2 + FROM SNMPv2-SMI + TEXTUAL-CONVENTION, MacAddress + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + InterfaceIndex FROM IF-MIB + ; + +dot1dBridge MODULE-IDENTITY + LAST-UPDATED "200509190000Z" + ORGANIZATION "IETF Bridge MIB Working Group" + CONTACT-INFO + "Email: bridge-mib@ietf.org + + K.C. Norseth (Editor) + L-3 Communications + Tel: +1 801-594-2809 + Email: kenyon.c.norseth@L-3com.com + Postal: 640 N. 2200 West. + Salt Lake City, Utah 84116-0850 + + Les Bell (Editor) + 3Com Europe Limited + Phone: +44 1442 438025 + Email: elbell@ntlworld.com + Postal: 3Com Centre, Boundary Way + Hemel Hempstead + Herts. HP2 7YU + UK + + Send comments to <bridge-mib@ietf.org>" + DESCRIPTION + "The Bridge MIB module for managing devices that support + IEEE 802.1D. + + Copyright (C) The Internet Society (2005). This version of + this MIB module is part of RFC 4188; see the RFC itself for + full legal notices." + REVISION "200509190000Z" + DESCRIPTION + "Third revision, published as part of RFC 4188. + + The MIB module has been converted to SMIv2 format. + Conformance statements have been added and some + description and reference clauses have been updated. + + The object dot1dStpPortPathCost32 was added to + support IEEE 802.1t and the permissible values of + dot1dStpPriority and dot1dStpPortPriority have been + clarified for bridges supporting IEEE 802.1t or + IEEE 802.1w. + + The interpretation of dot1dStpTimeSinceTopologyChange + has been clarified for bridges supporting the Rapid + Spanning Tree Protocol (RSTP)." + REVISION "199307310000Z" + DESCRIPTION + "Second revision, published as part of RFC 1493." + REVISION "199112310000Z" + DESCRIPTION + "Initial revision, published as part of RFC 1286." + ::= { mib-2 17 } + +-- ---------------------------------------------------------- -- +-- Textual Conventions +-- ---------------------------------------------------------- -- + +BridgeId ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The Bridge-Identifier, as used in the Spanning Tree + Protocol, to uniquely identify a bridge. Its first two + octets (in network byte order) contain a priority value, + and its last 6 octets contain the MAC address used to + refer to a bridge in a unique fashion (typically, the + numerically smallest MAC address of all ports on the + bridge)." + SYNTAX OCTET STRING (SIZE (8)) + +Timeout ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "A Spanning Tree Protocol (STP) timer in units of 1/100 + seconds. Several objects in this MIB module represent + values of timers used by the Spanning Tree Protocol. + In this MIB, these timers have values in units of + hundredths of a second (i.e., 1/100 secs). + + These timers, when stored in a Spanning Tree Protocol's + BPDU, are in units of 1/256 seconds. Note, however, that + 802.1D-1998 specifies a settable granularity of no more + than one second for these timers. To avoid ambiguity, + a conversion algorithm is defined below for converting + between the different units, which ensures a timer's + value is not distorted by multiple conversions. + + To convert a Timeout value into a value in units of + 1/256 seconds, the following algorithm should be used: + + b = floor( (n * 256) / 100) + + where: + floor = quotient [ignore remainder] + n is the value in 1/100 second units + b is the value in 1/256 second units + + To convert the value from 1/256 second units back to + 1/100 seconds, the following algorithm should be used: + + n = ceiling( (b * 100) / 256) + + where: + ceiling = quotient [if remainder is 0], or + quotient + 1 [if remainder is nonzero] + n is the value in 1/100 second units + + b is the value in 1/256 second units + + Note: it is important that the arithmetic operations are + done in the order specified (i.e., multiply first, + divide second)." + SYNTAX Integer32 + +-- ---------------------------------------------------------- -- +-- subtrees in the Bridge MIB +-- ---------------------------------------------------------- -- + +dot1dNotifications OBJECT IDENTIFIER ::= { dot1dBridge 0 } + +dot1dBase OBJECT IDENTIFIER ::= { dot1dBridge 1 } +dot1dStp OBJECT IDENTIFIER ::= { dot1dBridge 2 } + +dot1dSr OBJECT IDENTIFIER ::= { dot1dBridge 3 } +-- documented in RFC 1525 + +dot1dTp OBJECT IDENTIFIER ::= { dot1dBridge 4 } +dot1dStatic OBJECT IDENTIFIER ::= { dot1dBridge 5 } + +-- Subtrees used by Bridge MIB Extensions: +-- pBridgeMIB MODULE-IDENTITY ::= { dot1dBridge 6 } +-- qBridgeMIB MODULE-IDENTITY ::= { dot1dBridge 7 } +-- Note that the practice of registering related MIB modules +-- below dot1dBridge has been discouraged since there is no +-- robust mechanism to track such registrations. + +dot1dConformance OBJECT IDENTIFIER ::= { dot1dBridge 8 } + +-- ---------------------------------------------------------- -- +-- the dot1dBase subtree +-- ---------------------------------------------------------- -- +-- Implementation of the dot1dBase subtree is mandatory for all +-- bridges. +-- ---------------------------------------------------------- -- + +dot1dBaseBridgeAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The MAC address used by this bridge when it must be + referred to in a unique fashion. It is recommended + that this be the numerically smallest MAC address of + all ports that belong to this bridge. However, it is only + + required to be unique. When concatenated with + dot1dStpPriority, a unique BridgeIdentifier is formed, + which is used in the Spanning Tree Protocol." + REFERENCE + "IEEE 802.1D-1998: clauses 14.4.1.1.3 and 7.12.5" + ::= { dot1dBase 1 } + +dot1dBaseNumPorts OBJECT-TYPE + SYNTAX Integer32 + UNITS "ports" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ports controlled by this bridging + entity." + REFERENCE + "IEEE 802.1D-1998: clause 14.4.1.1.3" + ::= { dot1dBase 2 } + +dot1dBaseType OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + transparent-only(2), + sourceroute-only(3), + srt(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates what type of bridging this bridge can + perform. If a bridge is actually performing a + certain type of bridging, this will be indicated by + entries in the port table for the given type." + ::= { dot1dBase 3 } + +-- ---------------------------------------------------------- -- +-- The Generic Bridge Port Table +-- ---------------------------------------------------------- -- +dot1dBasePortTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dBasePortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains generic information about every + port that is associated with this bridge. Transparent, + source-route, and srt ports are included." + ::= { dot1dBase 4 } + +dot1dBasePortEntry OBJECT-TYPE + SYNTAX Dot1dBasePortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of information for each port of the bridge." + REFERENCE + "IEEE 802.1D-1998: clause 14.4.2, 14.6.1" + INDEX { dot1dBasePort } + ::= { dot1dBasePortTable 1 } + +Dot1dBasePortEntry ::= + SEQUENCE { + dot1dBasePort + Integer32, + dot1dBasePortIfIndex + InterfaceIndex, + dot1dBasePortCircuit + OBJECT IDENTIFIER, + dot1dBasePortDelayExceededDiscards + Counter32, + dot1dBasePortMtuExceededDiscards + Counter32 + } + +dot1dBasePort OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the port for which this entry + contains bridge management information." + ::= { dot1dBasePortEntry 1 } + +dot1dBasePortIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the instance of the ifIndex object, + defined in IF-MIB, for the interface corresponding + to this port." + ::= { dot1dBasePortEntry 2 } + +dot1dBasePortCircuit OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For a port that (potentially) has the same value of + dot1dBasePortIfIndex as another port on the same bridge. + This object contains the name of an object instance + unique to this port. For example, in the case where + multiple ports correspond one-to-one with multiple X.25 + virtual circuits, this value might identify an (e.g., + the first) object instance associated with the X.25 + virtual circuit corresponding to this port. + + For a port which has a unique value of + dot1dBasePortIfIndex, this object can have the value + { 0 0 }." + ::= { dot1dBasePortEntry 3 } + +dot1dBasePortDelayExceededDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of frames discarded by this port due + to excessive transit delay through the bridge. It + is incremented by both transparent and source + route bridges." + REFERENCE + "IEEE 802.1D-1998: clause 14.6.1.1.3" + ::= { dot1dBasePortEntry 4 } + +dot1dBasePortMtuExceededDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of frames discarded by this port due + to an excessive size. It is incremented by both + transparent and source route bridges." + REFERENCE + "IEEE 802.1D-1998: clause 14.6.1.1.3" + ::= { dot1dBasePortEntry 5 } + +-- ---------------------------------------------------------- -- +-- the dot1dStp subtree +-- ---------------------------------------------------------- -- +-- Implementation of the dot1dStp subtree is optional. It is +-- implemented by those bridges that support the Spanning Tree +-- Protocol. +-- ---------------------------------------------------------- -- + +dot1dStpProtocolSpecification OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + decLb100(2), + ieee8021d(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication of what version of the Spanning Tree + Protocol is being run. The value 'decLb100(2)' + indicates the DEC LANbridge 100 Spanning Tree protocol. + IEEE 802.1D implementations will return 'ieee8021d(3)'. + If future versions of the IEEE Spanning Tree Protocol + that are incompatible with the current version + are released a new value will be defined." + ::= { dot1dStp 1 } + +dot1dStpPriority OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value of the write-able portion of the Bridge ID + (i.e., the first two octets of the (8 octet long) Bridge + ID). The other (last) 6 octets of the Bridge ID are + given by the value of dot1dBaseBridgeAddress. + On bridges supporting IEEE 802.1t or IEEE 802.1w, + permissible values are 0-61440, in steps of 4096." + REFERENCE + "IEEE 802.1D-1998 clause 8.10.2, Table 8-4, + IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." + ::= { dot1dStp 2 } + +dot1dStpTimeSinceTopologyChange OBJECT-TYPE + SYNTAX TimeTicks + UNITS "centi-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time (in hundredths of a second) since the + last time a topology change was detected by the + bridge entity. + For RSTP, this reports the time since the tcWhile + timer for any port on this Bridge was nonzero." + REFERENCE + "IEEE 802.1D-1998 clause 14.8.1.1., + IEEE 802.1w clause 14.8.1.1." + ::= { dot1dStp 3 } + +dot1dStpTopChanges OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of topology changes detected by + this bridge since the management entity was last + reset or initialized." + REFERENCE + "IEEE 802.1D-1998 clause 14.8.1.1." + ::= { dot1dStp 4 } + +dot1dStpDesignatedRoot OBJECT-TYPE + SYNTAX BridgeId + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The bridge identifier of the root of the spanning + tree, as determined by the Spanning Tree Protocol, + as executed by this node. This value is used as + the Root Identifier parameter in all Configuration + Bridge PDUs originated by this node." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.1" + ::= { dot1dStp 5 } + +dot1dStpRootCost OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The cost of the path to the root as seen from + this bridge." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.2" + ::= { dot1dStp 6 } + +dot1dStpRootPort OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the port that offers the lowest + cost path from this bridge to the root bridge." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.3" + ::= { dot1dStp 7 } + +dot1dStpMaxAge OBJECT-TYPE + SYNTAX Timeout + UNITS "centi-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum age of Spanning Tree Protocol information + learned from the network on any port before it is + discarded, in units of hundredths of a second. This is + the actual value that this bridge is currently using." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.4" + ::= { dot1dStp 8 } + +dot1dStpHelloTime OBJECT-TYPE + SYNTAX Timeout + UNITS "centi-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time between the transmission of + Configuration bridge PDUs by this node on any port when + it is the root of the spanning tree, or trying to become + so, in units of hundredths of a second. This is the + actual value that this bridge is currently using." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.5" + ::= { dot1dStp 9 } + +dot1dStpHoldTime OBJECT-TYPE + SYNTAX Integer32 + UNITS "centi-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This time value determines the interval length + during which no more than two Configuration bridge + PDUs shall be transmitted by this node, in units + of hundredths of a second." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.14" + ::= { dot1dStp 10 } + +dot1dStpForwardDelay OBJECT-TYPE + SYNTAX Timeout + UNITS "centi-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This time value, measured in units of hundredths of a + second, controls how fast a port changes its spanning + state when moving towards the Forwarding state. The + value determines how long the port stays in each of the + Listening and Learning states, which precede the + Forwarding state. This value is also used when a + topology change has been detected and is underway, to + age all dynamic entries in the Forwarding Database. + [Note that this value is the one that this bridge is + currently using, in contrast to + dot1dStpBridgeForwardDelay, which is the value that this + bridge and all others would start using if/when this + bridge were to become the root.]" + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.6" + ::= { dot1dStp 11 } + +dot1dStpBridgeMaxAge OBJECT-TYPE + SYNTAX Timeout (600..4000) + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value that all bridges use for MaxAge when this + bridge is acting as the root. Note that 802.1D-1998 + specifies that the range for this parameter is related + to the value of dot1dStpBridgeHelloTime. The + granularity of this timer is specified by 802.1D-1998 to + be 1 second. An agent may return a badValue error if a + set is attempted to a value that is not a whole number + of seconds." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.8" + ::= { dot1dStp 12 } + +dot1dStpBridgeHelloTime OBJECT-TYPE + SYNTAX Timeout (100..1000) + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value that all bridges use for HelloTime when this + bridge is acting as the root. The granularity of this + timer is specified by 802.1D-1998 to be 1 second. An + agent may return a badValue error if a set is attempted + + to a value that is not a whole number of seconds." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.9" + ::= { dot1dStp 13 } + +dot1dStpBridgeForwardDelay OBJECT-TYPE + SYNTAX Timeout (400..3000) + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value that all bridges use for ForwardDelay when + this bridge is acting as the root. Note that + 802.1D-1998 specifies that the range for this parameter + is related to the value of dot1dStpBridgeMaxAge. The + granularity of this timer is specified by 802.1D-1998 to + be 1 second. An agent may return a badValue error if a + set is attempted to a value that is not a whole number + of seconds." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.3.10" + ::= { dot1dStp 14 } + +-- ---------------------------------------------------------- -- +-- The Spanning Tree Port Table +-- ---------------------------------------------------------- -- + +dot1dStpPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dStpPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains port-specific information + for the Spanning Tree Protocol." + ::= { dot1dStp 15 } + +dot1dStpPortEntry OBJECT-TYPE + SYNTAX Dot1dStpPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of information maintained by every port about + the Spanning Tree Protocol state for that port." + INDEX { dot1dStpPort } + ::= { dot1dStpPortTable 1 } + +Dot1dStpPortEntry ::= + SEQUENCE { + + dot1dStpPort + Integer32, + dot1dStpPortPriority + Integer32, + dot1dStpPortState + INTEGER, + dot1dStpPortEnable + INTEGER, + dot1dStpPortPathCost + Integer32, + dot1dStpPortDesignatedRoot + BridgeId, + dot1dStpPortDesignatedCost + Integer32, + dot1dStpPortDesignatedBridge + BridgeId, + dot1dStpPortDesignatedPort + OCTET STRING, + dot1dStpPortForwardTransitions + Counter32, + dot1dStpPortPathCost32 + Integer32 + } + +dot1dStpPort OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the port for which this entry + contains Spanning Tree Protocol management information." + REFERENCE + "IEEE 802.1D-1998: clause 14.8.2.1.2" + ::= { dot1dStpPortEntry 1 } + +dot1dStpPortPriority OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value of the priority field that is contained in + the first (in network byte order) octet of the (2 octet + long) Port ID. The other octet of the Port ID is given + by the value of dot1dStpPort. + On bridges supporting IEEE 802.1t or IEEE 802.1w, + permissible values are 0-240, in steps of 16." + REFERENCE + "IEEE 802.1D-1998 clause 8.10.2, Table 8-4, + IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." + ::= { dot1dStpPortEntry 2 } + +dot1dStpPortState OBJECT-TYPE + SYNTAX INTEGER { + disabled(1), + blocking(2), + listening(3), + learning(4), + forwarding(5), + broken(6) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port's current state, as defined by application of + the Spanning Tree Protocol. This state controls what + action a port takes on reception of a frame. If the + bridge has detected a port that is malfunctioning, it + will place that port into the broken(6) state. For + ports that are disabled (see dot1dStpPortEnable), this + object will have a value of disabled(1)." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.2" + ::= { dot1dStpPortEntry 3 } + +dot1dStpPortEnable OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The enabled/disabled status of the port." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.2" + ::= { dot1dStpPortEntry 4 } + +dot1dStpPortPathCost OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The contribution of this port to the path cost of + paths towards the spanning tree root which include + this port. 802.1D-1998 recommends that the default + value of this parameter be in inverse proportion to + + the speed of the attached LAN. + + New implementations should support dot1dStpPortPathCost32. + If the port path costs exceeds the maximum value of this + object then this object should report the maximum value, + namely 65535. Applications should try to read the + dot1dStpPortPathCost32 object if this object reports + the maximum value." + REFERENCE "IEEE 802.1D-1998: clause 8.5.5.3" + ::= { dot1dStpPortEntry 5 } + +dot1dStpPortDesignatedRoot OBJECT-TYPE + SYNTAX BridgeId + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The unique Bridge Identifier of the Bridge + recorded as the Root in the Configuration BPDUs + transmitted by the Designated Bridge for the + segment to which the port is attached." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.4" + ::= { dot1dStpPortEntry 6 } + +dot1dStpPortDesignatedCost OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The path cost of the Designated Port of the segment + connected to this port. This value is compared to the + Root Path Cost field in received bridge PDUs." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.5" + ::= { dot1dStpPortEntry 7 } + +dot1dStpPortDesignatedBridge OBJECT-TYPE + SYNTAX BridgeId + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Bridge Identifier of the bridge that this + port considers to be the Designated Bridge for + this port's segment." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.6" + ::= { dot1dStpPortEntry 8 } + +dot1dStpPortDesignatedPort OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Port Identifier of the port on the Designated + Bridge for this port's segment." + REFERENCE + "IEEE 802.1D-1998: clause 8.5.5.7" + ::= { dot1dStpPortEntry 9 } + +dot1dStpPortForwardTransitions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this port has transitioned + from the Learning state to the Forwarding state." + ::= { dot1dStpPortEntry 10 } + +dot1dStpPortPathCost32 OBJECT-TYPE + SYNTAX Integer32 (1..200000000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The contribution of this port to the path cost of + paths towards the spanning tree root which include + this port. 802.1D-1998 recommends that the default + value of this parameter be in inverse proportion to + the speed of the attached LAN. + + This object replaces dot1dStpPortPathCost to support + IEEE 802.1t." + REFERENCE + "IEEE 802.1t clause 8.10.2, Table 8-5." + ::= { dot1dStpPortEntry 11 } + +-- ---------------------------------------------------------- -- +-- the dot1dTp subtree +-- ---------------------------------------------------------- -- +-- Implementation of the dot1dTp subtree is optional. It is +-- implemented by those bridges that support the transparent +-- bridging mode. A transparent or SRT bridge will implement +-- this subtree. +-- ---------------------------------------------------------- -- + +dot1dTpLearnedEntryDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of Forwarding Database entries that + have been or would have been learned, but have been + discarded due to a lack of storage space in the + Forwarding Database. If this counter is increasing, it + indicates that the Forwarding Database is regularly + becoming full (a condition that has unpleasant + performance effects on the subnetwork). If this counter + has a significant value but is not presently increasing, + it indicates that the problem has been occurring but is + not persistent." + REFERENCE + "IEEE 802.1D-1998: clause 14.7.1.1.3" + ::= { dot1dTp 1 } + +dot1dTpAgingTime OBJECT-TYPE + SYNTAX Integer32 (10..1000000) + UNITS "seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The timeout period in seconds for aging out + dynamically-learned forwarding information. + 802.1D-1998 recommends a default of 300 seconds." + REFERENCE + "IEEE 802.1D-1998: clause 14.7.1.1.3" + ::= { dot1dTp 2 } + +-- ---------------------------------------------------------- -- +-- The Forwarding Database for Transparent Bridges +-- ---------------------------------------------------------- -- + +dot1dTpFdbTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dTpFdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains information about unicast + entries for which the bridge has forwarding and/or + filtering information. This information is used + by the transparent bridging function in + determining how to propagate a received frame." + ::= { dot1dTp 3 } + +dot1dTpFdbEntry OBJECT-TYPE + SYNTAX Dot1dTpFdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a specific unicast MAC address + for which the bridge has some forwarding and/or + filtering information." + INDEX { dot1dTpFdbAddress } + ::= { dot1dTpFdbTable 1 } + +Dot1dTpFdbEntry ::= + SEQUENCE { + dot1dTpFdbAddress + MacAddress, + dot1dTpFdbPort + Integer32, + dot1dTpFdbStatus + INTEGER + } + +dot1dTpFdbAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unicast MAC address for which the bridge has + forwarding and/or filtering information." + REFERENCE + "IEEE 802.1D-1998: clause 7.9.1, 7.9.2" + ::= { dot1dTpFdbEntry 1 } + +dot1dTpFdbPort OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Either the value '0', or the port number of the port on + which a frame having a source address equal to the value + of the corresponding instance of dot1dTpFdbAddress has + been seen. A value of '0' indicates that the port + number has not been learned, but that the bridge does + have some forwarding/filtering information about this + address (e.g., in the dot1dStaticTable). Implementors + are encouraged to assign the port value to this object + whenever it is learned, even for addresses for which the + corresponding value of dot1dTpFdbStatus is not + learned(3)." + ::= { dot1dTpFdbEntry 2 } + +dot1dTpFdbStatus OBJECT-TYPE + SYNTAX INTEGER { + other(1), + invalid(2), + learned(3), + self(4), + mgmt(5) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The status of this entry. The meanings of the + values are: + other(1) - none of the following. This would + include the case where some other MIB object + (not the corresponding instance of + dot1dTpFdbPort, nor an entry in the + dot1dStaticTable) is being used to determine if + and how frames addressed to the value of the + corresponding instance of dot1dTpFdbAddress are + being forwarded. + invalid(2) - this entry is no longer valid (e.g., + it was learned but has since aged out), but has + not yet been flushed from the table. + learned(3) - the value of the corresponding instance + of dot1dTpFdbPort was learned, and is being + used. + self(4) - the value of the corresponding instance of + dot1dTpFdbAddress represents one of the bridge's + addresses. The corresponding instance of + dot1dTpFdbPort indicates which of the bridge's + ports has this address. + mgmt(5) - the value of the corresponding instance of + dot1dTpFdbAddress is also the value of an + existing instance of dot1dStaticAddress." + ::= { dot1dTpFdbEntry 3 } + +-- ---------------------------------------------------------- -- +-- Port Table for Transparent Bridges +-- ---------------------------------------------------------- -- + +dot1dTpPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dTpPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table that contains information about every port that + is associated with this transparent bridge." + ::= { dot1dTp 4 } + +dot1dTpPortEntry OBJECT-TYPE + SYNTAX Dot1dTpPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of information for each port of a transparent + bridge." + INDEX { dot1dTpPort } + ::= { dot1dTpPortTable 1 } + +Dot1dTpPortEntry ::= + SEQUENCE { + dot1dTpPort + Integer32, + dot1dTpPortMaxInfo + Integer32, + dot1dTpPortInFrames + Counter32, + dot1dTpPortOutFrames + Counter32, + dot1dTpPortInDiscards + Counter32 + } + +dot1dTpPort OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the port for which this entry + contains Transparent bridging management information." + ::= { dot1dTpPortEntry 1 } + +-- It would be nice if we could use ifMtu as the size of the +-- largest INFO field, but we can't because ifMtu is defined +-- to be the size that the (inter-)network layer can use, which +-- can differ from the MAC layer (especially if several layers +-- of encapsulation are used). + +dot1dTpPortMaxInfo OBJECT-TYPE + SYNTAX Integer32 + UNITS "bytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum size of the INFO (non-MAC) field that + + this port will receive or transmit." + ::= { dot1dTpPortEntry 2 } + +dot1dTpPortInFrames OBJECT-TYPE + SYNTAX Counter32 + UNITS "frames" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of frames that have been received by this + port from its segment. Note that a frame received on the + interface corresponding to this port is only counted by + this object if and only if it is for a protocol being + processed by the local bridging function, including + bridge management frames." + REFERENCE + "IEEE 802.1D-1998: clause 14.6.1.1.3" + ::= { dot1dTpPortEntry 3 } + +dot1dTpPortOutFrames OBJECT-TYPE + SYNTAX Counter32 + UNITS "frames" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of frames that have been transmitted by this + port to its segment. Note that a frame transmitted on + the interface corresponding to this port is only counted + by this object if and only if it is for a protocol being + processed by the local bridging function, including + bridge management frames." + REFERENCE + "IEEE 802.1D-1998: clause 14.6.1.1.3" + ::= { dot1dTpPortEntry 4 } + +dot1dTpPortInDiscards OBJECT-TYPE + SYNTAX Counter32 + UNITS "frames" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of received valid frames that were discarded + (i.e., filtered) by the Forwarding Process." + REFERENCE + "IEEE 802.1D-1998: clause 14.6.1.1.3" + ::= { dot1dTpPortEntry 5 } + +-- ---------------------------------------------------------- -- + +-- The Static (Destination-Address Filtering) Database +-- ---------------------------------------------------------- -- +-- Implementation of this subtree is optional. +-- ---------------------------------------------------------- -- + +dot1dStaticTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing filtering information configured + into the bridge by (local or network) management + specifying the set of ports to which frames received + from specific ports and containing specific destination + addresses are allowed to be forwarded. The value of + zero in this table, as the port number from which frames + with a specific destination address are received, is + used to specify all ports for which there is no specific + entry in this table for that particular destination + address. Entries are valid for unicast and for + group/broadcast addresses." + REFERENCE + "IEEE 802.1D-1998: clause 14.7.2" + ::= { dot1dStatic 1 } + +dot1dStaticEntry OBJECT-TYPE + SYNTAX Dot1dStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Filtering information configured into the bridge by + (local or network) management specifying the set of + ports to which frames received from a specific port and + containing a specific destination address are allowed to + be forwarded." + REFERENCE + "IEEE 802.1D-1998: clause 14.7.2" + INDEX { dot1dStaticAddress, dot1dStaticReceivePort } + ::= { dot1dStaticTable 1 } + +Dot1dStaticEntry ::= + SEQUENCE { + dot1dStaticAddress MacAddress, + dot1dStaticReceivePort Integer32, + dot1dStaticAllowedToGoTo OCTET STRING, + dot1dStaticStatus INTEGER + } + +dot1dStaticAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The destination MAC address in a frame to which this + entry's filtering information applies. This object can + take the value of a unicast address, a group address, or + the broadcast address." + REFERENCE + "IEEE 802.1D-1998: clause 7.9.1, 7.9.2" + ::= { dot1dStaticEntry 1 } + +dot1dStaticReceivePort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Either the value '0', or the port number of the port + from which a frame must be received in order for this + entry's filtering information to apply. A value of zero + indicates that this entry applies on all ports of the + bridge for which there is no other applicable entry." + ::= { dot1dStaticEntry 2 } + +dot1dStaticAllowedToGoTo OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..512)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of ports to which frames received from a + specific port and destined for a specific MAC address, + are allowed to be forwarded. Each octet within the + value of this object specifies a set of eight ports, + with the first octet specifying ports 1 through 8, the + second octet specifying ports 9 through 16, etc. Within + each octet, the most significant bit represents the + lowest numbered port, and the least significant bit + represents the highest numbered port. Thus, each port + of the bridge is represented by a single bit within the + value of this object. If that bit has a value of '1', + then that port is included in the set of ports; the port + is not included if its bit has a value of '0'. (Note + that the setting of the bit corresponding to the port + from which a frame is received is irrelevant.) The + default value of this object is a string of ones of + appropriate length. + + The value of this object may exceed the required minimum + maximum message size of some SNMP transport (484 bytes, + in the case of SNMP over UDP, see RFC 3417, section 3.2). + SNMP engines on bridges supporting a large number of + ports must support appropriate maximum message sizes." + ::= { dot1dStaticEntry 3 } + +dot1dStaticStatus OBJECT-TYPE + SYNTAX INTEGER { + other(1), + invalid(2), + permanent(3), + deleteOnReset(4), + deleteOnTimeout(5) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the status of this entry. + The default value is permanent(3). + other(1) - this entry is currently in use but the + conditions under which it will remain so are + different from each of the following values. + invalid(2) - writing this value to the object + removes the corresponding entry. + permanent(3) - this entry is currently in use and + will remain so after the next reset of the + bridge. + deleteOnReset(4) - this entry is currently in use + and will remain so until the next reset of the + bridge. + deleteOnTimeout(5) - this entry is currently in use + and will remain so until it is aged out." + ::= { dot1dStaticEntry 4 } + +-- ---------------------------------------------------------- -- +-- Notifications for use by Bridges +-- ---------------------------------------------------------- -- +-- Notifications for the Spanning Tree Protocol +-- ---------------------------------------------------------- -- + +newRoot NOTIFICATION-TYPE + -- OBJECTS { } + STATUS current + DESCRIPTION + "The newRoot trap indicates that the sending agent has + become the new root of the Spanning Tree; the trap is + sent by a bridge soon after its election as the new + + root, e.g., upon expiration of the Topology Change Timer, + immediately subsequent to its election. Implementation + of this trap is optional." + ::= { dot1dNotifications 1 } + +topologyChange NOTIFICATION-TYPE + -- OBJECTS { } + STATUS current + DESCRIPTION + "A topologyChange trap is sent by a bridge when any of + its configured ports transitions from the Learning state + to the Forwarding state, or from the Forwarding state to + the Blocking state. The trap is not sent if a newRoot + trap is sent for the same transition. Implementation of + this trap is optional." + ::= { dot1dNotifications 2 } + +-- ---------------------------------------------------------- -- +-- IEEE 802.1D MIB - Conformance Information +-- ---------------------------------------------------------- -- + +dot1dGroups OBJECT IDENTIFIER ::= { dot1dConformance 1 } +dot1dCompliances OBJECT IDENTIFIER ::= { dot1dConformance 2 } + +-- ---------------------------------------------------------- -- +-- units of conformance +-- ---------------------------------------------------------- -- + +-- ---------------------------------------------------------- -- +-- the dot1dBase group +-- ---------------------------------------------------------- -- + +dot1dBaseBridgeGroup OBJECT-GROUP + OBJECTS { + dot1dBaseBridgeAddress, + dot1dBaseNumPorts, + dot1dBaseType + } + STATUS current + DESCRIPTION + "Bridge level information for this device." + ::= { dot1dGroups 1 } + +dot1dBasePortGroup OBJECT-GROUP + OBJECTS { + dot1dBasePort, + dot1dBasePortIfIndex, + dot1dBasePortCircuit, + dot1dBasePortDelayExceededDiscards, + dot1dBasePortMtuExceededDiscards + } + STATUS current + DESCRIPTION + "Information for each port on this device." + ::= { dot1dGroups 2 } + +-- ---------------------------------------------------------- -- +-- the dot1dStp group +-- ---------------------------------------------------------- -- + +dot1dStpBridgeGroup OBJECT-GROUP + OBJECTS { + dot1dStpProtocolSpecification, + dot1dStpPriority, + dot1dStpTimeSinceTopologyChange, + dot1dStpTopChanges, + dot1dStpDesignatedRoot, + dot1dStpRootCost, + dot1dStpRootPort, + dot1dStpMaxAge, + dot1dStpHelloTime, + dot1dStpHoldTime, + dot1dStpForwardDelay, + dot1dStpBridgeMaxAge, + dot1dStpBridgeHelloTime, + dot1dStpBridgeForwardDelay + } + STATUS current + DESCRIPTION + "Bridge level Spanning Tree data for this device." + ::= { dot1dGroups 3 } + +dot1dStpPortGroup OBJECT-GROUP + OBJECTS { + dot1dStpPort, + dot1dStpPortPriority, + dot1dStpPortState, + dot1dStpPortEnable, + dot1dStpPortPathCost, + dot1dStpPortDesignatedRoot, + dot1dStpPortDesignatedCost, + dot1dStpPortDesignatedBridge, + dot1dStpPortDesignatedPort, + dot1dStpPortForwardTransitions + } + STATUS current + DESCRIPTION + "Spanning Tree data for each port on this device." + ::= { dot1dGroups 4 } + +dot1dStpPortGroup2 OBJECT-GROUP + OBJECTS { + dot1dStpPort, + dot1dStpPortPriority, + dot1dStpPortState, + dot1dStpPortEnable, + dot1dStpPortDesignatedRoot, + dot1dStpPortDesignatedCost, + dot1dStpPortDesignatedBridge, + dot1dStpPortDesignatedPort, + dot1dStpPortForwardTransitions, + dot1dStpPortPathCost32 + } + STATUS current + DESCRIPTION + "Spanning Tree data for each port on this device." + ::= { dot1dGroups 5 } + +dot1dStpPortGroup3 OBJECT-GROUP + OBJECTS { + dot1dStpPortPathCost32 + } + STATUS current + DESCRIPTION + "Spanning Tree data for devices supporting 32-bit + path costs." + ::= { dot1dGroups 6 } + +-- ---------------------------------------------------------- -- +-- the dot1dTp group +-- ---------------------------------------------------------- -- + +dot1dTpBridgeGroup OBJECT-GROUP + OBJECTS { + dot1dTpLearnedEntryDiscards, + dot1dTpAgingTime + } + STATUS current + DESCRIPTION + "Bridge level Transparent Bridging data." + ::= { dot1dGroups 7 } + +dot1dTpFdbGroup OBJECT-GROUP + OBJECTS { + + dot1dTpFdbAddress, + dot1dTpFdbPort, + dot1dTpFdbStatus + } + STATUS current + DESCRIPTION + "Filtering Database information for the Bridge." + ::= { dot1dGroups 8 } + +dot1dTpGroup OBJECT-GROUP + OBJECTS { + dot1dTpPort, + dot1dTpPortMaxInfo, + dot1dTpPortInFrames, + dot1dTpPortOutFrames, + dot1dTpPortInDiscards + } + STATUS current + DESCRIPTION + "Dynamic Filtering Database information for each port of + the Bridge." + ::= { dot1dGroups 9 } + +-- ---------------------------------------------------------- -- +-- The Static (Destination-Address Filtering) Database +-- ---------------------------------------------------------- -- + +dot1dStaticGroup OBJECT-GROUP + OBJECTS { + dot1dStaticAddress, + dot1dStaticReceivePort, + dot1dStaticAllowedToGoTo, + dot1dStaticStatus + } + STATUS current + DESCRIPTION + "Static Filtering Database information for each port of + the Bridge." + ::= { dot1dGroups 10 } + +-- ---------------------------------------------------------- -- +-- The Trap Notification Group +-- ---------------------------------------------------------- -- + +dot1dNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { + newRoot, + topologyChange + } + STATUS current + DESCRIPTION + "Group of objects describing notifications (traps)." + ::= { dot1dGroups 11 } + +-- ---------------------------------------------------------- -- +-- compliance statements +-- ---------------------------------------------------------- -- + +bridgeCompliance1493 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for device support of bridging + services, as per RFC1493." + + MODULE + MANDATORY-GROUPS { + dot1dBaseBridgeGroup, + dot1dBasePortGroup + } + + GROUP dot1dStpBridgeGroup + DESCRIPTION + "Implementation of this group is mandatory for bridges + that support the Spanning Tree Protocol." + + GROUP dot1dStpPortGroup + DESCRIPTION + "Implementation of this group is mandatory for bridges + that support the Spanning Tree Protocol." + + GROUP dot1dTpBridgeGroup + DESCRIPTION + "Implementation of this group is mandatory for bridges + that support the transparent bridging mode. A + transparent or SRT bridge will implement this group." + + GROUP dot1dTpFdbGroup + DESCRIPTION + "Implementation of this group is mandatory for bridges + that support the transparent bridging mode. A + transparent or SRT bridge will implement this group." + + GROUP dot1dTpGroup + DESCRIPTION + "Implementation of this group is mandatory for bridges + + that support the transparent bridging mode. A + transparent or SRT bridge will implement this group." + + GROUP dot1dStaticGroup + DESCRIPTION + "Implementation of this group is optional." + + GROUP dot1dNotificationGroup + DESCRIPTION + "Implementation of this group is optional." + ::= { dot1dCompliances 1 } + +bridgeCompliance4188 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for device support of bridging + services. This supports 32-bit Path Cost values and the + more restricted bridge and port priorities, as per IEEE + 802.1t. + + Full support for the 802.1D management objects requires that + the SNMPv2-MIB [RFC3418] objects sysDescr, and sysUpTime, as + well as the IF-MIB [RFC2863] objects ifIndex, ifType, + ifDescr, ifPhysAddress, and ifLastChange are implemented." + + MODULE + MANDATORY-GROUPS { + dot1dBaseBridgeGroup, + dot1dBasePortGroup + } + + GROUP dot1dStpBridgeGroup + DESCRIPTION + "Implementation of this group is mandatory for + bridges that support the Spanning Tree Protocol." + + OBJECT dot1dStpPriority + SYNTAX Integer32 (0|4096|8192|12288|16384|20480|24576 + |28672|32768|36864|40960|45056|49152 + |53248|57344|61440) + DESCRIPTION + "The possible values defined by IEEE 802.1t." + + GROUP dot1dStpPortGroup2 + DESCRIPTION + "Implementation of this group is mandatory for + bridges that support the Spanning Tree Protocol." + + GROUP dot1dStpPortGroup3 + DESCRIPTION + "Implementation of this group is mandatory for bridges + that support the Spanning Tree Protocol and 32-bit path + costs. In particular, this includes devices supporting + IEEE 802.1t and IEEE 802.1w." + + OBJECT dot1dStpPortPriority + SYNTAX Integer32 (0|16|32|48|64|80|96|112|128 + |144|160|176|192|208|224|240) + DESCRIPTION + "The possible values defined by IEEE 802.1t." + + GROUP dot1dTpBridgeGroup + DESCRIPTION + "Implementation of this group is mandatory for + bridges that support the transparent bridging + mode. A transparent or SRT bridge will implement + this group." + + GROUP dot1dTpFdbGroup + DESCRIPTION + "Implementation of this group is mandatory for + bridges that support the transparent bridging + mode. A transparent or SRT bridge will implement + this group." + + GROUP dot1dTpGroup + DESCRIPTION + "Implementation of this group is mandatory for + bridges that support the transparent bridging + mode. A transparent or SRT bridge will implement + this group." + + GROUP dot1dStaticGroup + DESCRIPTION + "Implementation of this group is optional." + + GROUP dot1dNotificationGroup + DESCRIPTION + "Implementation of this group is optional." + ::= { dot1dCompliances 2 } + +END diff --git a/data/mibs/DISMAN-EVENT-MIB.txt b/data/mibs/DISMAN-EVENT-MIB.txt new file mode 100644 index 000000000..f00c7cc89 --- /dev/null +++ b/data/mibs/DISMAN-EVENT-MIB.txt @@ -0,0 +1,1882 @@ +DISMAN-EVENT-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Integer32, Unsigned32, + NOTIFICATION-TYPE, Counter32, + Gauge32, mib-2, zeroDotZero FROM SNMPv2-SMI + TEXTUAL-CONVENTION, RowStatus, + TruthValue FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + sysUpTime FROM SNMPv2-MIB + SnmpTagValue FROM SNMP-TARGET-MIB + SnmpAdminString FROM SNMP-FRAMEWORK-MIB; + +dismanEventMIB MODULE-IDENTITY + LAST-UPDATED "200010160000Z" -- 16 October 2000 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO "Ramanathan Kavasseri + Cisco Systems, Inc. + 170 West Tasman Drive, + San Jose CA 95134-1706. + Phone: +1 408 526 4527 + Email: ramk@cisco.com" + DESCRIPTION + "The MIB module for defining event triggers and actions + for network management purposes." +-- Revision History + + REVISION "200010160000Z" -- 16 October 2000 + DESCRIPTION "This is the initial version of this MIB. + Published as RFC 2981" + ::= { mib-2 88 } + +dismanEventMIBObjects OBJECT IDENTIFIER ::= { dismanEventMIB 1 } + +-- Management Triggered Event (MTE) objects + +mteResource OBJECT IDENTIFIER ::= { dismanEventMIBObjects 1 } +mteTrigger OBJECT IDENTIFIER ::= { dismanEventMIBObjects 2 } +mteObjects OBJECT IDENTIFIER ::= { dismanEventMIBObjects 3 } +mteEvent OBJECT IDENTIFIER ::= { dismanEventMIBObjects 4 } + +-- +-- Textual Conventions +-- + +FailureReason ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Reasons for failures in an attempt to perform a management + request. + + The first group of errors, numbered less than 0, are related + to problems in sending the request. The existence of a + particular error code here does not imply that all + implementations are capable of sensing that error and + + returning that code. + + The second group, numbered greater than 0, are copied + directly from SNMP protocol operations and are intended to + carry exactly the meanings defined for the protocol as returned + in an SNMP response. + + localResourceLack some local resource such as memory + lacking or + mteResourceSampleInstanceMaximum + exceeded + badDestination unrecognized domain name or otherwise + invalid destination address + destinationUnreachable can't get to destination address + noResponse no response to SNMP request + badType the data syntax of a retrieved object + as not as expected + sampleOverrun another sample attempt occurred before + the previous one completed" + SYNTAX INTEGER { localResourceLack(-1), + badDestination(-2), + destinationUnreachable(-3), + noResponse(-4), + badType(-5), + sampleOverrun(-6), + noError(0), + tooBig(1), + noSuchName(2), + badValue(3), + readOnly(4), + genErr(5), + noAccess(6), + wrongType(7), + wrongLength(8), + wrongEncoding(9), + wrongValue(10), + noCreation(11), + inconsistentValue(12), + resourceUnavailable(13), + commitFailed(14), + undoFailed(15), + authorizationError(16), + notWritable(17), + inconsistentName(18) } +-- + +-- Resource Control Section +-- + +mteResourceSampleMinimum OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + UNITS "seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum mteTriggerFrequency this system will + accept. A system may use the larger values of this minimum to + lessen the impact of constant sampling. For larger + sampling intervals the system samples less often and + suffers less overhead. This object provides a way to enforce + such lower overhead for all triggers created after it is + set. + + Unless explicitly resource limited, a system's value for + this object SHOULD be 1, allowing as small as a 1 second + interval for ongoing trigger sampling. + + Changing this value will not invalidate an existing setting + of mteTriggerFrequency." + ::= { mteResource 1 } + +mteResourceSampleInstanceMaximum OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "instances" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of instance entries this system will + support for sampling. + + These are the entries that maintain state, one for each + instance of each sampled object as selected by + mteTriggerValueID. Note that wildcarded objects result + in multiple instances of this state. + + A value of 0 indicates no preset limit, that is, the limit + is dynamic based on system operation and resources. + + Unless explicitly resource limited, a system's value for + this object SHOULD be 0. + + Changing this value will not eliminate or inhibit existing + sample state but could prevent allocation of additional state + information." + ::= { mteResource 2 } + +mteResourceSampleInstances OBJECT-TYPE + SYNTAX Gauge32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of currently active instance entries as + defined for mteResourceSampleInstanceMaximum." + ::= { mteResource 3 } + +mteResourceSampleInstancesHigh OBJECT-TYPE + SYNTAX Gauge32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The highest value of mteResourceSampleInstances that has + occurred since initialization of the management system." + ::= { mteResource 4 } + +mteResourceSampleInstanceLacks OBJECT-TYPE + SYNTAX Counter32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this system could not take a new sample + because that allocation would have exceeded the limit set by + mteResourceSampleInstanceMaximum." + ::= { mteResource 5 } + +-- +-- Trigger Section +-- + +-- Counters + +mteTriggerFailures OBJECT-TYPE + SYNTAX Counter32 + UNITS "failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times an attempt to check for a trigger + condition has failed. This counts individually for each + attempt in a group of targets or each attempt for a + + wildcarded object." + ::= { mteTrigger 1 } + +-- +-- Trigger Table +-- + +mteTriggerTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteTriggerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event trigger information." + ::= { mteTrigger 2 } + +mteTriggerEntry OBJECT-TYPE + SYNTAX MteTriggerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single trigger. Applications create and + delete entries using mteTriggerEntryStatus." + INDEX { mteOwner, IMPLIED mteTriggerName } + ::= { mteTriggerTable 1 } + +MteTriggerEntry ::= SEQUENCE { + mteOwner SnmpAdminString, + mteTriggerName SnmpAdminString, + mteTriggerComment SnmpAdminString, + mteTriggerTest BITS, + mteTriggerSampleType INTEGER, + mteTriggerValueID OBJECT IDENTIFIER, + mteTriggerValueIDWildcard TruthValue, + mteTriggerTargetTag SnmpTagValue, + mteTriggerContextName SnmpAdminString, + mteTriggerContextNameWildcard TruthValue, + mteTriggerFrequency Unsigned32, + mteTriggerObjectsOwner SnmpAdminString, + mteTriggerObjects SnmpAdminString, + mteTriggerEnabled TruthValue, + mteTriggerEntryStatus RowStatus +} + +mteOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The owner of this entry. The exact semantics of this + string are subject to the security policy defined by the + security administrator." + ::= { mteTriggerEntry 1 } + +mteTriggerName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A locally-unique, administratively assigned name for the + trigger within the scope of mteOwner." + ::= { mteTriggerEntry 2 } + +mteTriggerComment OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A description of the trigger's function and use." + DEFVAL { ''H } + ::= { mteTriggerEntry 3 } + +mteTriggerTest OBJECT-TYPE + SYNTAX BITS { existence(0), boolean(1), threshold(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of trigger test to perform. For 'boolean' and + 'threshold' tests, the object at mteTriggerValueID MUST + evaluate to an integer, that is, anything that ends up encoded + for transmission (that is, in BER, not ASN.1) as an integer. + + For 'existence', the specific test is as selected by + mteTriggerExistenceTest. When an object appears, vanishes + or changes value, the trigger fires. If the object's + appearance caused the trigger firing, the object MUST + vanish before the trigger can be fired again for it, and + vice versa. If the trigger fired due to a change in the + object's value, it will be fired again on every successive + value change for that object. + + For 'boolean', the specific test is as selected by + mteTriggerBooleanTest. If the test result is true the trigger + fires. The trigger will not fire again until the value has + become false and come back to true. + + For 'threshold' the test works as described below for + + mteTriggerThresholdStartup, mteTriggerThresholdRising, and + mteTriggerThresholdFalling. + + Note that combining 'boolean' and 'threshold' tests on the + same object may be somewhat redundant." + DEFVAL { { boolean } } + ::= { mteTriggerEntry 4 } + +mteTriggerSampleType OBJECT-TYPE + SYNTAX INTEGER { absoluteValue(1), deltaValue(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of sampling to perform. + + An 'absoluteValue' sample requires only a single sample to be + meaningful, and is exactly the value of the object at + mteTriggerValueID at the sample time. + + A 'deltaValue' requires two samples to be meaningful and is + thus not available for testing until the second and subsequent + samples after the object at mteTriggerValueID is first found + to exist. It is the difference between the two samples. For + unsigned values it is always positive, based on unsigned + arithmetic. For signed values it can be positive or negative. + + For SNMP counters to be meaningful they should be sampled as a + 'deltaValue'. + + For 'deltaValue' mteTriggerDeltaTable contains further + parameters. + + If only 'existence' is set in mteTriggerTest this object has + no meaning." + DEFVAL { absoluteValue } + ::= { mteTriggerEntry 5 } + +mteTriggerValueID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object identifier of the MIB object to sample to see + if the trigger should fire. + + This may be wildcarded by truncating all or part of the + instance portion, in which case the value is obtained + as if with a GetNext function, checking multiple values + + if they exist. If such wildcarding is applied, + mteTriggerValueIDWildcard must be 'true' and if not it must + be 'false'. + + Bad object identifiers or a mismatch between truncating the + identifier and the value of mteTriggerValueIDWildcard result + in operation as one would expect when providing the wrong + identifier to a Get or GetNext operation. The Get will fail + or get the wrong object. The GetNext will indeed get whatever + is next, proceeding until it runs past the initial part of the + identifier and perhaps many unintended objects for confusing + results. If the value syntax of those objects is not usable, + that results in a 'badType' error that terminates the scan. + + Each instance that fills the wildcard is independent of any + additional instances, that is, wildcarded objects operate + as if there were a separate table entry for each instance + that fills the wildcard without having to actually predict + all possible instances ahead of time." + DEFVAL { zeroDotZero } + ::= { mteTriggerEntry 6 } + +mteTriggerValueIDWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Control for whether mteTriggerValueID is to be treated as + fully-specified or wildcarded, with 'true' indicating wildcard." + DEFVAL { false } + ::= { mteTriggerEntry 7 } + +mteTriggerTargetTag OBJECT-TYPE + SYNTAX SnmpTagValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The tag for the target(s) from which to obtain the condition + for a trigger check. + + A length of 0 indicates the local system. In this case, + access to the objects indicated by mteTriggerValueID is under + the security credentials of the requester that set + mteTriggerEntryStatus to 'active'. Those credentials are the + input parameters for isAccessAllowed from the Architecture for + Describing SNMP Management Frameworks. + + Otherwise access rights are checked according to the security + + parameters resulting from the tag." + DEFVAL { ''H } + ::= { mteTriggerEntry 8 } + +mteTriggerContextName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The management context from which to obtain mteTriggerValueID. + + This may be wildcarded by leaving characters off the end. For + example use 'Repeater' to wildcard to 'Repeater1', + 'Repeater2', 'Repeater-999.87b', and so on. To indicate such + wildcarding is intended, mteTriggerContextNameWildcard must + be 'true'. + + Each instance that fills the wildcard is independent of any + additional instances, that is, wildcarded objects operate + as if there were a separate table entry for each instance + that fills the wildcard without having to actually predict + all possible instances ahead of time. + + Operation of this feature assumes that the local system has a + list of available contexts against which to apply the + wildcard. If the objects are being read from the local + system, this is clearly the system's own list of contexts. + For a remote system a local version of such a list is not + defined by any current standard and may not be available, so + this function MAY not be supported." + DEFVAL { ''H } + ::= { mteTriggerEntry 9 } + +mteTriggerContextNameWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Control for whether mteTriggerContextName is to be treated as + fully-specified or wildcarded, with 'true' indicating wildcard." + DEFVAL { false } + ::= { mteTriggerEntry 10 } + +mteTriggerFrequency OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds to wait between trigger samples. To + encourage consistency in sampling, the interval is measured + from the beginning of one check to the beginning of the next + and the timer is restarted immediately when it expires, not + when the check completes. + + If the next sample begins before the previous one completed the + system may either attempt to make the check or treat this as an + error condition with the error 'sampleOverrun'. + + A frequency of 0 indicates instantaneous recognition of the + condition. This is not possible in many cases, but may + be supported in cases where it makes sense and the system is + able to do so. This feature allows the MIB to be used in + implementations where such interrupt-driven behavior is + possible and is not likely to be supported for all MIB objects + even then since such sampling generally has to be tightly + integrated into low-level code. + + Systems that can support this SHOULD document those cases + where it can be used. In cases where it can not, setting this + object to 0 should be disallowed." + DEFVAL { 600 } + ::= { mteTriggerEntry 11 } + +mteTriggerObjectsOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "To go with mteTriggerObjects, the mteOwner of a group of + objects from mteObjectsTable." + DEFVAL { ''H } + ::= { mteTriggerEntry 12 } + +mteTriggerObjects OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The mteObjectsName of a group of objects from + mteObjectsTable. These objects are to be added to any + Notification resulting from the firing of this trigger. + + A list of objects may also be added based on the event or on + the value of mteTriggerTest. + + A length of 0 indicates no additional objects." + DEFVAL { ''H } + ::= { mteTriggerEntry 13 } + +mteTriggerEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control to allow a trigger to be configured but not used. + When the value is 'false' the trigger is not sampled." + DEFVAL { false } + ::= { mteTriggerEntry 14 } + +mteTriggerEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The control that allows creation and deletion of entries. + Once made active an entry may not be modified except to + delete it." + ::= { mteTriggerEntry 15 } + +-- +-- Trigger Delta Table +-- + +mteTriggerDeltaTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteTriggerDeltaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event trigger information for delta + sampling." + ::= { mteTrigger 3 } + +mteTriggerDeltaEntry OBJECT-TYPE + SYNTAX MteTriggerDeltaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single trigger's delta sampling. Entries + automatically exist in this this table for each mteTriggerEntry + that has mteTriggerSampleType set to 'deltaValue'." + INDEX { mteOwner, IMPLIED mteTriggerName } + ::= { mteTriggerDeltaTable 1 } + +MteTriggerDeltaEntry ::= SEQUENCE { + mteTriggerDeltaDiscontinuityID OBJECT IDENTIFIER, + mteTriggerDeltaDiscontinuityIDWildcard TruthValue, + mteTriggerDeltaDiscontinuityIDType INTEGER +} + +sysUpTimeInstance OBJECT IDENTIFIER ::= { sysUpTime 0 } + +mteTriggerDeltaDiscontinuityID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The OBJECT IDENTIFIER (OID) of a TimeTicks, TimeStamp, or + DateAndTime object that indicates a discontinuity in the value + at mteTriggerValueID. + + The OID may be for a leaf object (e.g. sysUpTime.0) or may + be wildcarded to match mteTriggerValueID. + + This object supports normal checking for a discontinuity in a + counter. Note that if this object does not point to sysUpTime + discontinuity checking MUST still check sysUpTime for an overall + discontinuity. + + If the object identified is not accessible the sample attempt + is in error, with the error code as from an SNMP request. + + Bad object identifiers or a mismatch between truncating the + identifier and the value of mteDeltaDiscontinuityIDWildcard + result in operation as one would expect when providing the + wrong identifier to a Get operation. The Get will fail or get + the wrong object. If the value syntax of those objects is not + usable, that results in an error that terminates the sample + with a 'badType' error code." + DEFVAL { sysUpTimeInstance } + ::= { mteTriggerDeltaEntry 1 } + +mteTriggerDeltaDiscontinuityIDWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Control for whether mteTriggerDeltaDiscontinuityID is to be + treated as fully-specified or wildcarded, with 'true' + indicating wildcard. Note that the value of this object will + be the same as that of the corresponding instance of + mteTriggerValueIDWildcard when the corresponding + + mteTriggerSampleType is 'deltaValue'." + DEFVAL { false } + ::= { mteTriggerDeltaEntry 2 } + +mteTriggerDeltaDiscontinuityIDType OBJECT-TYPE + SYNTAX INTEGER { timeTicks(1), timeStamp(2), dateAndTime(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value 'timeTicks' indicates the + mteTriggerDeltaDiscontinuityID of this row is of syntax + TimeTicks. The value 'timeStamp' indicates syntax TimeStamp. + The value 'dateAndTime' indicates syntax DateAndTime." + DEFVAL { timeTicks } + ::= { mteTriggerDeltaEntry 3 } + +-- +-- Trigger Existence Table +-- + +mteTriggerExistenceTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteTriggerExistenceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event trigger information for existence + triggers." + ::= { mteTrigger 4 } + +mteTriggerExistenceEntry OBJECT-TYPE + SYNTAX MteTriggerExistenceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single existence trigger. Entries + automatically exist in this this table for each mteTriggerEntry + that has 'existence' set in mteTriggerTest." + INDEX { mteOwner, IMPLIED mteTriggerName } + ::= { mteTriggerExistenceTable 1 } + +MteTriggerExistenceEntry ::= SEQUENCE { + mteTriggerExistenceTest BITS, + mteTriggerExistenceStartup BITS, + mteTriggerExistenceObjectsOwner SnmpAdminString, + mteTriggerExistenceObjects SnmpAdminString, + mteTriggerExistenceEventOwner SnmpAdminString, + mteTriggerExistenceEvent SnmpAdminString +} + +mteTriggerExistenceTest OBJECT-TYPE + SYNTAX BITS { present(0), absent(1), changed(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The type of existence test to perform. The trigger fires + when the object at mteTriggerValueID is seen to go from + present to absent, from absent to present, or to have it's + value changed, depending on which tests are selected: + + present(0) - when this test is selected, the trigger fires + when the mteTriggerValueID object goes from absent to present. + + absent(1) - when this test is selected, the trigger fires + when the mteTriggerValueID object goes from present to absent. + changed(2) - when this test is selected, the trigger fires + the mteTriggerValueID object value changes. + + Once the trigger has fired for either presence or absence it + will not fire again for that state until the object has been + to the other state. " + DEFVAL { { present, absent } } + ::= { mteTriggerExistenceEntry 1 } + +mteTriggerExistenceStartup OBJECT-TYPE + SYNTAX BITS { present(0), absent(1) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Control for whether an event may be triggered when this entry + is first set to 'active' and the test specified by + mteTriggerExistenceTest is true. Setting an option causes + that trigger to fire when its test is true." + DEFVAL { { present, absent } } + ::= { mteTriggerExistenceEntry 2 } + +mteTriggerExistenceObjectsOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerExistenceObjects, the mteOwner of a + group of objects from mteObjectsTable." + DEFVAL { ''H } + ::= { mteTriggerExistenceEntry 3 } + +mteTriggerExistenceObjects OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteObjectsName of a group of objects from + mteObjectsTable. These objects are to be added to any + Notification resulting from the firing of this trigger for + this test. + + A list of objects may also be added based on the overall + trigger, the event or other settings in mteTriggerTest. + + A length of 0 indicates no additional objects." + DEFVAL { ''H } + ::= { mteTriggerExistenceEntry 4 } + +mteTriggerExistenceEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerExistenceEvent, the mteOwner of an event + entry from the mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerExistenceEntry 5 } + +mteTriggerExistenceEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'existence' and this trigger fires. A length of 0 indicates no + event." + DEFVAL { ''H } + ::= { mteTriggerExistenceEntry 6 } + +-- +-- Trigger Boolean Table +-- + +mteTriggerBooleanTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteTriggerBooleanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event trigger information for boolean + triggers." + ::= { mteTrigger 5 } + +mteTriggerBooleanEntry OBJECT-TYPE + SYNTAX MteTriggerBooleanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single boolean trigger. Entries + automatically exist in this this table for each mteTriggerEntry + that has 'boolean' set in mteTriggerTest." + INDEX { mteOwner, IMPLIED mteTriggerName } + ::= { mteTriggerBooleanTable 1 } + +MteTriggerBooleanEntry ::= SEQUENCE { + mteTriggerBooleanComparison INTEGER, + mteTriggerBooleanValue Integer32, + mteTriggerBooleanStartup TruthValue, + mteTriggerBooleanObjectsOwner SnmpAdminString, + mteTriggerBooleanObjects SnmpAdminString, + mteTriggerBooleanEventOwner SnmpAdminString, + mteTriggerBooleanEvent SnmpAdminString +} + +mteTriggerBooleanComparison OBJECT-TYPE + SYNTAX INTEGER { unequal(1), equal(2), + less(3), lessOrEqual(4), + greater(5), greaterOrEqual(6) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The type of boolean comparison to perform. + + The value at mteTriggerValueID is compared to + mteTriggerBooleanValue, so for example if + mteTriggerBooleanComparison is 'less' the result would be true + if the value at mteTriggerValueID is less than the value of + mteTriggerBooleanValue." + DEFVAL { unequal } + ::= { mteTriggerBooleanEntry 1 } + +mteTriggerBooleanValue OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value to use for the test specified by + mteTriggerBooleanTest." + DEFVAL { 0 } + ::= { mteTriggerBooleanEntry 2 } + +mteTriggerBooleanStartup OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Control for whether an event may be triggered when this entry + is first set to 'active' or a new instance of the object at + mteTriggerValueID is found and the test specified by + mteTriggerBooleanComparison is true. In that case an event is + triggered if mteTriggerBooleanStartup is 'true'." + DEFVAL { true } + ::= { mteTriggerBooleanEntry 3 } + +mteTriggerBooleanObjectsOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerBooleanObjects, the mteOwner of a group + of objects from mteObjectsTable." + DEFVAL { ''H } + ::= { mteTriggerBooleanEntry 4 } + +mteTriggerBooleanObjects OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteObjectsName of a group of objects from + mteObjectsTable. These objects are to be added to any + Notification resulting from the firing of this trigger for + this test. + + A list of objects may also be added based on the overall + trigger, the event or other settings in mteTriggerTest. + + A length of 0 indicates no additional objects." + DEFVAL { ''H } + ::= { mteTriggerBooleanEntry 5 } + +mteTriggerBooleanEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerBooleanEvent, the mteOwner of an event + entry from mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerBooleanEntry 6 } + +mteTriggerBooleanEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'boolean' and this trigger fires. A length of 0 indicates no + event." + DEFVAL { ''H } + ::= { mteTriggerBooleanEntry 7 } + +-- +-- Trigger Threshold Table +-- + +mteTriggerThresholdTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteTriggerThresholdEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event trigger information for threshold + triggers." + ::= { mteTrigger 6 } + +mteTriggerThresholdEntry OBJECT-TYPE + SYNTAX MteTriggerThresholdEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single threshold trigger. Entries + automatically exist in this table for each mteTriggerEntry + that has 'threshold' set in mteTriggerTest." + INDEX { mteOwner, IMPLIED mteTriggerName } + ::= { mteTriggerThresholdTable 1 } + +MteTriggerThresholdEntry ::= SEQUENCE { + mteTriggerThresholdStartup INTEGER, + mteTriggerThresholdRising Integer32, + mteTriggerThresholdFalling Integer32, + mteTriggerThresholdDeltaRising Integer32, + mteTriggerThresholdDeltaFalling Integer32, + mteTriggerThresholdObjectsOwner SnmpAdminString, + mteTriggerThresholdObjects SnmpAdminString, + mteTriggerThresholdRisingEventOwner SnmpAdminString, + mteTriggerThresholdRisingEvent SnmpAdminString, + mteTriggerThresholdFallingEventOwner SnmpAdminString, + mteTriggerThresholdFallingEvent SnmpAdminString, + mteTriggerThresholdDeltaRisingEventOwner SnmpAdminString, + mteTriggerThresholdDeltaRisingEvent SnmpAdminString, + mteTriggerThresholdDeltaFallingEventOwner SnmpAdminString, + mteTriggerThresholdDeltaFallingEvent SnmpAdminString +} + +mteTriggerThresholdStartup OBJECT-TYPE + SYNTAX INTEGER { rising(1), falling(2), risingOrFalling(3) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The event that may be triggered when this entry is first + set to 'active' and a new instance of the object at + mteTriggerValueID is found. If the first sample after this + instance becomes active is greater than or equal to + mteTriggerThresholdRising and mteTriggerThresholdStartup is + equal to 'rising' or 'risingOrFalling', then one + mteTriggerThresholdRisingEvent is triggered for that instance. + If the first sample after this entry becomes active is less + than or equal to mteTriggerThresholdFalling and + mteTriggerThresholdStartup is equal to 'falling' or + 'risingOrFalling', then one mteTriggerThresholdRisingEvent is + triggered for that instance." + DEFVAL { risingOrFalling } + ::= { mteTriggerThresholdEntry 1 } + +mteTriggerThresholdRising OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A threshold value to check against if mteTriggerType is + 'threshold'. + + When the current sampled value is greater than or equal to + this threshold, and the value at the last sampling interval + was less than this threshold, one + mteTriggerThresholdRisingEvent is triggered. That event is + also triggered if the first sample after this entry becomes + active is greater than or equal to this threshold and + mteTriggerThresholdStartup is equal to 'rising' or + 'risingOrFalling'. + + After a rising event is generated, another such event is not + triggered until the sampled value falls below this threshold + and reaches mteTriggerThresholdFalling." + DEFVAL { 0 } + ::= { mteTriggerThresholdEntry 2 } + +mteTriggerThresholdFalling OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A threshold value to check against if mteTriggerType is + 'threshold'. + + When the current sampled value is less than or equal to this + threshold, and the value at the last sampling interval was + greater than this threshold, one + mteTriggerThresholdFallingEvent is triggered. That event is + also triggered if the first sample after this entry becomes + active is less than or equal to this threshold and + mteTriggerThresholdStartup is equal to 'falling' or + 'risingOrFalling'. + + After a falling event is generated, another such event is not + triggered until the sampled value rises above this threshold + and reaches mteTriggerThresholdRising." + DEFVAL { 0 } + ::= { mteTriggerThresholdEntry 3 } + +mteTriggerThresholdDeltaRising OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A threshold value to check against if mteTriggerType is + 'threshold'. + + When the delta value (difference) between the current sampled + value (value(n)) and the previous sampled value (value(n-1)) + is greater than or equal to this threshold, + and the delta value calculated at the last sampling interval + (i.e. value(n-1) - value(n-2)) was less than this threshold, + one mteTriggerThresholdDeltaRisingEvent is triggered. That event + is also triggered if the first delta value calculated after this + entry becomes active, i.e. value(2) - value(1), where value(1) + is the first sample taken of that instance, is greater than or + equal to this threshold. + + After a rising event is generated, another such event is not + triggered until the delta value falls below this threshold and + reaches mteTriggerThresholdDeltaFalling." + DEFVAL { 0 } + ::= { mteTriggerThresholdEntry 4 } + +mteTriggerThresholdDeltaFalling OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A threshold value to check against if mteTriggerType is + 'threshold'. + + When the delta value (difference) between the current sampled + value (value(n)) and the previous sampled value (value(n-1)) + is less than or equal to this threshold, + and the delta value calculated at the last sampling interval + (i.e. value(n-1) - value(n-2)) was greater than this threshold, + one mteTriggerThresholdDeltaFallingEvent is triggered. That event + is also triggered if the first delta value calculated after this + entry becomes active, i.e. value(2) - value(1), where value(1) + is the first sample taken of that instance, is less than or + equal to this threshold. + + After a falling event is generated, another such event is not + triggered until the delta value falls below this threshold and + reaches mteTriggerThresholdDeltaRising." + DEFVAL { 0 } + ::= { mteTriggerThresholdEntry 5 } + +mteTriggerThresholdObjectsOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerThresholdObjects, the mteOwner of a group + of objects from mteObjectsTable." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 6 } + +mteTriggerThresholdObjects OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteObjectsName of a group of objects from + mteObjectsTable. These objects are to be added to any + Notification resulting from the firing of this trigger for + this test. + + A list of objects may also be added based on the overall + + trigger, the event or other settings in mteTriggerTest. + + A length of 0 indicates no additional objects." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 7 } + +mteTriggerThresholdRisingEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerThresholdRisingEvent, the mteOwner of an + event entry from mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 8 } + +mteTriggerThresholdRisingEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'threshold' and this trigger fires based on + mteTriggerThresholdRising. A length of 0 indicates no event." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 9 } + +mteTriggerThresholdFallingEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerThresholdFallingEvent, the mteOwner of an + event entry from mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 10 } + +mteTriggerThresholdFallingEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'threshold' and this trigger fires based on + mteTriggerThresholdFalling. A length of 0 indicates no event." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 11 } + +mteTriggerThresholdDeltaRisingEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerThresholdDeltaRisingEvent, the mteOwner + of an event entry from mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 12 } + +mteTriggerThresholdDeltaRisingEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'threshold' and this trigger fires based on + mteTriggerThresholdDeltaRising. A length of 0 indicates + no event." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 13 } + +mteTriggerThresholdDeltaFallingEventOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteTriggerThresholdDeltaFallingEvent, the mteOwner + of an event entry from mteEventTable." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 14 } + +mteTriggerThresholdDeltaFallingEvent OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteEventName of the event to invoke when mteTriggerType is + 'threshold' and this trigger fires based on + mteTriggerThresholdDeltaFalling. A length of 0 indicates + no event." + DEFVAL { ''H } + ::= { mteTriggerThresholdEntry 15 } + +-- +-- Objects Table +-- + +mteObjectsTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteObjectsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of objects that can be added to notifications based + on the trigger, trigger test, or event, as pointed to by + entries in those tables." + ::= { mteObjects 1 } + +mteObjectsEntry OBJECT-TYPE + SYNTAX MteObjectsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A group of objects. Applications create and delete entries + using mteObjectsEntryStatus. + + When adding objects to a notification they are added in the + lexical order of their index in this table. Those associated + with a trigger come first, then trigger test, then event." + INDEX { mteOwner, mteObjectsName, mteObjectsIndex } + ::= { mteObjectsTable 1 } + +MteObjectsEntry ::= SEQUENCE { + mteObjectsName SnmpAdminString, + mteObjectsIndex Unsigned32, + mteObjectsID OBJECT IDENTIFIER, + mteObjectsIDWildcard TruthValue, + mteObjectsEntryStatus RowStatus + } + +mteObjectsName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A locally-unique, administratively assigned name for a group + of objects." + ::= { mteObjectsEntry 1 } + +mteObjectsIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An arbitrary integer for the purpose of identifying + individual objects within a mteObjectsName group. + + Objects within a group are placed in the notification in the + numerical order of this index. + + Groups are placed in the notification in the order of the + selections for overall trigger, trigger test, and event. + Within trigger test they are in the same order as the + numerical values of the bits defined for mteTriggerTest. + + Bad object identifiers or a mismatch between truncating the + identifier and the value of mteDeltaDiscontinuityIDWildcard + result in operation as one would expect when providing the + wrong identifier to a Get operation. The Get will fail or get + the wrong object. If the object is not available it is omitted + from the notification." + ::= { mteObjectsEntry 2 } + +mteObjectsID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object identifier of a MIB object to add to a + Notification that results from the firing of a trigger. + + This may be wildcarded by truncating all or part of the + instance portion, in which case the instance portion of the + OID for obtaining this object will be the same as that used + in obtaining the mteTriggerValueID that fired. If such + wildcarding is applied, mteObjectsIDWildcard must be + 'true' and if not it must be 'false'. + + Each instance that fills the wildcard is independent of any + additional instances, that is, wildcarded objects operate + as if there were a separate table entry for each instance + that fills the wildcard without having to actually predict + all possible instances ahead of time." + DEFVAL { zeroDotZero } + ::= { mteObjectsEntry 3 } + +mteObjectsIDWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Control for whether mteObjectsID is to be treated as + fully-specified or wildcarded, with 'true' indicating wildcard." + DEFVAL { false } + ::= { mteObjectsEntry 4 } + +mteObjectsEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The control that allows creation and deletion of entries. + Once made active an entry MAY not be modified except to + delete it." + ::= { mteObjectsEntry 5 } + +-- +-- Event Section +-- + +-- Counters + +mteEventFailures OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times an attempt to invoke an event + has failed. This counts individually for each + attempt in a group of targets or each attempt for a + wildcarded trigger object." + ::= { mteEvent 1 } + +-- +-- Event Table +-- + +mteEventTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteEventEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event action information." + ::= { mteEvent 2 } + +mteEventEntry OBJECT-TYPE + SYNTAX MteEventEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single event. Applications create and + delete entries using mteEventEntryStatus." + INDEX { mteOwner, IMPLIED mteEventName } + ::= { mteEventTable 1 } + +MteEventEntry ::= SEQUENCE { + mteEventName SnmpAdminString, + mteEventComment SnmpAdminString, + mteEventActions BITS, + mteEventEnabled TruthValue, + mteEventEntryStatus RowStatus + } + +mteEventName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A locally-unique, administratively assigned name for the + event." + ::= { mteEventEntry 1 } + +mteEventComment OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A description of the event's function and use." + DEFVAL { ''H } + ::= { mteEventEntry 2 } + +mteEventActions OBJECT-TYPE + SYNTAX BITS { notification(0), set(1) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The actions to perform when this event occurs. + + For 'notification', Traps and/or Informs are sent according + to the configuration in the SNMP Notification MIB. + + For 'set', an SNMP Set operation is performed according to + control values in this entry." + DEFVAL { {} } -- No bits set. + ::= { mteEventEntry 3 } + +mteEventEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control to allow an event to be configured but not used. + When the value is 'false' the event does not execute even if + + triggered." + DEFVAL { false } + ::= { mteEventEntry 4 } + +mteEventEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The control that allows creation and deletion of entries. + Once made active an entry MAY not be modified except to + delete it." + ::= { mteEventEntry 5 } + +-- +-- Event Notification Table +-- + +mteEventNotificationTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteEventNotificationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of information about notifications to be sent as a + consequence of management events." + ::= { mteEvent 3 } + +mteEventNotificationEntry OBJECT-TYPE + SYNTAX MteEventNotificationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single event's notification. Entries + automatically exist in this this table for each mteEventEntry + that has 'notification' set in mteEventActions." + INDEX { mteOwner, IMPLIED mteEventName } + ::= { mteEventNotificationTable 1 } + +MteEventNotificationEntry ::= SEQUENCE { + mteEventNotification OBJECT IDENTIFIER, + mteEventNotificationObjectsOwner SnmpAdminString, + mteEventNotificationObjects SnmpAdminString + } + +mteEventNotification OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The object identifier from the NOTIFICATION-TYPE for the + notification to use if metEventActions has 'notification' set." + DEFVAL { zeroDotZero } + ::= { mteEventNotificationEntry 1 } + +mteEventNotificationObjectsOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "To go with mteEventNotificationObjects, the mteOwner of a + group of objects from mteObjectsTable." + DEFVAL { ''H } + ::= { mteEventNotificationEntry 2 } + +mteEventNotificationObjects OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The mteObjectsName of a group of objects from + mteObjectsTable if mteEventActions has 'notification' set. + These objects are to be added to any Notification generated by + this event. + + Objects may also be added based on the trigger that stimulated + the event. + + A length of 0 indicates no additional objects." + DEFVAL { ''H } + ::= { mteEventNotificationEntry 3 } + +-- +-- Event Set Table +-- + +mteEventSetTable OBJECT-TYPE + SYNTAX SEQUENCE OF MteEventSetEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of management event action information." + ::= { mteEvent 4 } + +mteEventSetEntry OBJECT-TYPE + SYNTAX MteEventSetEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single event's set option. Entries + automatically exist in this this table for each mteEventEntry + that has 'set' set in mteEventActions." + INDEX { mteOwner, IMPLIED mteEventName } + ::= { mteEventSetTable 1 } + +MteEventSetEntry ::= SEQUENCE { + mteEventSetObject OBJECT IDENTIFIER, + mteEventSetObjectWildcard TruthValue, + mteEventSetValue Integer32, + mteEventSetTargetTag SnmpTagValue, + mteEventSetContextName SnmpAdminString, + mteEventSetContextNameWildcard TruthValue + } + +mteEventSetObject OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The object identifier from the MIB object to set if + mteEventActions has 'set' set. + + This object identifier may be wildcarded by leaving + sub-identifiers off the end, in which case + nteEventSetObjectWildCard must be 'true'. + + If mteEventSetObject is wildcarded the instance used to set the + object to which it points is the same as the instance from the + value of mteTriggerValueID that triggered the event. + + Each instance that fills the wildcard is independent of any + additional instances, that is, wildcarded objects operate + as if there were a separate table entry for each instance + that fills the wildcard without having to actually predict + all possible instances ahead of time. + + Bad object identifiers or a mismatch between truncating the + identifier and the value of mteSetObjectWildcard + result in operation as one would expect when providing the + wrong identifier to a Set operation. The Set will fail or set + the wrong object. If the value syntax of the destination + object is not correct, the Set fails with the normal SNMP + error code." + DEFVAL { zeroDotZero } + ::= { mteEventSetEntry 1 } + +mteEventSetObjectWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Control over whether mteEventSetObject is to be treated as + fully-specified or wildcarded, with 'true' indicating wildcard + if mteEventActions has 'set' set." + DEFVAL { false } + ::= { mteEventSetEntry 2 } + +mteEventSetValue OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value to which to set the object at mteEventSetObject + if mteEventActions has 'set' set." + DEFVAL { 0 } + ::= { mteEventSetEntry 3 } + +mteEventSetTargetTag OBJECT-TYPE + SYNTAX SnmpTagValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The tag for the target(s) at which to set the object at + mteEventSetObject to mteEventSetValue if mteEventActions + has 'set' set. + + Systems limited to self management MAY reject a non-zero + length for the value of this object. + + A length of 0 indicates the local system. In this case, + access to the objects indicated by mteEventSetObject is under + the security credentials of the requester that set + mteTriggerEntryStatus to 'active'. Those credentials are the + input parameters for isAccessAllowed from the Architecture for + Describing SNMP Management Frameworks. + + Otherwise access rights are checked according to the security + parameters resulting from the tag." + DEFVAL { ''H } + ::= { mteEventSetEntry 4 } + +mteEventSetContextName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The management context in which to set mteEventObjectID. + if mteEventActions has 'set' set. + + This may be wildcarded by leaving characters off the end. To + indicate such wildcarding mteEventSetContextNameWildcard must + be 'true'. + + If this context name is wildcarded the value used to complete + the wildcarding of mteTriggerContextName will be appended." + DEFVAL { ''H } + ::= { mteEventSetEntry 5 } + +mteEventSetContextNameWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Control for whether mteEventSetContextName is to be treated as + fully-specified or wildcarded, with 'true' indicating wildcard + if mteEventActions has 'set' set." + DEFVAL { false } + ::= { mteEventSetEntry 6 } + +-- +-- Notifications +-- + +dismanEventMIBNotificationPrefix OBJECT IDENTIFIER ::= + { dismanEventMIB 2 } +dismanEventMIBNotifications OBJECT IDENTIFIER ::= + { dismanEventMIBNotificationPrefix 0 } +dismanEventMIBNotificationObjects OBJECT IDENTIFIER + ::= { dismanEventMIBNotificationPrefix 1 } + +-- +-- Notification Objects +-- + +mteHotTrigger OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The name of the trigger causing the notification." + ::= { dismanEventMIBNotificationObjects 1 } + +mteHotTargetName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The SNMP Target MIB's snmpTargetAddrName related to the + notification." + ::= { dismanEventMIBNotificationObjects 2 } + +mteHotContextName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The context name related to the notification. This MUST be as + fully-qualified as possible, including filling in wildcard + information determined in processing." + ::= { dismanEventMIBNotificationObjects 3 } + +mteHotOID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The object identifier of the destination object related to the + notification. This MUST be as fully-qualified as possible, + including filling in wildcard information determined in + processing. + + For a trigger-related notification this is from + mteTriggerValueID. + + For a set failure this is from mteEventSetObject." + ::= { dismanEventMIBNotificationObjects 4 } + +mteHotValue OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The value of the object at mteTriggerValueID when a + trigger fired." + ::= { dismanEventMIBNotificationObjects 5 } + +mteFailedReason OBJECT-TYPE + SYNTAX FailureReason + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The reason for the failure of an attempt to check for a + trigger condition or set an object in response to an event." + ::= { dismanEventMIBNotificationObjects 6 } + +-- +-- Notifications +-- + +mteTriggerFired NOTIFICATION-TYPE + OBJECTS { mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteHotValue } + STATUS current + DESCRIPTION + "Notification that the trigger indicated by the object + instances has fired, for triggers with mteTriggerType + 'boolean' or 'existence'." + ::= { dismanEventMIBNotifications 1 } + +mteTriggerRising NOTIFICATION-TYPE + OBJECTS { mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteHotValue } + STATUS current + DESCRIPTION + "Notification that the rising threshold was met for triggers + with mteTriggerType 'threshold'." + ::= { dismanEventMIBNotifications 2 } + +mteTriggerFalling NOTIFICATION-TYPE + OBJECTS { mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteHotValue } + STATUS current + DESCRIPTION + "Notification that the falling threshold was met for triggers + with mteTriggerType 'threshold'." + ::= { dismanEventMIBNotifications 3 } + +mteTriggerFailure NOTIFICATION-TYPE + OBJECTS { mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteFailedReason } + STATUS current + DESCRIPTION + "Notification that an attempt to check a trigger has failed. + + The network manager must enable this notification only with + a certain fear and trembling, as it can easily crowd out more + important information. It should be used only to help diagnose + a problem that has appeared in the error counters and can not + be found otherwise." + ::= { dismanEventMIBNotifications 4 } + +mteEventSetFailure NOTIFICATION-TYPE + OBJECTS { mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteFailedReason } + STATUS current + DESCRIPTION + "Notification that an attempt to do a set in response to an + event has failed. + + The network manager must enable this notification only with + a certain fear and trembling, as it can easily crowd out more + important information. It should be used only to help diagnose + a problem that has appeared in the error counters and can not + be found otherwise." + ::= { dismanEventMIBNotifications 5 } + +-- +-- Conformance +-- + +dismanEventMIBConformance OBJECT IDENTIFIER ::= { dismanEventMIB 3 } +dismanEventMIBCompliances OBJECT IDENTIFIER ::= + { dismanEventMIBConformance 1 } +dismanEventMIBGroups OBJECT IDENTIFIER ::= + { dismanEventMIBConformance 2 } + +-- Compliance + +dismanEventMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the Event MIB." + MODULE -- this module + MANDATORY-GROUPS { + dismanEventResourceGroup, + dismanEventTriggerGroup, + dismanEventObjectsGroup, + dismanEventEventGroup, + dismanEventNotificationObjectGroup, + dismanEventNotificationGroup + } + + OBJECT mteTriggerTargetTag + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus limiting + monitoring to the local system or pre-configured + remote systems." + + OBJECT mteEventSetTargetTag + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus limiting + setting to the local system or pre-configured + remote systems." + + OBJECT mteTriggerValueIDWildcard + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus allowing + the system not to implement wildcarding." + + OBJECT mteTriggerContextNameWildcard + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus allowing + the system not to implement wildcarding." + + OBJECT mteObjectsIDWildcard + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus allowing + the system not to implement wildcarding." + + OBJECT mteEventSetContextNameWildcard + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, thus allowing + the system not to implement wildcarding." + ::= { dismanEventMIBCompliances 1 } + +-- Units of Conformance + +dismanEventResourceGroup OBJECT-GROUP + OBJECTS { + mteResourceSampleMinimum, + mteResourceSampleInstanceMaximum, + mteResourceSampleInstances, + mteResourceSampleInstancesHigh, + mteResourceSampleInstanceLacks + } + STATUS current + DESCRIPTION + "Event resource status and control objects." + ::= { dismanEventMIBGroups 1 } + +dismanEventTriggerGroup OBJECT-GROUP + OBJECTS { + mteTriggerFailures, + mteTriggerComment, + mteTriggerTest, + mteTriggerSampleType, + mteTriggerValueID, + mteTriggerValueIDWildcard, + mteTriggerTargetTag, + mteTriggerContextName, + mteTriggerContextNameWildcard, + mteTriggerFrequency, + mteTriggerObjectsOwner, + mteTriggerObjects, + mteTriggerEnabled, + mteTriggerEntryStatus, + mteTriggerDeltaDiscontinuityID, + mteTriggerDeltaDiscontinuityIDWildcard, + mteTriggerDeltaDiscontinuityIDType, + mteTriggerExistenceTest, + mteTriggerExistenceStartup, + mteTriggerExistenceObjectsOwner, + mteTriggerExistenceObjects, + mteTriggerExistenceEventOwner, + mteTriggerExistenceEvent, + mteTriggerBooleanComparison, + mteTriggerBooleanValue, + mteTriggerBooleanStartup, + mteTriggerBooleanObjectsOwner, + mteTriggerBooleanObjects, + mteTriggerBooleanEventOwner, + mteTriggerBooleanEvent, + mteTriggerThresholdStartup, + mteTriggerThresholdObjectsOwner, + mteTriggerThresholdObjects, + mteTriggerThresholdRising, + mteTriggerThresholdFalling, + mteTriggerThresholdDeltaRising, + mteTriggerThresholdDeltaFalling, + mteTriggerThresholdRisingEventOwner, + mteTriggerThresholdRisingEvent, + mteTriggerThresholdFallingEventOwner, + mteTriggerThresholdFallingEvent, + mteTriggerThresholdDeltaRisingEventOwner, + mteTriggerThresholdDeltaRisingEvent, + mteTriggerThresholdDeltaFallingEventOwner, + mteTriggerThresholdDeltaFallingEvent + } + STATUS current + DESCRIPTION + "Event triggers." + ::= { dismanEventMIBGroups 2 } + +dismanEventObjectsGroup OBJECT-GROUP + OBJECTS { + mteObjectsID, + mteObjectsIDWildcard, + mteObjectsEntryStatus + } + STATUS current + DESCRIPTION + "Supplemental objects." + ::= { dismanEventMIBGroups 3 } + +dismanEventEventGroup OBJECT-GROUP + OBJECTS { + mteEventFailures, + mteEventComment, + mteEventActions, + mteEventEnabled, + mteEventEntryStatus, + mteEventNotification, + mteEventNotificationObjectsOwner, + mteEventNotificationObjects, + mteEventSetObject, + mteEventSetObjectWildcard, + mteEventSetValue, + mteEventSetTargetTag, + mteEventSetContextName, + mteEventSetContextNameWildcard + } + STATUS current + DESCRIPTION + "Events." + ::= { dismanEventMIBGroups 4 } + +dismanEventNotificationObjectGroup OBJECT-GROUP + OBJECTS { + mteHotTrigger, + mteHotTargetName, + mteHotContextName, + mteHotOID, + mteHotValue, + mteFailedReason + } + STATUS current + DESCRIPTION + "Notification objects." + ::= { dismanEventMIBGroups 5 } + +dismanEventNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { + mteTriggerFired, + mteTriggerRising, + mteTriggerFalling, + mteTriggerFailure, + mteEventSetFailure + } + STATUS current + DESCRIPTION + "Notifications." + ::= { dismanEventMIBGroups 6 } + +END diff --git a/data/mibs/DISMAN-EXPRESSION-MIB.txt b/data/mibs/DISMAN-EXPRESSION-MIB.txt new file mode 100644 index 000000000..f73e5bf5d --- /dev/null +++ b/data/mibs/DISMAN-EXPRESSION-MIB.txt @@ -0,0 +1,1182 @@ +DISMAN-EXPRESSION-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Integer32, Gauge32, Unsigned32, + Counter32, Counter64, IpAddress, + TimeTicks, mib-2, zeroDotZero FROM SNMPv2-SMI + RowStatus, TruthValue, TimeStamp FROM SNMPv2-TC + sysUpTime FROM SNMPv2-MIB + SnmpAdminString FROM SNMP-FRAMEWORK-MIB + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; + +dismanExpressionMIB MODULE-IDENTITY + LAST-UPDATED "200010160000Z" -- 16 October 2000 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO "Ramanathan Kavasseri + Cisco Systems, Inc. + 170 West Tasman Drive, + San Jose CA 95134-1706. + Phone: +1 408 527 2446 + Email: ramk@cisco.com" + DESCRIPTION + "The MIB module for defining expressions of MIB objects for + management purposes." +-- Revision History + + REVISION "200010160000Z" -- 16 October 2000 + DESCRIPTION "This is the initial version of this MIB. + Published as RFC 2982" + ::= { mib-2 90 } + +dismanExpressionMIBObjects OBJECT IDENTIFIER ::= + { dismanExpressionMIB 1 } + +expResource OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 1 } +expDefine OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 2 } +expValue OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 3 } + +-- +-- Resource Control +-- + +expResourceDeltaMinimum OBJECT-TYPE + SYNTAX Integer32 (-1 | 1..600) + UNITS "seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The minimum expExpressionDeltaInterval this system will + accept. A system may use the larger values of this minimum to + lessen the impact of constantly computing deltas. For larger + delta sampling intervals the system samples less often and + suffers less overhead. This object provides a way to enforce + such lower overhead for all expressions created after it is + set. + + The value -1 indicates that expResourceDeltaMinimum is + irrelevant as the system will not accept 'deltaValue' as a + value for expObjectSampleType. + + Unless explicitly resource limited, a system's value for + this object should be 1, allowing as small as a 1 second + interval for ongoing delta sampling. + + Changing this value will not invalidate an existing setting + of expObjectSampleType." + ::= { expResource 1 } + +expResourceDeltaWildcardInstanceMaximum OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "instances" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "For every instance of a deltaValue object, one dynamic instance + entry is needed for holding the instance value from the previous + sample, i.e. to maintain state. + + This object limits maximum number of dynamic instance entries + this system will support for wildcarded delta objects in + expressions. For a given delta expression, the number of + dynamic instances is the number of values that meet all criteria + to exist times the number of delta values in the expression. + + A value of 0 indicates no preset limit, that is, the limit + is dynamic based on system operation and resources. + + Unless explicitly resource limited, a system's value for + this object should be 0. + + Changing this value will not eliminate or inhibit existing delta + wildcard instance objects but will prevent the creation of more + such objects. + + An attempt to allocate beyond the limit results in expErrorCode + being tooManyWildcardValues for that evaluation attempt." + ::= { expResource 2 } + +expResourceDeltaWildcardInstances OBJECT-TYPE + SYNTAX Gauge32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of currently active instance entries as + defined for expResourceDeltaWildcardInstanceMaximum." + ::= { expResource 3 } + +expResourceDeltaWildcardInstancesHigh OBJECT-TYPE + SYNTAX Gauge32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The highest value of expResourceDeltaWildcardInstances + that has occurred since initialization of the managed + system." + ::= { expResource 4 } + +expResourceDeltaWildcardInstanceResourceLacks OBJECT-TYPE + SYNTAX Counter32 + UNITS "instances" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this system could not evaluate an + expression because that would have created a value instance in + excess of expResourceDeltaWildcardInstanceMaximum." + ::= { expResource 5 } + +-- + +-- Definition +-- +-- Expression Definition Table +-- + +expExpressionTable OBJECT-TYPE + SYNTAX SEQUENCE OF ExpExpressionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of expression definitions." + ::= { expDefine 1 } + +expExpressionEntry OBJECT-TYPE + SYNTAX ExpExpressionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single expression. New expressions + can be created using expExpressionRowStatus. + + To create an expression first create the named entry in this + table. Then use expExpressionName to populate expObjectTable. + For expression evaluation to succeed all related entries in + expExpressionTable and expObjectTable must be 'active'. If + these conditions are not met the corresponding values in + expValue simply are not instantiated. + + Deleting an entry deletes all related entries in expObjectTable + and expErrorTable. + + Because of the relationships among the multiple tables for an + expression (expExpressionTable, expObjectTable, and + expValueTable) and the SNMP rules for independence in setting + object values, it is necessary to do final error checking when + an expression is evaluated, that is, when one of its instances + in expValueTable is read or a delta interval expires. Earlier + checking need not be done and an implementation may not impose + any ordering on the creation of objects related to an + expression. + + To maintain security of MIB information, when creating a new row in + this table, the managed system must record the security credentials + of the requester. These security credentials are the parameters + necessary as inputs to isAccessAllowed from the Architecture for + + Describing SNMP Management Frameworks. When obtaining the objects + that make up the expression, the system must (conceptually) use + isAccessAllowed to ensure that it does not violate security. + + The evaluation of the expression takes place under the + security credentials of the creator of its expExpressionEntry. + + Values of read-write objects in this table may be changed + + at any time." + INDEX { expExpressionOwner, expExpressionName } + ::= { expExpressionTable 1 } + +ExpExpressionEntry ::= SEQUENCE { + expExpressionOwner SnmpAdminString, + expExpressionName SnmpAdminString, + expExpression OCTET STRING, + expExpressionValueType INTEGER, + expExpressionComment SnmpAdminString, + expExpressionDeltaInterval Integer32, + expExpressionPrefix OBJECT IDENTIFIER, + expExpressionErrors Counter32, + expExpressionEntryStatus RowStatus +} + +expExpressionOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The owner of this entry. The exact semantics of this + string are subject to the security policy defined by the + security administrator." + ::= { expExpressionEntry 1 } + +expExpressionName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the expression. This is locally unique, within + the scope of an expExpressionOwner." + ::= { expExpressionEntry 2 } + +expExpression OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (1..1024)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The expression to be evaluated. This object is the same + as a DisplayString (RFC 1903) except for its maximum length. + + Except for the variable names the expression is in ANSI C + syntax. Only the subset of ANSI C operators and functions + listed here is allowed. + + Variables are expressed as a dollar sign ('$') and an + + integer that corresponds to an expObjectIndex. An + example of a valid expression is: + + ($1-$5)*100 + + Expressions must not be recursive, that is although an expression + may use the results of another expression, it must not contain + any variable that is directly or indirectly a result of its own + evaluation. The managed system must check for recursive + expressions. + + The only allowed operators are: + + ( ) + - (unary) + + - * / % + & | ^ << >> ~ + ! && || == != > >= < <= + + Note the parentheses are included for parenthesizing the + expression, not for casting data types. + + The only constant types defined are: + + int (32-bit signed) + long (64-bit signed) + unsigned int + unsigned long + hexadecimal + character + string + oid + + The default type for a positive integer is int unless it is too + large in which case it is long. + + All but oid are as defined for ANSI C. Note that a + hexadecimal constant may end up as a scalar or an array of + 8-bit integers. A string constant is enclosed in double + quotes and may contain back-slashed individual characters + as in ANSI C. + + An oid constant comprises 32-bit, unsigned integers and at + least one period, for example: + + 0. + .0 + 1.3.6.1 + + No additional leading or trailing subidentifiers are automatically + added to an OID constant. The constant is taken as expressed. + + Integer-typed objects are treated as 32- or 64-bit, signed + or unsigned integers, as appropriate. The results of + mixing them are as for ANSI C, including the type of the + result. Note that a 32-bit value is thus promoted to 64 bits + only in an operation with a 64-bit value. There is no + provision for larger values to handle overflow. + + Relative to SNMP data types, a resulting value becomes + unsigned when calculating it uses any unsigned value, + including a counter. To force the final value to be of + data type counter the expression must explicitly use the + counter32() or counter64() function (defined below). + + OCTET STRINGS and OBJECT IDENTIFIERs are treated as + one-dimensioned arrays of unsigned 8-bit integers and + unsigned 32-bit integers, respectively. + + IpAddresses are treated as 32-bit, unsigned integers in + network byte order, that is, the hex version of 255.0.0.0 is + 0xff000000. + + Conditional expressions result in a 32-bit, unsigned integer + of value 0 for false or 1 for true. When an arbitrary value + is used as a boolean 0 is false and non-zero is true. + + Rules for the resulting data type from an operation, based on + the operator: + + For << and >> the result is the same as the left hand operand. + + For &&, ||, ==, !=, <, <=, >, and >= the result is always + Unsigned32. + + For unary - the result is always Integer32. + + For +, -, *, /, %, &, |, and ^ the result is promoted according + to the following rules, in order from most to least preferred: + + If left hand and right hand operands are the same type, + use that. + + If either side is Counter64, use that. + + If either side is IpAddress, use that. + + If either side is TimeTicks, use that. + + If either side is Counter32, use that. + + Otherwise use Unsigned32. + + The following rules say what operators apply with what data + types. Any combination not explicitly defined does not work. + + For all operators any of the following can be the left hand or + right hand operand: Integer32, Counter32, Unsigned32, Counter64. + + The operators +, -, *, /, %, <, <=, >, and >= work with + TimeTicks. + + The operators &, |, and ^ work with IpAddress. + + The operators << and >> work with IpAddress but only as the + left hand operand. + + The + operator performs a concatenation of two OCTET STRINGs or + two OBJECT IDENTIFIERs. + + The operators &, | perform bitwise operations on OCTET STRINGs. + If the OCTET STRING happens to be a DisplayString the results + may be meaningless, but the agent system does not check this as + some such systems do not have this information. + + The operators << and >> perform bitwise operations on OCTET + STRINGs appearing as the left hand operand. + + The only functions defined are: + + counter32 + counter64 + arraySection + stringBegins + stringEnds + stringContains + oidBegins + oidEnds + oidContains + average + maximum + minimum + sum + exists + + The following function definitions indicate their parameters by + naming the data type of the parameter in the parameter's position + in the parameter list. The parameter must be of the type indicated + and generally may be a constant, a MIB object, a function, or an + expression. + + counter32(integer) - wrapped around an integer value counter32 + forces Counter32 as a data type. + + counter64(integer) - similar to counter32 except that the + resulting data type is 'counter64'. + + arraySection(array, integer, integer) - selects a piece of an + array (i.e. part of an OCTET STRING or OBJECT IDENTIFIER). The + integer arguments are in the range 0 to 4,294,967,295. The + first is an initial array index (one-dimensioned) and the second + is an ending array index. A value of 0 indicates first or last + element, respectively. If the first element is larger than the + array length the result is 0 length. If the second integer is + less than or equal to the first, the result is 0 length. If the + second is larger than the array length it indicates last + element. + + stringBegins/Ends/Contains(octetString, octetString) - looks for + the second string (which can be a string constant) in the first + and returns the one-dimensioned arrayindex where the match began. + A return value of 0 indicates no match (i.e. boolean false). + + oidBegins/Ends/Contains(oid, oid) - looks for the second OID + (which can be an OID constant) in the first and returns the + the one-dimensioned index where the match began. A return value + of 0 indicates no match (i.e. boolean false). + + average/maximum/minimum(integer) - calculates the average, + minimum, or maximum value of the integer valued object over + multiple sample times. If the object disappears for any + sample period, the accumulation and the resulting value object + cease to exist until the object reappears at which point the + calculation starts over. + + sum(integerObject*) - sums all available values of the + wildcarded integer object, resulting in an integer scalar. Must + be used with caution as it wraps on overflow with no + notification. + + exists(anyTypeObject) - verifies the object instance exists. A + return value of 0 indicates NoSuchInstance (i.e. boolean + false)." + ::= { expExpressionEntry 3 } + +expExpressionValueType OBJECT-TYPE + SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), + integer32(4), ipAddress(5), octetString(6), + objectId(7), counter64(8) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of the expression value. One and only one of the + value objects in expValueTable will be instantiated to match + this type. + + If the result of the expression can not be made into this type, + an invalidOperandType error will occur." + DEFVAL { counter32 } + ::= { expExpressionEntry 4 } + +expExpressionComment OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A comment to explain the use or meaning of the expression." + DEFVAL { ''H } + ::= { expExpressionEntry 5 } + +expExpressionDeltaInterval OBJECT-TYPE + SYNTAX Integer32 (0..86400) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Sampling interval for objects in this expression with + expObjectSampleType 'deltaValue'. + + This object has no effect if the the expression has no + deltaValue objects. + + A value of 0 indicates no automated sampling. In this case + the delta is the difference from the last time the expression + was evaluated. Note that this is subject to unpredictable + delta times in the face of retries or multiple managers. + + A value greater than zero is the number of seconds between + automated samples. + + Until the delta interval has expired once the delta for the + + object is effectively not instantiated and evaluating + the expression has results as if the object itself were not + instantiated. + + Note that delta values potentially consume large amounts of + system CPU and memory. Delta state and processing must + continue constantly even if the expression is not being used. + That is, the expression is being evaluated every delta interval, + even if no application is reading those values. For wildcarded + objects this can be substantial overhead. + + Note that delta intervals, external expression value sampling + intervals and delta intervals for expressions within other + expressions can have unusual interactions as they are impossible + to synchronize accurately. In general one interval embedded + below another must be enough shorter that the higher sample + sees relatively smooth, predictable behavior. So, for example, + to avoid the higher level getting the same sample twice, the + lower level should sample at least twice as fast as the higher + level does." + DEFVAL { 0 } + ::= { expExpressionEntry 6 } + +expExpressionPrefix OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object prefix to assist an application in determining + the instance indexing to use in expValueTable, relieving the + application of the need to scan the expObjectTable to + determine such a prefix. + + See expObjectTable for information on wildcarded objects. + + If the expValueInstance portion of the value OID may + be treated as a scalar (that is, normally, 0) the value of + expExpressionPrefix is zero length, that is, no OID at all. + Note that zero length implies a null OID, not the OID 0.0. + + Otherwise, the value of expExpressionPrefix is the expObjectID + value of any one of the wildcarded objects for the expression. + This is sufficient, as the remainder, that is, the instance + fragment relevant to instancing the values, must be the same for + all wildcarded objects in the expression." + ::= { expExpressionEntry 7 } + +expExpressionErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of errors encountered while evaluating this + expression. + + Note that an object in the expression not being accessible, + is not considered an error. An example of an inaccessible + object is when the object is excluded from the view of the + user whose security credentials are used in the expression + evaluation. In such cases, it is a legitimate condition + that causes the corresponding expression value not to be + instantiated." + ::= { expExpressionEntry 8 } + +expExpressionEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The control that allows creation and deletion of entries." + ::= { expExpressionEntry 9 } + +-- +-- Expression Error Table +-- + +expErrorTable OBJECT-TYPE + SYNTAX SEQUENCE OF ExpErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of expression errors." + ::= { expDefine 2 } + +expErrorEntry OBJECT-TYPE + SYNTAX ExpErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about errors in processing an expression. + + Entries appear in this table only when there is a matching + expExpressionEntry and then only when there has been an + error for that expression as reflected by the error codes + defined for expErrorCode." + INDEX { expExpressionOwner, expExpressionName } + ::= { expErrorTable 1 } + +ExpErrorEntry ::= SEQUENCE { + expErrorTime TimeStamp, + expErrorIndex Integer32, + expErrorCode INTEGER, + expErrorInstance OBJECT IDENTIFIER +} + +expErrorTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime the last time an error caused a + failure to evaluate this expression." + ::= { expErrorEntry 1 } + +expErrorIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The one-dimensioned character array index into + expExpression for where the error occurred. The value + zero indicates irrelevance." + ::= { expErrorEntry 2 } + +expErrorCode OBJECT-TYPE + SYNTAX INTEGER { + invalidSyntax(1), + undefinedObjectIndex(2), + unrecognizedOperator(3), + unrecognizedFunction(4), + invalidOperandType(5), + unmatchedParenthesis(6), + tooManyWildcardValues(7), + recursion(8), + deltaTooShort(9), + resourceUnavailable(10), + divideByZero(11) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The error that occurred. In the following explanations the + expected timing of the error is in parentheses. 'S' means + the error occurs on a Set request. 'E' means the error + + occurs on the attempt to evaluate the expression either due to + Get from expValueTable or in ongoing delta processing. + + invalidSyntax the value sent for expExpression is not + valid Expression MIB expression syntax + (S) + undefinedObjectIndex an object reference ($n) in + expExpression does not have a matching + instance in expObjectTable (E) + unrecognizedOperator the value sent for expExpression held an + unrecognized operator (S) + unrecognizedFunction the value sent for expExpression held an + unrecognized function name (S) + invalidOperandType an operand in expExpression is not the + right type for the associated operator + or result (SE) + unmatchedParenthesis the value sent for expExpression is not + correctly parenthesized (S) + tooManyWildcardValues evaluating the expression exceeded the + limit set by + expResourceDeltaWildcardInstanceMaximum + (E) + recursion through some chain of embedded + expressions the expression invokes itself + (E) + deltaTooShort the delta for the next evaluation passed + before the system could evaluate the + present sample (E) + resourceUnavailable some resource, typically dynamic memory, + was unavailable (SE) + divideByZero an attempt to divide by zero occurred + (E) + + For the errors that occur when the attempt is made to set + expExpression Set request fails with the SNMP error code + 'wrongValue'. Such failures refer to the most recent failure to + Set expExpression, not to the present value of expExpression + which must be either unset or syntactically correct. + + Errors that occur during evaluation for a Get* operation return + the SNMP error code 'genErr' except for 'tooManyWildcardValues' + and 'resourceUnavailable' which return the SNMP error code + 'resourceUnavailable'." + ::= { expErrorEntry 3 } + +expErrorInstance OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The expValueInstance being evaluated when the error + occurred. A zero-length indicates irrelevance." + ::= { expErrorEntry 4 } + +-- +-- Object Table +-- + +expObjectTable OBJECT-TYPE + SYNTAX SEQUENCE OF ExpObjectEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of object definitions for each expExpression. + + Wildcarding instance IDs: + + It is legal to omit all or part of the instance portion for + some or all of the objects in an expression. (See the + DESCRIPTION of expObjectID for details. However, note that + if more than one object in the same expression is wildcarded + in this way, they all must be objects where that portion of + the instance is the same. In other words, all objects may be + in the same SEQUENCE or in different SEQUENCEs but with the + same semantic index value (e.g., a value of ifIndex) + for the wildcarded portion." + ::= { expDefine 3 } + +expObjectEntry OBJECT-TYPE + SYNTAX ExpObjectEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about an object. An application uses + expObjectEntryStatus to create entries in this table while + in the process of defining an expression. + + Values of read-create objects in this table may be + changed at any time." + INDEX { expExpressionOwner, expExpressionName, expObjectIndex } + ::= { expObjectTable 1 } + +ExpObjectEntry ::= SEQUENCE { + expObjectIndex Unsigned32, + expObjectID OBJECT IDENTIFIER, + expObjectIDWildcard TruthValue, + expObjectSampleType INTEGER, + expObjectDeltaDiscontinuityID OBJECT IDENTIFIER, + expObjectDiscontinuityIDWildcard TruthValue, + expObjectDiscontinuityIDType INTEGER, + expObjectConditional OBJECT IDENTIFIER, + expObjectConditionalWildcard TruthValue, + expObjectEntryStatus RowStatus +} + +expObjectIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Within an expression, a unique, numeric identification for an + object. Prefixed with a dollar sign ('$') this is used to + reference the object in the corresponding expExpression." + ::= { expObjectEntry 1 } + +expObjectID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The OBJECT IDENTIFIER (OID) of this object. The OID may be + fully qualified, meaning it includes a complete instance + identifier part (e.g., ifInOctets.1 or sysUpTime.0), or it + may not be fully qualified, meaning it may lack all or part + of the instance identifier. If the expObjectID is not fully + qualified, then expObjectWildcard must be set to true(1). + The value of the expression will be multiple + values, as if done for a GetNext sweep of the object. + + An object here may itself be the result of an expression but + recursion is not allowed. + + NOTE: The simplest implementations of this MIB may not allow + wildcards." + ::= { expObjectEntry 2 } + +expObjectIDWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A true value indicates the expObjecID of this row is a wildcard + object. False indicates that expObjectID is fully instanced. + If all expObjectWildcard values for a given expression are FALSE, + expExpressionPrefix will reflect a scalar object (i.e. will + be 0.0). + + NOTE: The simplest implementations of this MIB may not allow + wildcards." + DEFVAL { false } + ::= { expObjectEntry 3 } + +expObjectSampleType OBJECT-TYPE + SYNTAX INTEGER { absoluteValue(1), deltaValue(2), + changedValue(3) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The method of sampling the selected variable. + + An 'absoluteValue' is simply the present value of the object. + + A 'deltaValue' is the present value minus the previous value, + which was sampled expExpressionDeltaInterval seconds ago. + This is intended primarily for use with SNMP counters, which are + meaningless as an 'absoluteValue', but may be used with any + integer-based value. + + A 'changedValue' is a boolean for whether the present value is + different from the previous value. It is applicable to any data + type and results in an Unsigned32 with value 1 if the object's + value is changed and 0 if not. In all other respects it is as a + 'deltaValue' and all statements and operation regarding delta + values apply to changed values. + + When an expression contains both delta and absolute values + the absolute values are obtained at the end of the delta + period." + DEFVAL { absoluteValue } + ::= { expObjectEntry 4 } + +sysUpTimeInstance OBJECT IDENTIFIER ::= { sysUpTime 0 } + +expObjectDeltaDiscontinuityID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The OBJECT IDENTIFIER (OID) of a TimeTicks, TimeStamp, or + DateAndTime object that indicates a discontinuity in the value + at expObjectID. + + This object is instantiated only if expObjectSampleType is + 'deltaValue' or 'changedValue'. + + The OID may be for a leaf object (e.g. sysUpTime.0) or may + be wildcarded to match expObjectID. + + This object supports normal checking for a discontinuity in a + counter. Note that if this object does not point to sysUpTime + discontinuity checking must still check sysUpTime for an overall + discontinuity. + + If the object identified is not accessible no discontinuity + check will be made." + DEFVAL { sysUpTimeInstance } + ::= { expObjectEntry 5 } + +expObjectDiscontinuityIDWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A true value indicates the expObjectDeltaDiscontinuityID of + this row is a wildcard object. False indicates that + expObjectDeltaDiscontinuityID is fully instanced. + + This object is instantiated only if expObjectSampleType is + 'deltaValue' or 'changedValue'. + + NOTE: The simplest implementations of this MIB may not allow + wildcards." + DEFVAL { false } + ::= { expObjectEntry 6 } + +expObjectDiscontinuityIDType OBJECT-TYPE + SYNTAX INTEGER { timeTicks(1), timeStamp(2), dateAndTime(3) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value 'timeTicks' indicates the expObjectDeltaDiscontinuityID + of this row is of syntax TimeTicks. The value 'timeStamp' indicates + syntax TimeStamp. The value 'dateAndTime indicates syntax + DateAndTime. + + This object is instantiated only if expObjectSampleType is + 'deltaValue' or 'changedValue'." + DEFVAL { timeTicks } + ::= { expObjectEntry 7 } + +expObjectConditional OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The OBJECT IDENTIFIER (OID) of an object that overrides + whether the instance of expObjectID is to be considered + usable. If the value of the object at expObjectConditional + is 0 or not instantiated, the object at expObjectID is + treated as if it is not instantiated. In other words, + expObjectConditional is a filter that controls whether or + not to use the value at expObjectID. + + The OID may be for a leaf object (e.g. sysObjectID.0) or may be + wildcarded to match expObjectID. If expObject is wildcarded and + expObjectID in the same row is not, the wild portion of + expObjectConditional must match the wildcarding of the rest of + the expression. If no object in the expression is wildcarded + but expObjectConditional is, use the lexically first instance + (if any) of expObjectConditional. + + If the value of expObjectConditional is 0.0 operation is + as if the value pointed to by expObjectConditional is a + non-zero (true) value. + + Note that expObjectConditional can not trivially use an object + of syntax TruthValue, since the underlying value is not 0 or 1." + DEFVAL { zeroDotZero } + ::= { expObjectEntry 8 } + + expObjectConditionalWildcard OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A true value indicates the expObjectConditional of this row is + a wildcard object. False indicates that expObjectConditional is + fully instanced. + + NOTE: The simplest implementations of this MIB may not allow + wildcards." + DEFVAL { false } + ::= { expObjectEntry 9 } + +expObjectEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The control that allows creation/deletion of entries. + + Objects in this table may be changed while + expObjectEntryStatus is in any state." + ::= { expObjectEntry 10 } + +-- +-- Expression Value Table +-- + +expValueTable OBJECT-TYPE + SYNTAX SEQUENCE OF ExpValueEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of values from evaluated expressions." + ::= { expValue 1 } + +expValueEntry OBJECT-TYPE + SYNTAX ExpValueEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A single value from an evaluated expression. For a given + instance, only one 'Val' object in the conceptual row will be + instantiated, that is, the one with the appropriate type for + the value. For values that contain no objects of + expObjectSampleType 'deltaValue' or 'changedValue', reading a + value from the table causes the evaluation of the expression + for that value. For those that contain a 'deltaValue' or + 'changedValue' the value read is as of the last sampling + interval. + + If in the attempt to evaluate the expression one or more + of the necessary objects is not available, the corresponding + entry in this table is effectively not instantiated. + + To maintain security of MIB information, when creating a new + row in this table, the managed system must record the security + credentials of the requester. These security credentials are + the parameters necessary as inputs to isAccessAllowed from + [RFC2571]. When obtaining the objects that make up the + expression, the system must (conceptually) use isAccessAllowed to + ensure that it does not violate security. + + The evaluation of that expression takes place under the + + security credentials of the creator of its expExpressionEntry. + + To maintain security of MIB information, expression evaluation must + take place using security credentials for the implied Gets of the + objects in the expression as inputs (conceptually) to + isAccessAllowed from the Architecture for Describing SNMP + Management Frameworks. These are the security credentials of the + creator of the corresponding expExpressionEntry." + INDEX { expExpressionOwner, expExpressionName, + IMPLIED expValueInstance } + ::= { expValueTable 1 } + +ExpValueEntry ::= SEQUENCE { + expValueInstance OBJECT IDENTIFIER, + expValueCounter32Val Counter32, + expValueUnsigned32Val Unsigned32, + expValueTimeTicksVal TimeTicks, + expValueInteger32Val Integer32, + expValueIpAddressVal IpAddress, + expValueOctetStringVal OCTET STRING, + expValueOidVal OBJECT IDENTIFIER, + expValueCounter64Val Counter64 +} + +expValueInstance OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The final instance portion of a value's OID according to + the wildcarding in instances of expObjectID for the + expression. The prefix of this OID fragment is 0.0, + leading to the following behavior. + + If there is no wildcarding, the value is 0.0.0. In other + words, there is one value which standing alone would have + been a scalar with a 0 at the end of its OID. + + If there is wildcarding, the value is 0.0 followed by + a value that the wildcard can take, thus defining one value + instance for each real, possible value of the wildcard. + So, for example, if the wildcard worked out to be an ifIndex, + there is an expValueInstance for each applicable ifIndex." + ::= { expValueEntry 1 } + +expValueCounter32Val OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'counter32'." + ::= { expValueEntry 2 } + +expValueUnsigned32Val OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'unsigned32'." + ::= { expValueEntry 3 } + +expValueTimeTicksVal OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'timeTicks'." + ::= { expValueEntry 4 } + +expValueInteger32Val OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'integer32'." + ::= { expValueEntry 5 } + +expValueIpAddressVal OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'ipAddress'." + ::= { expValueEntry 6 } + +expValueOctetStringVal OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..65536)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'octetString'." + ::= { expValueEntry 7 } + +expValueOidVal OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'objectId'." + ::= { expValueEntry 8 } + +expValueCounter64Val OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when expExpressionValueType is 'counter64'." + ::= { expValueEntry 9 } + +-- +-- Conformance +-- + +dismanExpressionMIBConformance OBJECT IDENTIFIER ::= + { dismanExpressionMIB 3 } +dismanExpressionMIBCompliances OBJECT IDENTIFIER ::= + { dismanExpressionMIBConformance 1 } +dismanExpressionMIBGroups OBJECT IDENTIFIER ::= + { dismanExpressionMIBConformance 2 } + +-- Compliance + +dismanExpressionMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the Expression MIB." + MODULE -- this module + MANDATORY-GROUPS { + dismanExpressionResourceGroup, + dismanExpressionDefinitionGroup, + dismanExpressionValueGroup + } + + OBJECT expResourceDeltaMinimum + SYNTAX Integer32 (-1 | 60..600) + DESCRIPTION + "Implementation need not allow deltas or it may + implement them and restrict them to higher values." + + OBJECT expObjectSampleType + WRITE-SYNTAX INTEGER { absoluteValue(1) } + DESCRIPTION + "Implementation may disallow deltas calculation or + + change detection." + + OBJECT expObjectIDWildcard + WRITE-SYNTAX INTEGER { false(2) } + DESCRIPTION + "Implementation may allow wildcards." + + OBJECT expObjectDiscontinuityIDWildcard + WRITE-SYNTAX INTEGER { false(2) } + DESCRIPTION + "Implementation need not allow wildcards." + + OBJECT expObjectConditionalWildcard + WRITE-SYNTAX INTEGER { false(2) } + DESCRIPTION + "Implementation need not allow deltas wildcards." + ::= { dismanExpressionMIBCompliances 1 } + +-- Units of Conformance + +dismanExpressionResourceGroup OBJECT-GROUP + OBJECTS { + expResourceDeltaMinimum, + expResourceDeltaWildcardInstanceMaximum, + expResourceDeltaWildcardInstances, + expResourceDeltaWildcardInstancesHigh, + expResourceDeltaWildcardInstanceResourceLacks + } + STATUS current + DESCRIPTION + "Expression definition resource management." + ::= { dismanExpressionMIBGroups 1 } + +dismanExpressionDefinitionGroup OBJECT-GROUP + OBJECTS { + expExpression, + expExpressionValueType, + expExpressionComment, + expExpressionDeltaInterval, + expExpressionPrefix, + expExpressionErrors, + expExpressionEntryStatus, + expErrorTime, + expErrorIndex, + expErrorCode, + expErrorInstance, + expObjectID, + expObjectIDWildcard, + expObjectSampleType, + expObjectDeltaDiscontinuityID, + expObjectDiscontinuityIDWildcard, + expObjectDiscontinuityIDType, + expObjectConditional, + expObjectConditionalWildcard, + expObjectEntryStatus + } + STATUS current + DESCRIPTION + "Expression definition." + ::= { dismanExpressionMIBGroups 2 } + +dismanExpressionValueGroup OBJECT-GROUP + OBJECTS { + expValueCounter32Val, + expValueUnsigned32Val, + expValueTimeTicksVal, + expValueInteger32Val, + expValueIpAddressVal, + expValueOctetStringVal, + expValueOidVal, + expValueCounter64Val + } + STATUS current + DESCRIPTION + "Expression value." + ::= { dismanExpressionMIBGroups 3 } + +END diff --git a/data/mibs/DISMAN-NSLOOKUP-MIB.txt b/data/mibs/DISMAN-NSLOOKUP-MIB.txt new file mode 100644 index 000000000..b12ca53dd --- /dev/null +++ b/data/mibs/DISMAN-NSLOOKUP-MIB.txt @@ -0,0 +1,509 @@ +DISMAN-NSLOOKUP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Unsigned32, mib-2, Integer32 + FROM SNMPv2-SMI -- RFC2578 + RowStatus + FROM SNMPv2-TC -- RFC2579 + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF -- RFC2580 + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB -- RFC3411 + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB; -- RFC4001 + + lookupMIB MODULE-IDENTITY + LAST-UPDATED "200606130000Z" -- 13 June 2006 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "Juergen Quittek + + NEC Europe Ltd. + Network Laboratories + Kurfuersten-Anlage 36 + 69115 Heidelberg + Germany + + Phone: +49 6221 4342-115 + Email: quittek@netlab.nec.de" + DESCRIPTION + "The Lookup MIB (DISMAN-NSLOOKUP-MIB) enables determination + of either the name(s) corresponding to a host address or of + the address(es) associated with a host name at a remote + host. + + Copyright (C) The Internet Society (2006). This version of + this MIB module is part of RFC 4560; see the RFC itself for + full legal notices." + + -- Revision history + + REVISION "200606130000Z" -- 13 June 2006 + DESCRIPTION + "Updated version, published as RFC 4560. + - Replaced references to RFC 2575 by RFC 3415 + - Replaced references to RFC 2571 by RFC 3411 + - Replaced references to RFC 2851 by RFC 4001 + - Added value enabled(1) to SYNTAX clause of + lookupCtlOperStatus + - Added lookupMinimumCompliance + - Defined semantics of value 0 for object + lookupPurgeTime + - Added DEFVAL { unknown } to object + lookupCtlTargetAddressType OBJECT-TYPE" + + REVISION "200009210000Z" -- 21 September 2000 + DESCRIPTION + "Initial version, published as RFC 2925." + ::= { mib-2 82 } + + -- Top level structure of the MIB + + lookupObjects OBJECT IDENTIFIER ::= { lookupMIB 1 } + lookupConformance OBJECT IDENTIFIER ::= { lookupMIB 2 } + + -- Simple Object Definitions + + lookupMaxConcurrentRequests OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "requests" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of concurrent active lookup requests + that are allowed within an agent implementation. A value + of 0 for this object implies that there is no limit for + the number of concurrent active requests in effect. + + The limit applies only to new requests being activated. + When a new value is set, the agent will continue processing + all the requests already active, even if their number + exceed the limit just imposed." + DEFVAL { 10 } + ::= { lookupObjects 1 } + + lookupPurgeTime OBJECT-TYPE + SYNTAX Unsigned32 (0..86400) + UNITS "seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The amount of time to wait before automatically + deleting an entry in the lookupCtlTable and any + dependent lookupResultsTable entries + after the lookup operation represented by a + lookupCtlEntry has been completed. + A lookupCtEntry is considered complete + when its lookupCtlOperStatus object has a + value of completed(3). + + A value of 0 indicates that automatic deletion + of entries is disabled." + DEFVAL { 900 } -- 15 minutes as default + ::= { lookupObjects 2 } + + -- Lookup Control Table + + lookupCtlTable OBJECT-TYPE + SYNTAX SEQUENCE OF LookupCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Lookup Control Table for providing + the capability of performing a lookup operation + for a symbolic host name or for a host address + from a remote host." + ::= { lookupObjects 3 } + + lookupCtlEntry OBJECT-TYPE + SYNTAX LookupCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the lookupCtlTable. A + lookupCtlEntry is initially indexed by + lookupCtlOwnerIndex, which is a type of SnmpAdminString, + a textual convention that allows for the use of the SNMPv3 + View-Based Access Control Model (RFC 3415, VACM) + and that also allows a management application to identify + its entries. The second index element, + lookupCtlOperationName, enables the same + lookupCtlOwnerIndex entity to have multiple outstanding + requests. The value of lookupCtlTargetAddressType + determines which lookup function to perform." + INDEX { + lookupCtlOwnerIndex, + lookupCtlOperationName + } + ::= { lookupCtlTable 1 } + + LookupCtlEntry ::= + SEQUENCE { + lookupCtlOwnerIndex SnmpAdminString, + lookupCtlOperationName SnmpAdminString, + lookupCtlTargetAddressType InetAddressType, + lookupCtlTargetAddress InetAddress, + lookupCtlOperStatus INTEGER, + lookupCtlTime Unsigned32, + lookupCtlRc Integer32, + lookupCtlRowStatus RowStatus + } + + lookupCtlOwnerIndex OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "To facilitate the provisioning of access control by a + security administrator using the View-Based Access + Control Model (RFC 2575, VACM) for tables in which + multiple users may need to create or + modify entries independently, the initial index is used as + an 'owner index'. Such an initial index has a syntax of + SnmpAdminString and can thus be trivially mapped to a + + securityName or groupName defined in VACM, in + accordance with a security policy. + + When used in conjunction with such a security policy all + entries in the table belonging to a particular user (or + group) will have the same value for this initial index. + For a given user's entries in a particular table, the + object identifiers for the information in these entries + will have the same subidentifiers (except for the + 'column' subidentifier) up to the end of the encoded + owner index. To configure VACM to permit access to this + portion of the table, one would create + vacmViewTreeFamilyTable entries with the value of + vacmViewTreeFamilySubtree including the owner index + portion, and vacmViewTreeFamilyMask 'wildcarding' the + column subidentifier. More elaborate configurations + are possible." + ::= { lookupCtlEntry 1 } + + lookupCtlOperationName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of a lookup operation. This is locally unique, + within the scope of an lookupCtlOwnerIndex." + ::= { lookupCtlEntry 2 } + + lookupCtlTargetAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the type of address for performing a + lookup operation for a symbolic host name or for a host + address from a remote host. + + Specification of dns(16) as the value for this object + means that a function such as, for example, getaddrinfo() + or gethostbyname() should be performed to return one or + more numeric addresses. Use of a value of either ipv4(1) + or ipv6(2) means that a functions such as, for example, + getnameinfo() or gethostbyaddr() should be used to return + the symbolic names associated with a host." + DEFVAL { unknown } + ::= { lookupCtlEntry 3 } + + lookupCtlTargetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the address used for a resolver lookup at a + remote host. The corresponding lookupCtlTargetAddressType + objects determines its type, as well as the function + that can be requested. + + A value for this object MUST be set prior to + transitioning its corresponding lookupCtlEntry to + active(1) via lookupCtlRowStatus." + ::= { lookupCtlEntry 4 } + + lookupCtlOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), -- operation is active + notStarted(2), -- operation has not started + completed(3) -- operation is done + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects the operational state of an lookupCtlEntry: + + enabled(1) - Operation is active. + notStarted(2) - Operation has not been enabled. + completed(3) - Operation has been completed. + + An operation is automatically enabled(1) when its + lookupCtlRowStatus object is transitioned to active(1) + status. Until this occurs, lookupCtlOperStatus MUST + report a value of notStarted(2). After the lookup + operation is completed (success or failure), the value + for lookupCtlOperStatus MUST be transitioned to + completed(3)." + ::= { lookupCtlEntry 5 } + + lookupCtlTime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reports the number of milliseconds that a lookup + operation required to be completed at a remote host. + Completed means operation failure as well as + + success." + ::= { lookupCtlEntry 6 } + + lookupCtlRc OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system-specific return code from a lookup + operation. All implementations MUST return a value + of 0 for this object when the remote lookup + operation succeeds. A non-zero value for this + objects indicates failure. It is recommended that + implementations return the error codes that are + generated by the lookup function used." + ::= { lookupCtlEntry 7 } + + lookupCtlRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows entries to be created and deleted + in the lookupCtlTable. + + A remote lookup operation is started when an + entry in this table is created via an SNMP set + request and the entry is activated. This + occurs by setting the value of this object + to CreateAndGo(4) during row creation or + by setting this object to active(1) after + the row is created. + + A value MUST be specified for lookupCtlTargetAddress + prior to the acceptance of a transition to active(1) state. + A remote lookup operation starts when its entry + first becomes active(1). Transitions in and + out of active(1) state have no effect on the + operational behavior of a remote lookup + operation, with the exception that deletion of + an entry in this table by setting its RowStatus + object to destroy(6) will stop an active + remote lookup operation. + + The operational state of a remote lookup operation + can be determined by examination of its + lookupCtlOperStatus object." + REFERENCE + "See definition of RowStatus in RFC 2579, + 'Textual Conventions for SMIv2.'" + ::= { lookupCtlEntry 8 } + +-- Lookup Results Table + + lookupResultsTable OBJECT-TYPE + SYNTAX SEQUENCE OF LookupResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Lookup Results Table for providing + the capability of determining the results of a + operation at a remote host. + + One or more entries are added to the + lookupResultsTable when a lookup operation, + as reflected by an lookupCtlEntry, is completed + successfully. All entries related to a + successful lookup operation MUST be added + to the lookupResultsTable at the same time + that the associating lookupCtlOperStatus + object is transitioned to completed(2). + + The number of entries added depends on the + results determined for a particular lookup + operation. All entries associated with an + lookupCtlEntry are removed when the + lookupCtlEntry is deleted. + + A remote host can be multi-homed and have more than one IP + address associated with it (returned by lookup function), + or it can have more than one symbolic name (returned + by lookup function). + + A function such as, for example, getnameinfo() or + gethostbyaddr() is called with a host address as its + parameter and is used primarily to determine a symbolic + name to associate with the host address. Entries in the + lookupResultsTable MUST be made for each host name + returned. If the function identifies an 'official host + name,' then this symbolic name MUST be assigned a + lookupResultsIndex of 1. + + A function such as, for example, getaddrinfo() or + gethostbyname() is called with a symbolic host name and is + used primarily to retrieve a host address. The entries + + MUST be stored in the order that they are retrieved from + the lookup function. lookupResultsIndex 1 MUST be + assigned to the first entry." + ::= { lookupObjects 4 } + + lookupResultsEntry OBJECT-TYPE + SYNTAX LookupResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the lookupResultsTable. The + first two index elements identify the + lookupCtlEntry that a lookupResultsEntry belongs + to. The third index element selects a single + lookup operation result." + INDEX { + lookupCtlOwnerIndex, + lookupCtlOperationName, + lookupResultsIndex + } + ::= { lookupResultsTable 1 } + + LookupResultsEntry ::= + SEQUENCE { + lookupResultsIndex Unsigned32, + lookupResultsAddressType InetAddressType, + lookupResultsAddress InetAddress + } + + lookupResultsIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..'ffffffff'h) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Entries in the lookupResultsTable are created when + the result of a lookup operation is determined. + + Entries MUST be stored in the lookupResultsTable in + the order that they are retrieved. Values assigned + to lookupResultsIndex MUST start at 1 and increase + consecutively." + ::= { lookupResultsEntry 1 } + + lookupResultsAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the type of result of a remote lookup + operation. A value of unknown(0) implies either that + the operation hasn't been started or that + it has failed." + ::= { lookupResultsEntry 2 } + + lookupResultsAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects a result for a remote lookup operation + as per the value of lookupResultsAddressType. + + The address type (InetAddressType) that relates to + this object is specified by the corresponding value + of lookupResultsAddress." + ::= { lookupResultsEntry 3 } + + -- Conformance information + -- Compliance statements + + lookupCompliances OBJECT IDENTIFIER ::= { lookupConformance 1 } + lookupGroups OBJECT IDENTIFIER ::= { lookupConformance 2 } + + -- Compliance statements + + lookupCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities that + fully implement the DISMAN-NSLOOKUP-MIB." + MODULE -- this module + MANDATORY-GROUPS { lookupGroup } + + OBJECT lookupMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT lookupPurgeTime + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support a set + operation to this object." + ::= { lookupCompliances 1 } + + lookupMinimumCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The minimum compliance statement for SNMP entities + that implement the minimal subset of the + DISMAN-NSLOOKUP-MIB. Implementors might choose this + subset for small devices with limited resources." + MODULE -- this module + MANDATORY-GROUPS { lookupGroup } + + OBJECT lookupMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT lookupPurgeTime + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support a set + operation to this object." + + OBJECT lookupCtlRowStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, then at least one entry in the + lookupCtlTable MUST be established already when the SNMP + agent starts offering access to the NSLOOKUP-MIB module. + If, in such a case, only a single entry is offered, then + it is RECOMMENDED that this entry use strings with a + length of 0 for both of its two index objects." + ::= { lookupCompliances 2 } + + -- MIB groupings + + lookupGroup OBJECT-GROUP + OBJECTS { + lookupMaxConcurrentRequests, + lookupPurgeTime, + lookupCtlOperStatus, + lookupCtlTargetAddressType, + lookupCtlTargetAddress, + lookupCtlTime, + lookupCtlRc, + lookupCtlRowStatus, + lookupResultsAddressType, + lookupResultsAddress + } + STATUS current + DESCRIPTION + "The group of objects that constitute the remote + Lookup operation." + ::= { lookupGroups 1 } + +END diff --git a/data/mibs/DISMAN-PING-MIB.txt b/data/mibs/DISMAN-PING-MIB.txt new file mode 100644 index 000000000..645ff8c7d --- /dev/null +++ b/data/mibs/DISMAN-PING-MIB.txt @@ -0,0 +1,1561 @@ +DISMAN-PING-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, + Unsigned32, Gauge32, mib-2, + NOTIFICATION-TYPE, OBJECT-IDENTITY + FROM SNMPv2-SMI -- RFC2578 + TEXTUAL-CONVENTION, RowStatus, + StorageType, DateAndTime, TruthValue + FROM SNMPv2-TC -- RFC2579 + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF -- RFC2580 + InterfaceIndexOrZero -- RFC2863 + FROM IF-MIB + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB -- RFC3411 + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB; -- RFC4001 + + pingMIB MODULE-IDENTITY + LAST-UPDATED "200606130000Z" -- 13 June 2006 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "Juergen Quittek + + NEC Europe Ltd. + Network Laboratories + Kurfuersten-Anlage 36 + 69115 Heidelberg + Germany + + Phone: +49 6221 4342-115 + + Email: quittek@netlab.nec.de" + DESCRIPTION + "The Ping MIB (DISMAN-PING-MIB) provides the capability of + controlling the use of the ping function at a remote + host. + + Copyright (C) The Internet Society (2006). This version of + this MIB module is part of RFC 4560; see the RFC itself for + full legal notices." + + -- Revision history + + REVISION "200606130000Z" -- 13 June 2006 + DESCRIPTION + "Updated version, published as RFC 4560. + - Correctly considered IPv6 in DESCRIPTION + clause of pingCtlDataSize + - Replaced references to RFC 2575 by RFC 3415 + - Replaced references to RFC 2571 by RFC 3411 + - Replaced references to RFC 2851 by RFC 4001 + - Added DEFVAL { {} } to definition of + pingCtlTrapGeneration + - Changed DEFVAL of object pingCtlDescr from + DEFVAL { '00'H } to DEFVAL { ''H } + - Changed DEFVAL of object pingCtlSourceAddressType + from DEFVAL { ipv4 } to DEFVAL { unknown } + - Extended DESCRIPTION clause of pingResultsTable + describing re-initialization of entries + - Changed SYNTAX of pingResultsProbeResponses and + pingResultsSentProbes from Unsigned32 to Gauge32 + - Changed status of pingCompliance to deprecated + - Added pingFullCompliance and pingMinimumCompliance + - Changed status of pingGroup and pingTimeStampGroup + to deprecated + - Added pingMinimumGroup, pingCtlRowStatusGroup, + and pingHistoryGroup" + + REVISION "200009210000Z" -- 21 September 2000 + DESCRIPTION + "Initial version, published as RFC 2925." + ::= { mib-2 80 } + + -- Textual Conventions + + OperationResponseStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Used to report the result of an operation: + + responseReceived(1) - Operation is completed successfully. + unknown(2) - Operation failed due to unknown error. + internalError(3) - An implementation detected an error + in its own processing that caused an operation + to fail. + requestTimedOut(4) - Operation failed to receive a + valid reply within the time limit imposed on it. + unknownDestinationAddress(5) - Invalid destination + address. + noRouteToTarget(6) - Could not find a route to target. + interfaceInactiveToTarget(7) - The interface to be + used in sending a probe is inactive, and an + alternate route does not exist. + arpFailure(8) - Unable to resolve a target address to a + media-specific address. + maxConcurrentLimitReached(9) - The maximum number of + concurrent active operations would have been exceeded + if the corresponding operation was allowed. + unableToResolveDnsName(10) - The DNS name specified was + unable to be mapped to an IP address. + invalidHostAddress(11) - The IP address for a host + has been determined to be invalid. Examples of this + are broadcast or multicast addresses." + SYNTAX INTEGER { + responseReceived(1), + unknown(2), + internalError(3), + requestTimedOut(4), + unknownDestinationAddress(5), + noRouteToTarget(6), + interfaceInactiveToTarget(7), + arpFailure(8), + maxConcurrentLimitReached(9), + unableToResolveDnsName(10), + invalidHostAddress(11) + } + + -- Top level structure of the MIB + + pingNotifications OBJECT IDENTIFIER ::= { pingMIB 0 } + pingObjects OBJECT IDENTIFIER ::= { pingMIB 1 } + pingConformance OBJECT IDENTIFIER ::= { pingMIB 2 } + + -- The registration node (point) for ping implementation types + + pingImplementationTypeDomains OBJECT IDENTIFIER ::= { pingMIB 3 } + + pingIcmpEcho OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Indicates that an implementation is using the Internet + Control Message Protocol (ICMP) 'ECHO' facility." + ::= { pingImplementationTypeDomains 1 } + + pingUdpEcho OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Indicates that an implementation is using the UDP echo + port (7)." + REFERENCE + "RFC 862, 'Echo Protocol'." + ::= { pingImplementationTypeDomains 2 } + + pingSnmpQuery OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Indicates that an implementation is using an SNMP query + to calculate a round trip time." + ::= { pingImplementationTypeDomains 3 } + + pingTcpConnectionAttempt OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Indicates that an implementation is attempting to + connect to a TCP port in order to calculate a round + trip time." + ::= { pingImplementationTypeDomains 4 } + + -- Simple Object Definitions + + pingMaxConcurrentRequests OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "requests" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of concurrent active ping requests + that are allowed within an agent implementation. A value + of 0 for this object implies that there is no limit for + the number of concurrent active requests in effect. + + The limit applies only to new requests being activated. + When a new value is set, the agent will continue processing + all the requests already active, even if their number + exceeds the limit just imposed." + DEFVAL { 10 } + ::= { pingObjects 1 } + + -- Ping Control Table + + pingCtlTable OBJECT-TYPE + SYNTAX SEQUENCE OF PingCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the ping Control Table for providing, via SNMP, + the capability of performing ping operations at + a remote host. The results of these operations are + stored in the pingResultsTable and the + pingProbeHistoryTable." + ::= { pingObjects 2 } + + pingCtlEntry OBJECT-TYPE + SYNTAX PingCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the pingCtlTable. The first index + element, pingCtlOwnerIndex, is of type SnmpAdminString, + a textual convention that allows for use of the SNMPv3 + View-Based Access Control Model (RFC 3415, VACM) + and that allows a management application to identify its + entries. The second index, pingCtlTestName (also an + SnmpAdminString), enables the same management + application to have multiple outstanding requests." + INDEX { + pingCtlOwnerIndex, + pingCtlTestName + } + ::= { pingCtlTable 1 } + + PingCtlEntry ::= + SEQUENCE { + pingCtlOwnerIndex SnmpAdminString, + pingCtlTestName SnmpAdminString, + pingCtlTargetAddressType InetAddressType, + pingCtlTargetAddress InetAddress, + pingCtlDataSize Unsigned32, + pingCtlTimeOut Unsigned32, + pingCtlProbeCount Unsigned32, + pingCtlAdminStatus INTEGER, + pingCtlDataFill OCTET STRING, + pingCtlFrequency Unsigned32, + pingCtlMaxRows Unsigned32, + pingCtlStorageType StorageType, + pingCtlTrapGeneration BITS, + pingCtlTrapProbeFailureFilter Unsigned32, + pingCtlTrapTestFailureFilter Unsigned32, + pingCtlType OBJECT IDENTIFIER, + pingCtlDescr SnmpAdminString, + pingCtlSourceAddressType InetAddressType, + pingCtlSourceAddress InetAddress, + pingCtlIfIndex InterfaceIndexOrZero, + pingCtlByPassRouteTable TruthValue, + pingCtlDSField Unsigned32, + pingCtlRowStatus RowStatus + } + + pingCtlOwnerIndex OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "To facilitate the provisioning of access control by a + security administrator using the View-Based Access + Control Model (RFC 2575, VACM) for tables in which + multiple users may need to create or + modify entries independently, the initial index is used + as an 'owner index'. Such an initial index has a syntax + of SnmpAdminString and can thus be trivially mapped to a + securityName or groupName defined in VACM, in + accordance with a security policy. + + When used in conjunction with such a security policy, all + entries in the table belonging to a particular user (or + group) will have the same value for this initial index. + For a given user's entries in a particular table, the + object identifiers for the information in these entries + will have the same subidentifiers (except for the 'column' + subidentifier) up to the end of the encoded owner index. + To configure VACM to permit access to this portion of the + table, one would create vacmViewTreeFamilyTable entries + with the value of vacmViewTreeFamilySubtree including + the owner index portion, and vacmViewTreeFamilyMask + 'wildcarding' the column subidentifier. More elaborate + configurations are possible." + ::= { pingCtlEntry 1 } + + pingCtlTestName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the ping test. This is locally unique, within + the scope of a pingCtlOwnerIndex." + ::= { pingCtlEntry 2 } + + pingCtlTargetAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the type of host address to be used at a remote + host for performing a ping operation." + DEFVAL { unknown } + ::= { pingCtlEntry 3 } + + pingCtlTargetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the host address to be used at a remote host for + performing a ping operation. The host address type is + determined by the value of the corresponding + pingCtlTargetAddressType. + + A value for this object MUST be set prior to transitioning + its corresponding pingCtlEntry to active(1) via + pingCtlRowStatus." + DEFVAL { ''H } + ::= { pingCtlEntry 4 } + + pingCtlDataSize OBJECT-TYPE + SYNTAX Unsigned32 (0..65507) + UNITS "octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the size of the data portion to be + transmitted in a ping operation, in octets. Whether this + value can be applied depends on the selected + implementation method for performing a ping operation, + indicated by pingCtlType in the same conceptual row. + If the method used allows applying the value contained + + in this object, then it MUST be applied. If the specified + size is not appropriate for the chosen ping method, the + implementation SHOULD use whatever size (appropriate to + the method) is closest to the specified size. + + The maximum value for this object was computed by + subtracting the smallest possible IP header size of + 20 octets (IPv4 header with no options) and the UDP + header size of 8 octets from the maximum IP packet size. + An IP packet has a maximum size of 65535 octets + (excluding IPv6 Jumbograms)." + DEFVAL { 0 } + ::= { pingCtlEntry 5 } + + pingCtlTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..60) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the time-out value, in seconds, for a + remote ping operation." + DEFVAL { 3 } + ::= { pingCtlEntry 6 } + + pingCtlProbeCount OBJECT-TYPE + SYNTAX Unsigned32 (1..15) + UNITS "probes" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the number of times to perform a ping + operation at a remote host as part of a single ping test." + DEFVAL { 1 } + ::= { pingCtlEntry 7 } + + pingCtlAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), -- test should be started + disabled(2) -- test should be stopped + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Reflects the desired state that a pingCtlEntry should be + in: + + enabled(1) - Attempt to activate the test as defined by + this pingCtlEntry. + disabled(2) - Deactivate the test as defined by this + pingCtlEntry. + + Refer to the corresponding pingResultsOperStatus to + determine the operational state of the test defined by + this entry." + DEFVAL { disabled } + ::= { pingCtlEntry 8 } + + pingCtlDataFill OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..1024)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The content of this object is used together with the + corresponding pingCtlDataSize value to determine how to + fill the data portion of a probe packet. The option of + selecting a data fill pattern can be useful when links + are compressed or have data pattern sensitivities. The + contents of pingCtlDataFill should be repeated in a ping + packet when the size of the data portion of the ping + packet is greater than the size of pingCtlDataFill." + DEFVAL { '00'H } + ::= { pingCtlEntry 9 } + + pingCtlFrequency OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds to wait before repeating a ping test + as defined by the value of the various objects in the + corresponding row. + + A single ping test consists of a series of ping probes. + The number of probes is determined by the value of the + corresponding pingCtlProbeCount object. After a single + test is completed the number of seconds as defined by the + value of pingCtlFrequency MUST elapse before the + next ping test is started. + + A value of 0 for this object implies that the test + as defined by the corresponding entry will not be + repeated." + DEFVAL { 0 } + ::= { pingCtlEntry 10 } + + pingCtlMaxRows OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "rows" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of corresponding entries allowed + in the pingProbeHistoryTable. An implementation of this + MIB will remove the oldest corresponding entry in the + pingProbeHistoryTable to allow the addition of an + new entry once the number of corresponding rows in the + pingProbeHistoryTable reaches this value. + + Old entries are not removed when a new test is + started. Entries are added to the pingProbeHistoryTable + until pingCtlMaxRows is reached before entries begin to + be removed. + + A value of 0 for this object disables creation of + pingProbeHistoryTable entries." + DEFVAL { 50 } + ::= { pingCtlEntry 11 } + + pingCtlStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { pingCtlEntry 12 } + + pingCtlTrapGeneration OBJECT-TYPE + SYNTAX BITS { + probeFailure(0), + testFailure(1), + testCompletion(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object determines when and whether + to generate a notification for this entry: + + probeFailure(0) - Generate a pingProbeFailed + notification subject to the value of + pingCtlTrapProbeFailureFilter. The object + pingCtlTrapProbeFailureFilter can be used + to specify the number of consecutive probe + failures that are required before a + pingProbeFailed notification can be generated. + testFailure(1) - Generate a pingTestFailed + notification. In this instance the object + pingCtlTrapTestFailureFilter can be used to + determine the number of probe failures that + signal when a test fails. + testCompletion(2) - Generate a pingTestCompleted + notification. + + By default, no bits are set, indicating that + none of the above options is selected." + DEFVAL { {} } -- no bits set. + ::= { pingCtlEntry 13 } + + pingCtlTrapProbeFailureFilter OBJECT-TYPE + SYNTAX Unsigned32 (0..15) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object is used to determine when + to generate a pingProbeFailed NOTIFICATION. + + Setting BIT probeFailure(0) of object + pingCtlTrapGeneration to '1' implies that a + pingProbeFailed NOTIFICATION is generated only when + + a number of consecutive ping probes equal to the + value of pingCtlTrapProbeFailureFilter fail within + a given ping test. After triggering the notification, + the probe failure counter is reset to zero." + DEFVAL { 1 } + ::= { pingCtlEntry 14 } + + pingCtlTrapTestFailureFilter OBJECT-TYPE + SYNTAX Unsigned32 (0..15) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object is used to determine when + to generate a pingTestFailed NOTIFICATION. + + Setting BIT testFailure(1) of object + + pingCtlTrapGeneration to '1' implies that a + pingTestFailed NOTIFICATION is generated only when + a number of consecutive ping tests equal to the + value of pingCtlTrapProbeFailureFilter fail. + After triggering the notification, the test failure + counter is reset to zero." + DEFVAL { 1 } + ::= { pingCtlEntry 15 } + + pingCtlType OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object is used either to report or + to select the implementation method to be used for + calculating a ping response time. The value of this + object MAY be selected from pingImplementationTypeDomains. + + Additional implementation types SHOULD be allocated as + required by implementers of the DISMAN-PING-MIB under + their enterprise-specific registration point and not + beneath pingImplementationTypeDomains." + DEFVAL { pingIcmpEcho } + ::= { pingCtlEntry 16 } + + pingCtlDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The purpose of this object is to provide a + descriptive name of the remote ping test." + DEFVAL { ''H } + ::= { pingCtlEntry 17 } + + pingCtlSourceAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the type of the source address, + pingCtlSourceAddress, to be used at a remote host + when a ping operation is performed." + DEFVAL { unknown } + ::= { pingCtlEntry 18 } + + pingCtlSourceAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Use the specified IP address (which must be given in + numeric form, not as a hostname) as the source address + in outgoing probe packets. On hosts with more than one + IP address, this option can be used to select the address + to be used. If the IP address is not one of this + machine's interface addresses, an error is returned and + nothing is sent. A zero-length octet string value for + this object disables source address specification. + + The address type (InetAddressType) that relates to + this object is specified by the corresponding value + of pingCtlSourceAddressType." + DEFVAL { ''H } + ::= { pingCtlEntry 19 } + + pingCtlIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Setting this object to an interface's ifIndex prior + to starting a remote ping operation directs + the ping probes to be transmitted over the + specified interface. A value of zero for this object + means that this option is not enabled." + DEFVAL { 0 } + ::= { pingCtlEntry 20 } + + pingCtlByPassRouteTable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The purpose of this object is to enable optional + bypassing the route table. If enabled, the remote + host will bypass the normal routing tables and send + directly to a host on an attached network. If the + host is not on a directly attached network, an + error is returned. This option can be used to perform + the ping operation to a local host through an + interface that has no route defined (e.g., after the + interface was dropped by the routing daemon at the host)." + DEFVAL { false } + ::= { pingCtlEntry 21 } + + pingCtlDSField OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value to store in the Type of Service + (TOS) octet in the IPv4 header or in the Traffic + Class octet in the IPv6 header, respectively, of the + IP packet used to encapsulate the ping probe. + + The octet to be set in the IP header contains the + Differentiated Services (DS) Field in the six most + significant bits. + + This option can be used to determine what effect an + explicit DS Field setting has on a ping response. + Not all values are legal or meaningful. A value of 0 + means that the function represented by this option is + not supported. DS Field usage is often not supported + by IP implementations, and not all values are supported. + Refer to RFC 2474 and RFC 3260 for guidance on usage of + this field." + REFERENCE + "Refer to RFC 1812 for the definition of the IPv4 TOS + octet and to RFC 2460 for the definition of the IPv6 + Traffic Class octet. Refer to RFC 2474 and RFC 3260 + for the definition of the Differentiated Services Field." + DEFVAL { 0 } + ::= { pingCtlEntry 22 } + + pingCtlRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows entries to be created and deleted + in the pingCtlTable. Deletion of an entry in this + table results in the deletion of all corresponding (same + pingCtlOwnerIndex and pingCtlTestName index values) + pingResultsTable and pingProbeHistoryTable entries. + + A value MUST be specified for pingCtlTargetAddress + prior to acceptance of a transition to active(1) state. + + When a value for pingCtlTargetAddress is set, + the value of object pingCtlRowStatus changes + from notReady(3) to notInService(2). + + Activation of a remote ping operation is controlled + via pingCtlAdminStatus, not by changing + this object's value to active(1). + + Transitions in and out of active(1) state are not + allowed while an entry's pingResultsOperStatus is + active(1), with the exception that deletion of + an entry in this table by setting its RowStatus + object to destroy(6) will stop an active + ping operation. + + The operational state of a ping operation + can be determined by examination of its + pingResultsOperStatus object." + REFERENCE + "See definition of RowStatus in RFC 2579, 'Textual + Conventions for SMIv2.'" + ::= { pingCtlEntry 23 } + +-- Ping Results Table + + pingResultsTable OBJECT-TYPE + SYNTAX SEQUENCE OF PingResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Ping Results Table for providing + the capability of performing ping operations at + a remote host. The results of these operations are + stored in the pingResultsTable and the pingProbeHistoryTable. + + An entry is added to the pingResultsTable when an + pingCtlEntry is started by successful transition + of its pingCtlAdminStatus object to enabled(1). + + If the object pingCtlAdminStatus already has the value + enabled(1), and if the corresponding pingResultsOperStatus + object has the value completed(3), then successfully writing + enabled(1) to object pingCtlAdminStatus re-initializes the + already existing entry in the pingResultsTable. The values + of objects in the re-initialized entry are the same as the + values of objects in a new entry would be. + + An entry is removed from the pingResultsTable when + its corresponding pingCtlEntry is deleted." + ::= { pingObjects 3 } + + pingResultsEntry OBJECT-TYPE + SYNTAX PingResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the pingResultsTable. The + pingResultsTable has the same indexing as the + pingCtlTable so that a pingResultsEntry + corresponds to the pingCtlEntry that caused it to + be created." + INDEX { + pingCtlOwnerIndex, + pingCtlTestName + } + ::= { pingResultsTable 1 } + + PingResultsEntry ::= + SEQUENCE { + pingResultsOperStatus INTEGER, + pingResultsIpTargetAddressType InetAddressType, + pingResultsIpTargetAddress InetAddress, + pingResultsMinRtt Unsigned32, + pingResultsMaxRtt Unsigned32, + pingResultsAverageRtt Unsigned32, + pingResultsProbeResponses Gauge32, + pingResultsSentProbes Gauge32, + pingResultsRttSumOfSquares Unsigned32, + pingResultsLastGoodProbe DateAndTime + } + + pingResultsOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), -- test is in progress + disabled(2), -- test has stopped + completed(3) -- test is completed + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects the operational state of a pingCtlEntry: + + enabled(1) - Test is active. + disabled(2) - Test has stopped. + completed(3) - Test is completed." + ::= { pingResultsEntry 1 } + + pingResultsIpTargetAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the type of address stored + in the corresponding pingResultsIpTargetAddress + object." + DEFVAL { unknown } + ::= { pingResultsEntry 2 } + + pingResultsIpTargetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object reports the IP address associated + with a pingCtlTargetAddress value when the destination + address is specified as a DNS name. The value of + this object should be a zero-length octet string + when a DNS name is not specified or when a + specified DNS name fails to resolve. + + The address type (InetAddressType) that relates to + this object is specified by the corresponding value + of pingResultsIpTargetAddressType." + DEFVAL { ''H } + ::= { pingResultsEntry 3 } + + pingResultsMinRtt OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum ping round-trip-time (RTT) received. A value + of 0 for this object implies that no RTT has been received." + ::= { pingResultsEntry 4 } + + pingResultsMaxRtt OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum ping round-trip-time (RTT) received. A value + of 0 for this object implies that no RTT has been received." + ::= { pingResultsEntry 5 } + + pingResultsAverageRtt OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current average ping round-trip-time (RTT)." + ::= { pingResultsEntry 6 } + + pingResultsProbeResponses OBJECT-TYPE + SYNTAX Gauge32 + UNITS "responses" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of responses received for the corresponding + pingCtlEntry and pingResultsEntry. The value of this object + MUST be reported as 0 when no probe responses have been + received." + ::= { pingResultsEntry 7 } + + pingResultsSentProbes OBJECT-TYPE + SYNTAX Gauge32 + UNITS "probes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object reflects the number of probes sent + for the corresponding pingCtlEntry and pingResultsEntry. + The value of this object MUST be reported as 0 when no probes + have been sent." + ::= { pingResultsEntry 8 } + + pingResultsRttSumOfSquares OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains the sum of the squares for all ping + responses received. Its purpose is to enable standard + deviation calculation. The value of this object MUST + be reported as 0 when no ping responses have been + received." + ::= { pingResultsEntry 9 } + + pingResultsLastGoodProbe OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Date and time when the last response was received for + a probe." + ::= { pingResultsEntry 10 } + + -- Ping Probe History Table + + pingProbeHistoryTable OBJECT-TYPE + SYNTAX SEQUENCE OF PingProbeHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines a table for storing the results of ping + operations. The number of entries in this table is + limited per entry in the pingCtlTable by the value + of the corresponding pingCtlMaxRows object. + + An entry in this table is created when the result of + a ping probe is determined. The initial 2 instance + identifier index values identify the pingCtlEntry + that a probe result (pingProbeHistoryEntry) belongs + to. An entry is removed from this table when + its corresponding pingCtlEntry is deleted. + + An implementation of this MIB will remove the oldest + entry in the pingProbeHistoryTable of the + corresponding entry in the pingCtlTable to allow + the addition of an new entry once the number of rows + in the pingProbeHistoryTable reaches the value + specified by pingCtlMaxRows for the corresponding + entry in the pingCtlTable." + ::= { pingObjects 4 } + + pingProbeHistoryEntry OBJECT-TYPE + SYNTAX PingProbeHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the pingProbeHistoryTable. + The first two index elements identify the + pingCtlEntry that a pingProbeHistoryEntry belongs + to. The third index element selects a single + probe result." + INDEX { + + pingCtlOwnerIndex, + pingCtlTestName, + pingProbeHistoryIndex + } + ::= { pingProbeHistoryTable 1 } + + PingProbeHistoryEntry ::= + SEQUENCE { + pingProbeHistoryIndex Unsigned32, + pingProbeHistoryResponse Unsigned32, + pingProbeHistoryStatus OperationResponseStatus, + pingProbeHistoryLastRC Integer32, + pingProbeHistoryTime DateAndTime + } + + pingProbeHistoryIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..'ffffffff'h) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in this table is created when the result of + a ping probe is determined. The initial 2 instance + identifier index values identify the pingCtlEntry + that a probe result (pingProbeHistoryEntry) belongs + to. + + An implementation MUST start assigning + pingProbeHistoryIndex values at 1 and wrap after + exceeding the maximum possible value as defined by + the limit of this object ('ffffffff'h)." + ::= { pingProbeHistoryEntry 1 } + + pingProbeHistoryResponse OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time measured in milliseconds from when + a probe was sent to when its response was received or + when it timed out. The value of this object is reported + as 0 when it is not possible to transmit a probe." + ::= { pingProbeHistoryEntry 2 } + + pingProbeHistoryStatus OBJECT-TYPE + SYNTAX OperationResponseStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The result of a particular probe done by a remote host." + ::= { pingProbeHistoryEntry 3 } + + pingProbeHistoryLastRC OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The last implementation-method-specific reply code received. + If the ICMP Echo capability is being used, then a successful + probe ends when an ICMP response is received that contains + the code ICMP_ECHOREPLY(0). The ICMP codes are maintained + by IANA. Standardized ICMP codes are listed at + http://www.iana.org/assignments/icmp-parameters. + The ICMPv6 codes are listed at + http://www.iana.org/assignments/icmpv6-parameters." + ::= { pingProbeHistoryEntry 4 } + + pingProbeHistoryTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Timestamp for when this probe result was determined." + ::= { pingProbeHistoryEntry 5 } + + -- Notification Definition section + + pingProbeFailed NOTIFICATION-TYPE + OBJECTS { + pingCtlTargetAddressType, + pingCtlTargetAddress, + pingResultsOperStatus, + pingResultsIpTargetAddressType, + pingResultsIpTargetAddress, + pingResultsMinRtt, + pingResultsMaxRtt, + pingResultsAverageRtt, + pingResultsProbeResponses, + pingResultsSentProbes, + pingResultsRttSumOfSquares, + pingResultsLastGoodProbe + } + STATUS current + DESCRIPTION + "Generated when a probe failure is detected, when the + + corresponding pingCtlTrapGeneration object is set to + probeFailure(0), subject to the value of + pingCtlTrapProbeFailureFilter. The object + pingCtlTrapProbeFailureFilter can be used to specify the + number of consecutive probe failures that are required + before this notification can be generated." + ::= { pingNotifications 1 } + + pingTestFailed NOTIFICATION-TYPE + OBJECTS { + pingCtlTargetAddressType, + pingCtlTargetAddress, + pingResultsOperStatus, + pingResultsIpTargetAddressType, + pingResultsIpTargetAddress, + pingResultsMinRtt, + pingResultsMaxRtt, + pingResultsAverageRtt, + pingResultsProbeResponses, + pingResultsSentProbes, + pingResultsRttSumOfSquares, + pingResultsLastGoodProbe + } + STATUS current + DESCRIPTION + "Generated when a ping test is determined to have failed, + when the corresponding pingCtlTrapGeneration object is + set to testFailure(1). In this instance, + pingCtlTrapTestFailureFilter should specify the number of + probes in a test required to have failed in order to + consider the test failed." + ::= { pingNotifications 2 } + + pingTestCompleted NOTIFICATION-TYPE + OBJECTS { + pingCtlTargetAddressType, + pingCtlTargetAddress, + pingResultsOperStatus, + pingResultsIpTargetAddressType, + pingResultsIpTargetAddress, + pingResultsMinRtt, + pingResultsMaxRtt, + pingResultsAverageRtt, + pingResultsProbeResponses, + pingResultsSentProbes, + pingResultsRttSumOfSquares, + pingResultsLastGoodProbe + + } + STATUS current + DESCRIPTION + "Generated at the completion of a ping test when the + corresponding pingCtlTrapGeneration object has the + testCompletion(2) bit set." + ::= { pingNotifications 3 } + + -- Conformance information + + -- Compliance statements + + pingCompliances OBJECT IDENTIFIER ::= { pingConformance 1 } + pingGroups OBJECT IDENTIFIER ::= { pingConformance 2 } + + -- Compliance statements + + pingFullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities that + fully implement the DISMAN-PING-MIB." + MODULE -- this module + MANDATORY-GROUPS { + pingMinimumGroup, + pingCtlRowStatusGroup, + pingHistoryGroup, + pingNotificationsGroup + } + + OBJECT pingMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT pingCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT pingCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + value that MUST be supported by an implementation is + pingIcmpEcho." + + OBJECT pingCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT pingCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT pingCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of its + implementation. The function represented by this + object is implementable if the setsockopt + SOL_SOCKET SO_DONTROUTE option is supported." + + OBJECT pingCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingResultsIpTargetAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation is only required to + + support IPv4 and IPv6 addresses." + + OBJECT pingResultsIpTargetAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation is only required to + support IPv4 and globally unique IPv6 addresses." + + OBJECT pingResultsLastGoodProbe + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT pingProbeHistoryTime + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + ::= { pingCompliances 2 } + + pingMinimumCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The minimum compliance statement for SNMP entities + that implement the minimal subset of the + DISMAN-PING-MIB. Implementors might choose this + subset for small devices with limited resources." + MODULE -- this module + MANDATORY-GROUPS { pingMinimumGroup } + + GROUP pingCtlRowStatusGroup + DESCRIPTION + "A compliant implementation does not have to implement + the pingCtlRowStatusGroup." + + GROUP pingHistoryGroup + DESCRIPTION + "A compliant implementation does not have to implement + the pingHistoryGroup." + + GROUP pingNotificationsGroup + DESCRIPTION + "A compliant implementation does not have to implement + + the pingNotificationsGroup." + + OBJECT pingMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT pingCtlDataFill + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT pingCtlFrequency + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingCtlMaxRows + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If the + pingHistoryGroup is not implemented, then write + access to this object MUST be disabled, and the object + MUST return a value of 0 when retrieved." + + OBJECT pingCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT pingCtlTrapGeneration + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If the + pingNotificationsGroup is not implemented, then write + access to this object MUST be disabled, and the object + MUST return a value with no bit set when retrieved. + No bit set indicates that not notification is + generated." + + OBJECT pingCtlTrapProbeFailureFilter + MIN-ACCESS read-only + DESCRIPTION + "If write access to pingCtlTrapGeneration is not + supported, then write access to this object must also + not be supported. In this case, return 0 as the value + of this object." + + OBJECT pingCtlTrapTestFailureFilter + MIN-ACCESS read-only + DESCRIPTION + "If write access to pingCtlTrapGeneration is not + supported, then write access to this object must also + not be supported. In this case, return 0 as the value + of this object." + + OBJECT pingCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + value that MUST be supported by an implementation is + pingIcmpEcho." + + OBJECT pingCtlDescr + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT pingCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT pingCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT pingCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return false(2) as the value of this + object. A value of false(2) means that the function + represented by this option is not supported." + + OBJECT pingCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingResultsIpTargetAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation is only required to + support IPv4 and IPv6 addresses." + + OBJECT pingResultsIpTargetAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation is only required to + support IPv4 and globally unique IPv6 addresses." + + OBJECT pingResultsLastGoodProbe + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT pingProbeHistoryTime + DESCRIPTION + "If the pingHistoryGroup is implemented, then this + object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + + be reported as '0000000000000000'H." + ::= { pingCompliances 3 } + + pingCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for the DISMAN-PING-MIB. This + compliance statement has been deprecated because the + group pingGroup and the pingTimeStampGroup have been + split and deprecated. The pingFullCompliance statement + is semantically identical to the deprecated + pingCompliance statement." + + MODULE -- this module + MANDATORY-GROUPS { + pingGroup, + pingNotificationsGroup + } + GROUP pingTimeStampGroup + DESCRIPTION + "This group is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this group is not supported the values + for the objects in this group be reported as + '0000000000000000'H." + + OBJECT pingMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT pingCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. It is also allowed + that implementations support only the volatile + StorageType enumeration." + + OBJECT pingCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + value that MUST be supported by an implementation is + pingIcmpEcho." + + OBJECT pingCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of its implementation. The function + represented by this object is implementable if the + setsockopt SOL_SOCKET SO_DONTROUTE option is + supported." + + OBJECT pingCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of binding the send socket with a + source address. An implementation is only required to + support IPv4 and IPv6 addresses." + + OBJECT pingCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of binding the send socket with a + source address. An implementation is only required to + support IPv4 and globally unique IPv6 addresses." + + OBJECT pingCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. When write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. When write access is + not supported, return a 0 as the value of this object. + A value of 0 means that the function represented by + this option is not supported." + + OBJECT pingResultsIpTargetAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation is only required to + support IPv4 and IPv6 addresses." + + OBJECT pingResultsIpTargetAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation is only required to + support IPv4 and globally unique IPv6 addresses." + ::= { pingCompliances 1 } + + -- MIB groupings + + pingMinimumGroup OBJECT-GROUP + OBJECTS { + pingMaxConcurrentRequests, + pingCtlTargetAddressType, + pingCtlTargetAddress, + pingCtlDataSize, + pingCtlTimeOut, + pingCtlProbeCount, + pingCtlAdminStatus, + pingCtlDataFill, + pingCtlFrequency, + pingCtlMaxRows, + pingCtlStorageType, + pingCtlTrapGeneration, + pingCtlTrapProbeFailureFilter, + pingCtlTrapTestFailureFilter, + pingCtlType, + pingCtlDescr, + pingCtlByPassRouteTable, + pingCtlSourceAddressType, + pingCtlSourceAddress, + pingCtlIfIndex, + pingCtlDSField, + pingResultsOperStatus, + pingResultsIpTargetAddressType, + pingResultsIpTargetAddress, + pingResultsMinRtt, + pingResultsMaxRtt, + pingResultsAverageRtt, + pingResultsProbeResponses, + pingResultsSentProbes, + pingResultsRttSumOfSquares, + pingResultsLastGoodProbe + } + STATUS current + DESCRIPTION + "The group of objects that constitute the remote ping + capability." + ::= { pingGroups 4 } + + pingCtlRowStatusGroup OBJECT-GROUP + OBJECTS { + pingCtlRowStatus + } + STATUS current + DESCRIPTION + "The RowStatus object of the pingCtlTable." + ::= { pingGroups 5 } + + pingHistoryGroup OBJECT-GROUP + OBJECTS { + pingProbeHistoryResponse, + pingProbeHistoryStatus, + pingProbeHistoryLastRC, + pingProbeHistoryTime + } + STATUS current + DESCRIPTION + "The group of objects that constitute the history + capability." + ::= { pingGroups 6 } + + pingNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + pingProbeFailed, + pingTestFailed, + pingTestCompleted + } + STATUS current + DESCRIPTION + "The notification that are required to be supported by + implementations of this MIB." + ::= { pingGroups 3 } + + pingGroup OBJECT-GROUP + OBJECTS { + pingMaxConcurrentRequests, + pingCtlTargetAddressType, + pingCtlTargetAddress, + pingCtlDataSize, + pingCtlTimeOut, + pingCtlProbeCount, + pingCtlAdminStatus, + pingCtlDataFill, + pingCtlFrequency, + pingCtlMaxRows, + pingCtlStorageType, + pingCtlTrapGeneration, + pingCtlTrapProbeFailureFilter, + pingCtlTrapTestFailureFilter, + pingCtlType, + pingCtlDescr, + pingCtlByPassRouteTable, + pingCtlSourceAddressType, + pingCtlSourceAddress, + pingCtlIfIndex, + pingCtlDSField, + pingCtlRowStatus, + pingResultsOperStatus, + pingResultsIpTargetAddressType, + pingResultsIpTargetAddress, + pingResultsMinRtt, + pingResultsMaxRtt, + pingResultsAverageRtt, + pingResultsProbeResponses, + pingResultsSentProbes, + pingResultsRttSumOfSquares, + pingProbeHistoryResponse, + pingProbeHistoryStatus, + pingProbeHistoryLastRC + } + STATUS deprecated + DESCRIPTION + "The group of objects that constitute the remote ping + capability." + ::= { pingGroups 1 } + + pingTimeStampGroup OBJECT-GROUP + + OBJECTS { + pingResultsLastGoodProbe, + pingProbeHistoryTime + } + STATUS deprecated + DESCRIPTION + "The group of DateAndTime objects." + ::= { pingGroups 2 } + +END diff --git a/data/mibs/DISMAN-SCHEDULE-MIB.txt b/data/mibs/DISMAN-SCHEDULE-MIB.txt new file mode 100644 index 000000000..239595e94 --- /dev/null +++ b/data/mibs/DISMAN-SCHEDULE-MIB.txt @@ -0,0 +1,699 @@ +DISMAN-SCHEDULE-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + Integer32, Unsigned32, Counter32, mib-2, zeroDotZero + FROM SNMPv2-SMI + + TEXTUAL-CONVENTION, + DateAndTime, RowStatus, StorageType, VariablePointer + FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + +schedMIB MODULE-IDENTITY + LAST-UPDATED "200201070000Z" + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "WG EMail: disman@dorothy.bmc.com + Subscribe: disman-request@dorothy.bmc.com + + Chair: Randy Presuhn + BMC Software, Inc. + Postal: Office 1-3141 + 2141 North First Street + San Jose, California 95131 + USA + EMail: rpresuhn@bmc.com + Phone: +1 408 546-1006 + + Editor: David B. Levi + Nortel Networks + Postal: 4401 Great America Parkway + Santa Clara, CA 95052-8185 + USA + EMail: dlevi@nortelnetworks.com + Phone: +1 865 686 0432 + + Editor: Juergen Schoenwaelder + TU Braunschweig + Postal: Bueltenweg 74/75 + 38106 Braunschweig + Germany + EMail: schoenw@ibr.cs.tu-bs.de + Phone: +49 531 391-3283" + DESCRIPTION + "This MIB module defines a MIB which provides mechanisms to + schedule SNMP set operations periodically or at specific + points in time." + REVISION "200201070000Z" + DESCRIPTION + "Revised version, published as RFC 3231. + + This revision introduces a new object type called + schedTriggers. Created new conformance and compliance + statements that take care of the new schedTriggers object. + + Several clarifications have been added to remove ambiguities + that were discovered and reported by implementors." + REVISION "199811171800Z" + DESCRIPTION + "Initial version, published as RFC 2591." + ::= { mib-2 63 } + +-- +-- The various groups defined within this MIB definition: +-- + +schedObjects OBJECT IDENTIFIER ::= { schedMIB 1 } +schedNotifications OBJECT IDENTIFIER ::= { schedMIB 2 } +schedConformance OBJECT IDENTIFIER ::= { schedMIB 3 } + +-- +-- Textual Conventions: +-- + +SnmpPduErrorStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This TC enumerates the SNMPv1 and SNMPv2 PDU error status + codes as defined in RFC 1157 and RFC 1905. It also adds a + pseudo error status code `noResponse' which indicates a + timeout condition." + SYNTAX INTEGER { + noResponse(-1), + noError(0), + tooBig(1), + noSuchName(2), + badValue(3), + readOnly(4), + genErr(5), + noAccess(6), + wrongType(7), + wrongLength(8), + wrongEncoding(9), + wrongValue(10), + noCreation(11), + inconsistentValue(12), + resourceUnavailable(13), + commitFailed(14), + undoFailed(15), + authorizationError(16), + notWritable(17), + inconsistentName(18) + } + +-- +-- Some scalars which provide information about the local time zone. +-- + +schedLocalTime OBJECT-TYPE + SYNTAX DateAndTime (SIZE (11)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local time used by the scheduler. Schedules which + refer to calendar time will use the local time indicated + by this object. An implementation MUST return all 11 bytes + of the DateAndTime textual-convention so that a manager + may retrieve the offset from GMT time." + ::= { schedObjects 1 } + +-- +-- The schedule table which controls the scheduler. +-- + +schedTable OBJECT-TYPE + SYNTAX SEQUENCE OF SchedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table defines scheduled actions triggered by + SNMP set operations." + ::= { schedObjects 2 } + +schedEntry OBJECT-TYPE + SYNTAX SchedEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular scheduled action. + + Unless noted otherwise, writable objects of this row + can be modified independent of the current value of + schedRowStatus, schedAdminStatus and schedOperStatus. + In particular, it is legal to modify schedInterval + and the objects in the schedCalendarGroup when + schedRowStatus is active and schedAdminStatus and + schedOperStatus are both enabled." + INDEX { schedOwner, schedName } + ::= { schedTable 1 } + +SchedEntry ::= SEQUENCE { + schedOwner SnmpAdminString, + schedName SnmpAdminString, + schedDescr SnmpAdminString, + schedInterval Unsigned32, + schedWeekDay BITS, + schedMonth BITS, + schedDay BITS, + schedHour BITS, + schedMinute BITS, + schedContextName SnmpAdminString, + schedVariable VariablePointer, + schedValue Integer32, + schedType INTEGER, + schedAdminStatus INTEGER, + schedOperStatus INTEGER, + schedFailures Counter32, + schedLastFailure SnmpPduErrorStatus, + schedLastFailed DateAndTime, + schedStorageType StorageType, + schedRowStatus RowStatus, + schedTriggers Counter32 +} + +schedOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The owner of this scheduling entry. The exact semantics of + this string are subject to the security policy defined by + + the security administrator." + ::= { schedEntry 1 } + +schedName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally-unique, administratively assigned name for this + scheduling entry. This object allows a schedOwner to have + multiple entries in the schedTable." + ::= { schedEntry 2 } + +schedDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The human readable description of the purpose of this + scheduling entry." + DEFVAL { "" } + ::= { schedEntry 3 } + +schedInterval OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds between two action invocations of + a periodic scheduler. Implementations must guarantee + that action invocations will not occur before at least + schedInterval seconds have passed. + + The scheduler must ignore all periodic schedules that + have a schedInterval value of 0. A periodic schedule + with a scheduling interval of 0 seconds will therefore + never invoke an action. + + Implementations may be forced to delay invocations in the + face of local constraints. A scheduled management function + should therefore not rely on the accuracy provided by the + scheduler implementation. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { 0 } + ::= { schedEntry 4 } + +schedWeekDay OBJECT-TYPE + SYNTAX BITS { + sunday(0), + monday(1), + tuesday(2), + wednesday(3), + thursday(4), + friday(5), + saturday(6) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of weekdays on which the scheduled action should + take place. Setting multiple bits will include several + weekdays in the set of possible weekdays for this schedule. + Setting all bits will cause the scheduler to ignore the + weekday. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { {} } + ::= { schedEntry 5 } + +schedMonth OBJECT-TYPE + SYNTAX BITS { + january(0), + february(1), + march(2), + april(3), + may(4), + june(5), + july(6), + august(7), + september(8), + october(9), + november(10), + december(11) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of months during which the scheduled action should + take place. Setting multiple bits will include several + months in the set of possible months for this schedule. + + Setting all bits will cause the scheduler to ignore the + month. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { {} } + ::= { schedEntry 6 } + +schedDay OBJECT-TYPE + SYNTAX BITS { + d1(0), d2(1), d3(2), d4(3), d5(4), + d6(5), d7(6), d8(7), d9(8), d10(9), + d11(10), d12(11), d13(12), d14(13), d15(14), + d16(15), d17(16), d18(17), d19(18), d20(19), + d21(20), d22(21), d23(22), d24(23), d25(24), + d26(25), d27(26), d28(27), d29(28), d30(29), + d31(30), + r1(31), r2(32), r3(33), r4(34), r5(35), + r6(36), r7(37), r8(38), r9(39), r10(40), + r11(41), r12(42), r13(43), r14(44), r15(45), + r16(46), r17(47), r18(48), r19(49), r20(50), + r21(51), r22(52), r23(53), r24(54), r25(55), + r26(56), r27(57), r28(58), r29(59), r30(60), + r31(61) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of days in a month on which a scheduled action + should take place. There are two sets of bits one can + use to define the day within a month: + + Enumerations starting with the letter 'd' indicate a + day in a month relative to the first day of a month. + The first day of the month can therefore be specified + by setting the bit d1(0) and d31(30) means the last + day of a month with 31 days. + + Enumerations starting with the letter 'r' indicate a + day in a month in reverse order, relative to the last + day of a month. The last day in the month can therefore + be specified by setting the bit r1(31) and r31(61) means + the first day of a month with 31 days. + + Setting multiple bits will include several days in the set + of possible days for this schedule. Setting all bits will + cause the scheduler to ignore the day within a month. + + Setting all bits starting with the letter 'd' or the + letter 'r' will also cause the scheduler to ignore the + day within a month. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { {} } + ::= { schedEntry 7 } + +schedHour OBJECT-TYPE + SYNTAX BITS { + h0(0), h1(1), h2(2), h3(3), h4(4), + h5(5), h6(6), h7(7), h8(8), h9(9), + h10(10), h11(11), h12(12), h13(13), h14(14), + h15(15), h16(16), h17(17), h18(18), h19(19), + h20(20), h21(21), h22(22), h23(23) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of hours within a day during which the scheduled + action should take place. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { {} } + ::= { schedEntry 8 } + +schedMinute OBJECT-TYPE + SYNTAX BITS { + m0(0), m1(1), m2(2), m3(3), m4(4), + m5(5), m6(6), m7(7), m8(8), m9(9), + m10(10), m11(11), m12(12), m13(13), m14(14), + m15(15), m16(16), m17(17), m18(18), m19(19), + m20(20), m21(21), m22(22), m23(23), m24(24), + m25(25), m26(26), m27(27), m28(28), m29(29), + m30(30), m31(31), m32(32), m33(33), m34(34), + m35(35), m36(36), m37(37), m38(38), m39(39), + m40(40), m41(41), m42(42), m43(43), m44(44), + m45(45), m46(46), m47(47), m48(48), m49(49), + m50(50), m51(51), m52(52), m53(53), m54(54), + m55(55), m56(56), m57(57), m58(58), m59(59) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The set of minutes within an hour when the scheduled action + should take place. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { {} } + ::= { schedEntry 9 } + +schedContextName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The context which contains the local MIB variable pointed + to by schedVariable." + DEFVAL { "" } + ::= { schedEntry 10 } + +schedVariable OBJECT-TYPE + SYNTAX VariablePointer + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An object identifier pointing to a local MIB variable + which resolves to an ASN.1 primitive type of INTEGER." + DEFVAL { zeroDotZero } + ::= { schedEntry 11 } + +schedValue OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value which is written to the MIB object pointed to by + schedVariable when the scheduler invokes an action. The + implementation shall enforce the use of access control + rules when performing the set operation on schedVariable. + This is accomplished by calling the isAccessAllowed abstract + service interface as defined in RFC 2571. + + Note that an implementation may choose to issue an SNMP Set + message to the SNMP engine and leave the access control + decision to the normal message processing procedure." + DEFVAL { 0 } + ::= { schedEntry 12 } + +schedType OBJECT-TYPE + SYNTAX INTEGER { + periodic(1), + calendar(2), + oneshot(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of this schedule. The value periodic(1) indicates + that this entry specifies a periodic schedule. A periodic + schedule is defined by the value of schedInterval. The + values of schedWeekDay, schedMonth, schedDay, schedHour + and schedMinute are ignored. + + The value calendar(2) indicates that this entry describes a + calendar schedule. A calendar schedule is defined by the + values of schedWeekDay, schedMonth, schedDay, schedHour and + schedMinute. The value of schedInterval is ignored. A + calendar schedule will trigger on all local times that + satisfy the bits set in schedWeekDay, schedMonth, schedDay, + schedHour and schedMinute. + + The value oneshot(3) indicates that this entry describes a + one-shot schedule. A one-shot schedule is similar to a + calendar schedule with the additional feature that it + disables itself by changing in the `finished' + schedOperStatus once the schedule triggers an action. + + Note that implementations which maintain a list of pending + activations must re-calculate them when this object is + changed." + DEFVAL { periodic } + ::= { schedEntry 13 } + +schedAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The desired state of the schedule." + DEFVAL { disabled } + ::= { schedEntry 14 } + +schedOperStatus OBJECT-TYPE + SYNTAX INTEGER { + + enabled(1), + disabled(2), + finished(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operational state of this schedule. The state + enabled(1) indicates this entry is active and that the + scheduler will invoke actions at appropriate times. The + disabled(2) state indicates that this entry is currently + inactive and ignored by the scheduler. The finished(3) + state indicates that the schedule has ended. Schedules + in the finished(3) state are ignored by the scheduler. + A one-shot schedule enters the finished(3) state when it + deactivates itself. + + Note that the operational state must not be enabled(1) + when the schedRowStatus is not active." + ::= { schedEntry 15 } + +schedFailures OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This variable counts the number of failures while invoking + the scheduled action. This counter at most increments once + for a triggered action." + ::= { schedEntry 16 } + +schedLastFailure OBJECT-TYPE + SYNTAX SnmpPduErrorStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The most recent error that occurred during the invocation of + a scheduled action. The value noError(0) is returned + if no errors have occurred yet." + DEFVAL { noError } + ::= { schedEntry 17 } + +schedLastFailed OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the most recent failure occurred. + + The value '0000000000000000'H is returned if no failure + occurred since the last re-initialization of the scheduler." + DEFVAL { '0000000000000000'H } + ::= { schedEntry 18 } + +schedStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines whether this scheduled action is kept + in volatile storage and lost upon reboot or if this row is + backed up by non-volatile or permanent storage. + + Conceptual rows having the value `permanent' must allow + write access to the columnar objects schedDescr, + schedInterval, schedContextName, schedVariable, schedValue, + and schedAdminStatus. If an implementation supports the + schedCalendarGroup, write access must be also allowed to + the columnar objects schedWeekDay, schedMonth, schedDay, + schedHour, schedMinute." + DEFVAL { volatile } + ::= { schedEntry 19 } + +schedRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this scheduled action. A control that allows + entries to be added and removed from this table. + + Note that the operational state must change to enabled + when the administrative state is enabled and the row + status changes to active(1). + + Attempts to destroy(6) a row or to set a row + notInService(2) while the operational state is enabled + result in inconsistentValue errors. + + The value of this object has no effect on whether other + objects in this conceptual row can be modified." + ::= { schedEntry 20 } + +schedTriggers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This variable counts the number of attempts (either + successful or failed) to invoke the scheduled action." + ::= { schedEntry 21 } + +-- +-- Notifications that are emitted to indicate failures. The +-- definition of schedTraps makes notification registrations +-- reversible (see STD 58, RFC 2578). +-- + +schedTraps OBJECT IDENTIFIER ::= { schedNotifications 0 } + +schedActionFailure NOTIFICATION-TYPE + OBJECTS { schedLastFailure, schedLastFailed } + STATUS current + DESCRIPTION + "This notification is generated whenever the invocation of a + scheduled action fails." + ::= { schedTraps 1 } + +-- conformance information + +schedCompliances OBJECT IDENTIFIER ::= { schedConformance 1 } +schedGroups OBJECT IDENTIFIER ::= { schedConformance 2 } + +-- compliance statements + +schedCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which implement + the scheduling MIB." + MODULE -- this module + MANDATORY-GROUPS { + schedGroup2, schedNotificationsGroup + } + GROUP schedCalendarGroup + DESCRIPTION + "The schedCalendarGroup is mandatory only for those + implementations that support calendar based schedules." + OBJECT schedType + DESCRIPTION + "The values calendar(2) or oneshot(3) are not valid for + implementations that do not implement the + schedCalendarGroup. Such an implementation must return + inconsistentValue error responses for attempts to set + schedAdminStatus to calendar(2) or oneshot(3)." + ::= { schedCompliances 2 } + +schedGroup2 OBJECT-GROUP + OBJECTS { + schedDescr, schedInterval, schedContextName, + schedVariable, schedValue, schedType, + schedAdminStatus, schedOperStatus, schedFailures, + schedLastFailure, schedLastFailed, schedStorageType, + schedRowStatus, schedTriggers + } + STATUS current + DESCRIPTION + "A collection of objects providing scheduling capabilities." + ::= { schedGroups 4 } + +schedCalendarGroup OBJECT-GROUP + OBJECTS { + schedLocalTime, schedWeekDay, schedMonth, + schedDay, schedHour, schedMinute + } + STATUS current + DESCRIPTION + "A collection of objects providing calendar based schedules." + ::= { schedGroups 2 } + +schedNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + schedActionFailure + } + STATUS current + DESCRIPTION + "The notifications emitted by the scheduler." + ::= { schedGroups 3 } + +-- +-- Deprecated compliance and conformance group definitions +-- from RFC 2591. +-- + +schedCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for SNMP entities which implement + the scheduling MIB." + MODULE -- this module + MANDATORY-GROUPS { + schedGroup, schedNotificationsGroup + } + + GROUP schedCalendarGroup + DESCRIPTION + "The schedCalendarGroup is mandatory only for those + implementations that support calendar based schedules." + OBJECT schedType + DESCRIPTION + "The values calendar(2) or oneshot(3) are not valid for + implementations that do not implement the + schedCalendarGroup. Such an implementation must return + inconsistentValue error responses for attempts to set + schedAdminStatus to calendar(2) or oneshot(3)." + ::= { schedCompliances 1 } + +schedGroup OBJECT-GROUP + OBJECTS { + schedDescr, schedInterval, schedContextName, + schedVariable, schedValue, schedType, + schedAdminStatus, schedOperStatus, schedFailures, + schedLastFailure, schedLastFailed, schedStorageType, + schedRowStatus + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing scheduling capabilities." + ::= { schedGroups 1 } + +END diff --git a/data/mibs/DISMAN-SCRIPT-MIB.txt b/data/mibs/DISMAN-SCRIPT-MIB.txt new file mode 100644 index 000000000..834f3047f --- /dev/null +++ b/data/mibs/DISMAN-SCRIPT-MIB.txt @@ -0,0 +1,1764 @@ +DISMAN-SCRIPT-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + Integer32, Unsigned32, mib-2 + FROM SNMPv2-SMI + + RowStatus, TimeInterval, DateAndTime, StorageType, DisplayString + FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + +scriptMIB MODULE-IDENTITY + LAST-UPDATED "200108210000Z" + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "WG EMail: disman@dorothy.bmc.com + Subscribe: disman-request@dorothy.bmc.com + + Chair: Randy Presuhn + BMC Software, Inc. + + Postal: Office 1-3141 + 2141 North First Street + San Jose, California 95131 + USA + EMail: rpresuhn@bmc.com + Phone: +1 408 546-1006 + + Editor: David B. Levi + Nortel Networks + Postal: 4401 Great America Parkway + Santa Clara, CA 95052-8185 + USA + EMail: dlevi@nortelnetworks.com + Phone: +1 423 686 0432 + + Editor: Juergen Schoenwaelder + TU Braunschweig + Postal: Bueltenweg 74/75 + 38106 Braunschweig + Germany + EMail: schoenw@ibr.cs.tu-bs.de + Phone: +49 531 391-3283" + DESCRIPTION + "This MIB module defines a set of objects that allow to + delegate management scripts to distributed managers." + REVISION "200108210000Z" + DESCRIPTION + "Revised version, published as RFC 3165. + + This revision introduces several new objects: smScriptError, + smScriptLastChange, smLaunchError, smLaunchLastChange, + smLaunchRowExpireTime, smRunResultTime, and smRunErrorTime. + + The following existing objects were updated: the maximum + value of smRunLifeTime now disables the timer, an + autostart value was added to the smLaunchAdminStatus + object, and a new expired state was added to the + smLaunchOperStatus object. + + A new smScriptException notification has been added to + support runtime error notifications. + + Created new conformance and compliance statements that + take care of the new objects and notifications. + + Clarifications have been added in several places to remove + ambiguities or contradictions that were discovered and + reported by implementors." + + REVISION "199902221800Z" + DESCRIPTION + "Initial version, published as RFC 2592." + ::= { mib-2 64 } + +-- +-- The groups defined within this MIB module: +-- + +smObjects OBJECT IDENTIFIER ::= { scriptMIB 1 } +smNotifications OBJECT IDENTIFIER ::= { scriptMIB 2 } +smConformance OBJECT IDENTIFIER ::= { scriptMIB 3 } + +-- +-- Script language and language extensions. +-- +-- This group defines tables which list the languages and the +-- language extensions supported by a Script MIB implementation. +-- Languages are uniquely identified by object identifier values. +-- + +smLangTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmLangEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists supported script languages." + ::= { smObjects 1 } + +smLangEntry OBJECT-TYPE + SYNTAX SmLangEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular language." + INDEX { smLangIndex } + ::= { smLangTable 1 } + +SmLangEntry ::= SEQUENCE { + smLangIndex Integer32, + smLangLanguage OBJECT IDENTIFIER, + smLangVersion SnmpAdminString, + smLangVendor OBJECT IDENTIFIER, + smLangRevision SnmpAdminString, + smLangDescr SnmpAdminString +} + +smLangIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this language entry. + + The value is expected to remain constant at least from one + re-initialization of the entity's network management system + to the next re-initialization. + + Note that the data type and the range of this object must + be consistent with the definition of smScriptLanguage." + ::= { smLangEntry 1 } + +smLangLanguage OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The globally unique identification of the language." + ::= { smLangEntry 2 } + +smLangVersion OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language. The zero-length string + shall be used if the language does not have a version + number. + + It is suggested that the version number consist of one or + more decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smLangEntry 3 } + +smLangVendor OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object identifier which identifies the vendor who + provides the implementation of the language. This object + identifier SHALL point to the object identifier directly + below the enterprise object identifier {1 3 6 1 4 1} + allocated for the vendor. The value must be the object + identifier {0 0} if the vendor is not known." + ::= { smLangEntry 4 } + +smLangRevision OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language implementation. + The value of this object must be an empty string if + version number of the implementation is unknown. + + It is suggested that the value consist of one or more + decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smLangEntry 5 } + +smLangDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the language." + ::= { smLangEntry 6 } + +smExtsnTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmExtsnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists supported language extensions." + ::= { smObjects 2 } + +smExtsnEntry OBJECT-TYPE + SYNTAX SmExtsnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular language extension." + INDEX { smLangIndex, smExtsnIndex } + ::= { smExtsnTable 1 } + +SmExtsnEntry ::= SEQUENCE { + smExtsnIndex Integer32, + smExtsnExtension OBJECT IDENTIFIER, + smExtsnVersion SnmpAdminString, + smExtsnVendor OBJECT IDENTIFIER, + smExtsnRevision SnmpAdminString, + smExtsnDescr SnmpAdminString +} + +smExtsnIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this language extension entry. + + The value is expected to remain constant at least from one + re-initialization of the entity's network management system + to the next re-initialization." + ::= { smExtsnEntry 1} + +smExtsnExtension OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The globally unique identification of the language + extension." + ::= { smExtsnEntry 2 } + +smExtsnVersion OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language extension. + It is suggested that the version number consist of one or + more decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smExtsnEntry 3 } + +smExtsnVendor OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object identifier which identifies the vendor who + provides the implementation of the extension. The + object identifier value should point to the OID node + directly below the enterprise OID {1 3 6 1 4 1} + allocated for the vendor. The value must by the object + identifier {0 0} if the vendor is not known." + ::= { smExtsnEntry 4 } + +smExtsnRevision OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the extension implementation. + The value of this object must be an empty string if + version number of the implementation is unknown. + + It is suggested that the value consist of one or more + decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smExtsnEntry 5 } + +smExtsnDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the language extension." + ::= { smExtsnEntry 6 } + +-- +-- Scripts known by the Script MIB implementation. +-- +-- This group defines a table which lists all known scripts. +-- Scripts can be added and removed through manipulation of the +-- smScriptTable. +-- + +smScriptObjects OBJECT IDENTIFIER ::= { smObjects 3 } + +smScriptTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmScriptEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes locally known scripts." + ::= { smScriptObjects 1 } + +smScriptEntry OBJECT-TYPE + SYNTAX SmScriptEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular script. Every script that + is stored in non-volatile memory is required to appear in + this script table." + INDEX { smScriptOwner, smScriptName } + ::= { smScriptTable 1 } + +SmScriptEntry ::= SEQUENCE { + smScriptOwner SnmpAdminString, + smScriptName SnmpAdminString, + smScriptDescr SnmpAdminString, + smScriptLanguage Integer32, + smScriptSource DisplayString, + smScriptAdminStatus INTEGER, + smScriptOperStatus INTEGER, + smScriptStorageType StorageType, + smScriptRowStatus RowStatus, + smScriptError SnmpAdminString, + smScriptLastChange DateAndTime +} + +smScriptOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The manager who owns this row in the smScriptTable." + ::= { smScriptEntry 1 } + +smScriptName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally-unique, administratively assigned name for this + script. This object allows an smScriptOwner to have multiple + entries in the smScriptTable. + + This value of this object may be used to derive the name + (e.g. a file name) which is used by the Script MIB + implementation to access the script in non-volatile + storage. The details of this mapping are implementation + specific. However, the mapping needs to ensure that scripts + created by different owners with the same script name do not + map to the same name in non-volatile storage." + ::= { smScriptEntry 2 } + +smScriptDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A description of the purpose of the script." + ::= { smScriptEntry 3 } + +smScriptLanguage OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object type identifies an entry in the + smLangTable which is used to execute this script. + The special value 0 may be used by hard-wired scripts + that can not be modified and that are executed by + internal functions. + + Set requests to change this object are invalid if the + value of smScriptOperStatus is `enabled' or `compiling' + and will result in an inconsistentValue error. + + Note that the data type and the range of this object must + be consistent with the definition of smLangIndex." + ::= { smScriptEntry 4 } + +smScriptSource OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object either contains a reference to the script + source or an empty string. A reference must be given + in the form of a Uniform Resource Locator (URL) as + defined in RFC 2396. The allowed character sets and the + encoding rules defined in RFC 2396 section 2 apply. + + When the smScriptAdminStatus object is set to `enabled', + the Script MIB implementation will `pull' the script + source from the URL contained in this object if the URL + is not empty. + + An empty URL indicates that the script source is loaded + from local storage. The script is read from the smCodeTable + if the value of smScriptStorageType is volatile. Otherwise, + the script is read from non-volatile storage. + + Note: This document does not mandate implementation of any + specific URL scheme. An attempt to load a script from a + nonsupported URL scheme will cause the smScriptOperStatus + to report an `unknownProtocol' error. + + Set requests to change this object are invalid if the + value of smScriptOperStatus is `enabled', `editing', + `retrieving' or `compiling' and will result in an + inconsistentValue error." + DEFVAL { ''H } + ::= { smScriptEntry 5 } + +smScriptAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + editing(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object indicates the desired status of + the script. See the definition of smScriptOperStatus for + a description of the values. + + When the smScriptAdminStatus object is set to `enabled' and + the smScriptOperStatus is `disabled' or one of the error + states, the Script MIB implementation will `pull' the script + source from the URL contained in the smScriptSource object + if the URL is not empty." + DEFVAL { disabled } + ::= { smScriptEntry 6 } + +smScriptOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + editing(3), + retrieving(4), + compiling(5), + noSuchScript(6), + accessDenied(7), + wrongLanguage(8), + wrongVersion(9), + compilationFailed(10), + noResourcesLeft(11), + unknownProtocol(12), + protocolFailure(13), + genericError(14) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The actual status of the script in the runtime system. The + value of this object is only meaningful when the value of + the smScriptRowStatus object is `active'. + + The smScriptOperStatus object may have the following values: + + - `enabled' indicates that the script is available and can + be started by a launch table entry. + + - `disabled' indicates that the script can not be used. + + - `editing' indicates that the script can be modified in the + smCodeTable. + + - `retrieving' indicates that the script is currently being + loaded from non-volatile storage or a remote system. + + - `compiling' indicates that the script is currently being + compiled by the runtime system. + + - `noSuchScript' indicates that the script does not exist + at the smScriptSource. + + - `accessDenied' indicates that the script can not be loaded + from the smScriptSource due to a lack of permissions. + + - `wrongLanguage' indicates that the script can not be + loaded from the smScriptSource because of a language + mismatch. + + - `wrongVersion' indicates that the script can not be loaded + from the smScriptSource because of a language version + mismatch. + + - `compilationFailed' indicates that the compilation failed. + + - `noResourcesLeft' indicates that the runtime system does + not have enough resources to load the script. + + - `unknownProtocol' indicates that the script could not be + loaded from the smScriptSource because the requested + protocol is not supported. + + - `protocolFailure' indicates that the script could not be + loaded from the smScriptSource because of a protocol + failure. + + - `genericError' indicates that the script could not be + + loaded due to an error condition not listed above. + + The `retrieving' and `compiling' states are transient states + which will either lead to one of the error states or the + `enabled' state. The `disabled' and `editing' states are + administrative states which are only reached by explicit + management operations. + + All launch table entries that refer to this script table + entry shall have an smLaunchOperStatus value of `disabled' + when the value of this object is not `enabled'." + DEFVAL { disabled } + ::= { smScriptEntry 7 } + +smScriptStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines whether this row and the script + controlled by this row are kept in volatile storage and + lost upon reboot or if this row is backed up by + non-volatile or permanent storage. + + The storage type of this row always complies with the value + of this entry if the value of the corresponding RowStatus + object is `active'. + + However, the storage type of the script controlled by this + row may be different, if the value of this entry is + `non-volatile'. The script controlled by this row is written + into local non-volatile storage if the following condition + becomes true: + + (a) the URL contained in the smScriptSource object is empty + and + (b) the smScriptStorageType is `nonVolatile' + and + (c) the smScriptOperStatus is `enabled' + + Setting this object to `volatile' removes a script from + non-volatile storage if the script controlled by this row + has been in non-volatile storage before. Attempts to set + this object to permanent will always fail with an + inconsistentValue error. + + The value of smScriptStorageType is only meaningful if the + value of the corresponding RowStatus object is `active'. + + If smScriptStorageType has the value permanent(4), then all + objects whose MAX-ACCESS value is read-create must be + writable, with the exception of the smScriptStorageType and + smScriptRowStatus objects, which shall be read-only." + DEFVAL { volatile } + ::= { smScriptEntry 8 } + +smScriptRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + this table. + + Changing the smScriptRowStatus from `active' to + `notInService' will remove the associated script from the + runtime system. + + Deleting conceptual rows from this table may affect the + deletion of other resources associated with this row. For + example, a script stored in non-volatile storage may be + removed from non-volatile storage. + + An entry may not exist in the `active' state unless all + required objects in the entry have appropriate values. Rows + that are not complete or not in service are not known by the + script runtime system. + + Attempts to `destroy' a row or to set a row `notInService' + while the smScriptOperStatus is `enabled' will result in an + inconsistentValue error. + + Attempts to `destroy' a row or to set a row `notInService' + where the value of the smScriptStorageType object is + `permanent' or `readOnly' will result in an + inconsistentValue error. + + The value of this object has no effect on whether other + objects in this conceptual row can be modified." + ::= { smScriptEntry 9 } + +smScriptError OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains a descriptive error message if the + + transition into the operational status `enabled' failed. + Implementations must reset the error message to a + zero-length string when a new attempt to change the + script status to `enabled' is started." + DEFVAL { ''H } + ::= { smScriptEntry 10 } + +smScriptLastChange OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when this script table entry was last + modified. The value '0000000000000000'H is returned if + the script table entry has not yet been modified. + + Note that the resetting of smScriptError is not considered + a change of the script table entry." + DEFVAL { '0000000000000000'H } + ::= { smScriptEntry 11 } + +-- +-- Access to script code via SNMP +-- +-- The smCodeTable allows script code to be read and modified +-- via SNMP. +-- + +smCodeTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmCodeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the script code for scripts that are + written via SNMP write operations." + ::= { smScriptObjects 2 } + +smCodeEntry OBJECT-TYPE + SYNTAX SmCodeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular fragment of a script." + INDEX { smScriptOwner, smScriptName, smCodeIndex } + ::= { smCodeTable 1 } + +SmCodeEntry ::= SEQUENCE { + smCodeIndex Unsigned32, + smCodeText OCTET STRING, + smCodeRowStatus RowStatus +} + +smCodeIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value identifying this code fragment." + ::= { smCodeEntry 1 } + +smCodeText OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (1..1024)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The code that makes up a fragment of a script. The format + of this code fragment depends on the script language which + is identified by the associated smScriptLanguage object." + ::= { smCodeEntry 2 } + +smCodeRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + this table. + + The value of this object has no effect on whether other + objects in this conceptual row can be modified." + ::= { smCodeEntry 3 } + +-- +-- Script execution. +-- +-- This group defines tables which allow script execution to be +-- initiated, suspended, resumed, and terminated. It also provides +-- a mechanism for keeping a history of recent script executions +-- and their results. +-- + +smRunObjects OBJECT IDENTIFIER ::= { smObjects 4 } + +smLaunchTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmLaunchEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes scripts that are ready + to be executed together with their parameters." + ::= { smRunObjects 1 } + +smLaunchEntry OBJECT-TYPE + SYNTAX SmLaunchEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular executable script." + INDEX { smLaunchOwner, smLaunchName } + ::= { smLaunchTable 1 } + +SmLaunchEntry ::= SEQUENCE { + smLaunchOwner SnmpAdminString, + smLaunchName SnmpAdminString, + smLaunchScriptOwner SnmpAdminString, + smLaunchScriptName SnmpAdminString, + smLaunchArgument OCTET STRING, + smLaunchMaxRunning Unsigned32, + smLaunchMaxCompleted Unsigned32, + smLaunchLifeTime TimeInterval, + smLaunchExpireTime TimeInterval, + smLaunchStart Integer32, + smLaunchControl INTEGER, + smLaunchAdminStatus INTEGER, + smLaunchOperStatus INTEGER, + smLaunchRunIndexNext Integer32, + smLaunchStorageType StorageType, + smLaunchRowStatus RowStatus, + smLaunchError SnmpAdminString, + smLaunchLastChange DateAndTime, + smLaunchRowExpireTime TimeInterval +} + +smLaunchOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The manager who owns this row in the smLaunchTable. Every + instance of a running script started from a particular entry + in the smLaunchTable (i.e. entries in the smRunTable) will + be owned by the same smLaunchOwner used to index the entry + in the smLaunchTable. This owner is not necessarily the same + as the owner of the script itself (smLaunchScriptOwner)." + ::= { smLaunchEntry 1 } + +smLaunchName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally-unique, administratively assigned name for this + launch table entry. This object allows an smLaunchOwner to + have multiple entries in the smLaunchTable. The smLaunchName + is an arbitrary name that must be different from any other + smLaunchTable entries with the same smLaunchOwner but can be + the same as other entries in the smLaunchTable with + different smLaunchOwner values. Note that the value of + smLaunchName is not related in any way to the name of the + script being launched." + ::= { smLaunchEntry 2 } + +smLaunchScriptOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object in combination with the value of + smLaunchScriptName identifies the script that can be + launched from this smLaunchTable entry. Attempts to write + this object will fail with an inconsistentValue error if + the value of smLaunchOperStatus is `enabled'." + ::= { smLaunchEntry 3 } + +smLaunchScriptName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object in combination with the value of + the smLaunchScriptOwner identifies the script that can be + launched from this smLaunchTable entry. The zero-length + string may be used to point to a non-existing script. + + Attempts to write this object will fail with an + inconsistentValue error if the value of smLaunchOperStatus + is `enabled'." + DEFVAL { ''H } + ::= { smLaunchEntry 4 } + +smLaunchArgument OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The argument supplied to the script. When a script is + invoked, the value of this object is used to initialize + the smRunArgument object." + DEFVAL { ''H } + ::= { smLaunchEntry 5 } + +smLaunchMaxRunning OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of concurrently running scripts that may + be invoked from this entry in the smLaunchTable. Lowering + the current value of this object does not affect any scripts + that are already executing." + DEFVAL { 1 } + ::= { smLaunchEntry 6 } + +smLaunchMaxCompleted OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of finished scripts invoked from this + entry in the smLaunchTable allowed to be retained in the + smRunTable. Whenever the value of this object is changed + and whenever a script terminates, entries in the smRunTable + are deleted if necessary until the number of completed + scripts is smaller than the value of this object. Scripts + whose smRunEndTime value indicates the oldest completion + time are deleted first." + DEFVAL { 1 } + ::= { smLaunchEntry 7 } + +smLaunchLifeTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The default maximum amount of time a script launched + from this entry may run. The value of this object is used + to initialize the smRunLifeTime object when a script is + launched. Changing the value of an smLaunchLifeTime + instance does not affect scripts previously launched from + + this entry." + DEFVAL { 360000 } + ::= { smLaunchEntry 8 } + +smLaunchExpireTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The default maximum amount of time information about a + script launched from this entry is kept in the smRunTable + after the script has completed execution. The value of + this object is used to initialize the smRunExpireTime + object when a script is launched. Changing the value of an + smLaunchExpireTime instance does not affect scripts + previously launched from this entry." + DEFVAL { 360000 } + ::= { smLaunchEntry 9 } + +smLaunchStart OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to start the execution of scripts. + When retrieved, the value will be the value of smRunIndex + for the last script that started execution by manipulating + this object. The value will be zero if no script started + execution yet. + + A script is started by setting this object to an unused + smRunIndex value. A new row in the smRunTable will be + created which is indexed by the value supplied by the + set-request in addition to the value of smLaunchOwner and + smLaunchName. An unused value can be obtained by reading + the smLaunchRunIndexNext object. + + Setting this object to the special value 0 will start + the script with a self-generated smRunIndex value. The + consequence is that the script invoker has no reliable + way to determine the smRunIndex value for this script + invocation and that the invoker has therefore no way + to obtain the results from this script invocation. The + special value 0 is however useful for scheduled script + invocations. + + If this object is set, the following checks must be + + performed: + + 1) The value of the smLaunchOperStatus object in this + entry of the smLaunchTable must be `enabled'. + 2) The values of smLaunchScriptOwner and + smLaunchScriptName of this row must identify an + existing entry in the smScriptTable. + 3) The value of smScriptOperStatus of this entry must + be `enabled'. + 4) The principal performing the set operation must have + read access to the script. This must be checked by + calling the isAccessAllowed abstract service interface + defined in RFC 2271 on the row in the smScriptTable + identified by smLaunchScriptOwner and smLaunchScriptName. + The isAccessAllowed abstract service interface must be + called on all columnar objects in the smScriptTable with + a MAX-ACCESS value different than `not-accessible'. The + test fails as soon as a call indicates that access is + not allowed. + 5) If the value provided by the set operation is not 0, + a check must be made that the value is currently not + in use. Otherwise, if the value provided by the set + operation is 0, a suitable unused value must be + generated. + 6) The number of currently executing scripts invoked + from this smLaunchTable entry must be less than + smLaunchMaxRunning. + + Attempts to start a script will fail with an + inconsistentValue error if one of the checks described + above fails. + + Otherwise, if all checks have been passed, a new entry + in the smRunTable will be created indexed by smLaunchOwner, + smLaunchName and the new value for smRunIndex. The value + of smLaunchArgument will be copied into smRunArgument, + the value of smLaunchLifeTime will be copied to + smRunLifeTime, and the value of smLaunchExpireTime + will be copied to smRunExpireTime. + + The smRunStartTime will be set to the current time and + the smRunState will be set to `initializing' before the + script execution is initiated in the appropriate runtime + system. + + Note that the data type and the range of this object must + be consistent with the smRunIndex object. Since this + object might be written from the scheduling MIB, the + + data type Integer32 rather than Unsigned32 is used." + DEFVAL { 0 } + ::= { smLaunchEntry 10 } + +smLaunchControl OBJECT-TYPE + SYNTAX INTEGER { + abort(1), + suspend(2), + resume(3), + nop(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to request a state change for all + running scripts in the smRunTable that were started from + this row in the smLaunchTable. + + Setting this object to abort(1), suspend(2) or resume(3) + will set the smRunControl object of all applicable rows + in the smRunTable to abort(1), suspend(2) or resume(3) + respectively. The phrase `applicable rows' means the set of + rows which were created from this entry in the smLaunchTable + and whose value of smRunState allows the corresponding + state change as described in the definition of the + smRunControl object. Setting this object to nop(4) has no + effect. + + Attempts to set this object lead to an inconsistentValue + error only if all implicated sets on all the applicable + rows lead to inconsistentValue errors. It is not allowed + to return an inconsistentValue error if at least one state + change on one of the applicable rows was successful." + DEFVAL { nop } + ::= { smLaunchEntry 11 } + +smLaunchAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + autostart(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object indicates the desired status of + this launch table entry. The values enabled(1) and + autostart(3) both indicate that the launch table entry + + should transition into the operational enabled(1) state as + soon as the associated script table entry is enabled(1). + + The value autostart(3) further indicates that the script + is started automatically by conceptually writing the + value 0 into the associated smLaunchStart object during + the transition from the `disabled' into the `enabled' + operational state. This is useful for scripts that are + to be launched on system start-up." + DEFVAL { disabled } + ::= { smLaunchEntry 12 } + +smLaunchOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + expired(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the actual status of + this launch table entry. The smLaunchOperStatus object + may have the following values: + + - `enabled' indicates that the launch table entry is + available and can be used to start scripts. + + - `disabled' indicates that the launch table entry can + not be used to start scripts. + + - `expired' indicates that the launch table entry can + not be used to start scripts and will disappear as + soon as all smRunTable entries associated with this + launch table entry have disappeared. + + The value `enabled' requires that the smLaunchRowStatus + object is active. The value `disabled' requires that there + are no entries in the smRunTable associated with this + smLaunchTable entry." + DEFVAL { disabled } + ::= { smLaunchEntry 13 } + +smLaunchRunIndexNext OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This variable is used for creating rows in the smRunTable. + The value of this variable is a currently unused value + for smRunIndex, which can be written into the smLaunchStart + object associated with this row to launch a script. + + The value returned when reading this variable must be unique + for the smLaunchOwner and smLaunchName associated with this + row. Subsequent attempts to read this variable must return + different values. + + This variable will return the special value 0 if no new rows + can be created. + + Note that the data type and the range of this object must be + consistent with the definition of smRunIndex." + ::= { smLaunchEntry 14 } + +smLaunchStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines if this row is kept in volatile storage + and lost upon reboot or if this row is backed up by stable + storage. + + The value of smLaunchStorageType is only meaningful if the + value of the corresponding RowStatus object is active. + + If smLaunchStorageType has the value permanent(4), then all + objects whose MAX-ACCESS value is read-create must be + writable, with the exception of the smLaunchStorageType and + smLaunchRowStatus objects, which shall be read-only." + DEFVAL { volatile } + ::= { smLaunchEntry 15 } + +smLaunchRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + this table. + + Attempts to `destroy' a row or to set a row `notInService' + while the smLaunchOperStatus is `enabled' will result in + an inconsistentValue error. + + Attempts to `destroy' a row or to set a row `notInService' + where the value of the smLaunchStorageType object is + `permanent' or `readOnly' will result in an + inconsistentValue error. + + The value of this object has no effect on whether other + objects in this conceptual row can be modified." + ::= { smLaunchEntry 16 } + +smLaunchError OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains a descriptive error message if an + attempt to launch a script fails. Implementations must reset + the error message to a zero-length string when a new attempt + to launch a script is started." + DEFVAL { ''H } + ::= { smLaunchEntry 17 } + +smLaunchLastChange OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when this launch table entry was last + modified. The value '0000000000000000'H is returned if + the launch table entry has not yet been modified. + + Note that a change of smLaunchStart, smLaunchControl, + smLaunchRunIndexNext, smLaunchRowExpireTime, or the + resetting of smLaunchError is not considered a change + of this launch table entry." + DEFVAL { '0000000000000000'H } + ::= { smLaunchEntry 18 } + +smLaunchRowExpireTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object specifies how long this row remains + in the `enabled' or `disabled' operational state. The value + reported by this object ticks backwards. When the value + reaches 0, it stops ticking backward and the row is + deleted if there are no smRunTable entries associated with + + this smLaunchTable entry. Otherwise, the smLaunchOperStatus + changes to `expired' and the row deletion is deferred + until there are no smRunTable entries associated with this + smLaunchTable entry. + + The smLaunchRowExpireTime will not tick backwards if it is + set to its maximum value (2147483647). In other words, + setting this object to its maximum value turns the timer + off. + + The value of this object may be set in order to increase + or reduce the remaining time that the launch table entry + may be used. Setting the value to 0 will cause an immediate + row deletion or transition into the `expired' operational + state. + + It is not possible to set this object while the operational + status is `expired'. Attempts to modify this object while + the operational status is `expired' leads to an + inconsistentValue error. + + Note that the timer ticks backwards independent of the + operational state of the launch table entry." + DEFVAL { 2147483647 } + ::= { smLaunchEntry 19 } + +smRunTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmRunEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes scripts that are currently + running or have been running in the past." + ::= { smRunObjects 2 } + +smRunEntry OBJECT-TYPE + SYNTAX SmRunEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular running or finished + script." + INDEX { smLaunchOwner, smLaunchName, smRunIndex } + ::= { smRunTable 1 } + +SmRunEntry ::= SEQUENCE { + smRunIndex Integer32, + smRunArgument OCTET STRING, + smRunStartTime DateAndTime, + smRunEndTime DateAndTime, + smRunLifeTime TimeInterval, + smRunExpireTime TimeInterval, + smRunExitCode INTEGER, + smRunResult OCTET STRING, + smRunControl INTEGER, + smRunState INTEGER, + smRunError SnmpAdminString, + smRunResultTime DateAndTime, + smRunErrorTime DateAndTime +} + +smRunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this running or finished script. This value must be + unique for all rows in the smRunTable with the same + smLaunchOwner and smLaunchName. + + Note that the data type and the range of this object must + be consistent with the definition of smLaunchRunIndexNext + and smLaunchStart." + ::= { smRunEntry 1 } + +smRunArgument OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The argument supplied to the script when it started." + DEFVAL { ''H } + ::= { smRunEntry 2 } + +smRunStartTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the execution started. The value + '0000000000000000'H is returned if the script has not + started yet." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 3 } + +smRunEndTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the execution terminated. The value + '0000000000000000'H is returned if the script has not + terminated yet." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 4 } + +smRunLifeTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies how long the script can execute. + This object returns the remaining time that the script + may run. The object is initialized with the value of the + associated smLaunchLifeTime object and ticks backwards. + The script is aborted immediately when the value reaches 0. + + The value of this object may be set in order to increase or + reduce the remaining time that the script may run. Setting + this value to 0 will abort script execution immediately, + and, if the value of smRunExpireTime is also 0, will remove + this entry from the smRunTable once it has terminated. + + If smRunLifeTime is set to its maximum value (2147483647), + either by a set operation or by its initialization from the + smLaunchLifeTime object, then it will not tick backwards. + A running script with a maximum smRunLifeTime value will + thus never be terminated with a `lifeTimeExceeded' exit + code. + + The value of smRunLifeTime reflects the real-time execution + time as seen by the outside world. The value of this object + will always be 0 for a script that finished execution, that + is smRunState has the value `terminated'. + + The value of smRunLifeTime does not change while a script + is suspended, that is smRunState has the value `suspended'. + Note that this does not affect set operations. It is legal + to modify smRunLifeTime via set operations while a script + is suspended." + ::= { smRunEntry 5 } + +smRunExpireTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value of this object specifies how long this row can + exist in the smRunTable after the script has terminated. + This object returns the remaining time that the row may + exist before it is aged out. The object is initialized with + the value of the associated smLaunchExpireTime object and + ticks backwards. The entry in the smRunTable is destroyed + when the value reaches 0 and the smRunState has the value + `terminated'. + + The value of this object may be set in order to increase or + reduce the remaining time that the row may exist. Setting + the value to 0 will destroy this entry as soon as the + smRunState has the value `terminated'." + ::= { smRunEntry 6 } + +smRunExitCode OBJECT-TYPE + SYNTAX INTEGER { + noError(1), + halted(2), + lifeTimeExceeded(3), + noResourcesLeft(4), + languageError(5), + runtimeError(6), + invalidArgument(7), + securityViolation(8), + genericError(9) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the reason why a + script finished execution. The smRunExitCode code may have + one of the following values: + + - `noError', which indicates that the script completed + successfully without errors; + + - `halted', which indicates that the script was halted + by a request from an authorized manager; + + - `lifeTimeExceeded', which indicates that the script + exited because a time limit was exceeded; + + - `noResourcesLeft', which indicates that the script + exited because it ran out of resources (e.g. memory); + + - `languageError', which indicates that the script exited + because of a language error (e.g. a syntax error in an + interpreted language); + + - `runtimeError', which indicates that the script exited + due to a runtime error (e.g. a division by zero); + + - `invalidArgument', which indicates that the script could + not be run because of invalid script arguments; + + - `securityViolation', which indicates that the script + exited due to a security violation; + + - `genericError', which indicates that the script exited + for an unspecified reason. + + If the script has not yet begun running, or is currently + running, the value will be `noError'." + DEFVAL { noError } + ::= { smRunEntry 7 } + +smRunResult OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The result value produced by the running script. Note that + the result may change while the script is executing." + DEFVAL { ''H } + ::= { smRunEntry 8 } + +smRunControl OBJECT-TYPE + SYNTAX INTEGER { + abort(1), + suspend(2), + resume(3), + nop(4) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value of this object indicates the desired status of the + script execution defined by this row. + + Setting this object to `abort' will abort execution if the + + value of smRunState is `initializing', `executing', + `suspending', `suspended' or `resuming'. Setting this object + to `abort' when the value of smRunState is `aborting' or + `terminated', or if the implementation can determine that + the attempt to abort the execution would fail, will result + in an inconsistentValue error. + + Setting this object to `suspend' will suspend execution + if the value of smRunState is `executing'. Setting this + object to `suspend' will cause an inconsistentValue error + if the value of smRunState is not `executing' or if the + implementation can determine that the attempt to suspend + the execution would fail. + + Setting this object to `resume' will resume execution + if the value of smRunState is `suspending' or + `suspended'. Setting this object to `resume' will cause an + inconsistentValue error if the value of smRunState is + not `suspended' or if the implementation can determine + that the attempt to resume the execution would fail. + + Setting this object to nop(4) has no effect." + DEFVAL { nop } + ::= { smRunEntry 9 } + +smRunState OBJECT-TYPE + SYNTAX INTEGER { + initializing(1), + executing(2), + suspending(3), + suspended(4), + resuming(5), + aborting(6), + terminated(7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the script's execution + state. If the script has been invoked but has not yet + begun execution, the value will be `initializing'. If the + script is running, the value will be `executing'. + + A running script which received a request to suspend + execution first transitions into a temporary `suspending' + state. The temporary `suspending' state changes to + `suspended' when the script has actually been suspended. The + temporary `suspending' state changes back to `executing' if + + the attempt to suspend the running script fails. + + A suspended script which received a request to resume + execution first transitions into a temporary `resuming' + state. The temporary `resuming' state changes to `running' + when the script has actually been resumed. The temporary + `resuming' state changes back to `suspended' if the attempt + to resume the suspended script fails. + + A script which received a request to abort execution but + which is still running first transitions into a temporary + `aborting' state. + + A script which has finished its execution is `terminated'." + ::= { smRunEntry 10 } + +smRunError OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains a descriptive error message if the + script startup or execution raised an abnormal condition. + An implementation must store a descriptive error message + in this object if the script exits with the smRunExitCode + `genericError'." + DEFVAL { ''H } + ::= { smRunEntry 11 } + +smRunResultTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the smRunResult was last updated. + The value '0000000000000000'H is returned if smRunResult + has not yet been updated after the creation of this + smRunTable entry." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 12 } + +smRunErrorTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the smRunError was last updated. + The value '0000000000000000'H is returned if smRunError + + has not yet been updated after the creation of this + smRunTable entry." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 13 } + +-- +-- Notifications. The definition of smTraps makes notification +-- registrations reversible (see STD 58, RFC 2578). +-- + +smTraps OBJECT IDENTIFIER ::= { smNotifications 0 } + +smScriptAbort NOTIFICATION-TYPE + OBJECTS { smRunExitCode, smRunEndTime, smRunError } + STATUS current + DESCRIPTION + "This notification is generated whenever a running script + terminates with an smRunExitCode unequal to `noError'." + ::= { smTraps 1 } + +smScriptResult NOTIFICATION-TYPE + OBJECTS { smRunResult } + STATUS current + DESCRIPTION + "This notification can be used by scripts to notify other + management applications about results produced by the + script. + + This notification is not automatically generated by the + Script MIB implementation. It is the responsibility of + the executing script to emit this notification where it + is appropriate to do so." + ::= { smTraps 2 } + +smScriptException NOTIFICATION-TYPE + OBJECTS { smRunError } + STATUS current + DESCRIPTION + "This notification can be used by scripts to notify other + management applications about script errors. + + This notification is not automatically generated by the + Script MIB implementation. It is the responsibility of + the executing script or the runtime system to emit this + notification where it is appropriate to do so." + ::= { smTraps 3 } + +-- conformance information + +smCompliances OBJECT IDENTIFIER ::= { smConformance 1 } +smGroups OBJECT IDENTIFIER ::= { smConformance 2 } + +-- compliance statements + +smCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which implement + the Script MIB." + MODULE -- this module + MANDATORY-GROUPS { + smLanguageGroup, smScriptGroup2, smLaunchGroup2, + smRunGroup2, smNotificationsGroup2 + } + GROUP smCodeGroup + DESCRIPTION + "The smCodeGroup is mandatory only for those implementations + that support the downloading of scripts via SNMP." + OBJECT smScriptSource + MIN-ACCESS read-only + DESCRIPTION + "The smScriptSource object is read-only for implementations + that are not able to download script code from a URL." + OBJECT smCodeText + DESCRIPTION + "A compliant implementation need only support write access to + the smCodeText object only during row creation." + OBJECT smLaunchArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smLaunchArgument of 255 octets." + OBJECT smRunArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunArgument of 255 octets." + OBJECT smRunResult + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunResult of 255 octets." + OBJECT smRunState + DESCRIPTION + "A compliant implementation does not have to support script + suspension and the smRunState `suspended'. Such an + implementation will change into the `suspending' state + when the smRunControl is set to `suspend' and remain in this + state until smRunControl is set to `resume' or the script + terminates." + ::= { smCompliances 2 } + +smLanguageGroup OBJECT-GROUP + OBJECTS { + smLangLanguage, smLangVersion, + smLangVendor, smLangRevision, + smLangDescr, smExtsnExtension, + smExtsnVersion, smExtsnVendor, + smExtsnRevision, smExtsnDescr + } + STATUS current + DESCRIPTION + "A collection of objects providing information about the + capabilities of the scripting engine." + ::= { smGroups 1 } + +smScriptGroup2 OBJECT-GROUP + OBJECTS { + smScriptDescr, smScriptLanguage, + smScriptSource, smScriptAdminStatus, + smScriptOperStatus, smScriptStorageType, + smScriptRowStatus, smScriptError, + smScriptLastChange + } + STATUS current + DESCRIPTION + "A collection of objects providing information about + installed scripts." + ::= { smGroups 7 } + +smCodeGroup OBJECT-GROUP + OBJECTS { + smCodeText, smCodeRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects used to download or modify scripts + by using SNMP set requests." + ::= { smGroups 3 } + +smLaunchGroup2 OBJECT-GROUP + OBJECTS { + smLaunchScriptOwner, smLaunchScriptName, + smLaunchArgument, smLaunchMaxRunning, + smLaunchMaxCompleted, smLaunchLifeTime, + smLaunchExpireTime, smLaunchStart, + smLaunchControl, smLaunchAdminStatus, + smLaunchOperStatus, smLaunchRunIndexNext, + smLaunchStorageType, smLaunchRowStatus, + smLaunchError, smLaunchLastChange, + smLaunchRowExpireTime + } + STATUS current + DESCRIPTION + "A collection of objects providing information about scripts + that can be launched." + ::= { smGroups 8 } + +smRunGroup2 OBJECT-GROUP + OBJECTS { + smRunArgument, smRunStartTime, + smRunEndTime, smRunLifeTime, + smRunExpireTime, smRunExitCode, + smRunResult, smRunState, + smRunControl, smRunError, + smRunResultTime, smRunErrorTime + } + STATUS current + DESCRIPTION + "A collection of objects providing information about running + scripts." + ::= { smGroups 9 } + +smNotificationsGroup2 NOTIFICATION-GROUP + NOTIFICATIONS { + smScriptAbort, + smScriptResult, + smScriptException + } + STATUS current + DESCRIPTION + "The notifications emitted by the Script MIB." + ::= { smGroups 10 } + +-- +-- Deprecated compliance and conformance group definitions +-- from RFC 2592. +-- + +smCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for SNMP entities which implement + the Script MIB." + MODULE -- this module + MANDATORY-GROUPS { + + smLanguageGroup, smScriptGroup, smLaunchGroup, smRunGroup + } + GROUP smCodeGroup + DESCRIPTION + "The smCodeGroup is mandatory only for those implementations + that support the downloading of scripts via SNMP." + OBJECT smScriptSource + MIN-ACCESS read-only + DESCRIPTION + "The smScriptSource object is read-only for implementations + that are not able to download script code from a URL." + OBJECT smCodeText + DESCRIPTION + "A compliant implementation need only support write access + to the smCodeText object during row creation." + OBJECT smLaunchArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smLaunchArgument of 255 octets." + OBJECT smRunArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunArgument of 255 octets." + OBJECT smRunResult + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunResult of 255 octets." + OBJECT smRunState + DESCRIPTION + "A compliant implementation does not have to support script + suspension and the smRunState `suspended'. Such an + implementation will change into the `suspending' state + when the smRunControl is set to `suspend' and remain in this + state until smRunControl is set to `resume' or the script + terminates." + ::= { smCompliances 1 } + +smScriptGroup OBJECT-GROUP + OBJECTS { + smScriptDescr, smScriptLanguage, + smScriptSource, smScriptAdminStatus, + smScriptOperStatus, smScriptStorageType, + smScriptRowStatus + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing information about + installed scripts." + ::= { smGroups 2 } + +smLaunchGroup OBJECT-GROUP + OBJECTS { + smLaunchScriptOwner, smLaunchScriptName, + smLaunchArgument, smLaunchMaxRunning, + smLaunchMaxCompleted, smLaunchLifeTime, + smLaunchExpireTime, smLaunchStart, + smLaunchControl, smLaunchAdminStatus, + smLaunchOperStatus, smLaunchRunIndexNext, + smLaunchStorageType, smLaunchRowStatus + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing information about scripts + that can be launched." + ::= { smGroups 4 } + +smRunGroup OBJECT-GROUP + OBJECTS { + smRunArgument, smRunStartTime, + smRunEndTime, smRunLifeTime, + smRunExpireTime, smRunExitCode, + smRunResult, smRunState, + smRunControl, smRunError + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing information about running + scripts." + ::= { smGroups 5 } + +smNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + smScriptAbort, + smScriptResult + } + STATUS deprecated + DESCRIPTION + "The notifications emitted by the Script MIB." + ::= { smGroups 6 } + +END diff --git a/data/mibs/DISMAN-TRACEROUTE-MIB.txt b/data/mibs/DISMAN-TRACEROUTE-MIB.txt new file mode 100644 index 000000000..d207b2455 --- /dev/null +++ b/data/mibs/DISMAN-TRACEROUTE-MIB.txt @@ -0,0 +1,1850 @@ +DISMAN-TRACEROUTE-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, + Gauge32, Unsigned32, mib-2, + NOTIFICATION-TYPE, + OBJECT-IDENTITY + FROM SNMPv2-SMI -- RFC2578 + RowStatus, StorageType, + TruthValue, DateAndTime + FROM SNMPv2-TC -- RFC2579 + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF -- RFC2580 + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB -- RFC3411 + InterfaceIndexOrZero -- RFC2863 + FROM IF-MIB + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB -- RFC4001 + OperationResponseStatus + FROM DISMAN-PING-MIB; -- RFC4560 + + traceRouteMIB MODULE-IDENTITY + LAST-UPDATED "200606130000Z" -- 13 June 2006 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "Juergen Quittek + + NEC Europe Ltd. + Network Laboratories + Kurfuersten-Anlage 36 + 69115 Heidelberg + Germany + + Phone: +49 6221 4342-115 + Email: quittek@netlab.nec.de" + DESCRIPTION + "The Traceroute MIB (DISMAN-TRACEROUTE-MIB) provides + access to the traceroute capability at a remote host. + + Copyright (C) The Internet Society (2006). This version of + this MIB module is part of RFC 4560; see the RFC itself for + full legal notices." + + -- Revision history + + REVISION "200606130000Z" -- 13 June 2006 + DESCRIPTION + "Updated version, published as RFC 4560. + - Correctly considered IPv6 in DESCRIPTION clause of + object traceRouteCtlDataSize + - Replaced references to RFC 2575 by RFC 3415 + - Replaced references to RFC 2571 by RFC 3411 + - Replaced references to RFC 2851 by RFC 4001 + - Clarified DESCRIPTION clause of object + traceRouteResultsLastGoodPath + - Changed range of object traceRouteCtlInitialTtl + from (0..255) to (1..255) + - Extended DESCRIPTION clause of traceRouteResultsTable + describing re-initialization of entries + - Changed SYNTAX of traceRouteResultsTestAttempts and + traceRouteResultsTestSuccesses from Unsigned32 to + Gauge32 + - Changed status of traceRouteCompliance to deprecated + - Added traceRouteFullCompliance and + traceRouteMinimumCompliance + - Changed status of traceRouteGroup and + traceRouteTimeStampGroup to deprecated + - Added traceRouteMinimumGroup, + traceRouteCtlRowStatusGroup, and + traceRouteHistoryGroup + - Changed DEFVAL of object + traceRouteCtlTargetAddressType from { ipv4 } + to { unknown } + - Changed DEFVAL of object traceRouteCtlDescr + from { '00'H } to { ''H } + - Added DEFVAL for object traceRouteCtlTrapGeneration + of DEFVAL { { } }" + REVISION "200009210000Z" -- 21 September 2000 + DESCRIPTION + "Initial version, published as RFC 2925." + ::= { mib-2 81 } + + -- Top level structure of the MIB + + traceRouteNotifications OBJECT IDENTIFIER ::= { traceRouteMIB 0 } + traceRouteObjects OBJECT IDENTIFIER ::= { traceRouteMIB 1 } + traceRouteConformance OBJECT IDENTIFIER ::= { traceRouteMIB 2 } + + -- The registration node (point) for traceroute implementation types + + traceRouteImplementationTypeDomains OBJECT IDENTIFIER + ::= { traceRouteMIB 3 } + + traceRouteUsingUdpProbes OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Indicates that an implementation is using UDP probes to + perform the traceroute operation." + ::= { traceRouteImplementationTypeDomains 1 } + + -- Simple Object Definitions + + traceRouteMaxConcurrentRequests OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "requests" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of concurrent active traceroute requests + that are allowed within an agent implementation. A value + of 0 for this object implies that there is no limit for + the number of concurrent active requests in effect. + + The limit applies only to new requests being activated. + When a new value is set, the agent will continue processing + all the requests already active, even if their number + exceeds the limit just imposed." + DEFVAL { 10 } + ::= { traceRouteObjects 1 } + + -- Traceroute Control Table + + traceRouteCtlTable OBJECT-TYPE + SYNTAX SEQUENCE OF TraceRouteCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Remote Operations Traceroute Control Table for + providing the capability of invoking traceroute from a remote + host. The results of traceroute operations can be stored in + the traceRouteResultsTable, traceRouteProbeHistoryTable, and + the traceRouteHopsTable." + ::= { traceRouteObjects 2 } + + traceRouteCtlEntry OBJECT-TYPE + SYNTAX TraceRouteCtlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the traceRouteCtlTable. The first + index element, traceRouteCtlOwnerIndex, is of type + SnmpAdminString, a textual convention that allows for + use of the SNMPv3 View-Based Access Control Model + (RFC 3415, VACM) and that allows a management + application to identify its entries. The second index, + traceRouteCtlTestName (also an SnmpAdminString), + enables the same management application to have + multiple requests outstanding." + INDEX { + traceRouteCtlOwnerIndex, + traceRouteCtlTestName + } + ::= { traceRouteCtlTable 1 } + + TraceRouteCtlEntry ::= + SEQUENCE { + traceRouteCtlOwnerIndex SnmpAdminString, + traceRouteCtlTestName SnmpAdminString, + traceRouteCtlTargetAddressType InetAddressType, + traceRouteCtlTargetAddress InetAddress, + traceRouteCtlByPassRouteTable TruthValue, + traceRouteCtlDataSize Unsigned32, + traceRouteCtlTimeOut Unsigned32, + traceRouteCtlProbesPerHop Unsigned32, + traceRouteCtlPort Unsigned32, + traceRouteCtlMaxTtl Unsigned32, + traceRouteCtlDSField Unsigned32, + traceRouteCtlSourceAddressType InetAddressType, + traceRouteCtlSourceAddress InetAddress, + traceRouteCtlIfIndex InterfaceIndexOrZero, + traceRouteCtlMiscOptions SnmpAdminString, + traceRouteCtlMaxFailures Unsigned32, + traceRouteCtlDontFragment TruthValue, + traceRouteCtlInitialTtl Unsigned32, + traceRouteCtlFrequency Unsigned32, + traceRouteCtlStorageType StorageType, + traceRouteCtlAdminStatus INTEGER, + traceRouteCtlDescr SnmpAdminString, + traceRouteCtlMaxRows Unsigned32, + traceRouteCtlTrapGeneration BITS, + traceRouteCtlCreateHopsEntries TruthValue, + traceRouteCtlType OBJECT IDENTIFIER, + traceRouteCtlRowStatus RowStatus + } + + traceRouteCtlOwnerIndex OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "To facilitate the provisioning of access control by a + security administrator using the View-Based Access + Control Model (RFC 3415, VACM) for tables in which + multiple users may need to create or + modify entries independently, the initial index is used as + an 'owner index'. Such an initial index has a syntax of + SnmpAdminString and can thus be trivially mapped to a + securityName or groupName defined in VACM, in + accordance with a security policy. + + When used in conjunction with such a security policy, + all entries in the table belonging to a particular user + (or group) will have the same value for this initial + index. For a given user's entries in a particular + table, the object identifiers for the information in + these entries will have the same subidentifiers (except + for the 'column' subidentifier) up to the end of the + encoded owner index. To configure VACM to permit access + to this portion of the table, one would create + vacmViewTreeFamilyTable entries with the value of + vacmViewTreeFamilySubtree including the owner index + portion, and vacmViewTreeFamilyMask 'wildcarding' the + column subidentifier. More elaborate configurations + are possible." + ::= { traceRouteCtlEntry 1 } + + traceRouteCtlTestName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of a traceroute test. This is locally unique, + within the scope of a traceRouteCtlOwnerIndex." + ::= { traceRouteCtlEntry 2 } + + traceRouteCtlTargetAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the type of host address to be used on the + traceroute request at the remote host." + DEFVAL { unknown } + ::= { traceRouteCtlEntry 3 } + + traceRouteCtlTargetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the host address used on the + traceroute request at the remote host. The + host address type can be determined by + examining the value of the corresponding + traceRouteCtlTargetAddressType. + + A value for this object MUST be set prior to + transitioning its corresponding traceRouteCtlEntry to + active(1) via traceRouteCtlRowStatus." + ::= { traceRouteCtlEntry 4 } + + traceRouteCtlByPassRouteTable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The purpose of this object is to enable optional + bypassing the route table. If enabled, the remote + host will bypass the normal routing tables and send + directly to a host on an attached network. If the + host is not on a directly attached network, an + error is returned. This option can be used to perform + the traceroute operation to a local host through an + interface that has no route defined (e.g., after the + interface was dropped by the routing daemon at the host)." + DEFVAL { false } + ::= { traceRouteCtlEntry 5 } + + traceRouteCtlDataSize OBJECT-TYPE + SYNTAX Unsigned32 (0..65507) + UNITS "octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the size of the data portion of a traceroute + request, in octets. If the RECOMMENDED traceroute method + (UDP datagrams as probes) is used, then the value + contained in this object MUST be applied. If another + traceroute method is used for which the specified size + is not appropriate, then the implementation SHOULD use + whatever size (appropriate to the method) is closest to + the specified size. + + The maximum value for this object was computed by + subtracting the smallest possible IP header size of + 20 octets (IPv4 header with no options) and the UDP + header size of 8 octets from the maximum IP packet size. + An IP packet has a maximum size of 65535 octets + (excluding IPv6 Jumbograms)." + DEFVAL { 0 } + ::= { traceRouteCtlEntry 6 } + + traceRouteCtlTimeOut OBJECT-TYPE + SYNTAX Unsigned32 (1..60) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the time-out value, in seconds, for + a traceroute request." + DEFVAL { 3 } + ::= { traceRouteCtlEntry 7 } + + traceRouteCtlProbesPerHop OBJECT-TYPE + SYNTAX Unsigned32 (1..10) + UNITS "probes" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the number of times to reissue a traceroute + request with the same time-to-live (TTL) value." + DEFVAL { 3 } + ::= { traceRouteCtlEntry 8 } + + traceRouteCtlPort OBJECT-TYPE + SYNTAX Unsigned32 (1..65535) + UNITS "UDP Port" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the (initial) UDP port to send the traceroute + request to. A port needs to be specified that is not in + use at the destination (target) host. The default + value for this object is the IANA assigned port, + 33434, for the traceroute function." + DEFVAL { 33434 } + ::= { traceRouteCtlEntry 9 } + + traceRouteCtlMaxTtl OBJECT-TYPE + SYNTAX Unsigned32 (1..255) + UNITS "time-to-live value" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the maximum time-to-live value." + DEFVAL { 30 } + ::= { traceRouteCtlEntry 10 } + + traceRouteCtlDSField OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the value to store in the Type of Service + (TOS) octet in the IPv4 header or in the Traffic + Class octet in the IPv6 header, respectively, of the + IP packet used to encapsulate the traceroute probe. + + The octet to be set in the IP header contains the + Differentiated Services (DS) Field in the six most + significant bits. + + This option can be used to determine what effect an + explicit DS Field setting has on a traceroute response. + Not all values are legal or meaningful. A value of 0 + means that the function represented by this option is + not supported. DS Field usage is often not supported + by IP implementations, and not all values are supported. + Refer to RFC 2474 and RFC 3260 for guidance on usage of + this field." + REFERENCE + "Refer to RFC 1812 for the definition of the IPv4 TOS + octet and to RFC 2460 for the definition of the IPv6 + Traffic Class octet. Refer to RFC 2474 and RFC 3260 + for the definition of the Differentiated Services Field." + DEFVAL { 0 } + ::= { traceRouteCtlEntry 11 } + + traceRouteCtlSourceAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Specifies the type of the source address, + traceRouteCtlSourceAddress, to be used at a remote host + when a traceroute operation is performed." + DEFVAL { unknown } + ::= { traceRouteCtlEntry 12 } + + traceRouteCtlSourceAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Use the specified IP address (which must be given as an + IP number, not a hostname) as the source address in + outgoing probe packets. On hosts with more than one IP + address, this option can be used to select the address + to be used. If the IP address is not one of this + machine's interface addresses, an error is returned, and + nothing is sent. A zero-length octet string value for + this object disables source address specification. + The address type (InetAddressType) that relates to + this object is specified by the corresponding value + of traceRouteCtlSourceAddressType." + DEFVAL { ''H } + ::= { traceRouteCtlEntry 13 } + + traceRouteCtlIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Setting this object to an interface's ifIndex prior + to starting a remote traceroute operation directs + the traceroute probes to be transmitted over the + specified interface. A value of zero for this object + implies that this option is not enabled." + DEFVAL { 0 } + ::= { traceRouteCtlEntry 14 } + + traceRouteCtlMiscOptions OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Enables an application to specify implementation-dependent + options." + DEFVAL { ''H } + ::= { traceRouteCtlEntry 15 } + + traceRouteCtlMaxFailures OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + UNITS "timeouts" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object indicates the maximum number + of consecutive timeouts allowed before a remote traceroute + request is terminated. A value of either 255 (maximum + hop count/possible TTL value) or 0 indicates that the + function of terminating a remote traceroute request when a + specific number of consecutive timeouts are detected is + disabled." + DEFVAL { 5 } + ::= { traceRouteCtlEntry 16 } + + traceRouteCtlDontFragment OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object enables setting of the don't fragment flag (DF) + in the IP header for a probe. Use of this object enables + a manual PATH MTU test is performed." + DEFVAL { false } + ::= { traceRouteCtlEntry 17 } + + traceRouteCtlInitialTtl OBJECT-TYPE + SYNTAX Unsigned32 (1..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object specifies the initial TTL value to + use. This enables bypassing the initial (often well known) + portion of a path." + DEFVAL { 1 } + ::= { traceRouteCtlEntry 18 } + + traceRouteCtlFrequency OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds to wait before repeating a + traceroute test, as defined by the value of the + various objects in the corresponding row. + + After a single test is completed the number of seconds + as defined by the value of traceRouteCtlFrequency MUST + elapse before the next traceroute test is started. + + A value of 0 for this object implies that the test + as defined by the corresponding entry will not be + + repeated." + DEFVAL { 0 } + ::= { traceRouteCtlEntry 19 } + + traceRouteCtlStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { traceRouteCtlEntry 20 } + + traceRouteCtlAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + + enabled(1), -- operation should be started + disabled(2) -- operation should be stopped + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Reflects the desired state that an traceRouteCtlEntry + should be in: + + enabled(1) - Attempt to activate the test as defined by + this traceRouteCtlEntry. + disabled(2) - Deactivate the test as defined by this + traceRouteCtlEntry. + + Refer to the corresponding traceRouteResultsOperStatus to + determine the operational state of the test defined by + this entry." + DEFVAL { disabled } + ::= { traceRouteCtlEntry 21 } + + traceRouteCtlDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The purpose of this object is to provide a + descriptive name of the remote traceroute + test." + DEFVAL { ''H } + ::= { traceRouteCtlEntry 22 } + + traceRouteCtlMaxRows OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "rows" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of corresponding entries allowed + in the traceRouteProbeHistoryTable. An implementation + of this MIB will remove the oldest corresponding entry + in the traceRouteProbeHistoryTable to allow the + addition of an new entry once the number of + corresponding rows in the traceRouteProbeHistoryTable + reaches this value. + + Old entries are not removed when a new test is + started. Entries are added to the + traceRouteProbeHistoryTable until traceRouteCtlMaxRows + is reached before entries begin to be removed. + A value of 0 for this object disables creation of + traceRouteProbeHistoryTable entries." + DEFVAL { 50 } + ::= { traceRouteCtlEntry 23 } + + traceRouteCtlTrapGeneration OBJECT-TYPE + SYNTAX BITS { + pathChange(0), + testFailure(1), + testCompletion(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object determines when and whether to + generate a notification for this entry: + + pathChange(0) - Generate a traceRoutePathChange + notification when the current path varies from a + previously determined path. + testFailure(1) - Generate a traceRouteTestFailed + notification when the full path to a target + can't be determined. + testCompletion(2) - Generate a traceRouteTestCompleted + notification when the path to a target has been + determined. + + The value of this object defaults to an empty set, + indicating that none of the above options has been + selected." + DEFVAL { { } } + ::= { traceRouteCtlEntry 24 } + + traceRouteCtlCreateHopsEntries OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The current path for a traceroute test is kept in the + traceRouteHopsTable on a per-hop basis when the value of + this object is true(1)." + DEFVAL { false } + ::= { traceRouteCtlEntry 25 } + + traceRouteCtlType OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object is used either to report or to + select the implementation method to be used for + performing a traceroute operation. The value of this + object may be selected from + traceRouteImplementationTypeDomains. + + Additional implementation types should be allocated as + required by implementers of the DISMAN-TRACEROUTE-MIB + under their enterprise specific registration point, + not beneath traceRouteImplementationTypeDomains." + DEFVAL { traceRouteUsingUdpProbes } + ::= { traceRouteCtlEntry 26 } + + traceRouteCtlRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object allows entries to be created and deleted + in the traceRouteCtlTable. Deletion of an entry in + this table results in a deletion of all corresponding (same + traceRouteCtlOwnerIndex and traceRouteCtlTestName + index values) traceRouteResultsTable, + traceRouteProbeHistoryTable, and traceRouteHopsTable + entries. + + A value MUST be specified for traceRouteCtlTargetAddress + prior to acceptance of a transition to active(1) state. + + When a value for pingCtlTargetAddress is set, + the value of object pingCtlRowStatus changes + from notReady(3) to notInService(2). + + Activation of a remote traceroute operation is + controlled via traceRouteCtlAdminStatus, and not + by transitioning of this object's value to active(1). + + Transitions in and out of active(1) state are not + allowed while an entry's traceRouteResultsOperStatus + is active(1), with the exception that deletion of + an entry in this table by setting its RowStatus + object to destroy(6) will stop an active + traceroute operation. + + The operational state of an traceroute operation + can be determined by examination of the corresponding + traceRouteResultsOperStatus object." + REFERENCE + "See definition of RowStatus in RFC 2579, 'Textual + Conventions for SMIv2.'" + ::= { traceRouteCtlEntry 27 } + + -- Traceroute Results Table + + traceRouteResultsTable OBJECT-TYPE + SYNTAX SEQUENCE OF TraceRouteResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Remote Operations Traceroute Results Table for + keeping track of the status of a traceRouteCtlEntry. + + An entry is added to the traceRouteResultsTable when an + traceRouteCtlEntry is started by successful transition + of its traceRouteCtlAdminStatus object to enabled(1). + + If the object traceRouteCtlAdminStatus already has the value + enabled(1), and if the corresponding + traceRouteResultsOperStatus object has the value + completed(3), then successfully writing enabled(1) to the + object traceRouteCtlAdminStatus re-initializes the already + existing entry in the traceRouteResultsTable. The values of + objects in the re-initialized entry are the same as + the values of objects in a new entry would be. + + An entry is removed from the traceRouteResultsTable when + + its corresponding traceRouteCtlEntry is deleted." + ::= { traceRouteObjects 3 } + + traceRouteResultsEntry OBJECT-TYPE + SYNTAX TraceRouteResultsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the traceRouteResultsTable. The + traceRouteResultsTable has the same indexing as the + traceRouteCtlTable so that a traceRouteResultsEntry + corresponds to the traceRouteCtlEntry that caused it to + be created." + INDEX { + traceRouteCtlOwnerIndex, + traceRouteCtlTestName + } + ::= { traceRouteResultsTable 1 } + + TraceRouteResultsEntry ::= + SEQUENCE { + traceRouteResultsOperStatus INTEGER, + traceRouteResultsCurHopCount Gauge32, + traceRouteResultsCurProbeCount Gauge32, + traceRouteResultsIpTgtAddrType InetAddressType, + traceRouteResultsIpTgtAddr InetAddress, + traceRouteResultsTestAttempts Gauge32, + traceRouteResultsTestSuccesses Gauge32, + traceRouteResultsLastGoodPath DateAndTime + } + + traceRouteResultsOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), -- test is in progress + disabled(2), -- test has stopped + completed(3) -- test is completed + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects the operational state of an traceRouteCtlEntry: + + enabled(1) - Test is active. + disabled(2) - Test has stopped. + completed(3) - Test is completed." + ::= { traceRouteResultsEntry 1 } + + traceRouteResultsCurHopCount OBJECT-TYPE + SYNTAX Gauge32 + UNITS "hops" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects the current TTL value (from 1 to + 255) for a remote traceroute operation. + Maximum TTL value is determined by + traceRouteCtlMaxTtl." + ::= { traceRouteResultsEntry 2 } + + traceRouteResultsCurProbeCount OBJECT-TYPE + SYNTAX Gauge32 + UNITS "probes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reflects the current probe count (1..10) for + a remote traceroute operation. The maximum + probe count is determined by + traceRouteCtlProbesPerHop." + ::= { traceRouteResultsEntry 3 } + + traceRouteResultsIpTgtAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the type of address stored + in the corresponding traceRouteResultsIpTgtAddr + object." + ::= { traceRouteResultsEntry 4 } + + traceRouteResultsIpTgtAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object reports the IP address associated + with a traceRouteCtlTargetAddress value when the + destination address is specified as a DNS name. + The value of this object should be a zero-length + octet string when a DNS name is not specified or + when a specified DNS name fails to resolve." + ::= { traceRouteResultsEntry 5 } + + traceRouteResultsTestAttempts OBJECT-TYPE + SYNTAX Gauge32 + UNITS "tests" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current number of attempts to determine a path + to a target. The value of this object MUST be started + at 0." + ::= { traceRouteResultsEntry 6 } + + traceRouteResultsTestSuccesses OBJECT-TYPE + SYNTAX Gauge32 + UNITS "tests" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current number of attempts to determine a path + to a target that have succeeded. The value of this + object MUST be reported as 0 when no attempts have + succeeded." + ::= { traceRouteResultsEntry 7 } + + traceRouteResultsLastGoodPath OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the last complete path + was determined. A path is complete if responses + were received or timeout occurred for each hop on + the path; i.e., for each TTL value from the value + of the corresponding traceRouteCtlInitialTtl object + up to the end of the path or (if no reply from the + target IP address was received) up to the value of + the corresponding traceRouteCtlMaxTtl object." + ::= { traceRouteResultsEntry 8 } + + -- Trace Route Probe History Table + + traceRouteProbeHistoryTable OBJECT-TYPE + SYNTAX SEQUENCE OF TraceRouteProbeHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Remote Operations Traceroute Results Table + for storing the results of a traceroute operation. + + An implementation of this MIB will remove the oldest + + entry in the traceRouteProbeHistoryTable of the + corresponding entry in the traceRouteCtlTable to allow + the addition of a new entry once the number of rows in + the traceRouteProbeHistoryTable reaches the value specified + by traceRouteCtlMaxRows for the corresponding entry in the + traceRouteCtlTable." + ::= { traceRouteObjects 4 } + + traceRouteProbeHistoryEntry OBJECT-TYPE + SYNTAX TraceRouteProbeHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines a table for storing the results of a traceroute + operation. Entries in this table are limited by + the value of the corresponding traceRouteCtlMaxRows + object. + + The first two index elements identify the + traceRouteCtlEntry that a traceRouteProbeHistoryEntry + belongs to. The third index element selects a single + traceroute operation result. The fourth and fifth indexes + select the hop and the probe for a particular + traceroute operation." + INDEX { + traceRouteCtlOwnerIndex, + traceRouteCtlTestName, + traceRouteProbeHistoryIndex, + traceRouteProbeHistoryHopIndex, + traceRouteProbeHistoryProbeIndex + + } + ::= { traceRouteProbeHistoryTable 1 } + + TraceRouteProbeHistoryEntry ::= + SEQUENCE { + traceRouteProbeHistoryIndex Unsigned32, + traceRouteProbeHistoryHopIndex Unsigned32, + traceRouteProbeHistoryProbeIndex Unsigned32, + traceRouteProbeHistoryHAddrType InetAddressType, + traceRouteProbeHistoryHAddr InetAddress, + traceRouteProbeHistoryResponse Unsigned32, + traceRouteProbeHistoryStatus OperationResponseStatus, + traceRouteProbeHistoryLastRC Integer32, + traceRouteProbeHistoryTime DateAndTime + } + + traceRouteProbeHistoryIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..'ffffffff'h) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in this table is created when the result of + a traceroute probe is determined. The initial 2 instance + identifier index values identify the traceRouteCtlEntry + that a probe result (traceRouteProbeHistoryEntry) belongs + to. An entry is removed from this table when + its corresponding traceRouteCtlEntry is deleted. + + An implementation MUST start assigning + traceRouteProbeHistoryIndex values at 1 and wrap after + exceeding the maximum possible value, as defined by the + limit of this object ('ffffffff'h)." + ::= { traceRouteProbeHistoryEntry 1 } + + traceRouteProbeHistoryHopIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates which hop in a traceroute path the probe's + results are for. The value of this object is initially + determined by the value of traceRouteCtlInitialTtl." + ::= { traceRouteProbeHistoryEntry 2 } + + traceRouteProbeHistoryProbeIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..10) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the index of a probe for a particular + hop in a traceroute path. The number of probes per + hop is determined by the value of the corresponding + traceRouteCtlProbesPerHop object." + ::= { traceRouteProbeHistoryEntry 3 } + + traceRouteProbeHistoryHAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This objects indicates the type of address stored + in the corresponding traceRouteProbeHistoryHAddr + object." + ::= { traceRouteProbeHistoryEntry 4 } + + traceRouteProbeHistoryHAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The address of a hop in a traceroute path. This object + is not allowed to be a DNS name. The value of the + corresponding object, traceRouteProbeHistoryHAddrType, + indicates this object's IP address type." + ::= { traceRouteProbeHistoryEntry 5 } + + traceRouteProbeHistoryResponse OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time measured in milliseconds from when + a probe was sent to when its response was received or + when it timed out. The value of this object is reported + as 0 when it is not possible to transmit a probe." + ::= { traceRouteProbeHistoryEntry 6 } + + traceRouteProbeHistoryStatus OBJECT-TYPE + SYNTAX OperationResponseStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The result of a traceroute operation made by a remote + host for a particular probe." + ::= { traceRouteProbeHistoryEntry 7 } + + traceRouteProbeHistoryLastRC OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The last implementation-method-specific reply code received. + + Traceroute is usually implemented by transmitting a series of + probe packets with increasing time-to-live values. A probe + packet is a UDP datagram encapsulated into an IP packet. + Each hop in a path to the target (destination) host rejects + the probe packets (probe's TTL too small, ICMP reply) until + either the maximum TTL is exceeded or the target host is + received." + ::= { traceRouteProbeHistoryEntry 8 } + + traceRouteProbeHistoryTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Timestamp for when this probe's results were determined." + ::= { traceRouteProbeHistoryEntry 9 } + + -- Traceroute Hop Results Table + + traceRouteHopsTable OBJECT-TYPE + SYNTAX SEQUENCE OF TraceRouteHopsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines the Remote Operations Traceroute Hop Table for + keeping track of the results of traceroute tests on a + per-hop basis." + ::= { traceRouteObjects 5 } + + traceRouteHopsEntry OBJECT-TYPE + SYNTAX TraceRouteHopsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Defines an entry in the traceRouteHopsTable. + The first two index elements identify the + traceRouteCtlEntry that a traceRouteHopsEntry + belongs to. The third index element, + traceRouteHopsHopIndex, selects a + hop in a traceroute path." + INDEX { + traceRouteCtlOwnerIndex, + traceRouteCtlTestName, + traceRouteHopsHopIndex + } + ::= { traceRouteHopsTable 1 } + + TraceRouteHopsEntry ::= + SEQUENCE { + traceRouteHopsHopIndex Unsigned32, + traceRouteHopsIpTgtAddressType InetAddressType, + traceRouteHopsIpTgtAddress InetAddress, + traceRouteHopsMinRtt Unsigned32, + traceRouteHopsMaxRtt Unsigned32, + traceRouteHopsAverageRtt Unsigned32, + traceRouteHopsRttSumOfSquares Unsigned32, + traceRouteHopsSentProbes Unsigned32, + traceRouteHopsProbeResponses Unsigned32, + traceRouteHopsLastGoodProbe DateAndTime + } + + traceRouteHopsHopIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..'ffffffff'h) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the hop index for a traceroute hop. Values + for this object with respect to the same + traceRouteCtlOwnerIndex and traceRouteCtlTestName + MUST start at 1 and be given increasing values for + subsequent hops. The value of traceRouteHopsHopIndex is not + necessarily the number of the hop on the traced path. + + The traceRouteHopsTable keeps the current traceroute + path per traceRouteCtlEntry if enabled by + setting the corresponding traceRouteCtlCreateHopsEntries + to true(1). + + All hops (traceRouteHopsTable entries) in a traceroute + path MUST be updated at the same time when a traceroute + operation is completed. Care needs to be applied when a path + either changes or can't be determined. The initial portion + of the path, up to the first hop change, MUST retain the + same traceRouteHopsHopIndex values. The remaining portion + of the path SHOULD be assigned new traceRouteHopsHopIndex + values." + ::= { traceRouteHopsEntry 1 } + + traceRouteHopsIpTgtAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the type of address stored + in the corresponding traceRouteHopsIpTgtAddress + object." + ::= { traceRouteHopsEntry 2 } + + traceRouteHopsIpTgtAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object reports the IP address associated with + + the hop. A value for this object should be reported + as a numeric IP address, not as a DNS name. + + The address type (InetAddressType) that relates to + this object is specified by the corresponding value + of pingCtlSourceAddressType." + ::= { traceRouteHopsEntry 3 } + + traceRouteHopsMinRtt OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum traceroute round-trip-time (RTT) received for + this hop. A value of 0 for this object implies that no + RTT has been received." + ::= { traceRouteHopsEntry 4 } + + traceRouteHopsMaxRtt OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum traceroute round-trip-time (RTT) received for + this hop. A value of 0 for this object implies that no + RTT has been received." + ::= { traceRouteHopsEntry 5 } + + traceRouteHopsAverageRtt OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current average traceroute round-trip-time (RTT) for + this hop." + ::= { traceRouteHopsEntry 6 } + + traceRouteHopsRttSumOfSquares OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains the sum of the squares of all + round-trip-times received for this hop. Its purpose is + to enable standard deviation calculation." + ::= { traceRouteHopsEntry 7 } + + traceRouteHopsSentProbes OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object reflects the number of probes sent + for this hop during this traceroute test. The value of this + object should start at 0." + ::= { traceRouteHopsEntry 8 } + + traceRouteHopsProbeResponses OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of responses received for this hop during this + traceroute test. This value of this object should start + at 0." + ::= { traceRouteHopsEntry 9 } + + traceRouteHopsLastGoodProbe OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Date and time at which the last response was received for a + probe for this hop during this traceroute test." + ::= { traceRouteHopsEntry 10 } + + -- Notification Definition section + + traceRoutePathChange NOTIFICATION-TYPE + OBJECTS { + traceRouteCtlTargetAddressType, + traceRouteCtlTargetAddress, + traceRouteResultsIpTgtAddrType, + traceRouteResultsIpTgtAddr + } + STATUS current + DESCRIPTION + "The path to a target has changed." + ::= { traceRouteNotifications 1 } + + traceRouteTestFailed NOTIFICATION-TYPE + OBJECTS { + traceRouteCtlTargetAddressType, + traceRouteCtlTargetAddress, + traceRouteResultsIpTgtAddrType, + traceRouteResultsIpTgtAddr + + } + STATUS current + DESCRIPTION + "Could not determine the path to a target." + ::= { traceRouteNotifications 2 } + + traceRouteTestCompleted NOTIFICATION-TYPE + OBJECTS { + traceRouteCtlTargetAddressType, + traceRouteCtlTargetAddress, + traceRouteResultsIpTgtAddrType, + traceRouteResultsIpTgtAddr + } + STATUS current + DESCRIPTION + "The path to a target has just been determined." + ::= { traceRouteNotifications 3 } + + -- Conformance information + -- Compliance statements + + traceRouteCompliances OBJECT IDENTIFIER + ::= { traceRouteConformance 1 } + traceRouteGroups OBJECT IDENTIFIER + ::= { traceRouteConformance 2 } + + -- Compliance statements + + traceRouteFullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities that + fully implement the DISMAN-TRACEROUTE-MIB." + MODULE -- this module + MANDATORY-GROUPS { + traceRouteMinimumGroup, + traceRouteCtlRowStatusGroup, + traceRouteHistoryGroup + } + + GROUP traceRouteHopsTableGroup + DESCRIPTION + "This group lists the objects that make up a + traceRouteHopsEntry. Support of the traceRouteHopsTable + is optional." + + GROUP traceRouteNotificationsGroup + DESCRIPTION + "This group defines a collection of optional + notifications." + + OBJECT traceRouteMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support SET + operations to this object." + + OBJECT traceRouteCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of its + implementation. The function represented by this + object is implementable if the setsockopt + SOL_SOCKET SO_DONTROUTE option is supported." + + OBJECT traceRouteCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT traceRouteCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT traceRouteCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlMiscOptions + MIN-ACCESS read-only + DESCRIPTION + "Support of this object is optional. If not + supporting, do not allow write access and return a + zero-length octet string as the value of the object." + + OBJECT traceRouteCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. It is also allowed + that implementations support only the volatile(2) + StorageType enumeration." + + OBJECT traceRouteCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + value that is RECOMMENDED to be supported by an + implementation is traceRouteUsingUdpProbes." + + OBJECT traceRouteResultsIpTgtAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteResultsIpTgtAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteResultsLastGoodPath + DESCRIPTION + "If the traceRouteHopsTableGroup is implemented, then + this object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT traceRouteProbeHistoryHAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryHAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryTime + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT traceRouteHopsIpTgtAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsIpTgtAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsLastGoodProbe + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + ::= { traceRouteCompliances 2 } + + traceRouteMinimumCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The minimum compliance statement for SNMP entities + which implement the minimal subset of the + DISMAN-TRACEROUTE-MIB. Implementors might choose this + subset for small devices with limited resources." + MODULE -- this module + + MANDATORY-GROUPS { traceRouteMinimumGroup } + + GROUP traceRouteCtlRowStatusGroup + DESCRIPTION + "A compliant implementation does not have to implement + the traceRouteCtlRowStatusGroup." + + GROUP traceRouteHistoryGroup + DESCRIPTION + "A compliant implementation does not have to implement + the traceRouteHistoryGroup." + + GROUP traceRouteHopsTableGroup + DESCRIPTION + "This group lists the objects that make up a + traceRouteHopsEntry. Support of the traceRouteHopsTable + is optional." + + GROUP traceRouteNotificationsGroup + DESCRIPTION + "This group defines a collection of optional + notifications." + + OBJECT traceRouteMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support SET + operations to this object." + + OBJECT traceRouteCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a false(2) as the value of this + object. A value of false(2) means that the function + represented by this option is not supported." + + OBJECT traceRouteCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT traceRouteCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "Write access to this object is not required by + implementations that are not capable of binding the + send socket with a source address. An implementation + is only required to support IPv4 and IPv6 addresses." + + OBJECT traceRouteCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlMiscOptions + MIN-ACCESS read-only + DESCRIPTION + "Support of this object is optional. If not + supporting, do not allow write access, and return a + zero-length octet string as the value of the object." + + OBJECT traceRouteCtlDontFragment + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a false(2) as the value of this + object. A value of false(2) means that the function + represented by this option is not supported." + + OBJECT traceRouteCtlInitialTtl + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 1 as the value of this object." + + OBJECT traceRouteCtlFrequency + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. It is also allowed + that implementations support only the volatile(2) + StorageType enumeration." + + OBJECT traceRouteCtlDescr + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support set + operations to this object." + + OBJECT traceRouteCtlMaxRows + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If the + traceRouteHistoryGroup is not implemented, then write + access to this object MUST be disabled, and the object + MUST return a value of 0 when retrieved." + + OBJECT traceRouteCtlTrapGeneration + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If the + traceRouteNotificationsGroup is not implemented, then + write access to this object MUST be disabled, and the + object MUST return a value with no bit set when + retrieved. No bit set indicates that no notification + is generated." + + OBJECT traceRouteCtlCreateHopsEntries + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. If the + traceRouteHopsTableGroup is not implemented, then + write access to this object MUST be disabled, and the + object MUST return a value of false(2) when retrieved." + + OBJECT traceRouteCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + + value that is RECOMMENDED to be supported by an + implementation is traceRouteUsingUdpProbes." + + OBJECT traceRouteResultsIpTgtAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteResultsIpTgtAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteResultsLastGoodPath + DESCRIPTION + "This object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT traceRouteProbeHistoryHAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryHAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryTime + DESCRIPTION + "If the traceRouteHistoryGroup is implemented, then + this object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + + OBJECT traceRouteHopsIpTgtAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsIpTgtAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsLastGoodProbe + DESCRIPTION + "If the traceRouteHopsTableGroup is implemented, then + this object is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects. It is RECOMMENDED + that when this object is not supported its values + be reported as '0000000000000000'H." + ::= { traceRouteCompliances 3 } + + traceRouteCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for the DISMAN-TRACEROUTE-MIB. + This compliance statement has been deprecated because + the traceRouteGroup and the traceRouteTimeStampGroup + have been split and deprecated. The + traceRouteFullCompliance is semantically identical to the + deprecated traceRouteCompliance statement." + MODULE -- this module + MANDATORY-GROUPS { + traceRouteGroup + } + GROUP traceRouteTimeStampGroup + DESCRIPTION + "This group is mandatory for implementations that have + access to a system clock and that are capable of setting + the values for DateAndTime objects." + + GROUP traceRouteNotificationsGroup + DESCRIPTION + "This group defines a collection of optional + notifications." + + GROUP traceRouteHopsTableGroup + DESCRIPTION + "This group lists the objects that make up a + traceRouteHopsEntry. Support of the traceRouteHopsTable + is optional." + + OBJECT traceRouteMaxConcurrentRequests + MIN-ACCESS read-only + DESCRIPTION + "The agent is not required to support SET + operations to this object." + + OBJECT traceRouteCtlByPassRouteTable + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of its implementation. The function + represented by this object is implementable if the + setsockopt SOL_SOCKET SO_DONTROUTE option is + supported." + + OBJECT traceRouteCtlSourceAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of binding the send socket with a + source address. An implementation is only required to + support IPv4 and IPv6 addresses." + + OBJECT traceRouteCtlSourceAddress + SYNTAX InetAddress (SIZE(0|4|16)) + MIN-ACCESS read-only + DESCRIPTION + "This object is not required by implementations that + are not capable of binding the send socket with a + source address. An implementation is only required to + support IPv4 and globally unique IPv6 addresses." + + OBJECT traceRouteCtlIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. When write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlMiscOptions + MIN-ACCESS read-only + DESCRIPTION + "Support of this object is optional. When not + supporting, do not allow write access, and return a + zero-length octet string as the value of the object." + + OBJECT traceRouteCtlStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. It is also allowed + that implementations support only the volatile + StorageType enumeration." + + OBJECT traceRouteCtlDSField + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. When write access is + not supported, return a 0 as the value of this object. + A value of 0 implies that the function represented by + this option is not supported." + + OBJECT traceRouteCtlType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. In addition, the only + value that is RECOMMENDED to be supported by an + implementation is traceRouteUsingUdpProbes." + + OBJECT traceRouteResultsIpTgtAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteResultsIpTgtAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryHAddrType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteProbeHistoryHAddr + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsIpTgtAddressType + SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + + OBJECT traceRouteHopsIpTgtAddress + SYNTAX InetAddress (SIZE(0|4|16)) + DESCRIPTION + "An implementation should only support IPv4 and + globally unique IPv6 address values for this object." + ::= { traceRouteCompliances 1 } + + -- MIB groupings + + traceRouteMinimumGroup OBJECT-GROUP + OBJECTS { + traceRouteMaxConcurrentRequests, + traceRouteCtlTargetAddressType, + traceRouteCtlTargetAddress, + traceRouteCtlByPassRouteTable, + traceRouteCtlDataSize, + traceRouteCtlTimeOut, + traceRouteCtlProbesPerHop, + traceRouteCtlPort, + traceRouteCtlMaxTtl, + traceRouteCtlDSField, + traceRouteCtlSourceAddressType, + traceRouteCtlSourceAddress, + traceRouteCtlIfIndex, + traceRouteCtlMiscOptions, + traceRouteCtlMaxFailures, + traceRouteCtlDontFragment, + traceRouteCtlInitialTtl, + traceRouteCtlFrequency, + traceRouteCtlStorageType, + traceRouteCtlAdminStatus, + traceRouteCtlMaxRows, + traceRouteCtlTrapGeneration, + traceRouteCtlDescr, + traceRouteCtlCreateHopsEntries, + traceRouteCtlType, + traceRouteResultsOperStatus, + traceRouteResultsCurHopCount, + traceRouteResultsCurProbeCount, + traceRouteResultsIpTgtAddrType, + traceRouteResultsIpTgtAddr, + traceRouteResultsTestAttempts, + traceRouteResultsTestSuccesses, + traceRouteResultsLastGoodPath + + } + STATUS current + DESCRIPTION + "The group of objects that constitute the remote traceroute + operation." + ::= { traceRouteGroups 5 } + + traceRouteCtlRowStatusGroup OBJECT-GROUP + OBJECTS { + traceRouteCtlRowStatus + } + STATUS current + DESCRIPTION + "The RowStatus object of the traceRouteCtlTable." + ::= { traceRouteGroups 6 } + + traceRouteHistoryGroup OBJECT-GROUP + OBJECTS { + traceRouteProbeHistoryHAddrType, + traceRouteProbeHistoryHAddr, + traceRouteProbeHistoryResponse, + traceRouteProbeHistoryStatus, + traceRouteProbeHistoryLastRC, + traceRouteProbeHistoryTime + } + STATUS current + DESCRIPTION + "The group of objects that constitute the history + capability." + ::= { traceRouteGroups 7 } + + traceRouteNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + traceRoutePathChange, + traceRouteTestFailed, + traceRouteTestCompleted + } + STATUS current + DESCRIPTION + "The notifications that are required to be supported by + implementations of this MIB." + ::= { traceRouteGroups 3 } + + traceRouteHopsTableGroup OBJECT-GROUP + OBJECTS { + traceRouteHopsIpTgtAddressType, + traceRouteHopsIpTgtAddress, + traceRouteHopsMinRtt, + traceRouteHopsMaxRtt, + traceRouteHopsAverageRtt, + traceRouteHopsRttSumOfSquares, + traceRouteHopsSentProbes, + traceRouteHopsProbeResponses, + traceRouteHopsLastGoodProbe + } + STATUS current + DESCRIPTION + "The group of objects that constitute the + traceRouteHopsTable." + ::= { traceRouteGroups 4 } + + traceRouteGroup OBJECT-GROUP + OBJECTS { + traceRouteMaxConcurrentRequests, + traceRouteCtlTargetAddressType, + traceRouteCtlTargetAddress, + traceRouteCtlByPassRouteTable, + traceRouteCtlDataSize, + traceRouteCtlTimeOut, + traceRouteCtlProbesPerHop, + traceRouteCtlPort, + traceRouteCtlMaxTtl, + traceRouteCtlDSField, + traceRouteCtlSourceAddressType, + traceRouteCtlSourceAddress, + traceRouteCtlIfIndex, + traceRouteCtlMiscOptions, + traceRouteCtlMaxFailures, + traceRouteCtlDontFragment, + traceRouteCtlInitialTtl, + traceRouteCtlFrequency, + traceRouteCtlStorageType, + traceRouteCtlAdminStatus, + traceRouteCtlMaxRows, + traceRouteCtlTrapGeneration, + traceRouteCtlDescr, + traceRouteCtlCreateHopsEntries, + traceRouteCtlType, + traceRouteCtlRowStatus, + traceRouteResultsOperStatus, + traceRouteResultsCurHopCount, + traceRouteResultsCurProbeCount, + traceRouteResultsIpTgtAddrType, + traceRouteResultsIpTgtAddr, + traceRouteResultsTestAttempts, + traceRouteResultsTestSuccesses, + traceRouteProbeHistoryHAddrType, + traceRouteProbeHistoryHAddr, + traceRouteProbeHistoryResponse, + traceRouteProbeHistoryStatus, + traceRouteProbeHistoryLastRC + } + STATUS deprecated + DESCRIPTION + "The group of objects that constitute the remote traceroute + operation." + ::= { traceRouteGroups 1 } + + traceRouteTimeStampGroup OBJECT-GROUP + OBJECTS { + traceRouteResultsLastGoodPath, + traceRouteProbeHistoryTime + } + STATUS deprecated + DESCRIPTION + "The group of DateAndTime objects." + ::= { traceRouteGroups 2 } + +END diff --git a/data/mibs/EtherLike-MIB.txt b/data/mibs/EtherLike-MIB.txt new file mode 100644 index 000000000..dcec7cee4 --- /dev/null +++ b/data/mibs/EtherLike-MIB.txt @@ -0,0 +1,1862 @@ +EtherLike-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, + Integer32, Counter32, Counter64, mib-2, transmission + FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + TruthValue + FROM SNMPv2-TC + ifIndex, InterfaceIndex + FROM IF-MIB; + + etherMIB MODULE-IDENTITY + LAST-UPDATED "200309190000Z" -- September 19, 2003 + ORGANIZATION "IETF Ethernet Interfaces and Hub MIB + Working Group" + CONTACT-INFO + "WG E-mail: hubmib@ietf.org + To subscribe: hubmib-request@ietf.org + + Chair: Dan Romascanu + Postal: Avaya Inc. + Atidum Technology Park, Bldg. 3 + Tel Aviv 61131 + Israel + Tel: +972 3 645 8414 + E-mail: dromasca@avaya.com + + Editor: John Flick + Postal: Hewlett-Packard Company + 8000 Foothills Blvd. M/S 5557 + Roseville, CA 95747-5557 + USA + Tel: +1 916 785 4018 + Fax: +1 916 785 1199 + E-mail: johnf@rose.hp.com" + DESCRIPTION "The MIB module to describe generic objects for + ethernet-like network interfaces. + + The following reference is used throughout this + MIB module: + + [IEEE 802.3 Std] refers to: + IEEE Std 802.3, 2002 Edition: 'IEEE Standard + + for Information technology - + Telecommunications and information exchange + between systems - Local and metropolitan + area networks - Specific requirements - + Part 3: Carrier sense multiple access with + collision detection (CSMA/CD) access method + and physical layer specifications', as + amended by IEEE Std 802.3ae-2002: + 'Amendment: Media Access Control (MAC) + Parameters, Physical Layer, and Management + Parameters for 10 Gb/s Operation', August, + 2002. + + Of particular interest is Clause 30, '10 Mb/s, + 100 Mb/s, 1000 Mb/s, and 10 Gb/s Management'. + + Copyright (C) The Internet Society (2003). This + version of this MIB module is part of RFC 3635; + see the RFC itself for full legal notices." + + REVISION "200309190000Z" -- September 19, 2003 + DESCRIPTION "Updated to include support for 10 Gb/sec + interfaces. This resulted in the following + revisions: + + - Updated dot3StatsAlignmentErrors and + dot3StatsSymbolErrors DESCRIPTIONs to + reflect behaviour at 10 Gb/s + - Added dot3StatsRateControlAbility and + dot3RateControlStatus for management + of the Rate Control function in 10 Gb/s + WAN applications + - Added 64-bit versions of all counters + that are used on high-speed ethernet + interfaces + - Added object groups to contain the new + objects + - Deprecated etherStatsBaseGroup and + split into etherStatsBaseGroup2 and + etherStatsHalfDuplexGroup, so that + interfaces which can only operate at + full-duplex do not need to implement + half-duplex-only statistics + - Deprecated dot3Compliance and replaced + it with dot3Compliance2, which includes + the compliance information for the new + object groups + + In addition, the dot3Tests and dot3Errors + object identities have been deprecated, + since there is no longer a standard method + for using them. + + This version published as RFC 3635." + + REVISION "199908240400Z" -- August 24, 1999 + DESCRIPTION "Updated to include support for 1000 Mb/sec + interfaces and full-duplex interfaces. + This version published as RFC 2665." + + REVISION "199806032150Z" -- June 3, 1998 + DESCRIPTION "Updated to include support for 100 Mb/sec + interfaces. + This version published as RFC 2358." + + REVISION "199402030400Z" -- February 3, 1994 + DESCRIPTION "Initial version, published as RFC 1650." + ::= { mib-2 35 } + + etherMIBObjects OBJECT IDENTIFIER ::= { etherMIB 1 } + + dot3 OBJECT IDENTIFIER ::= { transmission 7 } + + -- the Ethernet-like Statistics group + + dot3StatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot3StatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Statistics for a collection of ethernet-like + interfaces attached to a particular system. + There will be one row in this table for each + ethernet-like interface in the system." + ::= { dot3 2 } + + dot3StatsEntry OBJECT-TYPE + SYNTAX Dot3StatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Statistics for a particular interface to an + ethernet-like medium." + INDEX { dot3StatsIndex } + ::= { dot3StatsTable 1 } + + Dot3StatsEntry ::= + SEQUENCE { + + dot3StatsIndex InterfaceIndex, + dot3StatsAlignmentErrors Counter32, + dot3StatsFCSErrors Counter32, + dot3StatsSingleCollisionFrames Counter32, + dot3StatsMultipleCollisionFrames Counter32, + dot3StatsSQETestErrors Counter32, + dot3StatsDeferredTransmissions Counter32, + dot3StatsLateCollisions Counter32, + dot3StatsExcessiveCollisions Counter32, + dot3StatsInternalMacTransmitErrors Counter32, + dot3StatsCarrierSenseErrors Counter32, + dot3StatsFrameTooLongs Counter32, + dot3StatsInternalMacReceiveErrors Counter32, + dot3StatsEtherChipSet OBJECT IDENTIFIER, + dot3StatsSymbolErrors Counter32, + dot3StatsDuplexStatus INTEGER, + dot3StatsRateControlAbility TruthValue, + dot3StatsRateControlStatus INTEGER + } + + dot3StatsIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-only -- read-only since originally an + -- SMIv1 index + STATUS current + DESCRIPTION "An index value that uniquely identifies an + interface to an ethernet-like medium. The + interface identified by a particular value of + this index is the same interface as identified + by the same value of ifIndex." + REFERENCE "RFC 2863, ifIndex" + ::= { dot3StatsEntry 1 } + + dot3StatsAlignmentErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that are not an integral number of + octets in length and do not pass the FCS check. + + The count represented by an instance of this + object is incremented when the alignmentError + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + + to the error status presented to the LLC. + + This counter does not increment for group + encoding schemes greater than 4 bits per group. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsAlignmentErrors object for 10 Gb/s + or faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.7, + aAlignmentErrors" + ::= { dot3StatsEntry 2 } + + dot3StatsFCSErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that are an integral number of octets + in length but do not pass the FCS check. This + count does not include frames received with + frame-too-long or frame-too-short error. + + The count represented by an instance of this + object is incremented when the frameCheckError + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + to the error status presented to the LLC. + + Note: Coding errors detected by the physical + layer for speeds above 10 Mb/s will cause the + frame to fail the FCS check. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsFCSErrors object for 10 Gb/s or + faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.6, + aFrameCheckSequenceErrors." + ::= { dot3StatsEntry 3 } + + dot3StatsSingleCollisionFrames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames that are involved in a single + collision, and are subsequently transmitted + successfully. + + A frame that is counted by an instance of this + object is also counted by the corresponding + instance of either the ifOutUcastPkts, + ifOutMulticastPkts, or ifOutBroadcastPkts, + and is not counted by the corresponding + instance of the dot3StatsMultipleCollisionFrames + object. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.3, + aSingleCollisionFrames." + ::= { dot3StatsEntry 4 } + + dot3StatsMultipleCollisionFrames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames that are involved in more + + than one collision and are subsequently + transmitted successfully. + + A frame that is counted by an instance of this + object is also counted by the corresponding + instance of either the ifOutUcastPkts, + ifOutMulticastPkts, or ifOutBroadcastPkts, + and is not counted by the corresponding + instance of the dot3StatsSingleCollisionFrames + object. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.4, + aMultipleCollisionFrames." + ::= { dot3StatsEntry 5 } + + dot3StatsSQETestErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of times that the SQE TEST ERROR + is received on a particular interface. The + SQE TEST ERROR is set in accordance with the + rules for verification of the SQE detection + mechanism in the PLS Carrier Sense Function as + described in IEEE Std. 802.3, 2000 Edition, + section 7.2.4.6. + + This counter does not increment on interfaces + operating at speeds greater than 10 Mb/s, or on + interfaces operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 7.2.4.6, also 30.3.2.1.4, + aSQETestErrors." + ::= { dot3StatsEntry 6 } + + dot3StatsDeferredTransmissions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which the first + transmission attempt on a particular interface + is delayed because the medium is busy. + + The count represented by an instance of this + object does not include frames involved in + collisions. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.9, + aFramesWithDeferredXmissions." + ::= { dot3StatsEntry 7 } + + dot3StatsLateCollisions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The number of times that a collision is + detected on a particular interface later than + one slotTime into the transmission of a packet. + + A (late) collision included in a count + represented by an instance of this object is + also considered as a (generic) collision for + purposes of other collision-related + statistics. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.10, + aLateCollisions." + ::= { dot3StatsEntry 8 } + + dot3StatsExcessiveCollisions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which transmission on a + particular interface fails due to excessive + collisions. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.11, + aFramesAbortedDueToXSColls." + ::= { dot3StatsEntry 9 } + + dot3StatsInternalMacTransmitErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which transmission on a + particular interface fails due to an internal + MAC sublayer transmit error. A frame is only + counted by an instance of this object if it is + not counted by the corresponding instance of + either the dot3StatsLateCollisions object, the + dot3StatsExcessiveCollisions object, or the + dot3StatsCarrierSenseErrors object. + + The precise meaning of the count represented by + an instance of this object is implementation- + specific. In particular, an instance of this + object may represent a count of transmission + errors on a particular interface that are not + otherwise counted. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsInternalMacTransmitErrors object for + 10 Gb/s or faster interfaces. + + Discontinuities in the value of this counter can + + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.12, + aFramesLostDueToIntMACXmitError." + ::= { dot3StatsEntry 10 } + + dot3StatsCarrierSenseErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The number of times that the carrier sense + condition was lost or never asserted when + attempting to transmit a frame on a particular + interface. + + The count represented by an instance of this + object is incremented at most once per + transmission attempt, even if the carrier sense + condition fluctuates during a transmission + attempt. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.13, + aCarrierSenseErrors." + ::= { dot3StatsEntry 11 } + + -- { dot3StatsEntry 12 } is not assigned + + dot3StatsFrameTooLongs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that exceed the maximum permitted + frame size. + + The count represented by an instance of this + object is incremented when the frameTooLong + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + to the error status presented to the LLC. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 80 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsFrameTooLongs object for 10 Gb/s + or faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.25, + aFrameTooLongErrors." + ::= { dot3StatsEntry 13 } + + -- { dot3StatsEntry 14 } is not assigned + + -- { dot3StatsEntry 15 } is not assigned + + dot3StatsInternalMacReceiveErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which reception on a + particular interface fails due to an internal + MAC sublayer receive error. A frame is only + counted by an instance of this object if it is + not counted by the corresponding instance of + either the dot3StatsFrameTooLongs object, the + dot3StatsAlignmentErrors object, or the + dot3StatsFCSErrors object. + + The precise meaning of the count represented by + an instance of this object is implementation- + specific. In particular, an instance of this + object may represent a count of receive errors + on a particular interface that are not + otherwise counted. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsInternalMacReceiveErrors object for + 10 Gb/s or faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.15, + aFramesLostDueToIntMACRcvError." + ::= { dot3StatsEntry 16 } + + dot3StatsEtherChipSet OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION "******** THIS OBJECT IS DEPRECATED ******** + + This object contains an OBJECT IDENTIFIER + which identifies the chipset used to + realize the interface. Ethernet-like + interfaces are typically built out of + several different chips. The MIB implementor + is presented with a decision of which chip + to identify via this object. The implementor + should identify the chip which is usually + called the Medium Access Control chip. + If no such chip is easily identifiable, + the implementor should identify the chip + which actually gathers the transmit + and receive statistics and error + indications. This would allow a + manager station to correlate the + statistics and the chip generating + them, giving it the ability to take + into account any known anomalies + in the chip. + + This object has been deprecated. Implementation + feedback indicates that it is of limited use for + debugging network problems in the field, and + the administrative overhead involved in + maintaining a registry of chipset OIDs is not + justified." + ::= { dot3StatsEntry 17 } + + dot3StatsSymbolErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "For an interface operating at 100 Mb/s, the + number of times there was an invalid data symbol + when a valid carrier was present. + + For an interface operating in half-duplex mode + at 1000 Mb/s, the number of times the receiving + media is non-idle (a carrier event) for a period + of time equal to or greater than slotTime, and + during which there was at least one occurrence + of an event that causes the PHY to indicate + 'Data reception error' or 'carrier extend error' + on the GMII. + + For an interface operating in full-duplex mode + at 1000 Mb/s, the number of times the receiving + media is non-idle (a carrier event) for a period + of time equal to or greater than minFrameSize, + and during which there was at least one + occurrence of an event that causes the PHY to + indicate 'Data reception error' on the GMII. + + For an interface operating at 10 Gb/s, the + number of times the receiving media is non-idle + (a carrier event) for a period of time equal to + or greater than minFrameSize, and during which + there was at least one occurrence of an event + that causes the PHY to indicate 'Receive Error' + on the XGMII. + + The count represented by an instance of this + object is incremented at most once per carrier + event, even if multiple symbol errors occur + during the carrier event. This count does + not increment if a collision is present. + + This counter does not increment when the + interface is operating at 10 Mb/s. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCStatsSymbolErrors object for 10 Gb/s + or faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.2.1.5, + aSymbolErrorDuringCarrier." + ::= { dot3StatsEntry 18 } + + dot3StatsDuplexStatus OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + halfDuplex(2), + fullDuplex(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The current mode of operation of the MAC + entity. 'unknown' indicates that the current + duplex mode could not be determined. + + Management control of the duplex mode is + accomplished through the MAU MIB. When + an interface does not support autonegotiation, + or when autonegotiation is not enabled, the + duplex mode is controlled using + ifMauDefaultType. When autonegotiation is + supported and enabled, duplex mode is controlled + using ifMauAutoNegAdvertisedBits. In either + case, the currently operating duplex mode is + reflected both in this object and in ifMauType. + + Note that this object provides redundant + information with ifMauType. Normally, redundant + objects are discouraged. However, in this + instance, it allows a management application to + determine the duplex status of an interface + without having to know every possible value of + ifMauType. This was felt to be sufficiently + valuable to justify the redundancy." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.32, + aDuplexStatus." + ::= { dot3StatsEntry 19 } + + dot3StatsRateControlAbility OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION "'true' for interfaces operating at speeds above + 1000 Mb/s that support Rate Control through + lowering the average data rate of the MAC + sublayer, with frame granularity, and 'false' + otherwise." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.33, + aRateControlAbility." + ::= { dot3StatsEntry 20 } + + dot3StatsRateControlStatus OBJECT-TYPE + SYNTAX INTEGER { + rateControlOff(1), + rateControlOn(2), + unknown(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The current Rate Control mode of operation of + the MAC sublayer of this interface." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.34, + aRateControlStatus." + ::= { dot3StatsEntry 21 } + + -- the Ethernet-like Collision Statistics group + + -- Implementation of this group is optional; it is appropriate + -- for all systems which have the necessary metering + + dot3CollTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot3CollEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A collection of collision histograms for a + particular set of interfaces." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.30, + aCollisionFrames." + ::= { dot3 5 } + + dot3CollEntry OBJECT-TYPE + SYNTAX Dot3CollEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A cell in the histogram of per-frame + collisions for a particular interface. An + + instance of this object represents the + frequency of individual MAC frames for which + the transmission (successful or otherwise) on a + particular interface is accompanied by a + particular number of media collisions." + INDEX { ifIndex, dot3CollCount } + ::= { dot3CollTable 1 } + + Dot3CollEntry ::= + SEQUENCE { + dot3CollCount Integer32, + dot3CollFrequencies Counter32 + } + + -- { dot3CollEntry 1 } is no longer in use + + dot3CollCount OBJECT-TYPE + SYNTAX Integer32 (1..16) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The number of per-frame media collisions for + which a particular collision histogram cell + represents the frequency on a particular + interface." + ::= { dot3CollEntry 2 } + + dot3CollFrequencies OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of individual MAC frames for which the + transmission (successful or otherwise) on a + particular interface occurs after the + frame has experienced exactly the number + of collisions in the associated + dot3CollCount object. + + For example, a frame which is transmitted + on interface 77 after experiencing + exactly 4 collisions would be indicated + by incrementing only dot3CollFrequencies.77.4. + No other instance of dot3CollFrequencies would + be incremented in this example. + + This counter does not increment when the + interface is operating in full-duplex mode. + + Discontinuities in the value of this counter can + + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + ::= { dot3CollEntry 3 } + + dot3ControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot3ControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A table of descriptive and status information + about the MAC Control sublayer on the + ethernet-like interfaces attached to a + particular system. There will be one row in + this table for each ethernet-like interface in + the system which implements the MAC Control + sublayer. If some, but not all, of the + ethernet-like interfaces in the system implement + the MAC Control sublayer, there will be fewer + rows in this table than in the dot3StatsTable." + ::= { dot3 9 } + + dot3ControlEntry OBJECT-TYPE + SYNTAX Dot3ControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An entry in the table, containing information + about the MAC Control sublayer on a single + ethernet-like interface." + INDEX { dot3StatsIndex } + ::= { dot3ControlTable 1 } + + Dot3ControlEntry ::= + SEQUENCE { + dot3ControlFunctionsSupported BITS, + dot3ControlInUnknownOpcodes Counter32, + dot3HCControlInUnknownOpcodes Counter64 + } + + dot3ControlFunctionsSupported OBJECT-TYPE + SYNTAX BITS { + pause(0) -- 802.3 flow control + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A list of the possible MAC Control functions + implemented for this interface." + REFERENCE "[IEEE 802.3 Std.], 30.3.3.2, + aMACControlFunctionsSupported." + ::= { dot3ControlEntry 1 } + + dot3ControlInUnknownOpcodes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames received on this + interface that contain an opcode that is not + supported by this device. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCControlInUnknownOpcodes object for 10 Gb/s + or faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.3.5, + aUnsupportedOpcodesReceived" + ::= { dot3ControlEntry 2 } + + dot3HCControlInUnknownOpcodes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames received on this + interface that contain an opcode that is not + supported by this device. + + This counter is a 64 bit version of + dot3ControlInUnknownOpcodes. It should be used + on interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.3.5, + aUnsupportedOpcodesReceived" + ::= { dot3ControlEntry 3 } + + dot3PauseTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot3PauseEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A table of descriptive and status information + about the MAC Control PAUSE function on the + ethernet-like interfaces attached to a + particular system. There will be one row in + this table for each ethernet-like interface in + the system which supports the MAC Control PAUSE + function (i.e., the 'pause' bit in the + corresponding instance of + dot3ControlFunctionsSupported is set). If some, + but not all, of the ethernet-like interfaces in + the system implement the MAC Control PAUSE + function (for example, if some interfaces only + support half-duplex), there will be fewer rows + in this table than in the dot3StatsTable." + ::= { dot3 10 } + + dot3PauseEntry OBJECT-TYPE + SYNTAX Dot3PauseEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An entry in the table, containing information + about the MAC Control PAUSE function on a single + ethernet-like interface." + INDEX { dot3StatsIndex } + ::= { dot3PauseTable 1 } + + Dot3PauseEntry ::= + + SEQUENCE { + dot3PauseAdminMode INTEGER, + dot3PauseOperMode INTEGER, + dot3InPauseFrames Counter32, + dot3OutPauseFrames Counter32, + dot3HCInPauseFrames Counter64, + dot3HCOutPauseFrames Counter64 + } + + dot3PauseAdminMode OBJECT-TYPE + SYNTAX INTEGER { + disabled(1), + enabledXmit(2), + enabledRcv(3), + enabledXmitAndRcv(4) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "This object is used to configure the default + administrative PAUSE mode for this interface. + + This object represents the + administratively-configured PAUSE mode for this + interface. If auto-negotiation is not enabled + or is not implemented for the active MAU + attached to this interface, the value of this + object determines the operational PAUSE mode + of the interface whenever it is operating in + full-duplex mode. In this case, a set to this + object will force the interface into the + specified mode. + + If auto-negotiation is implemented and enabled + for the MAU attached to this interface, the + PAUSE mode for this interface is determined by + auto-negotiation, and the value of this object + denotes the mode to which the interface will + automatically revert if/when auto-negotiation is + later disabled. Note that when auto-negotiation + is running, administrative control of the PAUSE + mode may be accomplished using the + ifMauAutoNegCapAdvertisedBits object in the + MAU-MIB. + + Note that the value of this object is ignored + when the interface is not operating in + full-duplex mode. + + An attempt to set this object to + 'enabledXmit(2)' or 'enabledRcv(3)' will fail + on interfaces that do not support operation + at greater than 100 Mb/s." + ::= { dot3PauseEntry 1 } + + dot3PauseOperMode OBJECT-TYPE + SYNTAX INTEGER { + disabled(1), + enabledXmit(2), + enabledRcv(3), + enabledXmitAndRcv(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "This object reflects the PAUSE mode currently + + in use on this interface, as determined by + either (1) the result of the auto-negotiation + function or (2) if auto-negotiation is not + enabled or is not implemented for the active MAU + attached to this interface, by the value of + dot3PauseAdminMode. Interfaces operating at + 100 Mb/s or less will never return + 'enabledXmit(2)' or 'enabledRcv(3)'. Interfaces + operating in half-duplex mode will always return + 'disabled(1)'. Interfaces on which + auto-negotiation is enabled but not yet + completed should return the value + 'disabled(1)'." + ::= { dot3PauseEntry 2 } + + dot3InPauseFrames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames received on this + interface with an opcode indicating the PAUSE + operation. + + This counter does not increment when the + interface is operating in half-duplex mode. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCInPauseFrames object for 10 Gb/s or + faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.4.3, + aPAUSEMACCtrlFramesReceived." + ::= { dot3PauseEntry 3 } + + dot3OutPauseFrames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames transmitted on + this interface with an opcode indicating the + PAUSE operation. + + This counter does not increment when the + interface is operating in half-duplex mode. + + For interfaces operating at 10 Gb/s, this + counter can roll over in less than 5 minutes if + it is incrementing at its maximum rate. Since + that amount of time could be less than a + management station's poll cycle time, in order + to avoid a loss of information, a management + station is advised to poll the + dot3HCOutPauseFrames object for 10 Gb/s or + faster interfaces. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.4.2, + aPAUSEMACCtrlFramesTransmitted." + ::= { dot3PauseEntry 4 } + + dot3HCInPauseFrames OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames received on this + interface with an opcode indicating the PAUSE + operation. + + This counter does not increment when the + interface is operating in half-duplex mode. + + This counter is a 64 bit version of + dot3InPauseFrames. It should be used on + interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.4.3, + aPAUSEMACCtrlFramesReceived." + ::= { dot3PauseEntry 5 } + + dot3HCOutPauseFrames OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of MAC Control frames transmitted on + this interface with an opcode indicating the + PAUSE operation. + + This counter does not increment when the + interface is operating in half-duplex mode. + + This counter is a 64 bit version of + dot3OutPauseFrames. It should be used on + interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.4.2, + aPAUSEMACCtrlFramesTransmitted." + ::= { dot3PauseEntry 6 } + + dot3HCStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot3HCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A table containing 64-bit versions of error + counters from the dot3StatsTable. The 32-bit + versions of these counters may roll over quite + quickly on higher speed ethernet interfaces. + The counters that have 64-bit versions in this + table are the counters that apply to full-duplex + interfaces, since 10 Gb/s and faster + ethernet-like interfaces do not support + half-duplex, and very few 1000 Mb/s + ethernet-like interfaces support half-duplex. + + Entries in this table are recommended for + interfaces capable of operating at 1000 Mb/s or + faster, and are required for interfaces capable + of operating at 10 Gb/s or faster. Lower speed + ethernet-like interfaces do not need entries in + this table, in which case there may be fewer + entries in this table than in the + dot3StatsTable. However, implementations + containing interfaces with a mix of speeds may + choose to implement entries in this table for + + all ethernet-like interfaces." + ::= { dot3 11 } + + dot3HCStatsEntry OBJECT-TYPE + SYNTAX Dot3HCStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An entry containing 64-bit statistics for a + single ethernet-like interface." + INDEX { dot3StatsIndex } + ::= { dot3HCStatsTable 1 } + + Dot3HCStatsEntry ::= + SEQUENCE { + dot3HCStatsAlignmentErrors Counter64, + dot3HCStatsFCSErrors Counter64, + dot3HCStatsInternalMacTransmitErrors Counter64, + dot3HCStatsFrameTooLongs Counter64, + dot3HCStatsInternalMacReceiveErrors Counter64, + dot3HCStatsSymbolErrors Counter64 + } + + dot3HCStatsAlignmentErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that are not an integral number of + octets in length and do not pass the FCS check. + + The count represented by an instance of this + object is incremented when the alignmentError + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + to the error status presented to the LLC. + + This counter does not increment for group + encoding schemes greater than 4 bits per group. + + This counter is a 64 bit version of + dot3StatsAlignmentErrors. It should be used + on interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.7, + aAlignmentErrors" + ::= { dot3HCStatsEntry 1 } + + dot3HCStatsFCSErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that are an integral number of octets + in length but do not pass the FCS check. This + count does not include frames received with + frame-too-long or frame-too-short error. + + The count represented by an instance of this + object is incremented when the frameCheckError + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + to the error status presented to the LLC. + + Note: Coding errors detected by the physical + layer for speeds above 10 Mb/s will cause the + frame to fail the FCS check. + + This counter is a 64 bit version of + dot3StatsFCSErrors. It should be used on + interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.6, + aFrameCheckSequenceErrors." + ::= { dot3HCStatsEntry 2 } + + dot3HCStatsInternalMacTransmitErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which transmission on a + particular interface fails due to an internal + MAC sublayer transmit error. A frame is only + + counted by an instance of this object if it is + not counted by the corresponding instance of + either the dot3StatsLateCollisions object, the + dot3StatsExcessiveCollisions object, or the + dot3StatsCarrierSenseErrors object. + + The precise meaning of the count represented by + an instance of this object is implementation- + specific. In particular, an instance of this + object may represent a count of transmission + errors on a particular interface that are not + otherwise counted. + + This counter is a 64 bit version of + dot3StatsInternalMacTransmitErrors. It should + be used on interfaces operating at 10 Gb/s or + faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.12, + aFramesLostDueToIntMACXmitError." + ::= { dot3HCStatsEntry 3 } + + dot3HCStatsFrameTooLongs OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames received on a particular + interface that exceed the maximum permitted + frame size. + + The count represented by an instance of this + object is incremented when the frameTooLong + status is returned by the MAC service to the + LLC (or other MAC user). Received frames for + which multiple error conditions pertain are, + according to the conventions of IEEE 802.3 + Layer Management, counted exclusively according + to the error status presented to the LLC. + + This counter is a 64 bit version of + dot3StatsFrameTooLongs. It should be used on + interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.25, + aFrameTooLongErrors." + ::= { dot3HCStatsEntry 4 } + + dot3HCStatsInternalMacReceiveErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A count of frames for which reception on a + particular interface fails due to an internal + MAC sublayer receive error. A frame is only + counted by an instance of this object if it is + not counted by the corresponding instance of + either the dot3StatsFrameTooLongs object, the + dot3StatsAlignmentErrors object, or the + dot3StatsFCSErrors object. + + The precise meaning of the count represented by + an instance of this object is implementation- + specific. In particular, an instance of this + object may represent a count of receive errors + on a particular interface that are not + otherwise counted. + + This counter is a 64 bit version of + dot3StatsInternalMacReceiveErrors. It should be + used on interfaces operating at 10 Gb/s or + faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.1.1.15, + aFramesLostDueToIntMACRcvError." + ::= { dot3HCStatsEntry 5 } + + dot3HCStatsSymbolErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "For an interface operating at 100 Mb/s, the + number of times there was an invalid data symbol + when a valid carrier was present. + + For an interface operating in half-duplex mode + at 1000 Mb/s, the number of times the receiving + media is non-idle (a carrier event) for a period + of time equal to or greater than slotTime, and + during which there was at least one occurrence + of an event that causes the PHY to indicate + 'Data reception error' or 'carrier extend error' + on the GMII. + + For an interface operating in full-duplex mode + at 1000 Mb/s, the number of times the receiving + media is non-idle (a carrier event) for a period + of time equal to or greater than minFrameSize, + and during which there was at least one + occurrence of an event that causes the PHY to + indicate 'Data reception error' on the GMII. + + For an interface operating at 10 Gb/s, the + number of times the receiving media is non-idle + (a carrier event) for a period of time equal to + or greater than minFrameSize, and during which + there was at least one occurrence of an event + that causes the PHY to indicate 'Receive Error' + on the XGMII. + + The count represented by an instance of this + object is incremented at most once per carrier + event, even if multiple symbol errors occur + during the carrier event. This count does + not increment if a collision is present. + + This counter is a 64 bit version of + dot3StatsSymbolErrors. It should be used on + interfaces operating at 10 Gb/s or faster. + + Discontinuities in the value of this counter can + occur at re-initialization of the management + system, and at other times as indicated by the + value of ifCounterDiscontinuityTime." + REFERENCE "[IEEE 802.3 Std.], 30.3.2.1.5, + aSymbolErrorDuringCarrier." + ::= { dot3HCStatsEntry 6 } + + -- 802.3 Tests + + dot3Tests OBJECT IDENTIFIER ::= { dot3 6 } + + dot3Errors OBJECT IDENTIFIER ::= { dot3 7 } + + -- TDR Test + + dot3TestTdr OBJECT-IDENTITY + STATUS deprecated + DESCRIPTION "******** THIS IDENTITY IS DEPRECATED ******* + + The Time-Domain Reflectometry (TDR) test is + specific to ethernet-like interfaces of type + 10Base5 and 10Base2. The TDR value may be + useful in determining the approximate distance + to a cable fault. It is advisable to repeat + this test to check for a consistent resulting + TDR value, to verify that there is a fault. + + A TDR test returns as its result the time + interval, measured in 10 MHz ticks or 100 nsec + units, between the start of TDR test + transmission and the subsequent detection of a + collision or deassertion of carrier. On + successful completion of a TDR test, the result + is stored as the value of an appropriate + instance of an appropriate vendor specific MIB + object, and the OBJECT IDENTIFIER of that + instance is stored in the appropriate instance + of the appropriate test result code object + (thereby indicating where the result has been + stored). + + This object identity has been deprecated, since + the ifTestTable in the IF-MIB was deprecated, + and there is no longer a standard mechanism for + initiating an interface test. This left no + standard way of using this object identity." + ::= { dot3Tests 1 } + + -- Loopback Test + + dot3TestLoopBack OBJECT-IDENTITY + STATUS deprecated + DESCRIPTION "******** THIS IDENTITY IS DEPRECATED ******* + + This test configures the MAC chip and executes + an internal loopback test of memory, data paths, + and the MAC chip logic. This loopback test can + only be executed if the interface is offline. + Once the test has completed, the MAC chip should + + be reinitialized for network operation, but it + should remain offline. + + If an error occurs during a test, the + appropriate test result object will be set + to indicate a failure. The two OBJECT + IDENTIFIER values dot3ErrorInitError and + dot3ErrorLoopbackError may be used to provided + more information as values for an appropriate + test result code object. + + This object identity has been deprecated, since + the ifTestTable in the IF-MIB was deprecated, + and there is no longer a standard mechanism for + initiating an interface test. This left no + standard way of using this object identity." + ::= { dot3Tests 2 } + + dot3ErrorInitError OBJECT-IDENTITY + STATUS deprecated + DESCRIPTION "******** THIS IDENTITY IS DEPRECATED ******* + + Couldn't initialize MAC chip for test. + + This object identity has been deprecated, since + the ifTestTable in the IF-MIB was deprecated, + and there is no longer a standard mechanism for + initiating an interface test. This left no + standard way of using this object identity." + ::= { dot3Errors 1 } + + dot3ErrorLoopbackError OBJECT-IDENTITY + STATUS deprecated + DESCRIPTION "******** THIS IDENTITY IS DEPRECATED ******* + + Expected data not received (or not received + correctly) in loopback test. + + This object identity has been deprecated, since + the ifTestTable in the IF-MIB was deprecated, + and there is no longer a standard mechanism for + initiating an interface test. This left no + standard way of using this object identity." + ::= { dot3Errors 2 } + + -- { dot3 8 }, the dot3ChipSets tree, is defined in [RFC2666] + + -- conformance information + + etherConformance OBJECT IDENTIFIER ::= { etherMIB 2 } + + etherGroups OBJECT IDENTIFIER ::= { etherConformance 1 } + etherCompliances OBJECT IDENTIFIER ::= { etherConformance 2 } + + -- compliance statements + + etherCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION "******** THIS COMPLIANCE IS DEPRECATED ******** + + The compliance statement for managed network + entities which have ethernet-like network + interfaces. + + This compliance is deprecated and replaced by + dot3Compliance." + + MODULE -- this module + MANDATORY-GROUPS { etherStatsGroup } + + GROUP etherCollisionTableGroup + DESCRIPTION "This group is optional. It is appropriate + for all systems which have the necessary + metering. Implementation in such systems is + highly recommended." + ::= { etherCompliances 1 } + + ether100MbsCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION "******** THIS COMPLIANCE IS DEPRECATED ******** + + The compliance statement for managed network + entities which have 100 Mb/sec ethernet-like + network interfaces. + + This compliance is deprecated and replaced by + dot3Compliance." + + MODULE -- this module + MANDATORY-GROUPS { etherStats100MbsGroup } + + GROUP etherCollisionTableGroup + DESCRIPTION "This group is optional. It is appropriate + for all systems which have the necessary + metering. Implementation in such systems is + highly recommended." + ::= { etherCompliances 2 } + + dot3Compliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION "******** THIS COMPLIANCE IS DEPRECATED ******** + + The compliance statement for managed network + entities which have ethernet-like network + interfaces. + + This compliance is deprecated and replaced by + dot3Compliance2." + + MODULE -- this module + MANDATORY-GROUPS { etherStatsBaseGroup } + + GROUP etherDuplexGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating in full-duplex mode. + It is highly recommended for all + ethernet-like network interfaces." + + GROUP etherStatsLowSpeedGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at 10 Mb/s or slower in + half-duplex mode." + + GROUP etherStatsHighSpeedGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at 100 Mb/s or faster." + + GROUP etherControlGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control sublayer." + + GROUP etherControlPauseGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control PAUSE function." + + GROUP etherCollisionTableGroup + DESCRIPTION "This group is optional. It is appropriate + for all ethernet-like network interfaces + which are capable of operating in + half-duplex mode and have the necessary + metering. Implementation in systems with + + such interfaces is highly recommended." + ::= { etherCompliances 3 } + + dot3Compliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for managed network + entities which have ethernet-like network + interfaces. + + Note that compliance with this MIB module + requires compliance with the ifCompliance3 + MODULE-COMPLIANCE statement of the IF-MIB + (RFC2863). In addition, compliance with this + MIB module requires compliance with the + mauModIfCompl3 MODULE-COMPLIANCE statement of + the MAU-MIB (RFC3636)." + + MODULE -- this module + MANDATORY-GROUPS { etherStatsBaseGroup2 } + + GROUP etherDuplexGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating in full-duplex mode. + It is highly recommended for all + ethernet-like network interfaces." + + GROUP etherRateControlGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at speeds faster than + 1000 Mb/s. It is highly recommended for all + ethernet-like network interfaces." + + GROUP etherStatsLowSpeedGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at 10 Mb/s or slower in + half-duplex mode." + + GROUP etherStatsHighSpeedGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at 100 Mb/s or faster." + + GROUP etherStatsHalfDuplexGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + + capable of operating in half-duplex mode." + + GROUP etherHCStatsGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces which are + capable of operating at 10 Gb/s or faster. + It is recommended for all ethernet-like + network interfaces which are capable of + operating at 1000 Mb/s or faster." + + GROUP etherControlGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control sublayer." + + GROUP etherHCControlGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control sublayer and are + capable of operating at 10 Gb/s or faster." + + GROUP etherControlPauseGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control PAUSE function." + + GROUP etherHCControlPauseGroup + DESCRIPTION "This group is mandatory for all + ethernet-like network interfaces that + support the MAC Control PAUSE function and + are capable of operating at 10 Gb/s or + faster." + + GROUP etherCollisionTableGroup + DESCRIPTION "This group is optional. It is appropriate + for all ethernet-like network interfaces + which are capable of operating in + half-duplex mode and have the necessary + metering. Implementation in systems with + such interfaces is highly recommended." + ::= { etherCompliances 4 } + + -- units of conformance + + etherStatsGroup OBJECT-GROUP + OBJECTS { dot3StatsIndex, + dot3StatsAlignmentErrors, + dot3StatsFCSErrors, + dot3StatsSingleCollisionFrames, + dot3StatsMultipleCollisionFrames, + dot3StatsSQETestErrors, + dot3StatsDeferredTransmissions, + dot3StatsLateCollisions, + dot3StatsExcessiveCollisions, + dot3StatsInternalMacTransmitErrors, + dot3StatsCarrierSenseErrors, + dot3StatsFrameTooLongs, + dot3StatsInternalMacReceiveErrors, + dot3StatsEtherChipSet + } + STATUS deprecated + DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** + + A collection of objects providing information + applicable to all ethernet-like network + interfaces. + + This object group has been deprecated and + replaced by etherStatsBaseGroup and + etherStatsLowSpeedGroup." + ::= { etherGroups 1 } + + etherCollisionTableGroup OBJECT-GROUP + OBJECTS { dot3CollFrequencies + } + STATUS current + DESCRIPTION "A collection of objects providing a histogram + of packets successfully transmitted after + experiencing exactly N collisions." + ::= { etherGroups 2 } + + etherStats100MbsGroup OBJECT-GROUP + OBJECTS { dot3StatsIndex, + dot3StatsAlignmentErrors, + dot3StatsFCSErrors, + dot3StatsSingleCollisionFrames, + dot3StatsMultipleCollisionFrames, + dot3StatsDeferredTransmissions, + dot3StatsLateCollisions, + dot3StatsExcessiveCollisions, + dot3StatsInternalMacTransmitErrors, + dot3StatsCarrierSenseErrors, + dot3StatsFrameTooLongs, + dot3StatsInternalMacReceiveErrors, + dot3StatsEtherChipSet, + dot3StatsSymbolErrors + + } + STATUS deprecated + DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** + + A collection of objects providing information + applicable to 100 Mb/sec ethernet-like network + interfaces. + + This object group has been deprecated and + replaced by etherStatsBaseGroup and + etherStatsHighSpeedGroup." + ::= { etherGroups 3 } + + etherStatsBaseGroup OBJECT-GROUP + OBJECTS { dot3StatsIndex, + dot3StatsAlignmentErrors, + dot3StatsFCSErrors, + dot3StatsSingleCollisionFrames, + dot3StatsMultipleCollisionFrames, + dot3StatsDeferredTransmissions, + dot3StatsLateCollisions, + dot3StatsExcessiveCollisions, + dot3StatsInternalMacTransmitErrors, + dot3StatsCarrierSenseErrors, + dot3StatsFrameTooLongs, + dot3StatsInternalMacReceiveErrors + } + STATUS deprecated + DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** + + A collection of objects providing information + applicable to all ethernet-like network + interfaces. + + This object group has been deprecated and + replaced by etherStatsBaseGroup2 and + etherStatsHalfDuplexGroup, to separate + objects which must be implemented by all + ethernet-like network interfaces from + objects that need only be implemented on + ethernet-like network interfaces that are + capable of half-duplex operation." + ::= { etherGroups 4 } + + etherStatsLowSpeedGroup OBJECT-GROUP + OBJECTS { dot3StatsSQETestErrors } + STATUS current + DESCRIPTION "A collection of objects providing information + + applicable to ethernet-like network interfaces + capable of operating at 10 Mb/s or slower in + half-duplex mode." + ::= { etherGroups 5 } + + etherStatsHighSpeedGroup OBJECT-GROUP + OBJECTS { dot3StatsSymbolErrors } + STATUS current + DESCRIPTION "A collection of objects providing information + applicable to ethernet-like network interfaces + capable of operating at 100 Mb/s or faster." + ::= { etherGroups 6 } + + etherDuplexGroup OBJECT-GROUP + OBJECTS { dot3StatsDuplexStatus } + STATUS current + DESCRIPTION "A collection of objects providing information + about the duplex mode of an ethernet-like + network interface." + ::= { etherGroups 7 } + + etherControlGroup OBJECT-GROUP + OBJECTS { dot3ControlFunctionsSupported, + dot3ControlInUnknownOpcodes + } + STATUS current + DESCRIPTION "A collection of objects providing information + about the MAC Control sublayer on ethernet-like + network interfaces." + ::= { etherGroups 8 } + + etherControlPauseGroup OBJECT-GROUP + OBJECTS { dot3PauseAdminMode, + dot3PauseOperMode, + dot3InPauseFrames, + dot3OutPauseFrames + } + STATUS current + DESCRIPTION "A collection of objects providing information + about and control of the MAC Control PAUSE + function on ethernet-like network interfaces." + ::= { etherGroups 9 } + + etherStatsBaseGroup2 OBJECT-GROUP + OBJECTS { dot3StatsIndex, + dot3StatsAlignmentErrors, + dot3StatsFCSErrors, + dot3StatsInternalMacTransmitErrors, + dot3StatsFrameTooLongs, + dot3StatsInternalMacReceiveErrors + } + STATUS current + DESCRIPTION "A collection of objects providing information + applicable to all ethernet-like network + interfaces." + ::= { etherGroups 10 } + + etherStatsHalfDuplexGroup OBJECT-GROUP + OBJECTS { dot3StatsSingleCollisionFrames, + dot3StatsMultipleCollisionFrames, + dot3StatsDeferredTransmissions, + dot3StatsLateCollisions, + dot3StatsExcessiveCollisions, + dot3StatsCarrierSenseErrors + } + STATUS current + DESCRIPTION "A collection of objects providing information + applicable only to half-duplex ethernet-like + network interfaces." + ::= { etherGroups 11 } + + etherHCStatsGroup OBJECT-GROUP + OBJECTS { dot3HCStatsAlignmentErrors, + dot3HCStatsFCSErrors, + dot3HCStatsInternalMacTransmitErrors, + dot3HCStatsFrameTooLongs, + dot3HCStatsInternalMacReceiveErrors, + dot3HCStatsSymbolErrors + } + STATUS current + DESCRIPTION "A collection of objects providing high-capacity + statistics applicable to higher-speed + ethernet-like network interfaces." + ::= { etherGroups 12 } + + etherHCControlGroup OBJECT-GROUP + OBJECTS { dot3HCControlInUnknownOpcodes } + STATUS current + DESCRIPTION "A collection of objects providing high-capacity + statistics for the MAC Control sublayer on + higher-speed ethernet-like network interfaces." + ::= { etherGroups 13 } + + etherHCControlPauseGroup OBJECT-GROUP + OBJECTS { dot3HCInPauseFrames, + dot3HCOutPauseFrames + + } + STATUS current + DESCRIPTION "A collection of objects providing high-capacity + statistics for the MAC Control PAUSE function on + higher-speed ethernet-like network interfaces." + ::= { etherGroups 14 } + + etherRateControlGroup OBJECT-GROUP + OBJECTS { dot3StatsRateControlAbility, + dot3StatsRateControlStatus + } + STATUS current + DESCRIPTION "A collection of objects providing information + about the Rate Control function on ethernet-like + interfaces." + ::= { etherGroups 15 } + +END diff --git a/data/mibs/HCNUM-TC.txt b/data/mibs/HCNUM-TC.txt new file mode 100644 index 000000000..4be3d547e --- /dev/null +++ b/data/mibs/HCNUM-TC.txt @@ -0,0 +1,118 @@ +HCNUM-TC DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, mib-2, Counter64 + FROM SNMPv2-SMI + TEXTUAL-CONVENTION + FROM SNMPv2-TC; + +hcnumTC MODULE-IDENTITY + LAST-UPDATED "200006080000Z" + + ORGANIZATION "IETF OPS Area" + CONTACT-INFO + " E-mail: mibs@ops.ietf.org + Subscribe: majordomo@psg.com + with msg body: subscribe mibs + + Andy Bierman + Cisco Systems Inc. + 170 West Tasman Drive + San Jose, CA 95134 USA + +1 408-527-3711 + abierman@cisco.com + + Keith McCloghrie + Cisco Systems Inc. + 170 West Tasman Drive + San Jose, CA 95134 USA + +1 408-526-5260 + kzm@cisco.com + + Randy Presuhn + BMC Software, Inc. + Office 1-3141 + 2141 North First Street + San Jose, California 95131 USA + +1 408 546-1006 + rpresuhn@bmc.com" + DESCRIPTION + "A MIB module containing textual conventions + for high capacity data types. This module + addresses an immediate need for data types not directly + supported in the SMIv2. This short-term solution + is meant to be deprecated as a long-term solution + is deployed." + REVISION "200006080000Z" + DESCRIPTION + "Initial Version of the High Capacity Numbers + MIB module, published as RFC 2856." + ::= { mib-2 78 } + +CounterBasedGauge64 ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The CounterBasedGauge64 type represents a non-negative + integer, which may increase or decrease, but shall never + exceed a maximum value, nor fall below a minimum value. The + maximum value can not be greater than 2^64-1 + (18446744073709551615 decimal), and the minimum value can + + not be smaller than 0. The value of a CounterBasedGauge64 + has its maximum value whenever the information being modeled + is greater than or equal to its maximum value, and has its + minimum value whenever the information being modeled is + smaller than or equal to its minimum value. If the + information being modeled subsequently decreases below + (increases above) the maximum (minimum) value, the + CounterBasedGauge64 also decreases (increases). + + Note that this TC is not strictly supported in SMIv2, + because the 'always increasing' and 'counter wrap' semantics + associated with the Counter64 base type are not preserved. + It is possible that management applications which rely + solely upon the (Counter64) ASN.1 tag to determine object + semantics will mistakenly operate upon objects of this type + as they would for Counter64 objects. + + This textual convention represents a limited and short-term + solution, and may be deprecated as a long term solution is + defined and deployed to replace it." + SYNTAX Counter64 + +ZeroBasedCounter64 ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This TC describes an object which counts events with the + following semantics: objects of this type will be set to + zero(0) on creation and will thereafter count appropriate + events, wrapping back to zero(0) when the value 2^64 is + reached. + + Provided that an application discovers the new object within + the minimum time to wrap it can use the initial value as a + delta since it last polled the table of which this object is + part. It is important for a management station to be aware + of this minimum time and the actual time between polls, and + to discard data if the actual time is too long or there is + no defined minimum time. + + Typically this TC is used in tables where the INDEX space is + constantly changing and/or the TimeFilter mechanism is in + use. + + Note that this textual convention does not retain all the + semantics of the Counter64 base type. Specifically, a + Counter64 has an arbitrary initial value, but objects + defined with this TC are required to start at the value + + zero. This behavior is not likely to have any adverse + effects on management applications which are expecting + Counter64 semantics. + + This textual convention represents a limited and short-term + solution, and may be deprecated as a long term solution is + defined and deployed to replace it." + SYNTAX Counter64 + +END diff --git a/data/mibs/HOST-RESOURCES-MIB.txt b/data/mibs/HOST-RESOURCES-MIB.txt new file mode 100644 index 000000000..373b9b328 --- /dev/null +++ b/data/mibs/HOST-RESOURCES-MIB.txt @@ -0,0 +1,1540 @@ +HOST-RESOURCES-MIB DEFINITIONS ::= BEGIN + +IMPORTS +MODULE-IDENTITY, OBJECT-TYPE, mib-2, +Integer32, Counter32, Gauge32, TimeTicks FROM SNMPv2-SMI + +TEXTUAL-CONVENTION, DisplayString, +TruthValue, DateAndTime, AutonomousType FROM SNMPv2-TC + +MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + +InterfaceIndexOrZero FROM IF-MIB; + +hostResourcesMibModule MODULE-IDENTITY + LAST-UPDATED "200003060000Z" -- 6 March 2000 + ORGANIZATION "IETF Host Resources MIB Working Group" + CONTACT-INFO + "Steve Waldbusser + Postal: Lucent Technologies, Inc. + 1213 Innsbruck Dr. + Sunnyvale, CA 94089 + USA + Phone: 650-318-1251 + Fax: 650-318-1633 + Email: waldbusser@lucent.com + + In addition, the Host Resources MIB mailing list is + dedicated to discussion of this MIB. To join the + mailing list, send a request message to + hostmib-request@andrew.cmu.edu. The mailing list + address is hostmib@andrew.cmu.edu." + DESCRIPTION + "This MIB is for use in managing host systems. The term + `host' is construed to mean any computer that communicates + with other similar computers attached to the internet and + that is directly used by one or more human beings. Although + this MIB does not necessarily apply to devices whose primary + function is communications services (e.g., terminal servers, + routers, bridges, monitoring equipment), such relevance is + not explicitly precluded. This MIB instruments attributes + common to all internet hosts including, for example, both + personal computers and systems that run variants of Unix." + + REVISION "200003060000Z" -- 6 March 2000 + DESCRIPTION + "Clarifications and bug fixes based on implementation + experience. This revision was also reformatted in the SMIv2 + format. The revisions made were: + + New RFC document standards: + Added Copyright notice, updated introduction to SNMP + Framework, updated references section, added reference to + RFC 2119, and added a meaningful Security Considerations + section. + + New IANA considerations section for registration of new types + + Conversion to new SMIv2 syntax for the following types and + macros: + Counter32, Integer32, Gauge32, MODULE-IDENTITY, + OBJECT-TYPE, TEXTUAL-CONVENTION, OBJECT-IDENTITY, + MODULE-COMPLIANCE, OBJECT-GROUP + + Used new Textual Conventions: + TruthValue, DateAndTime, AutonomousType, + InterfaceIndexOrZero + + Fixed typo in hrPrinterStatus. + + Added missing error bits to hrPrinterDetectedErrorState and + clarified confusion resulting from suggested mappings to + hrPrinterStatus. + + Clarified that size of objects of type + InternationalDisplayString is number of octets, not number + of encoded symbols. + + Clarified the use of the following objects based on + implementation experience: + hrSystemInitialLoadDevice, hrSystemInitialLoadParameters, + hrMemorySize, hrStorageSize, hrStorageAllocationFailures, + hrDeviceErrors, hrProcessorLoad, hrNetworkIfIndex, + hrDiskStorageCapacity, hrSWRunStatus, hrSWRunPerfCPU, + and hrSWInstalledDate. + + Clarified implementation technique for hrSWInstalledTable. + + Used new AUGMENTS clause for hrSWRunPerfTable. + + Added Internationalization Considerations section. + +This revision published as RFC2790." + + REVISION "9910202200Z" -- 20 October, 1999 + DESCRIPTION + "The original version of this MIB, published as + RFC1514." + ::= { hrMIBAdminInfo 1 } + +host OBJECT IDENTIFIER ::= { mib-2 25 } + +hrSystem OBJECT IDENTIFIER ::= { host 1 } +hrStorage OBJECT IDENTIFIER ::= { host 2 } +hrDevice OBJECT IDENTIFIER ::= { host 3 } +hrSWRun OBJECT IDENTIFIER ::= { host 4 } +hrSWRunPerf OBJECT IDENTIFIER ::= { host 5 } +hrSWInstalled OBJECT IDENTIFIER ::= { host 6 } +hrMIBAdminInfo OBJECT IDENTIFIER ::= { host 7 } + +-- textual conventions + +KBytes ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Storage size, expressed in units of 1024 bytes." + SYNTAX Integer32 (0..2147483647) + +ProductID ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is intended to identify the + + manufacturer, model, and version of a specific + hardware or software product. It is suggested that + these OBJECT IDENTIFIERs are allocated such that all + products from a particular manufacturer are registered + under a subtree distinct to that manufacturer. In + addition, all versions of a product should be + registered under a subtree distinct to that product. + With this strategy, a management station may uniquely + determine the manufacturer and/or model of a product + whose productID is unknown to the management station. + Objects of this type may be useful for inventory + purposes or for automatically detecting + incompatibilities or version mismatches between + various hardware and software components on a system. + + For example, the product ID for the ACME 4860 66MHz + clock doubled processor might be: + enterprises.acme.acmeProcessors.a4860DX2.MHz66 + + A software product might be registered as: + enterprises.acme.acmeOperatingSystems.acmeDOS.six(6).one(1) + " + SYNTAX OBJECT IDENTIFIER + +-- unknownProduct will be used for any unknown ProductID +-- unknownProduct OBJECT IDENTIFIER ::= { 0 0 } + +InternationalDisplayString ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This data type is used to model textual information + in some character set. A network management station + should use a local algorithm to determine which + character set is in use and how it should be + displayed. Note that this character set may be + encoded with more than one octet per symbol, but will + most often be NVT ASCII. When a size clause is + specified for an object of this type, the size refers + to the length in octets, not the number of symbols." + SYNTAX OCTET STRING + +-- The Host Resources System Group + +hrSystemUptime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time since this host was last + initialized. Note that this is different from + sysUpTime in the SNMPv2-MIB [RFC1907] because + sysUpTime is the uptime of the network management + portion of the system." + ::= { hrSystem 1 } + +hrSystemDate OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The host's notion of the local date and time of day." + ::= { hrSystem 2 } + +hrSystemInitialLoadDevice OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The index of the hrDeviceEntry for the device from + which this host is configured to load its initial + operating system configuration (i.e., which operating + system code and/or boot parameters). + + Note that writing to this object just changes the + configuration that will be used the next time the + operating system is loaded and does not actually cause + the reload to occur." + ::= { hrSystem 3 } + +hrSystemInitialLoadParameters OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE (0..128)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object contains the parameters (e.g. a pathname + and parameter) supplied to the load device when + requesting the initial operating system configuration + from that device. + + Note that writing to this object just changes the + configuration that will be used the next time the + operating system is loaded and does not actually cause + the reload to occur." + ::= { hrSystem 4 } + +hrSystemNumUsers OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of user sessions for which this host is + storing state information. A session is a collection + of processes requiring a single act of user + authentication and possibly subject to collective job + control." + ::= { hrSystem 5 } + +hrSystemProcesses OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of process contexts currently loaded or + running on this system." + ::= { hrSystem 6 } + +hrSystemMaxProcesses OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of process contexts this system + can support. If there is no fixed maximum, the value + should be zero. On systems that have a fixed maximum, + this object can help diagnose failures that occur when + this maximum is reached." + ::= { hrSystem 7 } + +-- The Host Resources Storage Group + +-- Registration point for storage types, for use with hrStorageType. +-- These are defined in the HOST-RESOURCES-TYPES module. +hrStorageTypes OBJECT IDENTIFIER ::= { hrStorage 1 } + +hrMemorySize OBJECT-TYPE + SYNTAX KBytes + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of physical read-write main memory, + typically RAM, contained by the host." + ::= { hrStorage 2 } + +hrStorageTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrStorageEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of logical storage areas on + the host. + + An entry shall be placed in the storage table for each + logical area of storage that is allocated and has + fixed resource limits. The amount of storage + represented in an entity is the amount actually usable + by the requesting entity, and excludes loss due to + formatting or file system reference information. + + These entries are associated with logical storage + areas, as might be seen by an application, rather than + physical storage entities which are typically seen by + an operating system. Storage such as tapes and + floppies without file systems on them are typically + not allocated in chunks by the operating system to + requesting applications, and therefore shouldn't + appear in this table. Examples of valid storage for + this table include disk partitions, file systems, ram + (for some architectures this is further segmented into + regular memory, extended memory, and so on), backing + store for virtual memory (`swap space'). + + This table is intended to be a useful diagnostic for + `out of memory' and `out of buffers' types of + failures. In addition, it can be a useful performance + monitoring tool for tracking memory, disk, or buffer + usage." + ::= { hrStorage 3 } + +hrStorageEntry OBJECT-TYPE + SYNTAX HrStorageEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one logical storage area on + the host. As an example, an instance of the + hrStorageType object might be named hrStorageType.3" + INDEX { hrStorageIndex } + ::= { hrStorageTable 1 } + +HrStorageEntry ::= SEQUENCE { + hrStorageIndex Integer32, + hrStorageType AutonomousType, + hrStorageDescr DisplayString, + hrStorageAllocationUnits Integer32, + hrStorageSize Integer32, + hrStorageUsed Integer32, + hrStorageAllocationFailures Counter32 + } + +hrStorageIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each logical storage area + contained by the host." + ::= { hrStorageEntry 1 } + +hrStorageType OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of storage represented by this entry." + ::= { hrStorageEntry 2 } + +hrStorageDescr OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the type and instance of the storage + described by this entry." + ::= { hrStorageEntry 3 } + +hrStorageAllocationUnits OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + UNITS "Bytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size, in bytes, of the data objects allocated + from this pool. If this entry is monitoring sectors, + blocks, buffers, or packets, for example, this number + will commonly be greater than one. Otherwise this + number will typically be one." + ::= { hrStorageEntry 4 } + +hrStorageSize OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The size of the storage represented by this entry, in + units of hrStorageAllocationUnits. This object is + writable to allow remote configuration of the size of + the storage area in those cases where such an + operation makes sense and is possible on the + underlying system. For example, the amount of main + memory allocated to a buffer pool might be modified or + the amount of disk space allocated to virtual memory + might be modified." + ::= { hrStorageEntry 5 } + +hrStorageUsed OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of the storage represented by this entry + that is allocated, in units of + hrStorageAllocationUnits." + ::= { hrStorageEntry 6 } + +hrStorageAllocationFailures OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of requests for storage represented by + this entry that could not be honored due to not enough + storage. It should be noted that as this object has a + SYNTAX of Counter32, that it does not have a defined + initial value. However, it is recommended that this + object be initialized to zero, even though management + stations must not depend on such an initialization." + ::= { hrStorageEntry 7 } + +-- The Host Resources Device Group +-- +-- The device group is useful for identifying and diagnosing the +-- devices on a system. The hrDeviceTable contains common +-- information for any type of device. In addition, some devices +-- have device-specific tables for more detailed information. More +-- such tables may be defined in the future for other device types. + +-- Registration point for device types, for use with hrDeviceType. + +-- These are defined in the HOST-RESOURCES-TYPES module. +hrDeviceTypes OBJECT IDENTIFIER ::= { hrDevice 1 } + +hrDeviceTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrDeviceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of devices contained by the + host." + ::= { hrDevice 2 } + +hrDeviceEntry OBJECT-TYPE + SYNTAX HrDeviceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one device contained by the + host. As an example, an instance of the hrDeviceType + object might be named hrDeviceType.3" + INDEX { hrDeviceIndex } + ::= { hrDeviceTable 1 } + +HrDeviceEntry ::= SEQUENCE { + hrDeviceIndex Integer32, + hrDeviceType AutonomousType, + hrDeviceDescr DisplayString, + hrDeviceID ProductID, + hrDeviceStatus INTEGER, + hrDeviceErrors Counter32 + } + +hrDeviceIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each device contained by the host. + The value for each device must remain constant at + least from one re-initialization of the agent to the + next re-initialization." + ::= { hrDeviceEntry 1 } + +hrDeviceType OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication of the type of device. + + If this value is + `hrDeviceProcessor { hrDeviceTypes 3 }' then an entry + exists in the hrProcessorTable which corresponds to + this device. + + If this value is + `hrDeviceNetwork { hrDeviceTypes 4 }', then an entry + exists in the hrNetworkTable which corresponds to this + device. + + If this value is + `hrDevicePrinter { hrDeviceTypes 5 }', then an entry + exists in the hrPrinterTable which corresponds to this + device. + + If this value is + `hrDeviceDiskStorage { hrDeviceTypes 6 }', then an + entry exists in the hrDiskStorageTable which + corresponds to this device." + ::= { hrDeviceEntry 2 } + +hrDeviceDescr OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of this device, including the + device's manufacturer and revision, and optionally, + its serial number." + ::= { hrDeviceEntry 3 } + +hrDeviceID OBJECT-TYPE + SYNTAX ProductID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The product ID for this device." + ::= { hrDeviceEntry 4 } + +hrDeviceStatus OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + running(2), + warning(3), + testing(4), + down(5) + + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operational state of the device described + by this row of the table. A value unknown(1) + indicates that the current state of the device is + unknown. running(2) indicates that the device is up + and running and that no unusual error conditions are + known. The warning(3) state indicates that agent has + been informed of an unusual error condition by the + operational software (e.g., a disk device driver) but + that the device is still 'operational'. An example + would be a high number of soft errors on a disk. A + value of testing(4), indicates that the device is not + available for use because it is in the testing state. + The state of down(5) is used only when the agent has + been informed that the device is not available for any + use." + ::= { hrDeviceEntry 5 } + +hrDeviceErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of errors detected on this device. It + should be noted that as this object has a SYNTAX of + Counter32, that it does not have a defined initial + value. However, it is recommended that this object be + initialized to zero, even though management stations + must not depend on such an initialization." + ::= { hrDeviceEntry 6 } + +hrProcessorTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrProcessorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of processors contained by the + host. + + Note that this table is potentially sparse: a + (conceptual) entry exists only if the correspondent + value of the hrDeviceType object is + `hrDeviceProcessor'." + ::= { hrDevice 3 } + +hrProcessorEntry OBJECT-TYPE + SYNTAX HrProcessorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one processor contained by + the host. The hrDeviceIndex in the index represents + the entry in the hrDeviceTable that corresponds to the + hrProcessorEntry. + + As an example of how objects in this table are named, + an instance of the hrProcessorFrwID object might be + named hrProcessorFrwID.3" + INDEX { hrDeviceIndex } + ::= { hrProcessorTable 1 } + +HrProcessorEntry ::= SEQUENCE { + hrProcessorFrwID ProductID, + hrProcessorLoad Integer32 + } + +hrProcessorFrwID OBJECT-TYPE + SYNTAX ProductID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The product ID of the firmware associated with the + processor." + ::= { hrProcessorEntry 1 } + +hrProcessorLoad OBJECT-TYPE + SYNTAX Integer32 (0..100) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The average, over the last minute, of the percentage + of time that this processor was not idle. + Implementations may approximate this one minute + smoothing period if necessary." + ::= { hrProcessorEntry 2 } + +hrNetworkTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrNetworkEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of network devices contained + by the host. + + Note that this table is potentially sparse: a + (conceptual) entry exists only if the correspondent + value of the hrDeviceType object is + `hrDeviceNetwork'." + ::= { hrDevice 4 } + +hrNetworkEntry OBJECT-TYPE + SYNTAX HrNetworkEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one network device contained + by the host. The hrDeviceIndex in the index + represents the entry in the hrDeviceTable that + corresponds to the hrNetworkEntry. + + As an example of how objects in this table are named, + an instance of the hrNetworkIfIndex object might be + named hrNetworkIfIndex.3" + INDEX { hrDeviceIndex } + ::= { hrNetworkTable 1 } + +HrNetworkEntry ::= SEQUENCE { + hrNetworkIfIndex InterfaceIndexOrZero + } + +hrNetworkIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of ifIndex which corresponds to this + network device. If this device is not represented in + the ifTable, then this value shall be zero." + ::= { hrNetworkEntry 1 } + +hrPrinterTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrPrinterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of printers local to the host. + + Note that this table is potentially sparse: a + (conceptual) entry exists only if the correspondent + value of the hrDeviceType object is + `hrDevicePrinter'." + ::= { hrDevice 5 } + +hrPrinterEntry OBJECT-TYPE + SYNTAX HrPrinterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one printer local to the + host. The hrDeviceIndex in the index represents the + entry in the hrDeviceTable that corresponds to the + hrPrinterEntry. + + As an example of how objects in this table are named, + an instance of the hrPrinterStatus object might be + named hrPrinterStatus.3" + INDEX { hrDeviceIndex } + ::= { hrPrinterTable 1 } + +HrPrinterEntry ::= SEQUENCE { + hrPrinterStatus INTEGER, + hrPrinterDetectedErrorState OCTET STRING + } + +hrPrinterStatus OBJECT-TYPE + SYNTAX INTEGER { + other(1), + unknown(2), + idle(3), + printing(4), + warmup(5) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current status of this printer device." + ::= { hrPrinterEntry 1 } + +hrPrinterDetectedErrorState OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object represents any error conditions detected + by the printer. The error conditions are encoded as + bits in an octet string, with the following + definitions: + + Condition Bit # + + lowPaper 0 + + noPaper 1 + lowToner 2 + noToner 3 + doorOpen 4 + jammed 5 + offline 6 + serviceRequested 7 + inputTrayMissing 8 + outputTrayMissing 9 + markerSupplyMissing 10 + outputNearFull 11 + outputFull 12 + inputTrayEmpty 13 + overduePreventMaint 14 + + Bits are numbered starting with the most significant + bit of the first byte being bit 0, the least + significant bit of the first byte being bit 7, the + most significant bit of the second byte being bit 8, + and so on. A one bit encodes that the condition was + detected, while a zero bit encodes that the condition + was not detected. + + This object is useful for alerting an operator to + specific warning or error conditions that may occur, + especially those requiring human intervention." + ::= { hrPrinterEntry 2 } + +hrDiskStorageTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrDiskStorageEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of long-term storage devices + contained by the host. In particular, disk devices + accessed remotely over a network are not included + here. + + Note that this table is potentially sparse: a + (conceptual) entry exists only if the correspondent + value of the hrDeviceType object is + `hrDeviceDiskStorage'." + ::= { hrDevice 6 } + +hrDiskStorageEntry OBJECT-TYPE + SYNTAX HrDiskStorageEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one long-term storage device + contained by the host. The hrDeviceIndex in the index + represents the entry in the hrDeviceTable that + corresponds to the hrDiskStorageEntry. As an example, + an instance of the hrDiskStorageCapacity object might + be named hrDiskStorageCapacity.3" + INDEX { hrDeviceIndex } + ::= { hrDiskStorageTable 1 } + +HrDiskStorageEntry ::= SEQUENCE { + hrDiskStorageAccess INTEGER, + hrDiskStorageMedia INTEGER, + hrDiskStorageRemoveble TruthValue, + hrDiskStorageCapacity KBytes + } + +hrDiskStorageAccess OBJECT-TYPE + SYNTAX INTEGER { + readWrite(1), + readOnly(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication if this long-term storage device is + readable and writable or only readable. This should + reflect the media type, any write-protect mechanism, + and any device configuration that affects the entire + device." + ::= { hrDiskStorageEntry 1 } + +hrDiskStorageMedia OBJECT-TYPE + SYNTAX INTEGER { + other(1), + unknown(2), + hardDisk(3), + floppyDisk(4), + opticalDiskROM(5), + opticalDiskWORM(6), -- Write Once Read Many + opticalDiskRW(7), + ramDisk(8) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication of the type of media used in this long- + term storage device." + ::= { hrDiskStorageEntry 2 } + +hrDiskStorageRemoveble OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Denotes whether or not the disk media may be removed + from the drive." + ::= { hrDiskStorageEntry 3 } + +hrDiskStorageCapacity OBJECT-TYPE + SYNTAX KBytes + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total size for this long-term storage device. If + the media is removable and is currently removed, this + value should be zero." + ::= { hrDiskStorageEntry 4 } + +hrPartitionTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrPartitionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of partitions for long-term + storage devices contained by the host. In particular, + partitions accessed remotely over a network are not + included here." + ::= { hrDevice 7 } + +hrPartitionEntry OBJECT-TYPE + SYNTAX HrPartitionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one partition. The + hrDeviceIndex in the index represents the entry in the + hrDeviceTable that corresponds to the + hrPartitionEntry. + + As an example of how objects in this table are named, + an instance of the hrPartitionSize object might be + named hrPartitionSize.3.1" + INDEX { hrDeviceIndex, hrPartitionIndex } + ::= { hrPartitionTable 1 } + +HrPartitionEntry ::= SEQUENCE { + hrPartitionIndex Integer32, + hrPartitionLabel InternationalDisplayString, + hrPartitionID OCTET STRING, + hrPartitionSize KBytes, + hrPartitionFSIndex Integer32 + } + +hrPartitionIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each partition on this long-term + storage device. The value for each long-term storage + device must remain constant at least from one re- + initialization of the agent to the next re- + initialization." + ::= { hrPartitionEntry 1 } + +hrPartitionLabel OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE (0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of this partition." + ::= { hrPartitionEntry 2 } + +hrPartitionID OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A descriptor which uniquely represents this partition + to the responsible operating system. On some systems, + this might take on a binary representation." + ::= { hrPartitionEntry 3 } + +hrPartitionSize OBJECT-TYPE + SYNTAX KBytes + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of this partition." + ::= { hrPartitionEntry 4 } + +hrPartitionFSIndex OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the file system mounted on this + partition. If no file system is mounted on this + partition, then this value shall be zero. Note that + multiple partitions may point to one file system, + denoting that that file system resides on those + partitions. Multiple file systems may not reside on + one partition." + ::= { hrPartitionEntry 5 } + +-- The File System Table + +-- Registration point for popular File System types, +-- for use with hrFSType. These are defined in the +-- HOST-RESOURCES-TYPES module. +hrFSTypes OBJECT IDENTIFIER ::= { hrDevice 9 } + +hrFSTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrFSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of file systems local to this + host or remotely mounted from a file server. File + systems that are in only one user's environment on a + multi-user system will not be included in this table." + ::= { hrDevice 8 } + +hrFSEntry OBJECT-TYPE + SYNTAX HrFSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one file system local to + this host or remotely mounted from a file server. + File systems that are in only one user's environment + on a multi-user system will not be included in this + table. + + As an example of how objects in this table are named, + an instance of the hrFSMountPoint object might be + named hrFSMountPoint.3" + INDEX { hrFSIndex } + ::= { hrFSTable 1 } + +HrFSEntry ::= SEQUENCE { + hrFSIndex Integer32, + hrFSMountPoint InternationalDisplayString, + hrFSRemoteMountPoint InternationalDisplayString, + hrFSType AutonomousType, + hrFSAccess INTEGER, + hrFSBootable TruthValue, + hrFSStorageIndex Integer32, + hrFSLastFullBackupDate DateAndTime, + hrFSLastPartialBackupDate DateAndTime + } + +hrFSIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each file system local to this + host. The value for each file system must remain + constant at least from one re-initialization of the + agent to the next re-initialization." + ::= { hrFSEntry 1 } + +hrFSMountPoint OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The path name of the root of this file system." + ::= { hrFSEntry 2 } + +hrFSRemoteMountPoint OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the name and/or address of the + server that this file system is mounted from. This + may also include parameters such as the mount point on + the remote file system. If this is not a remote file + system, this string should have a length of zero." + ::= { hrFSEntry 3 } + +hrFSType OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object identifies the type of this + file system." + ::= { hrFSEntry 4 } + +hrFSAccess OBJECT-TYPE + SYNTAX INTEGER { + readWrite(1), + readOnly(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication if this file system is logically + configured by the operating system to be readable and + writable or only readable. This does not represent + any local access-control policy, except one that is + applied to the file system as a whole." + ::= { hrFSEntry 5 } + +hrFSBootable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A flag indicating whether this file system is + bootable." + ::= { hrFSEntry 6 } + +hrFSStorageIndex OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the hrStorageEntry that represents + information about this file system. If there is no + such information available, then this value shall be + zero. The relevant storage entry will be useful in + tracking the percent usage of this file system and + diagnosing errors that may occur when it runs out of + space." + ::= { hrFSEntry 7 } + +hrFSLastFullBackupDate OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The last date at which this complete file system was + + copied to another storage device for backup. This + information is useful for ensuring that backups are + being performed regularly. + + If this information is not known, then this variable + shall have the value corresponding to January 1, year + 0000, 00:00:00.0, which is encoded as + (hex)'00 00 01 01 00 00 00 00'." + ::= { hrFSEntry 8 } + +hrFSLastPartialBackupDate OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The last date at which a portion of this file system + was copied to another storage device for backup. This + information is useful for ensuring that backups are + being performed regularly. + + If this information is not known, then this variable + shall have the value corresponding to January 1, year + 0000, 00:00:00.0, which is encoded as + (hex)'00 00 01 01 00 00 00 00'." + ::= { hrFSEntry 9 } + +-- The Host Resources Running Software Group +-- +-- The hrSWRunTable contains an entry for each distinct piece of +-- software that is running or loaded into physical or virtual +-- memory in preparation for running. This includes the host's +-- operating system, device drivers, and applications. + +hrSWOSIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the hrSWRunIndex for the hrSWRunEntry + that represents the primary operating system running + on this host. This object is useful for quickly and + uniquely identifying that primary operating system." + ::= { hrSWRun 1 } + +hrSWRunTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrSWRunEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of software running on the + host." + ::= { hrSWRun 2 } + +hrSWRunEntry OBJECT-TYPE + SYNTAX HrSWRunEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for one piece of software + running on the host Note that because the installed + software table only contains information for software + stored locally on this host, not every piece of + running software will be found in the installed + software table. This is true of software that was + loaded and run from a non-local source, such as a + network-mounted file system. + + As an example of how objects in this table are named, + an instance of the hrSWRunName object might be named + hrSWRunName.1287" + INDEX { hrSWRunIndex } + ::= { hrSWRunTable 1 } + +HrSWRunEntry ::= SEQUENCE { + hrSWRunIndex Integer32, + hrSWRunName InternationalDisplayString, + hrSWRunID ProductID, + hrSWRunPath InternationalDisplayString, + hrSWRunParameters InternationalDisplayString, + hrSWRunType INTEGER, + hrSWRunStatus INTEGER + } + +hrSWRunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each piece of software running on + the host. Wherever possible, this should be the + system's native, unique identification number." + ::= { hrSWRunEntry 1 } + +hrSWRunName OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE (0..64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of this running piece of + software, including the manufacturer, revision, and + the name by which it is commonly known. If this + software was installed locally, this should be the + same string as used in the corresponding + hrSWInstalledName." + ::= { hrSWRunEntry 2 } + +hrSWRunID OBJECT-TYPE + SYNTAX ProductID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The product ID of this running piece of software." + ::= { hrSWRunEntry 3 } + +hrSWRunPath OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the location on long-term storage + (e.g. a disk drive) from which this software was + loaded." + ::= { hrSWRunEntry 4 } + +hrSWRunParameters OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE(0..128)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the parameters supplied to this + software when it was initially loaded." + ::= { hrSWRunEntry 5 } + +hrSWRunType OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + operatingSystem(2), + deviceDriver(3), + application(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of this software." + ::= { hrSWRunEntry 6 } + +hrSWRunStatus OBJECT-TYPE + SYNTAX INTEGER { + running(1), + runnable(2), -- waiting for resource + -- (i.e., CPU, memory, IO) + notRunnable(3), -- loaded but waiting for event + invalid(4) -- not loaded + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The status of this running piece of software. + Setting this value to invalid(4) shall cause this + software to stop running and to be unloaded. Sets to + other values are not valid." + ::= { hrSWRunEntry 7 } + +-- The Host Resources Running Software Performance Group +-- +-- The hrSWRunPerfTable contains an entry corresponding to +-- each entry in the hrSWRunTable. + +hrSWRunPerfTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrSWRunPerfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of running software + performance metrics." + ::= { hrSWRunPerf 1 } + +hrSWRunPerfEntry OBJECT-TYPE + SYNTAX HrSWRunPerfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry containing software performance + metrics. As an example, an instance of the + hrSWRunPerfCPU object might be named + hrSWRunPerfCPU.1287" + AUGMENTS { hrSWRunEntry } -- This table augments information in + -- the hrSWRunTable. + ::= { hrSWRunPerfTable 1 } + +HrSWRunPerfEntry ::= SEQUENCE { + hrSWRunPerfCPU Integer32, + hrSWRunPerfMem KBytes +} + +hrSWRunPerfCPU OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of centi-seconds of the total system's CPU + resources consumed by this process. Note that on a + multi-processor system, this value may increment by + more than one centi-second in one centi-second of real + (wall clock) time." + ::= { hrSWRunPerfEntry 1 } + +hrSWRunPerfMem OBJECT-TYPE + SYNTAX KBytes + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total amount of real system memory allocated to + this process." + ::= { hrSWRunPerfEntry 2 } + +-- The Host Resources Installed Software Group +-- +-- The hrSWInstalledTable contains an entry for each piece +-- of software installed in long-term storage (e.g. a disk +-- drive) locally on this host. Note that this does not +-- include software loadable remotely from a network +-- server. +-- +-- Different implementations may track software in varying +-- ways. For example, while some implementations may track +-- executable files as distinct pieces of software, other +-- implementations may use other strategies such as keeping +-- track of software "packages" (e.g., related groups of files) +-- or keeping track of system or application "patches". +-- +-- This table is useful for identifying and inventorying +-- software on a host and for diagnosing incompatibility +-- and version mismatch problems between various pieces +-- of hardware and software. + +hrSWInstalledLastChange OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when an entry in the + hrSWInstalledTable was last added, renamed, or + deleted. Because this table is likely to contain many + entries, polling of this object allows a management + station to determine when re-downloading of the table + might be useful." + ::= { hrSWInstalled 1 } + +hrSWInstalledLastUpdateTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the hrSWInstalledTable + was last completely updated. Because caching of this + data will be a popular implementation strategy, + retrieval of this object allows a management station + to obtain a guarantee that no data in this table is + older than the indicated time." + ::= { hrSWInstalled 2 } + +hrSWInstalledTable OBJECT-TYPE + SYNTAX SEQUENCE OF HrSWInstalledEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table of software installed on this + host." + ::= { hrSWInstalled 3 } + +hrSWInstalledEntry OBJECT-TYPE + SYNTAX HrSWInstalledEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A (conceptual) entry for a piece of software + installed on this host. + + As an example of how objects in this table are named, + an instance of the hrSWInstalledName object might be + named hrSWInstalledName.96" + INDEX { hrSWInstalledIndex } + ::= { hrSWInstalledTable 1 } + +HrSWInstalledEntry ::= SEQUENCE { + hrSWInstalledIndex Integer32, + hrSWInstalledName InternationalDisplayString, + hrSWInstalledID ProductID, + hrSWInstalledType INTEGER, + hrSWInstalledDate DateAndTime +} + +hrSWInstalledIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value for each piece of software installed + on the host. This value shall be in the range from 1 + to the number of pieces of software installed on the + host." + ::= { hrSWInstalledEntry 1 } + +hrSWInstalledName OBJECT-TYPE + SYNTAX InternationalDisplayString (SIZE (0..64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of this installed piece of + software, including the manufacturer, revision, the + name by which it is commonly known, and optionally, + its serial number." + ::= { hrSWInstalledEntry 2 } + +hrSWInstalledID OBJECT-TYPE + SYNTAX ProductID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The product ID of this installed piece of software." + ::= { hrSWInstalledEntry 3 } + +hrSWInstalledType OBJECT-TYPE + SYNTAX INTEGER { + unknown(1), + operatingSystem(2), + deviceDriver(3), + application(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of this software." + ::= { hrSWInstalledEntry 4 } + +hrSWInstalledDate OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The last-modification date of this application as it + would appear in a directory listing. + + If this information is not known, then this variable + shall have the value corresponding to January 1, year + 0000, 00:00:00.0, which is encoded as + (hex)'00 00 01 01 00 00 00 00'." + ::= { hrSWInstalledEntry 5 } + +-- Conformance information + +hrMIBCompliances OBJECT IDENTIFIER ::= { hrMIBAdminInfo 2 } +hrMIBGroups OBJECT IDENTIFIER ::= { hrMIBAdminInfo 3 } + +-- Compliance Statements +hrMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The requirements for conformance to the Host Resources MIB." + MODULE -- this module + MANDATORY-GROUPS { hrSystemGroup, hrStorageGroup, + hrDeviceGroup } + + OBJECT hrSystemDate + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT hrSystemInitialLoadDevice + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT hrSystemInitialLoadParameters + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT hrStorageSize + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT hrFSLastFullBackupDate + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT hrFSLastPartialBackupDate + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + GROUP hrSWRunGroup + DESCRIPTION + "The Running Software Group. Implementation + of this group is mandatory only when the + hrSWRunPerfGroup is implemented." + + OBJECT hrSWRunStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + GROUP hrSWRunPerfGroup + DESCRIPTION + "The Running Software Performance Group. + Implementation of this group is at the discretion + of the implementor." + + GROUP hrSWInstalledGroup + DESCRIPTION + "The Installed Software Group. + Implementation of this group is at the discretion + of the implementor." + ::= { hrMIBCompliances 1 } + + hrSystemGroup OBJECT-GROUP + OBJECTS { + hrSystemUptime, hrSystemDate, + hrSystemInitialLoadDevice, + hrSystemInitialLoadParameters, + hrSystemNumUsers, hrSystemProcesses, + hrSystemMaxProcesses + } + STATUS current + DESCRIPTION + "The Host Resources System Group." + ::= { hrMIBGroups 1 } + + hrStorageGroup OBJECT-GROUP + OBJECTS { + hrMemorySize, hrStorageIndex, hrStorageType, + hrStorageDescr, hrStorageAllocationUnits, + hrStorageSize, hrStorageUsed, + hrStorageAllocationFailures + } + STATUS current + DESCRIPTION + "The Host Resources Storage Group." + ::= { hrMIBGroups 2 } + + hrDeviceGroup OBJECT-GROUP + OBJECTS { + hrDeviceIndex, hrDeviceType, hrDeviceDescr, + hrDeviceID, hrDeviceStatus, hrDeviceErrors, + hrProcessorFrwID, hrProcessorLoad, + hrNetworkIfIndex, hrPrinterStatus, + hrPrinterDetectedErrorState, + hrDiskStorageAccess, hrDiskStorageMedia, + hrDiskStorageRemoveble, hrDiskStorageCapacity, + hrPartitionIndex, hrPartitionLabel, + hrPartitionID, hrPartitionSize, + hrPartitionFSIndex, hrFSIndex, hrFSMountPoint, + hrFSRemoteMountPoint, hrFSType, hrFSAccess, + hrFSBootable, hrFSStorageIndex, + hrFSLastFullBackupDate, + hrFSLastPartialBackupDate + } + STATUS current + DESCRIPTION + "The Host Resources Device Group." + ::= { hrMIBGroups 3 } + + hrSWRunGroup OBJECT-GROUP + OBJECTS { + hrSWOSIndex, hrSWRunIndex, hrSWRunName, + hrSWRunID, hrSWRunPath, hrSWRunParameters, + hrSWRunType, hrSWRunStatus + } + STATUS current + DESCRIPTION + "The Host Resources Running Software Group." + ::= { hrMIBGroups 4 } + + hrSWRunPerfGroup OBJECT-GROUP + OBJECTS { hrSWRunPerfCPU, hrSWRunPerfMem } + STATUS current + DESCRIPTION + "The Host Resources Running Software + Performance Group." + ::= { hrMIBGroups 5 } + + hrSWInstalledGroup OBJECT-GROUP + OBJECTS { + hrSWInstalledLastChange, + hrSWInstalledLastUpdateTime, + hrSWInstalledIndex, hrSWInstalledName, + hrSWInstalledID, hrSWInstalledType, + hrSWInstalledDate + } + STATUS current + DESCRIPTION + "The Host Resources Installed Software Group." + ::= { hrMIBGroups 6 } + +END diff --git a/data/mibs/HOST-RESOURCES-TYPES.txt b/data/mibs/HOST-RESOURCES-TYPES.txt new file mode 100644 index 000000000..d25bb4032 --- /dev/null +++ b/data/mibs/HOST-RESOURCES-TYPES.txt @@ -0,0 +1,389 @@ +HOST-RESOURCES-TYPES DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-IDENTITY FROM SNMPv2-SMI + hrMIBAdminInfo, hrStorage, hrDevice FROM HOST-RESOURCES-MIB; + +hostResourcesTypesModule MODULE-IDENTITY + LAST-UPDATED "200003060000Z" -- 6 March, 2000 + ORGANIZATION "IETF Host Resources MIB Working Group" + CONTACT-INFO + "Steve Waldbusser + Postal: Lucent Technologies, Inc. + 1213 Innsbruck Dr. + Sunnyvale, CA 94089 + USA + Phone: 650-318-1251 + Fax: 650-318-1633 + Email: waldbusser@ins.com + + In addition, the Host Resources MIB mailing list is dedicated + to discussion of this MIB. To join the mailing list, send a + request message to hostmib-request@andrew.cmu.edu. The mailing + list address is hostmib@andrew.cmu.edu." + DESCRIPTION + "This MIB module registers type definitions for + storage types, device types, and file system types. + + After the initial revision, this module will be + maintained by IANA." + REVISION "200003060000Z" -- 6 March 2000 + DESCRIPTION + "The original version of this module, published as RFC + 2790." + ::= { hrMIBAdminInfo 4 } + +-- Registrations for some storage types, for use with hrStorageType +hrStorageTypes OBJECT IDENTIFIER ::= { hrStorage 1 } + +hrStorageOther OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used when no other defined + type is appropriate." + ::= { hrStorageTypes 1 } + +hrStorageRam OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for RAM." + ::= { hrStorageTypes 2 } + +hrStorageVirtualMemory OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for virtual memory, + temporary storage of swapped or paged memory." + ::= { hrStorageTypes 3 } + +hrStorageFixedDisk OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for non-removable + rigid rotating magnetic storage devices." + ::= { hrStorageTypes 4 } + +hrStorageRemovableDisk OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for removable rigid + rotating magnetic storage devices." + ::= { hrStorageTypes 5 } + +hrStorageFloppyDisk OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for non-rigid rotating + magnetic storage devices." + ::= { hrStorageTypes 6 } + +hrStorageCompactDisc OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for read-only rotating + optical storage devices." + ::= { hrStorageTypes 7 } + +hrStorageRamDisk OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for a file system that + is stored in RAM." + ::= { hrStorageTypes 8 } + +hrStorageFlashMemory OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for flash memory." + ::= { hrStorageTypes 9 } + +hrStorageNetworkDisk OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The storage type identifier used for a + networked file system." + ::= { hrStorageTypes 10 } + +-- Registrations for some device types, for use with hrDeviceType +hrDeviceTypes OBJECT IDENTIFIER ::= { hrDevice 1 } + +hrDeviceOther OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used when no other defined + type is appropriate." + ::= { hrDeviceTypes 1 } + +hrDeviceUnknown OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used when the device type is + unknown." + ::= { hrDeviceTypes 2 } + +hrDeviceProcessor OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a CPU." + ::= { hrDeviceTypes 3 } + +hrDeviceNetwork OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a network interface." + ::= { hrDeviceTypes 4 } + +hrDevicePrinter OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a printer." + ::= { hrDeviceTypes 5 } + +hrDeviceDiskStorage OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a disk drive." + ::= { hrDeviceTypes 6 } + +hrDeviceVideo OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a video device." + ::= { hrDeviceTypes 10 } + +hrDeviceAudio OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for an audio device." + ::= { hrDeviceTypes 11 } + +hrDeviceCoprocessor OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a co-processor." + ::= { hrDeviceTypes 12 } + +hrDeviceKeyboard OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a keyboard device." + ::= { hrDeviceTypes 13 } + +hrDeviceModem OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a modem." + ::= { hrDeviceTypes 14 } + +hrDeviceParallelPort OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a parallel port." + ::= { hrDeviceTypes 15 } + +hrDevicePointing OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a pointing device + (e.g., a mouse)." + ::= { hrDeviceTypes 16 } + +hrDeviceSerialPort OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a serial port." + ::= { hrDeviceTypes 17 } + +hrDeviceTape OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a tape storage device." + ::= { hrDeviceTypes 18 } + +hrDeviceClock OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a clock device." + ::= { hrDeviceTypes 19 } + +hrDeviceVolatileMemory OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a volatile memory + storage device." + ::= { hrDeviceTypes 20 } + +hrDeviceNonVolatileMemory OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The device type identifier used for a non-volatile memory + + storage device." + ::= { hrDeviceTypes 21 } + +-- Registrations for some popular File System types, +-- for use with hrFSType. +hrFSTypes OBJECT IDENTIFIER ::= { hrDevice 9 } + +hrFSOther OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used when no other + defined type is appropriate." + ::= { hrFSTypes 1 } + +hrFSUnknown OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used when the type of + file system is unknown." + ::= { hrFSTypes 2 } + +hrFSBerkeleyFFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Berkeley Fast File System." + ::= { hrFSTypes 3 } + +hrFSSys5FS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + System V File System." + ::= { hrFSTypes 4 } + +hrFSFat OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for + DOS's FAT file system." + ::= { hrFSTypes 5 } + +hrFSHPFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for OS/2's + High Performance File System." + ::= { hrFSTypes 6 } + +hrFSHFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Macintosh Hierarchical File System." + ::= { hrFSTypes 7 } + +hrFSMFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Macintosh File System." + ::= { hrFSTypes 8 } + +hrFSNTFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Windows NT File System." + ::= { hrFSTypes 9 } + +hrFSVNode OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + VNode File System." + ::= { hrFSTypes 10 } + +hrFSJournaled OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Journaled File System." + ::= { hrFSTypes 11 } + +hrFSiso9660 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + ISO 9660 File System for CD's." + ::= { hrFSTypes 12 } + +hrFSRockRidge OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + RockRidge File System for CD's." + ::= { hrFSTypes 13 } + +hrFSNFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + NFS File System." + ::= { hrFSTypes 14 } + +hrFSNetware OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Netware File System." + ::= { hrFSTypes 15 } + +hrFSAFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Andrew File System." + ::= { hrFSTypes 16 } + +hrFSDFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + OSF DCE Distributed File System." + ::= { hrFSTypes 17 } + +hrFSAppleshare OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + AppleShare File System." + ::= { hrFSTypes 18 } + +hrFSRFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + RFS File System." + ::= { hrFSTypes 19 } + +hrFSDGCFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Data General DGCFS." + ::= { hrFSTypes 20 } + +hrFSBFS OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + SVR4 Boot File System." + ::= { hrFSTypes 21 } + +hrFSFAT32 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Windows FAT32 File System." + ::= { hrFSTypes 22 } + +hrFSLinuxExt2 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The file system type identifier used for the + Linux EXT2 File System." + ::= { hrFSTypes 23 } + +END diff --git a/data/mibs/IF-INVERTED-STACK-MIB.txt b/data/mibs/IF-INVERTED-STACK-MIB.txt new file mode 100644 index 000000000..eb8797b58 --- /dev/null +++ b/data/mibs/IF-INVERTED-STACK-MIB.txt @@ -0,0 +1,149 @@ +IF-INVERTED-STACK-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, mib-2 FROM SNMPv2-SMI + RowStatus FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + ifStackGroup2, + ifStackHigherLayer, ifStackLowerLayer FROM IF-MIB; + +ifInvertedStackMIB MODULE-IDENTITY + LAST-UPDATED "200006140000Z" + ORGANIZATION "IETF Interfaces MIB Working Group" + CONTACT-INFO + " Keith McCloghrie + Cisco Systems, Inc. + 170 West Tasman Drive + San Jose, CA 95134-1706 + US + + 408-526-5260 + kzm@cisco.com" + DESCRIPTION + "The MIB module which provides the Inverted Stack Table for + interface sub-layers." + REVISION "200006140000Z" + DESCRIPTION + "Initial revision, published as RFC 2864" + ::= { mib-2 77 } + +ifInvMIBObjects OBJECT IDENTIFIER ::= { ifInvertedStackMIB 1 } + +-- +-- The Inverted Interface Stack Group +-- + +ifInvStackTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfInvStackEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing information on the relationships between + + the multiple sub-layers of network interfaces. In + particular, it contains information on which sub-layers run + 'underneath' which other sub-layers, where each sub-layer + corresponds to a conceptual row in the ifTable. For + example, when the sub-layer with ifIndex value x runs + underneath the sub-layer with ifIndex value y, then this + table contains: + + ifInvStackStatus.x.y=active + + For each ifIndex value, z, which identifies an active + interface, there are always at least two instantiated rows + in this table associated with z. For one of these rows, z + is the value of ifStackHigherLayer; for the other, z is the + value of ifStackLowerLayer. (If z is not involved in + multiplexing, then these are the only two rows associated + with z.) + + For example, two rows exist even for an interface which has + no others stacked on top or below it: + + ifInvStackStatus.z.0=active + ifInvStackStatus.0.z=active + + This table contains exactly the same number of rows as the + ifStackTable, but the rows appear in a different order." + REFERENCE + "ifStackTable of RFC 2863" + ::= { ifInvMIBObjects 1 } + +ifInvStackEntry OBJECT-TYPE + SYNTAX IfInvStackEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information on a particular relationship between two sub- + layers, specifying that one sub-layer runs underneath the + other sub-layer. Each sub-layer corresponds to a conceptual + row in the ifTable." + INDEX { ifStackLowerLayer, ifStackHigherLayer } + ::= { ifInvStackTable 1 } + +IfInvStackEntry ::= + SEQUENCE { + ifInvStackStatus RowStatus + } + +ifInvStackStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The status of the relationship between two sub-layers. + + An instance of this object exists for each instance of the + ifStackStatus object, and vice versa. For example, if the + variable ifStackStatus.H.L exists, then the variable + ifInvStackStatus.L.H must also exist, and vice versa. In + addition, the two variables always have the same value. + + However, unlike ifStackStatus, the ifInvStackStatus object + is NOT write-able. A network management application wishing + to change a relationship between sub-layers H and L cannot + do so by modifying the value of ifInvStackStatus.L.H, but + must instead modify the value of ifStackStatus.H.L. After + the ifStackTable is modified, the change will be reflected + in this table." + ::= { ifInvStackEntry 1 } + +-- conformance information + +ifInvConformance OBJECT IDENTIFIER ::= { ifInvMIBObjects 2 } + +ifInvGroups OBJECT IDENTIFIER ::= { ifInvConformance 1 } +ifInvCompliances OBJECT IDENTIFIER ::= { ifInvConformance 2 } + +-- compliance statements + +ifInvCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which provide + inverted information on the layering of network interfaces." + + MODULE -- this module + MANDATORY-GROUPS { ifInvStackGroup } + + OBJECT ifInvStackStatus + SYNTAX INTEGER { active(1) } + DESCRIPTION + "Support is only required for 'active'." + + MODULE IF-MIB + MANDATORY-GROUPS { ifStackGroup2 } + ::= { ifInvCompliances 1 } + +-- units of conformance + +ifInvStackGroup OBJECT-GROUP + OBJECTS { ifInvStackStatus } + STATUS current + DESCRIPTION + "A collection of objects providing inverted information on + the layering of MIB-II interfaces." + ::= { ifInvGroups 1 } + +END diff --git a/data/mibs/IF-MIB.txt b/data/mibs/IF-MIB.txt new file mode 100644 index 000000000..7704f0c25 --- /dev/null +++ b/data/mibs/IF-MIB.txt @@ -0,0 +1,1814 @@ +IF-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, Counter64, + Integer32, TimeTicks, mib-2, + NOTIFICATION-TYPE FROM SNMPv2-SMI + TEXTUAL-CONVENTION, DisplayString, + PhysAddress, TruthValue, RowStatus, + TimeStamp, AutonomousType, TestAndIncr FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + snmpTraps FROM SNMPv2-MIB + IANAifType FROM IANAifType-MIB; + +ifMIB MODULE-IDENTITY + LAST-UPDATED "200006140000Z" + ORGANIZATION "IETF Interfaces MIB Working Group" + CONTACT-INFO + " Keith McCloghrie + Cisco Systems, Inc. + 170 West Tasman Drive + San Jose, CA 95134-1706 + US + + 408-526-5260 + kzm@cisco.com" + DESCRIPTION + "The MIB module to describe generic objects for network + interface sub-layers. This MIB is an updated version of + MIB-II's ifTable, and incorporates the extensions defined in + RFC 1229." + + REVISION "200006140000Z" + DESCRIPTION + "Clarifications agreed upon by the Interfaces MIB WG, and + published as RFC 2863." + REVISION "199602282155Z" + DESCRIPTION + "Revisions made by the Interfaces MIB WG, and published in + RFC 2233." + REVISION "199311082155Z" + DESCRIPTION + "Initial revision, published as part of RFC 1573." + ::= { mib-2 31 } + +ifMIBObjects OBJECT IDENTIFIER ::= { ifMIB 1 } + +interfaces OBJECT IDENTIFIER ::= { mib-2 2 } + +-- +-- Textual Conventions +-- + +-- OwnerString has the same semantics as used in RFC 1271 + +OwnerString ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS deprecated + DESCRIPTION + "This data type is used to model an administratively + assigned name of the owner of a resource. This information + is taken from the NVT ASCII character set. It is suggested + that this name contain one or more of the following: ASCII + form of the manager station's transport address, management + station name (e.g., domain name), network management + personnel's name, location, or phone number. In some cases + the agent itself will be the owner of an entry. In these + cases, this string shall be set to a string starting with + 'agent'." + SYNTAX OCTET STRING (SIZE(0..255)) + +-- InterfaceIndex contains the semantics of ifIndex and should be used +-- for any objects defined in other MIB modules that need these semantics. + +InterfaceIndex ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each interface or + interface sub-layer in the managed system. It is + recommended that values are assigned contiguously starting + from 1. The value for each interface sub-layer must remain + constant at least from one re-initialization of the entity's + network management system to the next re-initialization." + SYNTAX Integer32 (1..2147483647) + +InterfaceIndexOrZero ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "This textual convention is an extension of the + InterfaceIndex convention. The latter defines a greater + than zero value used to identify an interface or interface + sub-layer in the managed system. This extension permits the + additional value of zero. the value zero is object-specific + and must therefore be defined as part of the description of + any object which uses this syntax. Examples of the usage of + zero might include situations where interface was unknown, + or when none or all interfaces need to be referenced." + SYNTAX Integer32 (0..2147483647) + +ifNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of network interfaces (regardless of their + current state) present on this system." + ::= { interfaces 1 } + +ifTableLastChange OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time of the last creation or + deletion of an entry in the ifTable. If the number of + entries has been unchanged since the last re-initialization + of the local network management subsystem, then this object + contains a zero value." + ::= { ifMIBObjects 5 } + +-- the Interfaces table + +-- The Interfaces table contains information on the entity's + +-- interfaces. Each sub-layer below the internetwork-layer +-- of a network interface is considered to be an interface. + +ifTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of interface entries. The number of entries is + given by the value of ifNumber." + ::= { interfaces 2 } + +ifEntry OBJECT-TYPE + SYNTAX IfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular interface." + INDEX { ifIndex } + ::= { ifTable 1 } + +IfEntry ::= + SEQUENCE { + ifIndex InterfaceIndex, + ifDescr DisplayString, + ifType IANAifType, + ifMtu Integer32, + ifSpeed Gauge32, + ifPhysAddress PhysAddress, + ifAdminStatus INTEGER, + ifOperStatus INTEGER, + ifLastChange TimeTicks, + ifInOctets Counter32, + ifInUcastPkts Counter32, + ifInNUcastPkts Counter32, -- deprecated + ifInDiscards Counter32, + ifInErrors Counter32, + ifInUnknownProtos Counter32, + ifOutOctets Counter32, + ifOutUcastPkts Counter32, + ifOutNUcastPkts Counter32, -- deprecated + ifOutDiscards Counter32, + ifOutErrors Counter32, + ifOutQLen Gauge32, -- deprecated + ifSpecific OBJECT IDENTIFIER -- deprecated + } + +ifIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each interface. It + is recommended that values are assigned contiguously + starting from 1. The value for each interface sub-layer + must remain constant at least from one re-initialization of + the entity's network management system to the next re- + initialization." + ::= { ifEntry 1 } + +ifDescr OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual string containing information about the + interface. This string should include the name of the + manufacturer, the product name and the version of the + interface hardware/software." + ::= { ifEntry 2 } + +ifType OBJECT-TYPE + SYNTAX IANAifType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of interface. Additional values for ifType are + assigned by the Internet Assigned Numbers Authority (IANA), + through updating the syntax of the IANAifType textual + convention." + ::= { ifEntry 3 } + +ifMtu OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest packet which can be sent/received + on the interface, specified in octets. For interfaces that + are used for transmitting network datagrams, this is the + size of the largest network datagram that can be sent on the + interface." + ::= { ifEntry 4 } + +ifSpeed OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An estimate of the interface's current bandwidth in bits + per second. For interfaces which do not vary in bandwidth + or for those where no accurate estimation can be made, this + object should contain the nominal bandwidth. If the + bandwidth of the interface is greater than the maximum value + reportable by this object then this object should report its + maximum value (4,294,967,295) and ifHighSpeed must be used + to report the interace's speed. For a sub-layer which has + no concept of bandwidth, this object should be zero." + ::= { ifEntry 5 } + +ifPhysAddress OBJECT-TYPE + SYNTAX PhysAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a MAC address. The interface's media-specific MIB + must define the bit and byte ordering and the format of the + value of this object. For interfaces which do not have such + an address (e.g., a serial line), this object should contain + an octet string of zero length." + ::= { ifEntry 6 } + +ifAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + down(2), + testing(3) -- in some test mode + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The desired state of the interface. The testing(3) state + indicates that no operational packets can be passed. When a + managed system initializes, all interfaces start with + ifAdminStatus in the down(2) state. As a result of either + explicit management action or per configuration information + retained by the managed system, ifAdminStatus is then + changed to either the up(1) or testing(3) states (or remains + in the down(2) state)." + ::= { ifEntry 7 } + +ifOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + down(2), + testing(3), -- in some test mode + unknown(4), -- status can not be determined + -- for some reason. + dormant(5), + notPresent(6), -- some component is missing + lowerLayerDown(7) -- down due to state of + -- lower-layer interface(s) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operational state of the interface. The + testing(3) state indicates that no operational packets can + be passed. If ifAdminStatus is down(2) then ifOperStatus + should be down(2). If ifAdminStatus is changed to up(1) + then ifOperStatus should change to up(1) if the interface is + ready to transmit and receive network traffic; it should + change to dormant(5) if the interface is waiting for + external actions (such as a serial line waiting for an + incoming connection); it should remain in the down(2) state + if and only if there is a fault that prevents it from going + to the up(1) state; it should remain in the notPresent(6) + state if the interface has missing (typically, hardware) + components." + ::= { ifEntry 8 } + +ifLastChange OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the interface entered + its current operational state. If the current state was + entered prior to the last re-initialization of the local + network management subsystem, then this object contains a + zero value." + ::= { ifEntry 9 } + +ifInOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 10 } + +ifInUcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were not addressed to a multicast + or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 11 } + +ifInNUcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a multicast or + broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime. + + This object is deprecated in favour of ifInMulticastPkts and + ifInBroadcastPkts." + ::= { ifEntry 12 } + +ifInDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound packets which were chosen to be + discarded even though no errors had been detected to prevent + + their being deliverable to a higher-layer protocol. One + possible reason for discarding such a packet could be to + free up buffer space. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 13 } + +ifInErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of inbound + transmission units that contained errors preventing them + from being deliverable to a higher-layer protocol. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 14 } + +ifInUnknownProtos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For packet-oriented interfaces, the number of packets + received via the interface which were discarded because of + an unknown or unsupported protocol. For character-oriented + or fixed-length interfaces that support protocol + multiplexing the number of transmission units received via + the interface which were discarded because of an unknown or + unsupported protocol. For any interface that does not + support protocol multiplexing, this counter will always be + 0. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 15 } + +ifOutOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 16 } + +ifOutUcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were not addressed to a + multicast or broadcast address at this sub-layer, including + those that were discarded or not sent. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 17 } + +ifOutNUcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were addressed to a + multicast or broadcast address at this sub-layer, including + those that were discarded or not sent. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime. + + This object is deprecated in favour of ifOutMulticastPkts + and ifOutBroadcastPkts." + ::= { ifEntry 18 } + +ifOutDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound packets which were chosen to be + discarded even though no errors had been detected to prevent + their being transmitted. One possible reason for discarding + such a packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 19 } + +ifOutErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifEntry 20 } + +ifOutQLen OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The length of the output packet queue (in packets)." + ::= { ifEntry 21 } + +ifSpecific OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "A reference to MIB definitions specific to the particular + media being used to realize the interface. It is + + recommended that this value point to an instance of a MIB + object in the media-specific MIB, i.e., that this object + have the semantics associated with the InstancePointer + textual convention defined in RFC 2579. In fact, it is + recommended that the media-specific MIB specify what value + ifSpecific should/can take for values of ifType. If no MIB + definitions specific to the particular media are available, + the value should be set to the OBJECT IDENTIFIER { 0 0 }." + ::= { ifEntry 22 } + +-- +-- Extension to the interface table +-- +-- This table replaces the ifExtnsTable table. +-- + +ifXTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfXEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of interface entries. The number of entries is + given by the value of ifNumber. This table contains + additional objects for the interface table." + ::= { ifMIBObjects 1 } + +ifXEntry OBJECT-TYPE + SYNTAX IfXEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing additional management information + applicable to a particular interface." + AUGMENTS { ifEntry } + ::= { ifXTable 1 } + +IfXEntry ::= + SEQUENCE { + ifName DisplayString, + ifInMulticastPkts Counter32, + ifInBroadcastPkts Counter32, + ifOutMulticastPkts Counter32, + ifOutBroadcastPkts Counter32, + ifHCInOctets Counter64, + ifHCInUcastPkts Counter64, + ifHCInMulticastPkts Counter64, + ifHCInBroadcastPkts Counter64, + ifHCOutOctets Counter64, + ifHCOutUcastPkts Counter64, + ifHCOutMulticastPkts Counter64, + ifHCOutBroadcastPkts Counter64, + ifLinkUpDownTrapEnable INTEGER, + ifHighSpeed Gauge32, + ifPromiscuousMode TruthValue, + ifConnectorPresent TruthValue, + ifAlias DisplayString, + ifCounterDiscontinuityTime TimeStamp + } + +ifName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The textual name of the interface. The value of this + object should be the name of the interface as assigned by + the local device and should be suitable for use in commands + entered at the device's `console'. This might be a text + name, such as `le0' or a simple port number, such as `1', + depending on the interface naming syntax of the device. If + several entries in the ifTable together represent a single + interface as named by the device, then each will have the + same value of ifName. Note that for an agent which responds + to SNMP queries concerning an interface on some other + (proxied) device, then the value of ifName for such an + interface is the proxied device's local name for it. + + If there is no local name, or this object is otherwise not + applicable, then this object contains a zero-length string." + ::= { ifXEntry 1 } + +ifInMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a multicast + address at this sub-layer. For a MAC layer protocol, this + includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 2 } + +ifInBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 3 } + +ifOutMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were addressed to a + multicast address at this sub-layer, including those that + were discarded or not sent. For a MAC layer protocol, this + includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 4 } + +ifOutBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were addressed to a + broadcast address at this sub-layer, including those that + were discarded or not sent. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 5 } + +-- +-- High Capacity Counter objects. These objects are all +-- 64 bit versions of the "basic" ifTable counters. These +-- objects all have the same basic semantics as their 32-bit +-- counterparts, however, their syntax has been extended +-- to 64 bits. +-- + +ifHCInOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received on the interface, + including framing characters. This object is a 64-bit + version of ifInOctets. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 6 } + +ifHCInUcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were not addressed to a multicast + or broadcast address at this sub-layer. This object is a + 64-bit version of ifInUcastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 7 } + +ifHCInMulticastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a multicast + address at this sub-layer. For a MAC layer protocol, this + includes both Group and Functional addresses. This object + is a 64-bit version of ifInMulticastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 8 } + +ifHCInBroadcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, which were addressed to a broadcast + address at this sub-layer. This object is a 64-bit version + of ifInBroadcastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 9 } + +ifHCOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted out of the + interface, including framing characters. This object is a + 64-bit version of ifOutOctets. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 10 } + +ifHCOutUcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were not addressed to a + multicast or broadcast address at this sub-layer, including + those that were discarded or not sent. This object is a + 64-bit version of ifOutUcastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 11 } + +ifHCOutMulticastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were addressed to a + multicast address at this sub-layer, including those that + were discarded or not sent. For a MAC layer protocol, this + includes both Group and Functional addresses. This object + is a 64-bit version of ifOutMulticastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 12 } + +ifHCOutBroadcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets that higher-level protocols + requested be transmitted, and which were addressed to a + broadcast address at this sub-layer, including those that + were discarded or not sent. This object is a 64-bit version + of ifOutBroadcastPkts. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ifCounterDiscontinuityTime." + ::= { ifXEntry 13 } + +ifLinkUpDownTrapEnable OBJECT-TYPE + SYNTAX INTEGER { enabled(1), disabled(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates whether linkUp/linkDown traps should be generated + for this interface. + + By default, this object should have the value enabled(1) for + interfaces which do not operate on 'top' of any other + interface (as defined in the ifStackTable), and disabled(2) + otherwise." + ::= { ifXEntry 14 } + +ifHighSpeed OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An estimate of the interface's current bandwidth in units + of 1,000,000 bits per second. If this object reports a + value of `n' then the speed of the interface is somewhere in + the range of `n-500,000' to `n+499,999'. For interfaces + which do not vary in bandwidth or for those where no + accurate estimation can be made, this object should contain + the nominal bandwidth. For a sub-layer which has no concept + of bandwidth, this object should be zero." + ::= { ifXEntry 15 } + +ifPromiscuousMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object has a value of false(2) if this interface only + accepts packets/frames that are addressed to this station. + This object has a value of true(1) when the station accepts + all packets/frames transmitted on the media. The value + true(1) is only legal on certain types of media. If legal, + setting this object to a value of true(1) may require the + interface to be reset before becoming effective. + + The value of ifPromiscuousMode does not affect the reception + of broadcast and multicast packets/frames by the interface." + ::= { ifXEntry 16 } + +ifConnectorPresent OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object has the value 'true(1)' if the interface + sublayer has a physical connector and the value 'false(2)' + otherwise." + ::= { ifXEntry 17 } + +ifAlias OBJECT-TYPE + SYNTAX DisplayString (SIZE(0..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is an 'alias' name for the interface as + specified by a network manager, and provides a non-volatile + 'handle' for the interface. + + On the first instantiation of an interface, the value of + ifAlias associated with that interface is the zero-length + string. As and when a value is written into an instance of + ifAlias through a network management set operation, then the + agent must retain the supplied value in the ifAlias instance + associated with the same interface for as long as that + interface remains instantiated, including across all re- + initializations/reboots of the network management system, + including those which result in a change of the interface's + ifIndex value. + + An example of the value which a network manager might store + in this object for a WAN interface is the (Telco's) circuit + number/identifier of the interface. + + Some agents may support write-access only for interfaces + having particular values of ifType. An agent which supports + write access to this object is required to keep the value in + non-volatile storage, but it may limit the length of new + values depending on how much storage is already occupied by + the current values for other interfaces." + ::= { ifXEntry 18 } + +ifCounterDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + any one or more of this interface's counters suffered a + discontinuity. The relevant counters are the specific + instances associated with this interface of any Counter32 or + + Counter64 object contained in the ifTable or ifXTable. If + no such discontinuities have occurred since the last re- + initialization of the local management subsystem, then this + object contains a zero value." + ::= { ifXEntry 19 } + +-- The Interface Stack Group +-- +-- Implementation of this group is optional, but strongly recommended +-- for all systems +-- + +ifStackTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfStackEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing information on the relationships + between the multiple sub-layers of network interfaces. In + particular, it contains information on which sub-layers run + 'on top of' which other sub-layers, where each sub-layer + corresponds to a conceptual row in the ifTable. For + example, when the sub-layer with ifIndex value x runs over + the sub-layer with ifIndex value y, then this table + contains: + + ifStackStatus.x.y=active + + For each ifIndex value, I, which identifies an active + interface, there are always at least two instantiated rows + in this table associated with I. For one of these rows, I + is the value of ifStackHigherLayer; for the other, I is the + value of ifStackLowerLayer. (If I is not involved in + multiplexing, then these are the only two rows associated + with I.) + + For example, two rows exist even for an interface which has + no others stacked on top or below it: + + ifStackStatus.0.x=active + ifStackStatus.x.0=active " + ::= { ifMIBObjects 2 } + +ifStackEntry OBJECT-TYPE + SYNTAX IfStackEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information on a particular relationship between two sub- + layers, specifying that one sub-layer runs on 'top' of the + other sub-layer. Each sub-layer corresponds to a conceptual + row in the ifTable." + INDEX { ifStackHigherLayer, ifStackLowerLayer } + ::= { ifStackTable 1 } + +IfStackEntry ::= + SEQUENCE { + ifStackHigherLayer InterfaceIndexOrZero, + ifStackLowerLayer InterfaceIndexOrZero, + ifStackStatus RowStatus + } + +ifStackHigherLayer OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of ifIndex corresponding to the higher sub-layer + of the relationship, i.e., the sub-layer which runs on 'top' + of the sub-layer identified by the corresponding instance of + ifStackLowerLayer. If there is no higher sub-layer (below + the internetwork layer), then this object has the value 0." + ::= { ifStackEntry 1 } + +ifStackLowerLayer OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of ifIndex corresponding to the lower sub-layer + of the relationship, i.e., the sub-layer which runs 'below' + the sub-layer identified by the corresponding instance of + ifStackHigherLayer. If there is no lower sub-layer, then + this object has the value 0." + ::= { ifStackEntry 2 } + +ifStackStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of the relationship between two sub-layers. + + Changing the value of this object from 'active' to + 'notInService' or 'destroy' will likely have consequences up + and down the interface stack. Thus, write access to this + object is likely to be inappropriate for some types of + interfaces, and many implementations will choose not to + support write-access for any type of interface." + ::= { ifStackEntry 3 } + +ifStackLastChange OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time of the last change of + the (whole) interface stack. A change of the interface + stack is defined to be any creation, deletion, or change in + value of any instance of ifStackStatus. If the interface + stack has been unchanged since the last re-initialization of + the local network management subsystem, then this object + contains a zero value." + ::= { ifMIBObjects 6 } + +-- Generic Receive Address Table +-- +-- This group of objects is mandatory for all types of +-- interfaces which can receive packets/frames addressed to +-- more than one address. +-- +-- This table replaces the ifExtnsRcvAddr table. The main +-- difference is that this table makes use of the RowStatus +-- textual convention, while ifExtnsRcvAddr did not. + +ifRcvAddressTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfRcvAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains an entry for each address (broadcast, + multicast, or uni-cast) for which the system will receive + packets/frames on a particular interface, except as follows: + + - for an interface operating in promiscuous mode, entries + are only required for those addresses for which the system + would receive frames were it not operating in promiscuous + mode. + + - for 802.5 functional addresses, only one entry is + required, for the address which has the functional address + bit ANDed with the bit mask of all functional addresses for + which the interface will accept frames. + + A system is normally able to use any unicast address which + corresponds to an entry in this table as a source address." + ::= { ifMIBObjects 4 } + +ifRcvAddressEntry OBJECT-TYPE + SYNTAX IfRcvAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of objects identifying an address for which the + system will accept packets/frames on the particular + interface identified by the index value ifIndex." + INDEX { ifIndex, ifRcvAddressAddress } + ::= { ifRcvAddressTable 1 } + +IfRcvAddressEntry ::= + SEQUENCE { + ifRcvAddressAddress PhysAddress, + ifRcvAddressStatus RowStatus, + ifRcvAddressType INTEGER + } + +ifRcvAddressAddress OBJECT-TYPE + SYNTAX PhysAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An address for which the system will accept packets/frames + on this entry's interface." + ::= { ifRcvAddressEntry 1 } + +ifRcvAddressStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to create and delete rows in the + ifRcvAddressTable." + ::= { ifRcvAddressEntry 2 } + +ifRcvAddressType OBJECT-TYPE + SYNTAX INTEGER { + + other(1), + volatile(2), + nonVolatile(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object has the value nonVolatile(3) for those entries + in the table which are valid and will not be deleted by the + next restart of the managed system. Entries having the + value volatile(2) are valid and exist, but have not been + saved, so that will not exist after the next restart of the + managed system. Entries having the value other(1) are valid + and exist but are not classified as to whether they will + continue to exist after the next restart." + DEFVAL { volatile } + ::= { ifRcvAddressEntry 3 } + +-- definition of interface-related traps. + +linkDown NOTIFICATION-TYPE + OBJECTS { ifIndex, ifAdminStatus, ifOperStatus } + STATUS current + DESCRIPTION + "A linkDown trap signifies that the SNMP entity, acting in + an agent role, has detected that the ifOperStatus object for + one of its communication links is about to enter the down + state from some other state (but not from the notPresent + state). This other state is indicated by the included value + of ifOperStatus." + ::= { snmpTraps 3 } + +linkUp NOTIFICATION-TYPE + OBJECTS { ifIndex, ifAdminStatus, ifOperStatus } + STATUS current + DESCRIPTION + "A linkUp trap signifies that the SNMP entity, acting in an + agent role, has detected that the ifOperStatus object for + one of its communication links left the down state and + transitioned into some other state (but not into the + notPresent state). This other state is indicated by the + included value of ifOperStatus." + ::= { snmpTraps 4 } + +-- conformance information + +ifConformance OBJECT IDENTIFIER ::= { ifMIB 2 } + +ifGroups OBJECT IDENTIFIER ::= { ifConformance 1 } +ifCompliances OBJECT IDENTIFIER ::= { ifConformance 2 } + +-- compliance statements + +ifCompliance3 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which have + network interfaces." + + MODULE -- this module + MANDATORY-GROUPS { ifGeneralInformationGroup, + linkUpDownNotificationsGroup } + +-- The groups: +-- ifFixedLengthGroup +-- ifHCFixedLengthGroup +-- ifPacketGroup +-- ifHCPacketGroup +-- ifVHCPacketGroup +-- are mutually exclusive; at most one of these groups is implemented +-- for a particular interface. When any of these groups is implemented +-- for a particular interface, then ifCounterDiscontinuityGroup must +-- also be implemented for that interface. + + GROUP ifFixedLengthGroup + DESCRIPTION + "This group is mandatory for those network interfaces which + are character-oriented or transmit data in fixed-length + transmission units, and for which the value of the + corresponding instance of ifSpeed is less than or equal to + 20,000,000 bits/second." + + GROUP ifHCFixedLengthGroup + DESCRIPTION + "This group is mandatory for those network interfaces which + are character-oriented or transmit data in fixed-length + transmission units, and for which the value of the + corresponding instance of ifSpeed is greater than 20,000,000 + bits/second." + + GROUP ifPacketGroup + DESCRIPTION + "This group is mandatory for those network interfaces which + are packet-oriented, and for which the value of the + corresponding instance of ifSpeed is less than or equal to + 20,000,000 bits/second." + + GROUP ifHCPacketGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are packet-oriented and for which the value of the + corresponding instance of ifSpeed is greater than 20,000,000 + bits/second but less than or equal to 650,000,000 + bits/second." + + GROUP ifVHCPacketGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are packet-oriented and for which the value of the + corresponding instance of ifSpeed is greater than + 650,000,000 bits/second." + + GROUP ifCounterDiscontinuityGroup + DESCRIPTION + "This group is mandatory for those network interfaces that + are required to maintain counters (i.e., those for which one + of the ifFixedLengthGroup, ifHCFixedLengthGroup, + ifPacketGroup, ifHCPacketGroup, or ifVHCPacketGroup is + mandatory)." + + GROUP ifRcvAddressGroup + DESCRIPTION + "The applicability of this group MUST be defined by the + media-specific MIBs. Media-specific MIBs must define the + exact meaning, use, and semantics of the addresses in this + group." + + OBJECT ifLinkUpDownTrapEnable + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifPromiscuousMode + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifAdminStatus + SYNTAX INTEGER { up(1), down(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, nor is support for the value + testing(3)." + + OBJECT ifAlias + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { ifCompliances 3 } + +-- units of conformance + +ifGeneralInformationGroup OBJECT-GROUP + OBJECTS { ifIndex, ifDescr, ifType, ifSpeed, ifPhysAddress, + ifAdminStatus, ifOperStatus, ifLastChange, + ifLinkUpDownTrapEnable, ifConnectorPresent, + ifHighSpeed, ifName, ifNumber, ifAlias, + ifTableLastChange } + STATUS current + DESCRIPTION + "A collection of objects providing information applicable to + all network interfaces." + ::= { ifGroups 10 } + +-- the following five groups are mutually exclusive; at most +-- one of these groups is implemented for any interface + +ifFixedLengthGroup OBJECT-GROUP + OBJECTS { ifInOctets, ifOutOctets, ifInUnknownProtos, + ifInErrors, ifOutErrors } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + non-high speed (non-high speed interfaces transmit and + receive at speeds less than or equal to 20,000,000 + bits/second) character-oriented or fixed-length-transmission + network interfaces." + ::= { ifGroups 2 } + +ifHCFixedLengthGroup OBJECT-GROUP + OBJECTS { ifHCInOctets, ifHCOutOctets, + ifInOctets, ifOutOctets, ifInUnknownProtos, + ifInErrors, ifOutErrors } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + high speed (greater than 20,000,000 bits/second) character- + oriented or fixed-length-transmission network interfaces." + ::= { ifGroups 3 } + +ifPacketGroup OBJECT-GROUP + OBJECTS { ifInOctets, ifOutOctets, ifInUnknownProtos, + ifInErrors, ifOutErrors, + ifMtu, ifInUcastPkts, ifInMulticastPkts, + ifInBroadcastPkts, ifInDiscards, + ifOutUcastPkts, ifOutMulticastPkts, + ifOutBroadcastPkts, ifOutDiscards, + ifPromiscuousMode } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + non-high speed (non-high speed interfaces transmit and + receive at speeds less than or equal to 20,000,000 + bits/second) packet-oriented network interfaces." + ::= { ifGroups 4 } + +ifHCPacketGroup OBJECT-GROUP + OBJECTS { ifHCInOctets, ifHCOutOctets, + ifInOctets, ifOutOctets, ifInUnknownProtos, + ifInErrors, ifOutErrors, + ifMtu, ifInUcastPkts, ifInMulticastPkts, + ifInBroadcastPkts, ifInDiscards, + ifOutUcastPkts, ifOutMulticastPkts, + ifOutBroadcastPkts, ifOutDiscards, + ifPromiscuousMode } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + high speed (greater than 20,000,000 bits/second but less + than or equal to 650,000,000 bits/second) packet-oriented + network interfaces." + ::= { ifGroups 5 } + +ifVHCPacketGroup OBJECT-GROUP + OBJECTS { ifHCInUcastPkts, ifHCInMulticastPkts, + ifHCInBroadcastPkts, ifHCOutUcastPkts, + ifHCOutMulticastPkts, ifHCOutBroadcastPkts, + ifHCInOctets, ifHCOutOctets, + ifInOctets, ifOutOctets, ifInUnknownProtos, + ifInErrors, ifOutErrors, + ifMtu, ifInUcastPkts, ifInMulticastPkts, + ifInBroadcastPkts, ifInDiscards, + ifOutUcastPkts, ifOutMulticastPkts, + ifOutBroadcastPkts, ifOutDiscards, + ifPromiscuousMode } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + higher speed (greater than 650,000,000 bits/second) packet- + oriented network interfaces." + ::= { ifGroups 6 } + +ifRcvAddressGroup OBJECT-GROUP + OBJECTS { ifRcvAddressStatus, ifRcvAddressType } + STATUS current + DESCRIPTION + "A collection of objects providing information on the + multiple addresses which an interface receives." + ::= { ifGroups 7 } + +ifStackGroup2 OBJECT-GROUP + OBJECTS { ifStackStatus, ifStackLastChange } + STATUS current + DESCRIPTION + "A collection of objects providing information on the + layering of MIB-II interfaces." + ::= { ifGroups 11 } + +ifCounterDiscontinuityGroup OBJECT-GROUP + OBJECTS { ifCounterDiscontinuityTime } + STATUS current + DESCRIPTION + "A collection of objects providing information specific to + interface counter discontinuities." + ::= { ifGroups 13 } + +linkUpDownNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { linkUp, linkDown } + STATUS current + DESCRIPTION + "The notifications which indicate specific changes in the + value of ifOperStatus." + ::= { ifGroups 14 } + +-- Deprecated Definitions - Objects + +-- +-- The Interface Test Table +-- +-- This group of objects is optional. However, a media-specific + +-- MIB may make implementation of this group mandatory. +-- +-- This table replaces the ifExtnsTestTable +-- + +ifTestTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfTestEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "This table contains one entry per interface. It defines + objects which allow a network manager to instruct an agent + to test an interface for various faults. Tests for an + interface are defined in the media-specific MIB for that + interface. After invoking a test, the object ifTestResult + can be read to determine the outcome. If an agent can not + perform the test, ifTestResult is set to so indicate. The + object ifTestCode can be used to provide further test- + specific or interface-specific (or even enterprise-specific) + information concerning the outcome of the test. Only one + test can be in progress on each interface at any one time. + If one test is in progress when another test is invoked, the + second test is rejected. Some agents may reject a test when + a prior test is active on another interface. + + Before starting a test, a manager-station must first obtain + 'ownership' of the entry in the ifTestTable for the + interface to be tested. This is accomplished with the + ifTestId and ifTestStatus objects as follows: + + try_again: + get (ifTestId, ifTestStatus) + while (ifTestStatus != notInUse) + /* + * Loop while a test is running or some other + * manager is configuring a test. + */ + short delay + get (ifTestId, ifTestStatus) + } + + /* + * Is not being used right now -- let's compete + * to see who gets it. + */ + lock_value = ifTestId + + if ( set(ifTestId = lock_value, ifTestStatus = inUse, + ifTestOwner = 'my-IP-address') == FAILURE) + /* + * Another manager got the ifTestEntry -- go + * try again + */ + goto try_again; + + /* + * I have the lock + */ + set up any test parameters. + + /* + * This starts the test + */ + set(ifTestType = test_to_run); + + wait for test completion by polling ifTestResult + + when test completes, agent sets ifTestResult + agent also sets ifTestStatus = 'notInUse' + + retrieve any additional test results, and ifTestId + + if (ifTestId == lock_value+1) results are valid + + A manager station first retrieves the value of the + appropriate ifTestId and ifTestStatus objects, periodically + repeating the retrieval if necessary, until the value of + ifTestStatus is 'notInUse'. The manager station then tries + to set the same ifTestId object to the value it just + retrieved, the same ifTestStatus object to 'inUse', and the + corresponding ifTestOwner object to a value indicating + itself. If the set operation succeeds then the manager has + obtained ownership of the ifTestEntry, and the value of the + ifTestId object is incremented by the agent (per the + semantics of TestAndIncr). Failure of the set operation + indicates that some other manager has obtained ownership of + the ifTestEntry. + + Once ownership is obtained, any test parameters can be + setup, and then the test is initiated by setting ifTestType. + On completion of the test, the agent sets ifTestStatus to + 'notInUse'. Once this occurs, the manager can retrieve the + results. In the (rare) event that the invocation of tests + by two network managers were to overlap, then there would be + a possibility that the first test's results might be + overwritten by the second test's results prior to the first + + results being read. This unlikely circumstance can be + detected by a network manager retrieving ifTestId at the + same time as retrieving the test results, and ensuring that + the results are for the desired request. + + If ifTestType is not set within an abnormally long period of + time after ownership is obtained, the agent should time-out + the manager, and reset the value of the ifTestStatus object + back to 'notInUse'. It is suggested that this time-out + period be 5 minutes. + + In general, a management station must not retransmit a + request to invoke a test for which it does not receive a + response; instead, it properly inspects an agent's MIB to + determine if the invocation was successful. Only if the + invocation was unsuccessful, is the invocation request + retransmitted. + + Some tests may require the interface to be taken off-line in + order to execute them, or may even require the agent to + reboot after completion of the test. In these + circumstances, communication with the management station + invoking the test may be lost until after completion of the + test. An agent is not required to support such tests. + However, if such tests are supported, then the agent should + make every effort to transmit a response to the request + which invoked the test prior to losing communication. When + the agent is restored to normal service, the results of the + test are properly made available in the appropriate objects. + Note that this requires that the ifIndex value assigned to + an interface must be unchanged even if the test causes a + reboot. An agent must reject any test for which it cannot, + perhaps due to resource constraints, make available at least + the minimum amount of information after that test + completes." + ::= { ifMIBObjects 3 } + +ifTestEntry OBJECT-TYPE + SYNTAX IfTestEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "An entry containing objects for invoking tests on an + interface." + AUGMENTS { ifEntry } + ::= { ifTestTable 1 } + +IfTestEntry ::= + + SEQUENCE { + ifTestId TestAndIncr, + ifTestStatus INTEGER, + ifTestType AutonomousType, + ifTestResult INTEGER, + ifTestCode OBJECT IDENTIFIER, + ifTestOwner OwnerString + } + +ifTestId OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "This object identifies the current invocation of the + interface's test." + ::= { ifTestEntry 1 } + +ifTestStatus OBJECT-TYPE + SYNTAX INTEGER { notInUse(1), inUse(2) } + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "This object indicates whether or not some manager currently + has the necessary 'ownership' required to invoke a test on + this interface. A write to this object is only successful + when it changes its value from 'notInUse(1)' to 'inUse(2)'. + After completion of a test, the agent resets the value back + to 'notInUse(1)'." + ::= { ifTestEntry 2 } + +ifTestType OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "A control variable used to start and stop operator- + initiated interface tests. Most OBJECT IDENTIFIER values + assigned to tests are defined elsewhere, in association with + specific types of interface. However, this document assigns + a value for a full-duplex loopback test, and defines the + special meanings of the subject identifier: + + noTest OBJECT IDENTIFIER ::= { 0 0 } + + When the value noTest is written to this object, no action + is taken unless a test is in progress, in which case the + test is aborted. Writing any other value to this object is + + only valid when no test is currently in progress, in which + case the indicated test is initiated. + + When read, this object always returns the most recent value + that ifTestType was set to. If it has not been set since + the last initialization of the network management subsystem + on the agent, a value of noTest is returned." + ::= { ifTestEntry 3 } + +ifTestResult OBJECT-TYPE + SYNTAX INTEGER { + none(1), -- no test yet requested + success(2), + inProgress(3), + notSupported(4), + unAbleToRun(5), -- due to state of system + aborted(6), + failed(7) + } + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "This object contains the result of the most recently + requested test, or the value none(1) if no tests have been + requested since the last reset. Note that this facility + provides no provision for saving the results of one test + when starting another, as could be required if used by + multiple managers concurrently." + ::= { ifTestEntry 4 } + +ifTestCode OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "This object contains a code which contains more specific + information on the test result, for example an error-code + after a failed test. Error codes and other values this + object may take are specific to the type of interface and/or + test. The value may have the semantics of either the + AutonomousType or InstancePointer textual conventions as + defined in RFC 2579. The identifier: + + testCodeUnknown OBJECT IDENTIFIER ::= { 0 0 } + + is defined for use if no additional result code is + available." + ::= { ifTestEntry 5 } + +ifTestOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The entity which currently has the 'ownership' required to + invoke a test on this interface." + ::= { ifTestEntry 6 } + +-- Deprecated Definitions - Groups + +ifGeneralGroup OBJECT-GROUP + OBJECTS { ifDescr, ifType, ifSpeed, ifPhysAddress, + ifAdminStatus, ifOperStatus, ifLastChange, + ifLinkUpDownTrapEnable, ifConnectorPresent, + ifHighSpeed, ifName } + STATUS deprecated + DESCRIPTION + "A collection of objects deprecated in favour of + ifGeneralInformationGroup." + ::= { ifGroups 1 } + +ifTestGroup OBJECT-GROUP + OBJECTS { ifTestId, ifTestStatus, ifTestType, + ifTestResult, ifTestCode, ifTestOwner } + STATUS deprecated + DESCRIPTION + "A collection of objects providing the ability to invoke + tests on an interface." + ::= { ifGroups 8 } + +ifStackGroup OBJECT-GROUP + OBJECTS { ifStackStatus } + STATUS deprecated + DESCRIPTION + "The previous collection of objects providing information on + the layering of MIB-II interfaces." + ::= { ifGroups 9 } + +ifOldObjectsGroup OBJECT-GROUP + OBJECTS { ifInNUcastPkts, ifOutNUcastPkts, + ifOutQLen, ifSpecific } + STATUS deprecated + DESCRIPTION + "The collection of objects deprecated from the original MIB- + II interfaces group." + ::= { ifGroups 12 } + +-- Deprecated Definitions - Compliance + +ifCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "A compliance statement defined in a previous version of + this MIB module, for SNMP entities which have network + interfaces." + + MODULE -- this module + MANDATORY-GROUPS { ifGeneralGroup, ifStackGroup } + + GROUP ifFixedLengthGroup + DESCRIPTION + "This group is mandatory for all network interfaces which + are character-oriented or transmit data in fixed-length + transmission units." + + GROUP ifHCFixedLengthGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are character-oriented or transmit data in fixed- + length transmission units, and for which the value of the + corresponding instance of ifSpeed is greater than 20,000,000 + bits/second." + + GROUP ifPacketGroup + DESCRIPTION + "This group is mandatory for all network interfaces which + are packet-oriented." + + GROUP ifHCPacketGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are packet-oriented and for which the value of the + corresponding instance of ifSpeed is greater than + 650,000,000 bits/second." + + GROUP ifTestGroup + DESCRIPTION + "This group is optional. Media-specific MIBs which require + interface tests are strongly encouraged to use this group + for invoking tests and reporting results. A medium specific + MIB which has mandatory tests may make implementation of + + this group mandatory." + + GROUP ifRcvAddressGroup + DESCRIPTION + "The applicability of this group MUST be defined by the + media-specific MIBs. Media-specific MIBs must define the + exact meaning, use, and semantics of the addresses in this + group." + + OBJECT ifLinkUpDownTrapEnable + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifPromiscuousMode + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifStackStatus + SYNTAX INTEGER { active(1) } -- subset of RowStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, and only one of the six + enumerated values for the RowStatus textual convention need + be supported, specifically: active(1)." + + OBJECT ifAdminStatus + SYNTAX INTEGER { up(1), down(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, nor is support for the value + testing(3)." + ::= { ifCompliances 1 } + +ifCompliance2 MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "A compliance statement defined in a previous version of + this MIB module, for SNMP entities which have network + interfaces." + + MODULE -- this module + MANDATORY-GROUPS { ifGeneralInformationGroup, ifStackGroup2, + ifCounterDiscontinuityGroup } + + GROUP ifFixedLengthGroup + DESCRIPTION + "This group is mandatory for all network interfaces which + are character-oriented or transmit data in fixed-length + transmission units." + + GROUP ifHCFixedLengthGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are character-oriented or transmit data in fixed- + length transmission units, and for which the value of the + corresponding instance of ifSpeed is greater than 20,000,000 + bits/second." + + GROUP ifPacketGroup + DESCRIPTION + "This group is mandatory for all network interfaces which + are packet-oriented." + + GROUP ifHCPacketGroup + DESCRIPTION + "This group is mandatory only for those network interfaces + which are packet-oriented and for which the value of the + corresponding instance of ifSpeed is greater than + 650,000,000 bits/second." + + GROUP ifRcvAddressGroup + DESCRIPTION + "The applicability of this group MUST be defined by the + media-specific MIBs. Media-specific MIBs must define the + exact meaning, use, and semantics of the addresses in this + group." + + OBJECT ifLinkUpDownTrapEnable + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifPromiscuousMode + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT ifStackStatus + SYNTAX INTEGER { active(1) } -- subset of RowStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, and only one of the six + enumerated values for the RowStatus textual convention need + be supported, specifically: active(1)." + + OBJECT ifAdminStatus + SYNTAX INTEGER { up(1), down(2) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, nor is support for the value + testing(3)." + + OBJECT ifAlias + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { ifCompliances 2 } + +END diff --git a/data/mibs/INET-ADDRESS-MIB.txt b/data/mibs/INET-ADDRESS-MIB.txt new file mode 100644 index 000000000..a778cba6b --- /dev/null +++ b/data/mibs/INET-ADDRESS-MIB.txt @@ -0,0 +1,402 @@ +INET-ADDRESS-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, mib-2, Unsigned32 FROM SNMPv2-SMI + TEXTUAL-CONVENTION FROM SNMPv2-TC; + +inetAddressMIB MODULE-IDENTITY + LAST-UPDATED "200502040000Z" + ORGANIZATION + "IETF Operations and Management Area" + CONTACT-INFO + "Juergen Schoenwaelder (Editor) + International University Bremen + P.O. Box 750 561 + 28725 Bremen, Germany + + Phone: +49 421 200-3587 + EMail: j.schoenwaelder@iu-bremen.de + + Send comments to <ietfmibs@ops.ietf.org>." + DESCRIPTION + "This MIB module defines textual conventions for + representing Internet addresses. An Internet + address can be an IPv4 address, an IPv6 address, + or a DNS domain name. This module also defines + textual conventions for Internet port numbers, + autonomous system numbers, and the length of an + Internet address prefix. + + Copyright (C) The Internet Society (2005). This version + of this MIB module is part of RFC 4001, see the RFC + itself for full legal notices." + REVISION "200502040000Z" + DESCRIPTION + "Third version, published as RFC 4001. This revision + introduces the InetZoneIndex, InetScopeType, and + InetVersion textual conventions." + REVISION "200205090000Z" + DESCRIPTION + "Second version, published as RFC 3291. This + revision contains several clarifications and + introduces several new textual conventions: + InetAddressPrefixLength, InetPortNumber, + InetAutonomousSystemNumber, InetAddressIPv4z, + and InetAddressIPv6z." + REVISION "200006080000Z" + DESCRIPTION + "Initial version, published as RFC 2851." + ::= { mib-2 76 } + +InetAddressType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value that represents a type of Internet address. + + unknown(0) An unknown address type. This value MUST + be used if the value of the corresponding + InetAddress object is a zero-length string. + It may also be used to indicate an IP address + that is not in one of the formats defined + below. + + ipv4(1) An IPv4 address as defined by the + InetAddressIPv4 textual convention. + + ipv6(2) An IPv6 address as defined by the + InetAddressIPv6 textual convention. + + ipv4z(3) A non-global IPv4 address including a zone + index as defined by the InetAddressIPv4z + textual convention. + + ipv6z(4) A non-global IPv6 address including a zone + index as defined by the InetAddressIPv6z + textual convention. + + dns(16) A DNS domain name as defined by the + InetAddressDNS textual convention. + + Each definition of a concrete InetAddressType value must be + accompanied by a definition of a textual convention for use + with that InetAddressType. + + To support future extensions, the InetAddressType textual + convention SHOULD NOT be sub-typed in object type definitions. + It MAY be sub-typed in compliance statements in order to + require only a subset of these address types for a compliant + implementation. + + Implementations must ensure that InetAddressType objects + and any dependent objects (e.g., InetAddress objects) are + consistent. An inconsistentValue error must be generated + if an attempt to change an InetAddressType object would, + for example, lead to an undefined InetAddress value. In + + particular, InetAddressType/InetAddress pairs must be + changed together if the address type changes (e.g., from + ipv6(2) to ipv4(1))." + SYNTAX INTEGER { + unknown(0), + ipv4(1), + ipv6(2), + ipv4z(3), + ipv6z(4), + dns(16) + } + +InetAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Denotes a generic Internet address. + + An InetAddress value is always interpreted within the context + of an InetAddressType value. Every usage of the InetAddress + textual convention is required to specify the InetAddressType + object that provides the context. It is suggested that the + InetAddressType object be logically registered before the + object(s) that use the InetAddress textual convention, if + they appear in the same logical row. + + The value of an InetAddress object must always be + consistent with the value of the associated InetAddressType + object. Attempts to set an InetAddress object to a value + inconsistent with the associated InetAddressType + must fail with an inconsistentValue error. + + When this textual convention is used as the syntax of an + index object, there may be issues with the limit of 128 + sub-identifiers specified in SMIv2, STD 58. In this case, + the object definition MUST include a 'SIZE' clause to + limit the number of potential instance sub-identifiers; + otherwise the applicable constraints MUST be stated in + the appropriate conceptual row DESCRIPTION clauses, or + in the surrounding documentation if there is no single + DESCRIPTION clause that is appropriate." + SYNTAX OCTET STRING (SIZE (0..255)) + +InetAddressIPv4 ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1d.1d.1d.1d" + STATUS current + DESCRIPTION + "Represents an IPv4 network address: + + Octets Contents Encoding + 1-4 IPv4 address network-byte order + + The corresponding InetAddressType value is ipv4(1). + + This textual convention SHOULD NOT be used directly in object + definitions, as it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or in + conjunction with InetAddressType, as a pair." + SYNTAX OCTET STRING (SIZE (4)) + +InetAddressIPv6 ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:2x:2x:2x:2x:2x:2x:2x" + STATUS current + DESCRIPTION + "Represents an IPv6 network address: + + Octets Contents Encoding + 1-16 IPv6 address network-byte order + + The corresponding InetAddressType value is ipv6(2). + + This textual convention SHOULD NOT be used directly in object + definitions, as it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or in + conjunction with InetAddressType, as a pair." + SYNTAX OCTET STRING (SIZE (16)) + +InetAddressIPv4z ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1d.1d.1d.1d%4d" + STATUS current + DESCRIPTION + "Represents a non-global IPv4 network address, together + with its zone index: + + Octets Contents Encoding + 1-4 IPv4 address network-byte order + 5-8 zone index network-byte order + + The corresponding InetAddressType value is ipv4z(3). + + The zone index (bytes 5-8) is used to disambiguate identical + address values on nodes that have interfaces attached to + different zones of the same scope. The zone index may contain + the special value 0, which refers to the default zone for each + scope. + + This textual convention SHOULD NOT be used directly in object + + definitions, as it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or in + conjunction with InetAddressType, as a pair." + SYNTAX OCTET STRING (SIZE (8)) + +InetAddressIPv6z ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:2x:2x:2x:2x:2x:2x:2x%4d" + STATUS current + DESCRIPTION + "Represents a non-global IPv6 network address, together + with its zone index: + + Octets Contents Encoding + 1-16 IPv6 address network-byte order + 17-20 zone index network-byte order + + The corresponding InetAddressType value is ipv6z(4). + + The zone index (bytes 17-20) is used to disambiguate + identical address values on nodes that have interfaces + attached to different zones of the same scope. The zone index + may contain the special value 0, which refers to the default + zone for each scope. + + This textual convention SHOULD NOT be used directly in object + definitions, as it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or in + conjunction with InetAddressType, as a pair." + SYNTAX OCTET STRING (SIZE (20)) + +InetAddressDNS ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "Represents a DNS domain name. The name SHOULD be fully + qualified whenever possible. + + The corresponding InetAddressType is dns(16). + + The DESCRIPTION clause of InetAddress objects that may have + InetAddressDNS values MUST fully describe how (and when) + these names are to be resolved to IP addresses. + + The resolution of an InetAddressDNS value may require to + query multiple DNS records (e.g., A for IPv4 and AAAA for + IPv6). The order of the resolution process and which DNS + record takes precedence depends on the configuration of the + resolver. + + This textual convention SHOULD NOT be used directly in object + definitions, as it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or in + conjunction with InetAddressType, as a pair." + SYNTAX OCTET STRING (SIZE (1..255)) + +InetAddressPrefixLength ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "Denotes the length of a generic Internet network address + prefix. A value of n corresponds to an IP address mask + that has n contiguous 1-bits from the most significant + bit (MSB), with all other bits set to 0. + + An InetAddressPrefixLength value is always interpreted within + the context of an InetAddressType value. Every usage of the + InetAddressPrefixLength textual convention is required to + specify the InetAddressType object that provides the + context. It is suggested that the InetAddressType object be + logically registered before the object(s) that use the + InetAddressPrefixLength textual convention, if they appear + in the same logical row. + + InetAddressPrefixLength values larger than + the maximum length of an IP address for a specific + InetAddressType are treated as the maximum significant + value applicable for the InetAddressType. The maximum + significant value is 32 for the InetAddressType + 'ipv4(1)' and 'ipv4z(3)' and 128 for the InetAddressType + 'ipv6(2)' and 'ipv6z(4)'. The maximum significant value + for the InetAddressType 'dns(16)' is 0. + + The value zero is object-specific and must be defined as + part of the description of any object that uses this + syntax. Examples of the usage of zero might include + situations where the Internet network address prefix + is unknown or does not apply. + + The upper bound of the prefix length has been chosen to + be consistent with the maximum size of an InetAddress." + SYNTAX Unsigned32 (0..2040) + +InetPortNumber ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "Represents a 16 bit port number of an Internet transport + + layer protocol. Port numbers are assigned by IANA. A + current list of all assignments is available from + <http://www.iana.org/>. + + The value zero is object-specific and must be defined as + part of the description of any object that uses this + syntax. Examples of the usage of zero might include + situations where a port number is unknown, or when the + value zero is used as a wildcard in a filter." + REFERENCE "STD 6 (RFC 768), STD 7 (RFC 793) and RFC 2960" + SYNTAX Unsigned32 (0..65535) + +InetAutonomousSystemNumber ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "Represents an autonomous system number that identifies an + Autonomous System (AS). An AS is a set of routers under a + single technical administration, using an interior gateway + protocol and common metrics to route packets within the AS, + and using an exterior gateway protocol to route packets to + other ASes'. IANA maintains the AS number space and has + delegated large parts to the regional registries. + + Autonomous system numbers are currently limited to 16 bits + (0..65535). There is, however, work in progress to enlarge the + autonomous system number space to 32 bits. Therefore, this + textual convention uses an Unsigned32 value without a + range restriction in order to support a larger autonomous + system number space." + REFERENCE "RFC 1771, RFC 1930" + SYNTAX Unsigned32 + +InetScopeType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents a scope type. This textual convention can be used + in cases where a MIB has to represent different scope types + and there is no context information, such as an InetAddress + object, that implicitly defines the scope type. + + Note that not all possible values have been assigned yet, but + they may be assigned in future revisions of this specification. + Applications should therefore be able to deal with values + not yet assigned." + REFERENCE "RFC 3513" + SYNTAX INTEGER { + -- reserved(0), + interfaceLocal(1), + linkLocal(2), + subnetLocal(3), + adminLocal(4), + siteLocal(5), -- site-local unicast addresses + -- have been deprecated by RFC 3879 + -- unassigned(6), + -- unassigned(7), + organizationLocal(8), + -- unassigned(9), + -- unassigned(10), + -- unassigned(11), + -- unassigned(12), + -- unassigned(13), + global(14) + -- reserved(15) + } + +InetZoneIndex ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "A zone index identifies an instance of a zone of a + specific scope. + + The zone index MUST disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index (ifIndex as defined in the + IF-MIB) of the interface on which the address is configured. + + The zone index may contain the special value 0, which refers + to the default zone. The default zone may be used in cases + where the valid zone index is not known (e.g., when a + management application has to write a link-local IPv6 + address without knowing the interface index value). The + default zone SHOULD NOT be used as an easy way out in + cases where the zone index for a non-global IPv6 address + is known." + REFERENCE "RFC4007" + SYNTAX Unsigned32 + +InetVersion ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value representing a version of the IP protocol. + + unknown(0) An unknown or unspecified version of the IP + protocol. + + ipv4(1) The IPv4 protocol as defined in RFC 791 (STD 5). + + ipv6(2) The IPv6 protocol as defined in RFC 2460. + + Note that this textual convention SHOULD NOT be used to + distinguish different address types associated with IP + protocols. The InetAddressType has been designed for this + purpose." + REFERENCE "RFC 791, RFC 2460" + SYNTAX INTEGER { + unknown(0), + ipv4(1), + ipv6(2) + } +END diff --git a/data/mibs/IP-FORWARD-MIB.txt b/data/mibs/IP-FORWARD-MIB.txt new file mode 100644 index 000000000..347b5e004 --- /dev/null +++ b/data/mibs/IP-FORWARD-MIB.txt @@ -0,0 +1,1277 @@ +IP-FORWARD-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + IpAddress, Integer32, Gauge32, + Counter32 FROM SNMPv2-SMI + RowStatus FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + InterfaceIndexOrZero FROM IF-MIB + ip FROM IP-MIB + IANAipRouteProtocol FROM IANA-RTPROTO-MIB + InetAddress, InetAddressType, + InetAddressPrefixLength, + InetAutonomousSystemNumber FROM INET-ADDRESS-MIB; + +ipForward MODULE-IDENTITY + LAST-UPDATED "200602010000Z" + ORGANIZATION + "IETF IPv6 Working Group + http://www.ietf.org/html.charters/ipv6-charter.html" + CONTACT-INFO + "Editor: + Brian Haberman + Johns Hopkins University - Applied Physics Laboratory + Mailstop 17-S442 + 11100 Johns Hopkins Road + Laurel MD, 20723-6099 USA + + Phone: +1-443-778-1319 + Email: brian@innovationslab.net + + Send comments to <ipv6@ietf.org>" + DESCRIPTION + "The MIB module for the management of CIDR multipath IP + Routes. + + Copyright (C) The Internet Society (2006). This version + of this MIB module is a part of RFC 4292; see the RFC + itself for full legal notices." + + REVISION "200602010000Z" + DESCRIPTION + "IPv4/v6 version-independent revision. Minimal changes + were made to the original RFC 2096 MIB to allow easy + upgrade of existing IPv4 implementations to the + version-independent MIB. These changes include: + + Adding inetCidrRouteDiscards as a replacement for the + deprecated ipRoutingDiscards and ipv6DiscardedRoutes + objects. + + Adding a new conformance statement to support the + implementation of the IP Forwarding MIB in a + read-only mode. + + The inetCidrRouteTable replaces the IPv4-specific + ipCidrRouteTable, its related objects, and related + conformance statements. + + Published as RFC 4292." + + REVISION "199609190000Z" + DESCRIPTION + "Revised to support CIDR routes. + Published as RFC 2096." + + REVISION "199207022156Z" + DESCRIPTION + "Initial version, published as RFC 1354." + ::= { ip 24 } + +inetCidrRouteNumber OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current inetCidrRouteTable entries that + are not invalid." +::= { ipForward 6 } + +inetCidrRouteDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of valid route entries discarded from the + inetCidrRouteTable. Discarded route entries do not + appear in the inetCidrRouteTable. One possible reason + for discarding an entry would be to free-up buffer space + for other route table entries." + ::= { ipForward 8 } + +-- Inet CIDR Route Table + +-- The Inet CIDR Route Table deprecates and replaces the +-- ipCidrRoute Table currently in the IP Forwarding Table MIB. +-- It adds IP protocol independence. + +inetCidrRouteTable OBJECT-TYPE + SYNTAX SEQUENCE OF InetCidrRouteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This entity's IP Routing table." + REFERENCE + "RFC 1213 Section 6.6, The IP Group" + ::= { ipForward 7 } + +inetCidrRouteEntry OBJECT-TYPE + SYNTAX InetCidrRouteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A particular route to a particular destination, under a + particular policy (as reflected in the + inetCidrRoutePolicy object). + + Dynamically created rows will survive an agent reboot. + + Implementers need to be aware that if the total number + of elements (octets or sub-identifiers) in + inetCidrRouteDest, inetCidrRoutePolicy, and + inetCidrRouteNextHop exceeds 111, then OIDs of column + instances in this table will have more than 128 sub- + identifiers and cannot be accessed using SNMPv1, + SNMPv2c, or SNMPv3." + INDEX { + inetCidrRouteDestType, + inetCidrRouteDest, + inetCidrRoutePfxLen, + inetCidrRoutePolicy, + inetCidrRouteNextHopType, + inetCidrRouteNextHop + } + ::= { inetCidrRouteTable 1 } + +InetCidrRouteEntry ::= SEQUENCE { + inetCidrRouteDestType InetAddressType, + inetCidrRouteDest InetAddress, + inetCidrRoutePfxLen InetAddressPrefixLength, + inetCidrRoutePolicy OBJECT IDENTIFIER, + inetCidrRouteNextHopType InetAddressType, + inetCidrRouteNextHop InetAddress, + inetCidrRouteIfIndex InterfaceIndexOrZero, + inetCidrRouteType INTEGER, + inetCidrRouteProto IANAipRouteProtocol, + inetCidrRouteAge Gauge32, + inetCidrRouteNextHopAS InetAutonomousSystemNumber, + inetCidrRouteMetric1 Integer32, + inetCidrRouteMetric2 Integer32, + inetCidrRouteMetric3 Integer32, + inetCidrRouteMetric4 Integer32, + inetCidrRouteMetric5 Integer32, + inetCidrRouteStatus RowStatus + } + +inetCidrRouteDestType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of the inetCidrRouteDest address, as defined + in the InetAddress MIB. + + Only those address types that may appear in an actual + routing table are allowed as values of this object." + REFERENCE "RFC 4001" + ::= { inetCidrRouteEntry 1 } + +inetCidrRouteDest OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The destination IP address of this route. + + The type of this address is determined by the value of + the inetCidrRouteDestType object. + + The values for the index objects inetCidrRouteDest and + inetCidrRoutePfxLen must be consistent. When the value + of inetCidrRouteDest (excluding the zone index, if one + is present) is x, then the bitwise logical-AND + of x with the value of the mask formed from the + corresponding index object inetCidrRoutePfxLen MUST be + equal to x. If not, then the index pair is not + consistent and an inconsistentName error must be + returned on SET or CREATE requests." + ::= { inetCidrRouteEntry 2 } + +inetCidrRoutePfxLen OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the number of leading one bits that form the + mask to be logical-ANDed with the destination address + before being compared to the value in the + + inetCidrRouteDest field. + + The values for the index objects inetCidrRouteDest and + inetCidrRoutePfxLen must be consistent. When the value + of inetCidrRouteDest (excluding the zone index, if one + is present) is x, then the bitwise logical-AND + of x with the value of the mask formed from the + corresponding index object inetCidrRoutePfxLen MUST be + equal to x. If not, then the index pair is not + consistent and an inconsistentName error must be + returned on SET or CREATE requests." + ::= { inetCidrRouteEntry 3 } + +inetCidrRoutePolicy OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object is an opaque object without any defined + semantics. Its purpose is to serve as an additional + index that may delineate between multiple entries to + the same destination. The value { 0 0 } shall be used + as the default value for this object." + ::= { inetCidrRouteEntry 4 } + +inetCidrRouteNextHopType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of the inetCidrRouteNextHop address, as + defined in the InetAddress MIB. + + Value should be set to unknown(0) for non-remote + routes. + + Only those address types that may appear in an actual + routing table are allowed as values of this object." + REFERENCE "RFC 4001" + ::= { inetCidrRouteEntry 5 } + +inetCidrRouteNextHop OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "On remote routes, the address of the next system en + + route. For non-remote routes, a zero length string. + + The type of this address is determined by the value of + the inetCidrRouteNextHopType object." + ::= { inetCidrRouteEntry 6 } + +inetCidrRouteIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The ifIndex value that identifies the local interface + through which the next hop of this route should be + reached. A value of 0 is valid and represents the + scenario where no interface is specified." + ::= { inetCidrRouteEntry 7 } + +inetCidrRouteType OBJECT-TYPE + SYNTAX INTEGER { + other (1), -- not specified by this MIB + reject (2), -- route that discards traffic and + -- returns ICMP notification + local (3), -- local interface + remote (4), -- remote destination + blackhole(5) -- route that discards traffic + -- silently + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of route. Note that local(3) refers to a + route for which the next hop is the final destination; + remote(4) refers to a route for which the next hop is + not the final destination. + + Routes that do not result in traffic forwarding or + rejection should not be displayed, even if the + implementation keeps them stored internally. + + reject(2) refers to a route that, if matched, discards + the message as unreachable and returns a notification + (e.g., ICMP error) to the message sender. This is used + in some protocols as a means of correctly aggregating + routes. + + blackhole(5) refers to a route that, if matched, + discards the message silently." + ::= { inetCidrRouteEntry 8 } + +inetCidrRouteProto OBJECT-TYPE + SYNTAX IANAipRouteProtocol + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The routing mechanism via which this route was learned. + Inclusion of values for gateway routing protocols is + not intended to imply that hosts should support those + protocols." + ::= { inetCidrRouteEntry 9 } + +inetCidrRouteAge OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of seconds since this route was last updated + or otherwise determined to be correct. Note that no + semantics of 'too old' can be implied, except through + knowledge of the routing protocol by which the route + was learned." + ::= { inetCidrRouteEntry 10 } + +inetCidrRouteNextHopAS OBJECT-TYPE + SYNTAX InetAutonomousSystemNumber + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Autonomous System Number of the Next Hop. The + semantics of this object are determined by the routing- + protocol specified in the route's inetCidrRouteProto + value. When this object is unknown or not relevant, its + value should be set to zero." + DEFVAL { 0 } + ::= { inetCidrRouteEntry 11 } + +inetCidrRouteMetric1 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The primary routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's inetCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { inetCidrRouteEntry 12 } + +inetCidrRouteMetric2 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's inetCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { inetCidrRouteEntry 13 } + +inetCidrRouteMetric3 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's inetCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { inetCidrRouteEntry 14 } + +inetCidrRouteMetric4 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's inetCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { inetCidrRouteEntry 15 } + +inetCidrRouteMetric5 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + + protocol specified in the route's inetCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { inetCidrRouteEntry 16 } + +inetCidrRouteStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to row + installation and removal conventions. + + A row entry cannot be modified when the status is + marked as active(1)." + ::= { inetCidrRouteEntry 17 } + +-- Conformance information + +ipForwardConformance + OBJECT IDENTIFIER ::= { ipForward 5 } + +ipForwardGroups + OBJECT IDENTIFIER ::= { ipForwardConformance 1 } + +ipForwardCompliances + OBJECT IDENTIFIER ::= { ipForwardConformance 2 } + +-- Compliance statements + +ipForwardFullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "When this MIB is implemented for read-create, the + implementation can claim full compliance. + + There are a number of INDEX objects that cannot be + represented in the form of OBJECT clauses in SMIv2, + but for which there are compliance requirements, + expressed in OBJECT clause form in this description: + + -- OBJECT inetCidrRouteDestType + -- SYNTAX InetAddressType (ipv4(1), ipv6(2), + -- ipv4z(3), ipv6z(4)) + -- DESCRIPTION + -- This MIB requires support for global and + -- non-global ipv4 and ipv6 addresses. + + -- + -- OBJECT inetCidrRouteDest + -- SYNTAX InetAddress (SIZE (4 | 8 | 16 | 20)) + -- DESCRIPTION + -- This MIB requires support for global and + -- non-global IPv4 and IPv6 addresses. + -- + -- OBJECT inetCidrRouteNextHopType + -- SYNTAX InetAddressType (unknown(0), ipv4(1), + -- ipv6(2), ipv4z(3) + -- ipv6z(4)) + -- DESCRIPTION + -- This MIB requires support for global and + -- non-global ipv4 and ipv6 addresses. + -- + -- OBJECT inetCidrRouteNextHop + -- SYNTAX InetAddress (SIZE (0 | 4 | 8 | 16 | 20)) + -- DESCRIPTION + -- This MIB requires support for global and + -- non-global IPv4 and IPv6 addresses. + " + + MODULE -- this module + MANDATORY-GROUPS { inetForwardCidrRouteGroup } + + OBJECT inetCidrRouteStatus + SYNTAX RowStatus { active(1), notInService (2) } + WRITE-SYNTAX RowStatus { active(1), notInService (2), + createAndGo(4), destroy(6) } + DESCRIPTION "Support for createAndWait is not required." + ::= { ipForwardCompliances 3 } + +ipForwardReadOnlyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "When this MIB is implemented without support for read- + create (i.e., in read-only mode), the implementation can + claim read-only compliance." + MODULE -- this module + MANDATORY-GROUPS { inetForwardCidrRouteGroup } + + OBJECT inetCidrRouteIfIndex + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteNextHopAS + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteMetric1 + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteMetric2 + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteMetric3 + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteMetric4 + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteMetric5 + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT inetCidrRouteStatus + SYNTAX RowStatus { active(1) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { ipForwardCompliances 4 } + +-- units of conformance + +inetForwardCidrRouteGroup OBJECT-GROUP + OBJECTS { inetCidrRouteDiscards, + inetCidrRouteIfIndex, inetCidrRouteType, + inetCidrRouteProto, inetCidrRouteAge, + inetCidrRouteNextHopAS, inetCidrRouteMetric1, + inetCidrRouteMetric2, inetCidrRouteMetric3, + inetCidrRouteMetric4, inetCidrRouteMetric5, + inetCidrRouteStatus, inetCidrRouteNumber + } + STATUS current + DESCRIPTION + "The IP version-independent CIDR Route Table." + ::= { ipForwardGroups 4 } + +-- Deprecated Objects + +ipCidrRouteNumber OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of current ipCidrRouteTable entries that are + not invalid. This object is deprecated in favor of + inetCidrRouteNumber and the inetCidrRouteTable." + ::= { ipForward 3 } + +-- IP CIDR Route Table + +-- The IP CIDR Route Table obsoletes and replaces the ipRoute +-- Table current in MIB-I and MIB-II and the IP Forwarding Table. +-- It adds knowledge of the autonomous system of the next hop, +-- multiple next hops, policy routing, and Classless +-- Inter-Domain Routing. + +ipCidrRouteTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpCidrRouteEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "This entity's IP Routing table. This table has been + deprecated in favor of the IP version neutral + inetCidrRouteTable." + REFERENCE + "RFC 1213 Section 6.6, The IP Group" + ::= { ipForward 4 } + +ipCidrRouteEntry OBJECT-TYPE + SYNTAX IpCidrRouteEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "A particular route to a particular destination, under a + + particular policy." + INDEX { + ipCidrRouteDest, + ipCidrRouteMask, + ipCidrRouteTos, + ipCidrRouteNextHop + } + ::= { ipCidrRouteTable 1 } + +IpCidrRouteEntry ::= SEQUENCE { + ipCidrRouteDest IpAddress, + ipCidrRouteMask IpAddress, + ipCidrRouteTos Integer32, + ipCidrRouteNextHop IpAddress, + ipCidrRouteIfIndex Integer32, + ipCidrRouteType INTEGER, + ipCidrRouteProto INTEGER, + ipCidrRouteAge Integer32, + ipCidrRouteInfo OBJECT IDENTIFIER, + ipCidrRouteNextHopAS Integer32, + ipCidrRouteMetric1 Integer32, + ipCidrRouteMetric2 Integer32, + ipCidrRouteMetric3 Integer32, + ipCidrRouteMetric4 Integer32, + ipCidrRouteMetric5 Integer32, + ipCidrRouteStatus RowStatus + } + +ipCidrRouteDest OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The destination IP address of this route. + + This object may not take a Multicast (Class D) address + value. + + Any assignment (implicit or otherwise) of an instance + of this object to a value x must be rejected if the + bitwise logical-AND of x with the value of the + corresponding instance of the ipCidrRouteMask object is + not equal to x." + ::= { ipCidrRouteEntry 1 } + +ipCidrRouteMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "Indicate the mask to be logical-ANDed with the + destination address before being compared to the value + in the ipCidrRouteDest field. For those systems that + do not support arbitrary subnet masks, an agent + constructs the value of the ipCidrRouteMask by + reference to the IP Address Class. + + Any assignment (implicit or otherwise) of an instance + of this object to a value x must be rejected if the + bitwise logical-AND of x with the value of the + corresponding instance of the ipCidrRouteDest object is + not equal to ipCidrRouteDest." + ::= { ipCidrRouteEntry 2 } + +-- The following convention is included for specification +-- of TOS Field contents. At this time, the Host Requirements +-- and the Router Requirements documents disagree on the width +-- of the TOS field. This mapping describes the Router +-- Requirements mapping, and leaves room to widen the TOS field +-- without impact to fielded systems. + +ipCidrRouteTos OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The policy specifier is the IP TOS Field. The encoding + of IP TOS is as specified by the following convention. + Zero indicates the default path if no more specific + policy applies. + + +-----+-----+-----+-----+-----+-----+-----+-----+ + | | | | + | PRECEDENCE | TYPE OF SERVICE | 0 | + | | | | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + IP TOS IP TOS + Field Policy Field Policy + Contents Code Contents Code + 0 0 0 0 ==> 0 0 0 0 1 ==> 2 + 0 0 1 0 ==> 4 0 0 1 1 ==> 6 + 0 1 0 0 ==> 8 0 1 0 1 ==> 10 + 0 1 1 0 ==> 12 0 1 1 1 ==> 14 + 1 0 0 0 ==> 16 1 0 0 1 ==> 18 + 1 0 1 0 ==> 20 1 0 1 1 ==> 22 + + 1 1 0 0 ==> 24 1 1 0 1 ==> 26 + 1 1 1 0 ==> 28 1 1 1 1 ==> 30" + ::= { ipCidrRouteEntry 3 } + +ipCidrRouteNextHop OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "On remote routes, the address of the next system en + route; Otherwise, 0.0.0.0." + ::= { ipCidrRouteEntry 4 } + +ipCidrRouteIfIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The ifIndex value that identifies the local interface + through which the next hop of this route should be + reached." + DEFVAL { 0 } + ::= { ipCidrRouteEntry 5 } + +ipCidrRouteType OBJECT-TYPE + SYNTAX INTEGER { + other (1), -- not specified by this MIB + reject (2), -- route that discards traffic + local (3), -- local interface + remote (4) -- remote destination + } + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The type of route. Note that local(3) refers to a + route for which the next hop is the final destination; + remote(4) refers to a route for which the next hop is + not the final destination. + + Routes that do not result in traffic forwarding or + rejection should not be displayed, even if the + implementation keeps them stored internally. + + reject (2) refers to a route that, if matched, + discards the message as unreachable. This is used in + some protocols as a means of correctly aggregating + routes." + ::= { ipCidrRouteEntry 6 } + +ipCidrRouteProto OBJECT-TYPE + SYNTAX INTEGER { + other (1), -- not specified + local (2), -- local interface + netmgmt (3), -- static route + icmp (4), -- result of ICMP Redirect + + -- the following are all dynamic + -- routing protocols + egp (5), -- Exterior Gateway Protocol + ggp (6), -- Gateway-Gateway Protocol + hello (7), -- FuzzBall HelloSpeak + rip (8), -- Berkeley RIP or RIP-II + isIs (9), -- Dual IS-IS + esIs (10), -- ISO 9542 + ciscoIgrp (11), -- Cisco IGRP + bbnSpfIgp (12), -- BBN SPF IGP + ospf (13), -- Open Shortest Path First + bgp (14), -- Border Gateway Protocol + idpr (15), -- InterDomain Policy Routing + ciscoEigrp (16) -- Cisco EIGRP + } + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The routing mechanism via which this route was learned. + Inclusion of values for gateway routing protocols is + not intended to imply that hosts should support those + protocols." + ::= { ipCidrRouteEntry 7 } + +ipCidrRouteAge OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of seconds since this route was last updated + or otherwise determined to be correct. Note that no + semantics of `too old' can be implied, except through + knowledge of the routing protocol by which the route + was learned." + DEFVAL { 0 } + ::= { ipCidrRouteEntry 8 } + +ipCidrRouteInfo OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "A reference to MIB definitions specific to the + particular routing protocol that is responsible for + this route, as determined by the value specified in the + route's ipCidrRouteProto value. If this information is + not present, its value should be set to the OBJECT + IDENTIFIER { 0 0 }, which is a syntactically valid + object identifier, and any implementation conforming to + ASN.1 and the Basic Encoding Rules must be able to + generate and recognize this value." + ::= { ipCidrRouteEntry 9 } + +ipCidrRouteNextHopAS OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The Autonomous System Number of the Next Hop. The + semantics of this object are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. When this object is unknown or not relevant, its + value should be set to zero." + DEFVAL { 0 } + ::= { ipCidrRouteEntry 10 } + +ipCidrRouteMetric1 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The primary routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { ipCidrRouteEntry 11 } + +ipCidrRouteMetric2 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. If this metric is not used, its value should be + + set to -1." + DEFVAL { -1 } + ::= { ipCidrRouteEntry 12 } + +ipCidrRouteMetric3 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { ipCidrRouteEntry 13 } + +ipCidrRouteMetric4 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { ipCidrRouteEntry 14 } + +ipCidrRouteMetric5 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipCidrRouteProto + value. If this metric is not used, its value should be + set to -1." + DEFVAL { -1 } + ::= { ipCidrRouteEntry 15 } + +ipCidrRouteStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The row status variable, used according to row + installation and removal conventions." + ::= { ipCidrRouteEntry 16 } + +-- compliance statements + +ipForwardCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for SNMPv2 entities that + implement the ipForward MIB. + + This compliance statement has been deprecated and + replaced with ipForwardFullCompliance and + ipForwardReadOnlyCompliance." + + MODULE -- this module + MANDATORY-GROUPS { ipForwardCidrRouteGroup } + ::= { ipForwardCompliances 1 } + +-- units of conformance + +ipForwardCidrRouteGroup OBJECT-GROUP + OBJECTS { ipCidrRouteNumber, + ipCidrRouteDest, ipCidrRouteMask, ipCidrRouteTos, + ipCidrRouteNextHop, ipCidrRouteIfIndex, + ipCidrRouteType, ipCidrRouteProto, ipCidrRouteAge, + ipCidrRouteInfo,ipCidrRouteNextHopAS, + ipCidrRouteMetric1, ipCidrRouteMetric2, + ipCidrRouteMetric3, ipCidrRouteMetric4, + ipCidrRouteMetric5, ipCidrRouteStatus + } + STATUS deprecated + DESCRIPTION + "The CIDR Route Table. + + This group has been deprecated and replaced with + inetForwardCidrRouteGroup." + ::= { ipForwardGroups 3 } + +-- Obsoleted Definitions - Objects + +ipForwardNumber OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The number of current ipForwardTable entries that are + not invalid." + ::= { ipForward 1 } + +-- IP Forwarding Table + +-- The IP Forwarding Table obsoletes and replaces the ipRoute +-- Table current in MIB-I and MIB-II. It adds knowledge of +-- the autonomous system of the next hop, multiple next hop +-- support, and policy routing support. + +ipForwardTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpForwardEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "This entity's IP Routing table." + REFERENCE + "RFC 1213 Section 6.6, The IP Group" + ::= { ipForward 2 } + +ipForwardEntry OBJECT-TYPE + SYNTAX IpForwardEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "A particular route to a particular destination, under a + particular policy." + INDEX { + ipForwardDest, + ipForwardProto, + ipForwardPolicy, + ipForwardNextHop + } + ::= { ipForwardTable 1 } + +IpForwardEntry ::= SEQUENCE { + ipForwardDest IpAddress, + ipForwardMask IpAddress, + ipForwardPolicy Integer32, + ipForwardNextHop IpAddress, + ipForwardIfIndex Integer32, + ipForwardType INTEGER, + ipForwardProto INTEGER, + ipForwardAge Integer32, + ipForwardInfo OBJECT IDENTIFIER, + ipForwardNextHopAS Integer32, + ipForwardMetric1 Integer32, + ipForwardMetric2 Integer32, + ipForwardMetric3 Integer32, + ipForwardMetric4 Integer32, + ipForwardMetric5 Integer32 + } + +ipForwardDest OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The destination IP address of this route. An entry + with a value of 0.0.0.0 is considered a default route. + + This object may not take a Multicast (Class D) address + value. + + Any assignment (implicit or otherwise) of an instance + of this object to a value x must be rejected if the + bitwise logical-AND of x with the value of the + corresponding instance of the ipForwardMask object is + not equal to x." + ::= { ipForwardEntry 1 } + +ipForwardMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Indicate the mask to be logical-ANDed with the + destination address before being compared to the value + in the ipForwardDest field. For those systems that do + not support arbitrary subnet masks, an agent constructs + the value of the ipForwardMask by reference to the IP + Address Class. + + Any assignment (implicit or otherwise) of an instance + of this object to a value x must be rejected if the + bitwise logical-AND of x with the value of the + corresponding instance of the ipForwardDest object is + not equal to ipForwardDest." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { ipForwardEntry 2 } + +-- The following convention is included for specification +-- of TOS Field contents. At this time, the Host Requirements +-- and the Router Requirements documents disagree on the width +-- of the TOS field. This mapping describes the Router + +-- Requirements mapping, and leaves room to widen the TOS field +-- without impact to fielded systems. + +ipForwardPolicy OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The general set of conditions that would cause + the selection of one multipath route (set of + next hops for a given destination) is referred + to as 'policy'. + + Unless the mechanism indicated by ipForwardProto + specifies otherwise, the policy specifier is + the IP TOS Field. The encoding of IP TOS is as + specified by the following convention. Zero + indicates the default path if no more specific + policy applies. + + +-----+-----+-----+-----+-----+-----+-----+-----+ + | | | | + | PRECEDENCE | TYPE OF SERVICE | 0 | + | | | | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + IP TOS IP TOS + Field Policy Field Policy + Contents Code Contents Code + 0 0 0 0 ==> 0 0 0 0 1 ==> 2 + 0 0 1 0 ==> 4 0 0 1 1 ==> 6 + 0 1 0 0 ==> 8 0 1 0 1 ==> 10 + 0 1 1 0 ==> 12 0 1 1 1 ==> 14 + 1 0 0 0 ==> 16 1 0 0 1 ==> 18 + 1 0 1 0 ==> 20 1 0 1 1 ==> 22 + 1 1 0 0 ==> 24 1 1 0 1 ==> 26 + 1 1 1 0 ==> 28 1 1 1 1 ==> 30 + + Protocols defining 'policy' otherwise must either + define a set of values that are valid for + this object or must implement an integer-instanced + policy table for which this object's + value acts as an index." + ::= { ipForwardEntry 3 } + +ipForwardNextHop OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "On remote routes, the address of the next system en + route; otherwise, 0.0.0.0." + ::= { ipForwardEntry 4 } + +ipForwardIfIndex OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The ifIndex value that identifies the local interface + through which the next hop of this route should be + reached." + DEFVAL { 0 } + ::= { ipForwardEntry 5 } + +ipForwardType OBJECT-TYPE + SYNTAX INTEGER { + other (1), -- not specified by this MIB + invalid (2), -- logically deleted + local (3), -- local interface + remote (4) -- remote destination + } + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The type of route. Note that local(3) refers to a + route for which the next hop is the final destination; + remote(4) refers to a route for which the next hop is + not the final destination. + + Setting this object to the value invalid(2) has the + effect of invalidating the corresponding entry in the + ipForwardTable object. That is, it effectively + disassociates the destination identified with said + entry from the route identified with said entry. It is + an implementation-specific matter as to whether the + agent removes an invalidated entry from the table. + Accordingly, management stations must be prepared to + receive tabular information from agents that + corresponds to entries not currently in use. Proper + interpretation of such entries requires examination of + the relevant ipForwardType object." + DEFVAL { invalid } + ::= { ipForwardEntry 6 } + +ipForwardProto OBJECT-TYPE + SYNTAX INTEGER { + other (1), -- not specified + local (2), -- local interface + netmgmt (3), -- static route + icmp (4), -- result of ICMP Redirect + + -- the following are all dynamic + -- routing protocols + egp (5), -- Exterior Gateway Protocol + ggp (6), -- Gateway-Gateway Protocol + hello (7), -- FuzzBall HelloSpeak + rip (8), -- Berkeley RIP or RIP-II + is-is (9), -- Dual IS-IS + es-is (10), -- ISO 9542 + ciscoIgrp (11), -- Cisco IGRP + bbnSpfIgp (12), -- BBN SPF IGP + ospf (13), -- Open Shortest Path First + bgp (14), -- Border Gateway Protocol + idpr (15) -- InterDomain Policy Routing + } + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The routing mechanism via which this route was learned. + Inclusion of values for gateway routing protocols is + not intended to imply that hosts should support those + protocols." + ::= { ipForwardEntry 7 } + +ipForwardAge OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The number of seconds since this route was last updated + or otherwise determined to be correct. Note that no + semantics of `too old' can be implied except through + knowledge of the routing protocol by which the route + was learned." + DEFVAL { 0 } + ::= { ipForwardEntry 8 } + +ipForwardInfo OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "A reference to MIB definitions specific to the + particular routing protocol that is responsible for + this route, as determined by the value specified in the + route's ipForwardProto value. If this information is + not present, its value should be set to the OBJECT + IDENTIFIER { 0 0 }, which is a syntactically valid + object identifier, and any implementation conforming to + ASN.1 and the Basic Encoding Rules must be able to + generate and recognize this value." + ::= { ipForwardEntry 9 } + +ipForwardNextHopAS OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The Autonomous System Number of the Next Hop. When + this is unknown or not relevant to the protocol + indicated by ipForwardProto, zero." + DEFVAL { 0 } + ::= { ipForwardEntry 10 } + +ipForwardMetric1 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The primary routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipForwardProto value. + If this metric is not used, its value should be set to + -1." + DEFVAL { -1 } + ::= { ipForwardEntry 11 } + +ipForwardMetric2 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipForwardProto value. + If this metric is not used, its value should be set to + -1." + DEFVAL { -1 } + ::= { ipForwardEntry 12 } + +ipForwardMetric3 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipForwardProto value. + If this metric is not used, its value should be set to + -1." + DEFVAL { -1 } + ::= { ipForwardEntry 13 } + +ipForwardMetric4 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipForwardProto value. + If this metric is not used, its value should be set to + -1." + DEFVAL { -1 } + ::= { ipForwardEntry 14 } + +ipForwardMetric5 OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the routing- + protocol specified in the route's ipForwardProto value. + If this metric is not used, its value should be set to + -1." + DEFVAL { -1 } + ::= { ipForwardEntry 15 } + +-- Obsoleted Definitions - Groups +-- compliance statements + +ipForwardOldCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for SNMP entities that + implement the ipForward MIB." + + MODULE -- this module + MANDATORY-GROUPS { ipForwardMultiPathGroup } + ::= { ipForwardCompliances 2 } + +ipForwardMultiPathGroup OBJECT-GROUP + OBJECTS { ipForwardNumber, + ipForwardDest, ipForwardMask, ipForwardPolicy, + ipForwardNextHop, ipForwardIfIndex, ipForwardType, + ipForwardProto, ipForwardAge, ipForwardInfo, + ipForwardNextHopAS, + ipForwardMetric1, ipForwardMetric2, ipForwardMetric3, + ipForwardMetric4, ipForwardMetric5 + } + STATUS obsolete + DESCRIPTION + "IP Multipath Route Table." + ::= { ipForwardGroups 2 } + +END diff --git a/data/mibs/IP-MIB.txt b/data/mibs/IP-MIB.txt new file mode 100644 index 000000000..fe2db5f23 --- /dev/null +++ b/data/mibs/IP-MIB.txt @@ -0,0 +1,4993 @@ +IP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Integer32, Counter32, IpAddress, + mib-2, Unsigned32, Counter64, + zeroDotZero FROM SNMPv2-SMI + PhysAddress, TruthValue, + TimeStamp, RowPointer, + TEXTUAL-CONVENTION, TestAndIncr, + RowStatus, StorageType FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + InetAddress, InetAddressType, + InetAddressPrefixLength, + InetVersion, InetZoneIndex FROM INET-ADDRESS-MIB + InterfaceIndex FROM IF-MIB; + +ipMIB MODULE-IDENTITY + LAST-UPDATED "200602020000Z" + ORGANIZATION "IETF IPv6 MIB Revision Team" + CONTACT-INFO + "Editor: + + Shawn A. Routhier + Interworking Labs + 108 Whispering Pines Dr. Suite 235 + Scotts Valley, CA 95066 + USA + EMail: <sar@iwl.com>" + DESCRIPTION + "The MIB module for managing IP and ICMP implementations, but + excluding their management of IP routes. + + Copyright (C) The Internet Society (2006). This version of + this MIB module is part of RFC 4293; see the RFC itself for + full legal notices." + + REVISION "200602020000Z" + DESCRIPTION + "The IP version neutral revision with added IPv6 objects for + ND, default routers, and router advertisements. As well as + being the successor to RFC 2011, this MIB is also the + successor to RFCs 2465 and 2466. Published as RFC 4293." + + REVISION "199411010000Z" + DESCRIPTION + "A separate MIB module (IP-MIB) for IP and ICMP management + objects. Published as RFC 2011." + + REVISION "199103310000Z" + DESCRIPTION + "The initial revision of this MIB module was part of MIB-II, + which was published as RFC 1213." + ::= { mib-2 48} + +-- +-- The textual conventions we define and use in this MIB. +-- + +IpAddressOriginTC ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The origin of the address. + + manual(2) indicates that the address was manually configured + to a specified address, e.g., by user configuration. + + dhcp(4) indicates an address that was assigned to this + system by a DHCP server. + + linklayer(5) indicates an address created by IPv6 stateless + + auto-configuration. + + random(6) indicates an address chosen by the system at + random, e.g., an IPv4 address within 169.254/16, or an RFC + 3041 privacy address." + SYNTAX INTEGER { + other(1), + manual(2), + dhcp(4), + linklayer(5), + random(6) + } + +IpAddressStatusTC ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The status of an address. Most of the states correspond to + states from the IPv6 Stateless Address Autoconfiguration + protocol. + + The preferred(1) state indicates that this is a valid + address that can appear as the destination or source address + of a packet. + + The deprecated(2) state indicates that this is a valid but + deprecated address that should no longer be used as a source + address in new communications, but packets addressed to such + an address are processed as expected. + + The invalid(3) state indicates that this isn't a valid + address and it shouldn't appear as the destination or source + address of a packet. + + The inaccessible(4) state indicates that the address is not + accessible because the interface to which this address is + assigned is not operational. + + The unknown(5) state indicates that the status cannot be + determined for some reason. + + The tentative(6) state indicates that the uniqueness of the + address on the link is being verified. Addresses in this + state should not be used for general communication and + should only be used to determine the uniqueness of the + address. + + The duplicate(7) state indicates the address has been + determined to be non-unique on the link and so must not be + + used. + + The optimistic(8) state indicates the address is available + for use, subject to restrictions, while its uniqueness on + a link is being verified. + + In the absence of other information, an IPv4 address is + always preferred(1)." + REFERENCE "RFC 2462" + SYNTAX INTEGER { + preferred(1), + deprecated(2), + invalid(3), + inaccessible(4), + unknown(5), + tentative(6), + duplicate(7), + optimistic(8) + } + +IpAddressPrefixOriginTC ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The origin of this prefix. + + manual(2) indicates a prefix that was manually configured. + + wellknown(3) indicates a well-known prefix, e.g., 169.254/16 + for IPv4 auto-configuration or fe80::/10 for IPv6 link-local + addresses. Well known prefixes may be assigned by IANA, + the address registries, or by specification in a standards + track RFC. + + dhcp(4) indicates a prefix that was assigned by a DHCP + server. + + routeradv(5) indicates a prefix learned from a router + advertisement. + + Note: while IpAddressOriginTC and IpAddressPrefixOriginTC + are similar, they are not identical. The first defines how + an address was created, while the second defines how a + prefix was found." + SYNTAX INTEGER { + other(1), + manual(2), + wellknown(3), + dhcp(4), + routeradv(5) + } + +Ipv6AddressIfIdentifierTC ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:" + STATUS current + DESCRIPTION + "This data type is used to model IPv6 address + interface identifiers. This is a binary string + of up to 8 octets in network byte-order." + SYNTAX OCTET STRING (SIZE (0..8)) + +-- +-- the IP general group +-- some objects that affect all of IPv4 +-- + +ip OBJECT IDENTIFIER ::= { mib-2 4 } + +ipForwarding OBJECT-TYPE + SYNTAX INTEGER { + forwarding(1), -- acting as a router + notForwarding(2) -- NOT acting as a router + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether this entity is acting as an IPv4 + router in respect to the forwarding of datagrams received + by, but not addressed to, this entity. IPv4 routers forward + datagrams. IPv4 hosts do not (except those source-routed + via the host). + + When this object is written, the entity should save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system. + Note: a stronger requirement is not used because this object + was previously defined." + ::= { ip 1 } + +ipDefaultTTL OBJECT-TYPE + SYNTAX Integer32 (1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The default value inserted into the Time-To-Live field of + the IPv4 header of datagrams originated at this entity, + whenever a TTL value is not supplied by the transport layer + + protocol. + + When this object is written, the entity should save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system. + Note: a stronger requirement is not used because this object + was previously defined." + ::= { ip 2 } + +ipReasmTimeout OBJECT-TYPE + SYNTAX Integer32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of seconds that received fragments are + held while they are awaiting reassembly at this entity." + ::= { ip 13 } + +-- +-- the IPv6 general group +-- Some objects that affect all of IPv6 +-- + +ipv6IpForwarding OBJECT-TYPE + SYNTAX INTEGER { + forwarding(1), -- acting as a router + notForwarding(2) -- NOT acting as a router + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether this entity is acting as an IPv6 + router on any interface in respect to the forwarding of + datagrams received by, but not addressed to, this entity. + IPv6 routers forward datagrams. IPv6 hosts do not (except + those source-routed via the host). + + When this object is written, the entity SHOULD save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system." + ::= { ip 25 } + +ipv6IpDefaultHopLimit OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The default value inserted into the Hop Limit field of the + IPv6 header of datagrams originated at this entity whenever + a Hop Limit value is not supplied by the transport layer + protocol. + + When this object is written, the entity SHOULD save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system." + REFERENCE "RFC 2461 Section 6.3.2" + ::= { ip 26 } + +-- +-- IPv4 Interface Table +-- + +ipv4InterfaceTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + a row in the ipv4InterfaceTable was added or deleted, or + when an ipv4InterfaceReasmMaxSize or an + ipv4InterfaceEnableStatus object was modified. + + If new objects are added to the ipv4InterfaceTable that + require the ipv4InterfaceTableLastChange to be updated when + they are modified, they must specify that requirement in + their description clause." + ::= { ip 27 } + +ipv4InterfaceTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv4InterfaceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing per-interface IPv4-specific + information." + ::= { ip 28 } + +ipv4InterfaceEntry OBJECT-TYPE + SYNTAX Ipv4InterfaceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing IPv4-specific information for a specific + interface." + INDEX { ipv4InterfaceIfIndex } + ::= { ipv4InterfaceTable 1 } + +Ipv4InterfaceEntry ::= SEQUENCE { + ipv4InterfaceIfIndex InterfaceIndex, + ipv4InterfaceReasmMaxSize Integer32, + ipv4InterfaceEnableStatus INTEGER, + ipv4InterfaceRetransmitTime Unsigned32 + } + +ipv4InterfaceIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipv4InterfaceEntry 1 } + +ipv4InterfaceReasmMaxSize OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest IPv4 datagram that this entity can + re-assemble from incoming IPv4 fragmented datagrams received + on this interface." + ::= { ipv4InterfaceEntry 2 } + +ipv4InterfaceEnableStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether IPv4 is enabled (up) or disabled + (down) on this interface. This object does not affect the + state of the interface itself, only its connection to an + IPv4 stack. The IF-MIB should be used to control the state + of the interface." + ::= { ipv4InterfaceEntry 3 } + +ipv4InterfaceRetransmitTime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time between retransmissions of ARP requests to a + neighbor when resolving the address or when probing the + reachability of a neighbor." + REFERENCE "RFC 1122" + DEFVAL { 1000 } + ::= { ipv4InterfaceEntry 4 } + +-- +-- v6 interface table +-- + +ipv6InterfaceTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + a row in the ipv6InterfaceTable was added or deleted or when + an ipv6InterfaceReasmMaxSize, ipv6InterfaceIdentifier, + ipv6InterfaceEnableStatus, ipv6InterfaceReachableTime, + ipv6InterfaceRetransmitTime, or ipv6InterfaceForwarding + object was modified. + + If new objects are added to the ipv6InterfaceTable that + require the ipv6InterfaceTableLastChange to be updated when + they are modified, they must specify that requirement in + their description clause." + ::= { ip 29 } + +ipv6InterfaceTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6InterfaceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing per-interface IPv6-specific + information." + ::= { ip 30 } + +ipv6InterfaceEntry OBJECT-TYPE + SYNTAX Ipv6InterfaceEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing IPv6-specific information for a given + interface." + INDEX { ipv6InterfaceIfIndex } + ::= { ipv6InterfaceTable 1 } + +Ipv6InterfaceEntry ::= SEQUENCE { + ipv6InterfaceIfIndex InterfaceIndex, + ipv6InterfaceReasmMaxSize Unsigned32, + ipv6InterfaceIdentifier Ipv6AddressIfIdentifierTC, + ipv6InterfaceEnableStatus INTEGER, + ipv6InterfaceReachableTime Unsigned32, + ipv6InterfaceRetransmitTime Unsigned32, + ipv6InterfaceForwarding INTEGER + } + +ipv6InterfaceIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipv6InterfaceEntry 1 } + +ipv6InterfaceReasmMaxSize OBJECT-TYPE + SYNTAX Unsigned32 (1500..65535) + UNITS "octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest IPv6 datagram that this entity can + re-assemble from incoming IPv6 fragmented datagrams received + on this interface." + ::= { ipv6InterfaceEntry 2 } + +ipv6InterfaceIdentifier OBJECT-TYPE + SYNTAX Ipv6AddressIfIdentifierTC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Interface Identifier for this interface. The Interface + Identifier is combined with an address prefix to form an + interface address. + + By default, the Interface Identifier is auto-configured + according to the rules of the link type to which this + interface is attached. + + A zero length identifier may be used where appropriate. One + possible example is a loopback interface." + ::= { ipv6InterfaceEntry 3 } + +-- This object ID is reserved as it was used in earlier versions of +-- the MIB module. In theory, OIDs are not assigned until the +-- specification is released as an RFC; however, as some companies +-- may have shipped code based on earlier versions of the MIB, it +-- seems best to reserve this OID. This OID had been +-- ipv6InterfacePhysicalAddress. +-- ::= { ipv6InterfaceEntry 4} + +ipv6InterfaceEnableStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether IPv6 is enabled (up) or disabled + (down) on this interface. This object does not affect the + state of the interface itself, only its connection to an + IPv6 stack. The IF-MIB should be used to control the state + of the interface. + + When this object is written, the entity SHOULD save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system." + ::= { ipv6InterfaceEntry 5 } + +ipv6InterfaceReachableTime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time a neighbor is considered reachable after receiving + a reachability confirmation." + REFERENCE "RFC 2461, Section 6.3.2" + ::= { ipv6InterfaceEntry 6 } + +ipv6InterfaceRetransmitTime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time between retransmissions of Neighbor Solicitation + messages to a neighbor when resolving the address or when + probing the reachability of a neighbor." + REFERENCE "RFC 2461, Section 6.3.2" + ::= { ipv6InterfaceEntry 7 } + +ipv6InterfaceForwarding OBJECT-TYPE + SYNTAX INTEGER { + forwarding(1), -- acting as a router + notForwarding(2) -- NOT acting as a router + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether this entity is acting as an IPv6 + router on this interface with respect to the forwarding of + datagrams received by, but not addressed to, this entity. + IPv6 routers forward datagrams. IPv6 hosts do not (except + those source-routed via the host). + + This object is constrained by ipv6IpForwarding and is + ignored if ipv6IpForwarding is set to notForwarding. Those + systems that do not provide per-interface control of the + forwarding function should set this object to forwarding for + all interfaces and allow the ipv6IpForwarding object to + control the forwarding capability. + + When this object is written, the entity SHOULD save the + change to non-volatile storage and restore the object from + non-volatile storage upon re-initialization of the system." + ::= { ipv6InterfaceEntry 8 } + +-- +-- Per-Interface or System-Wide IP statistics. +-- +-- The following two tables, ipSystemStatsTable and ipIfStatsTable, +-- are intended to provide the same counters at different granularities. +-- The ipSystemStatsTable provides system wide counters aggregating +-- the traffic counters for all interfaces for a given address type. +-- The ipIfStatsTable provides the same counters but for specific +-- interfaces rather than as an aggregate. +-- +-- Note well: If a system provides both system-wide and interface- +-- specific values, the system-wide value may not be equal to the sum +-- of the interface-specific values across all interfaces due to e.g., +-- dynamic interface creation/deletion. +-- +-- Note well: Both of these tables contain some items that are + +-- represented by two objects, representing the value in either 32 +-- or 64 bits. For those objects, the 32-bit value MUST be the low +-- order 32 bits of the 64-bit value. Also note that the 32-bit +-- counters must be included when the 64-bit counters are included. + +ipTrafficStats OBJECT IDENTIFIER ::= { ip 31 } + +ipSystemStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpSystemStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing system wide, IP version specific + traffic statistics. This table and the ipIfStatsTable + contain similar objects whose difference is in their + granularity. Where this table contains system wide traffic + statistics, the ipIfStatsTable contains the same statistics + but counted on a per-interface basis." + ::= { ipTrafficStats 1 } + +ipSystemStatsEntry OBJECT-TYPE + SYNTAX IpSystemStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A statistics entry containing system-wide objects for a + particular IP version." + INDEX { ipSystemStatsIPVersion } + ::= { ipSystemStatsTable 1 } + +IpSystemStatsEntry ::= SEQUENCE { + ipSystemStatsIPVersion InetVersion, + ipSystemStatsInReceives Counter32, + ipSystemStatsHCInReceives Counter64, + ipSystemStatsInOctets Counter32, + ipSystemStatsHCInOctets Counter64, + ipSystemStatsInHdrErrors Counter32, + ipSystemStatsInNoRoutes Counter32, + ipSystemStatsInAddrErrors Counter32, + ipSystemStatsInUnknownProtos Counter32, + ipSystemStatsInTruncatedPkts Counter32, + ipSystemStatsInForwDatagrams Counter32, + ipSystemStatsHCInForwDatagrams Counter64, + ipSystemStatsReasmReqds Counter32, + ipSystemStatsReasmOKs Counter32, + ipSystemStatsReasmFails Counter32, + ipSystemStatsInDiscards Counter32, + ipSystemStatsInDelivers Counter32, + ipSystemStatsHCInDelivers Counter64, + ipSystemStatsOutRequests Counter32, + ipSystemStatsHCOutRequests Counter64, + ipSystemStatsOutNoRoutes Counter32, + ipSystemStatsOutForwDatagrams Counter32, + ipSystemStatsHCOutForwDatagrams Counter64, + ipSystemStatsOutDiscards Counter32, + ipSystemStatsOutFragReqds Counter32, + ipSystemStatsOutFragOKs Counter32, + ipSystemStatsOutFragFails Counter32, + ipSystemStatsOutFragCreates Counter32, + ipSystemStatsOutTransmits Counter32, + ipSystemStatsHCOutTransmits Counter64, + ipSystemStatsOutOctets Counter32, + ipSystemStatsHCOutOctets Counter64, + ipSystemStatsInMcastPkts Counter32, + ipSystemStatsHCInMcastPkts Counter64, + ipSystemStatsInMcastOctets Counter32, + ipSystemStatsHCInMcastOctets Counter64, + ipSystemStatsOutMcastPkts Counter32, + ipSystemStatsHCOutMcastPkts Counter64, + ipSystemStatsOutMcastOctets Counter32, + ipSystemStatsHCOutMcastOctets Counter64, + ipSystemStatsInBcastPkts Counter32, + ipSystemStatsHCInBcastPkts Counter64, + ipSystemStatsOutBcastPkts Counter32, + ipSystemStatsHCOutBcastPkts Counter64, + ipSystemStatsDiscontinuityTime TimeStamp, + ipSystemStatsRefreshRate Unsigned32 + } + +ipSystemStatsIPVersion OBJECT-TYPE + SYNTAX InetVersion + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP version of this row." + ::= { ipSystemStatsEntry 1 } + +-- This object ID is reserved to allow the IDs for this table's objects +-- to align with the objects in the ipIfStatsTable. +-- ::= { ipSystemStatsEntry 2 } + +ipSystemStatsInReceives OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of input IP datagrams received, including + those received in error. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 3 } + +ipSystemStatsHCInReceives OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of input IP datagrams received, including + those received in error. This object counts the same + datagrams as ipSystemStatsInReceives, but allows for larger + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 4 } + +ipSystemStatsInOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in input IP datagrams, + including those received in error. Octets from datagrams + counted in ipSystemStatsInReceives MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 5 } + +ipSystemStatsHCInOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in input IP datagrams, + including those received in error. This object counts the + same octets as ipSystemStatsInOctets, but allows for larger + + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 6 } + +ipSystemStatsInHdrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded due to errors in + their IP headers, including version number mismatch, other + format errors, hop count exceeded, errors discovered in + processing their IP options, etc. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 7 } + +ipSystemStatsInNoRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because no route + could be found to transmit them to their destination. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 8 } + +ipSystemStatsInAddrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because the IP + address in their IP header's destination field was not a + valid address to be received at this entity. This count + includes invalid addresses (e.g., ::0). For entities + that are not IP routers and therefore do not forward + + datagrams, this counter includes datagrams discarded + because the destination address was not a local address. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 9 } + +ipSystemStatsInUnknownProtos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of locally-addressed IP datagrams received + successfully but discarded because of an unknown or + unsupported protocol. + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 10 } + +ipSystemStatsInTruncatedPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because the + datagram frame didn't carry enough data. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 11 } + +ipSystemStatsInForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams for which this entity was not + their final IP destination and for which this entity + attempted to find a route to forward them to that final + destination. In entities that do not act as IP routers, + this counter will include only those datagrams that were + Source-Routed via this entity, and the Source-Route + processing was successful. + + When tracking interface statistics, the counter of the + incoming interface is incremented for each datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 12 } + +ipSystemStatsHCInForwDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams for which this entity was not + their final IP destination and for which this entity + attempted to find a route to forward them to that final + destination. This object counts the same packets as + ipSystemStatsInForwDatagrams, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 13 } + +ipSystemStatsReasmReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP fragments received that needed to be + reassembled at this interface. + + When tracking interface statistics, the counter of the + interface to which these fragments were addressed is + incremented. This interface might not be the same as the + input interface for some of the fragments. + + Discontinuities in the value of this counter can occur at + + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 14 } + +ipSystemStatsReasmOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams successfully reassembled. + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 15 } + +ipSystemStatsReasmFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of failures detected by the IP re-assembly + algorithm (for whatever reason: timed out, errors, etc.). + Note that this is not necessarily a count of discarded IP + fragments since some algorithms (notably the algorithm in + RFC 815) can lose track of the number of fragments by + combining them as they are received. + + When tracking interface statistics, the counter of the + interface to which these fragments were addressed is + incremented. This interface might not be the same as the + input interface for some of the fragments. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 16 } + +ipSystemStatsInDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams for which no problems were + encountered to prevent their continued processing, but + were discarded (e.g., for lack of buffer space). Note that + this counter does not include any datagrams discarded while + awaiting re-assembly. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 17 } + +ipSystemStatsInDelivers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of datagrams successfully delivered to IP + user-protocols (including ICMP). + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 18 } + +ipSystemStatsHCInDelivers OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of datagrams successfully delivered to IP + user-protocols (including ICMP). This object counts the + same packets as ipSystemStatsInDelivers, but allows for + larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 19 } + +ipSystemStatsOutRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that local IP user- + protocols (including ICMP) supplied to IP in requests for + transmission. Note that this counter does not include any + datagrams counted in ipSystemStatsOutForwDatagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 20 } + +ipSystemStatsHCOutRequests OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that local IP user- + protocols (including ICMP) supplied to IP in requests for + transmission. This object counts the same packets as + ipSystemStatsOutRequests, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 21 } + +ipSystemStatsOutNoRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of locally generated IP datagrams discarded + because no route could be found to transmit them to their + destination. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 22 } + +ipSystemStatsOutForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of datagrams for which this entity was not their + final IP destination and for which it was successful in + finding a path to their final destination. In entities + that do not act as IP routers, this counter will include + only those datagrams that were Source-Routed via this + entity, and the Source-Route processing was successful. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + forwarded datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 23 } + +ipSystemStatsHCOutForwDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of datagrams for which this entity was not their + final IP destination and for which it was successful in + finding a path to their final destination. This object + counts the same packets as ipSystemStatsOutForwDatagrams, + but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 24 } + +ipSystemStatsOutDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output IP datagrams for which no problem was + encountered to prevent their transmission to their + destination, but were discarded (e.g., for lack of + buffer space). Note that this counter would include + + datagrams counted in ipSystemStatsOutForwDatagrams if any + such datagrams met this (discretionary) discard criterion. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 25 } + +ipSystemStatsOutFragReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that would require fragmentation + in order to be transmitted. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 26 } + +ipSystemStatsOutFragOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that have been successfully + fragmented. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 27 } + +ipSystemStatsOutFragFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that have been discarded because + they needed to be fragmented but could not be. This + includes IPv4 packets that have the DF bit set and IPv6 + packets that are being forwarded and exceed the outgoing + link MTU. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for an unsuccessfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 28 } + +ipSystemStatsOutFragCreates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output datagram fragments that have been + generated as a result of IP fragmentation. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 29 } + +ipSystemStatsOutTransmits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that this entity supplied + to the lower layers for transmission. This includes + datagrams generated locally and those forwarded by this + entity. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 30 } + +ipSystemStatsHCOutTransmits OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that this entity supplied + to the lower layers for transmission. This object counts + the same datagrams as ipSystemStatsOutTransmits, but allows + for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 31 } + +ipSystemStatsOutOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets in IP datagrams delivered to the + lower layers for transmission. Octets from datagrams + counted in ipSystemStatsOutTransmits MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 32 } + +ipSystemStatsHCOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets in IP datagrams delivered to the + lower layers for transmission. This objects counts the same + octets as ipSystemStatsOutOctets, but allows for larger + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 33 } + +ipSystemStatsInMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams received. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 34 } + +ipSystemStatsHCInMcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams received. This object + counts the same datagrams as ipSystemStatsInMcastPkts but + allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 35 } + +ipSystemStatsInMcastOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in IP multicast + datagrams. Octets from datagrams counted in + ipSystemStatsInMcastPkts MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 36 } + +ipSystemStatsHCInMcastOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in IP multicast + datagrams. This object counts the same octets as + ipSystemStatsInMcastOctets, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 37 } + +ipSystemStatsOutMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams transmitted. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 38 } + +ipSystemStatsHCOutMcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams transmitted. This + object counts the same datagrams as + ipSystemStatsOutMcastPkts, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 39 } + +ipSystemStatsOutMcastOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted in IP multicast + datagrams. Octets from datagrams counted in + + ipSystemStatsOutMcastPkts MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 40 } + +ipSystemStatsHCOutMcastOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted in IP multicast + datagrams. This object counts the same octets as + ipSystemStatsOutMcastOctets, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 41 } + +ipSystemStatsInBcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams received. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 42 } + +ipSystemStatsHCInBcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams received. This object + counts the same datagrams as ipSystemStatsInBcastPkts but + allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 43 } + +ipSystemStatsOutBcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams transmitted. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 44 } + +ipSystemStatsHCOutBcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams transmitted. This + object counts the same datagrams as + ipSystemStatsOutBcastPkts, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipSystemStatsDiscontinuityTime." + ::= { ipSystemStatsEntry 45 } + +ipSystemStatsDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + any one or more of this entry's counters suffered a + discontinuity. + + If no such discontinuities have occurred since the last re- + initialization of the local management subsystem, then this + object contains a zero value." + ::= { ipSystemStatsEntry 46 } + +ipSystemStatsRefreshRate OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milli-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum reasonable polling interval for this entry. + This object provides an indication of the minimum amount of + time required to update the counters in this entry." + ::= { ipSystemStatsEntry 47 } + +ipIfStatsTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + a row in the ipIfStatsTable was added or deleted. + + If new objects are added to the ipIfStatsTable that require + the ipIfStatsTableLastChange to be updated when they are + modified, they must specify that requirement in their + description clause." + ::= { ipTrafficStats 2 } + +ipIfStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpIfStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing per-interface traffic statistics. This + table and the ipSystemStatsTable contain similar objects + whose difference is in their granularity. Where this table + contains per-interface statistics, the ipSystemStatsTable + contains the same statistics, but counted on a system wide + basis." + ::= { ipTrafficStats 3 } + +ipIfStatsEntry OBJECT-TYPE + SYNTAX IpIfStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An interface statistics entry containing objects for a + particular interface and version of IP." + INDEX { ipIfStatsIPVersion, ipIfStatsIfIndex } + ::= { ipIfStatsTable 1 } + +IpIfStatsEntry ::= SEQUENCE { + ipIfStatsIPVersion InetVersion, + ipIfStatsIfIndex InterfaceIndex, + ipIfStatsInReceives Counter32, + ipIfStatsHCInReceives Counter64, + ipIfStatsInOctets Counter32, + ipIfStatsHCInOctets Counter64, + ipIfStatsInHdrErrors Counter32, + ipIfStatsInNoRoutes Counter32, + ipIfStatsInAddrErrors Counter32, + ipIfStatsInUnknownProtos Counter32, + ipIfStatsInTruncatedPkts Counter32, + ipIfStatsInForwDatagrams Counter32, + ipIfStatsHCInForwDatagrams Counter64, + ipIfStatsReasmReqds Counter32, + ipIfStatsReasmOKs Counter32, + ipIfStatsReasmFails Counter32, + ipIfStatsInDiscards Counter32, + ipIfStatsInDelivers Counter32, + ipIfStatsHCInDelivers Counter64, + ipIfStatsOutRequests Counter32, + ipIfStatsHCOutRequests Counter64, + ipIfStatsOutForwDatagrams Counter32, + ipIfStatsHCOutForwDatagrams Counter64, + ipIfStatsOutDiscards Counter32, + ipIfStatsOutFragReqds Counter32, + ipIfStatsOutFragOKs Counter32, + ipIfStatsOutFragFails Counter32, + ipIfStatsOutFragCreates Counter32, + ipIfStatsOutTransmits Counter32, + ipIfStatsHCOutTransmits Counter64, + ipIfStatsOutOctets Counter32, + ipIfStatsHCOutOctets Counter64, + ipIfStatsInMcastPkts Counter32, + ipIfStatsHCInMcastPkts Counter64, + ipIfStatsInMcastOctets Counter32, + ipIfStatsHCInMcastOctets Counter64, + ipIfStatsOutMcastPkts Counter32, + ipIfStatsHCOutMcastPkts Counter64, + ipIfStatsOutMcastOctets Counter32, + ipIfStatsHCOutMcastOctets Counter64, + ipIfStatsInBcastPkts Counter32, + ipIfStatsHCInBcastPkts Counter64, + ipIfStatsOutBcastPkts Counter32, + ipIfStatsHCOutBcastPkts Counter64, + ipIfStatsDiscontinuityTime TimeStamp, + ipIfStatsRefreshRate Unsigned32 + } + +ipIfStatsIPVersion OBJECT-TYPE + SYNTAX InetVersion + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP version of this row." + ::= { ipIfStatsEntry 1 } + +ipIfStatsIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipIfStatsEntry 2 } + +ipIfStatsInReceives OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of input IP datagrams received, including + those received in error. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 3 } + +ipIfStatsHCInReceives OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of input IP datagrams received, including + those received in error. This object counts the same + datagrams as ipIfStatsInReceives, but allows for larger + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 4 } + +ipIfStatsInOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in input IP datagrams, + including those received in error. Octets from datagrams + counted in ipIfStatsInReceives MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 5 } + +ipIfStatsHCInOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in input IP datagrams, + including those received in error. This object counts the + same octets as ipIfStatsInOctets, but allows for larger + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 6 } + +ipIfStatsInHdrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded due to errors in + their IP headers, including version number mismatch, other + format errors, hop count exceeded, errors discovered in + processing their IP options, etc. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 7 } + +ipIfStatsInNoRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because no route + could be found to transmit them to their destination. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 8 } + +ipIfStatsInAddrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because the IP + address in their IP header's destination field was not a + valid address to be received at this entity. This count + includes invalid addresses (e.g., ::0). For entities that + are not IP routers and therefore do not forward datagrams, + this counter includes datagrams discarded because the + destination address was not a local address. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 9 } + +ipIfStatsInUnknownProtos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of locally-addressed IP datagrams received + successfully but discarded because of an unknown or + unsupported protocol. + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 10 } + +ipIfStatsInTruncatedPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams discarded because the + datagram frame didn't carry enough data. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 11 } + +ipIfStatsInForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams for which this entity was not + their final IP destination and for which this entity + attempted to find a route to forward them to that final + destination. In entities that do not act as IP routers, + this counter will include only those datagrams that were + Source-Routed via this entity, and the Source-Route + processing was successful. + + When tracking interface statistics, the counter of the + incoming interface is incremented for each datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 12 } + +ipIfStatsHCInForwDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams for which this entity was not + their final IP destination and for which this entity + attempted to find a route to forward them to that final + destination. This object counts the same packets as + + ipIfStatsInForwDatagrams, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 13 } + +ipIfStatsReasmReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP fragments received that needed to be + reassembled at this interface. + + When tracking interface statistics, the counter of the + interface to which these fragments were addressed is + incremented. This interface might not be the same as the + input interface for some of the fragments. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 14 } + +ipIfStatsReasmOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams successfully reassembled. + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 15 } + +ipIfStatsReasmFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of failures detected by the IP re-assembly + algorithm (for whatever reason: timed out, errors, etc.). + Note that this is not necessarily a count of discarded IP + fragments since some algorithms (notably the algorithm in + RFC 815) can lose track of the number of fragments by + combining them as they are received. + + When tracking interface statistics, the counter of the + interface to which these fragments were addressed is + incremented. This interface might not be the same as the + input interface for some of the fragments. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 16 } + +ipIfStatsInDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IP datagrams for which no problems were + encountered to prevent their continued processing, but + were discarded (e.g., for lack of buffer space). Note that + this counter does not include any datagrams discarded while + awaiting re-assembly. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 17 } + +ipIfStatsInDelivers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of datagrams successfully delivered to IP + user-protocols (including ICMP). + + When tracking interface statistics, the counter of the + interface to which these datagrams were addressed is + incremented. This interface might not be the same as the + + input interface for some of the datagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 18 } + +ipIfStatsHCInDelivers OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of datagrams successfully delivered to IP + user-protocols (including ICMP). This object counts the + same packets as ipIfStatsInDelivers, but allows for larger + values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 19 } + +ipIfStatsOutRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that local IP user- + protocols (including ICMP) supplied to IP in requests for + transmission. Note that this counter does not include any + datagrams counted in ipIfStatsOutForwDatagrams. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 20 } + +ipIfStatsHCOutRequests OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that local IP user- + protocols (including ICMP) supplied to IP in requests for + transmission. This object counts the same packets as + + ipIfStatsOutRequests, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 21 } + +-- This object ID is reserved to allow the IDs for this table's objects +-- to align with the objects in the ipSystemStatsTable. +-- ::= {ipIfStatsEntry 22} + +ipIfStatsOutForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of datagrams for which this entity was not their + final IP destination and for which it was successful in + finding a path to their final destination. In entities + that do not act as IP routers, this counter will include + only those datagrams that were Source-Routed via this + entity, and the Source-Route processing was successful. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + forwarded datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 23 } + +ipIfStatsHCOutForwDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of datagrams for which this entity was not their + final IP destination and for which it was successful in + finding a path to their final destination. This object + counts the same packets as ipIfStatsOutForwDatagrams, but + allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 24 } + +ipIfStatsOutDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output IP datagrams for which no problem was + encountered to prevent their transmission to their + destination, but were discarded (e.g., for lack of + buffer space). Note that this counter would include + datagrams counted in ipIfStatsOutForwDatagrams if any such + datagrams met this (discretionary) discard criterion. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 25 } + +ipIfStatsOutFragReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that would require fragmentation + in order to be transmitted. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 26 } + +ipIfStatsOutFragOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that have been successfully + fragmented. + + When tracking interface statistics, the counter of the + + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 27 } + +ipIfStatsOutFragFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP datagrams that have been discarded because + they needed to be fragmented but could not be. This + includes IPv4 packets that have the DF bit set and IPv6 + packets that are being forwarded and exceed the outgoing + link MTU. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for an unsuccessfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 28 } + +ipIfStatsOutFragCreates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output datagram fragments that have been + generated as a result of IP fragmentation. + + When tracking interface statistics, the counter of the + outgoing interface is incremented for a successfully + fragmented datagram. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 29 } + +ipIfStatsOutTransmits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that this entity supplied + to the lower layers for transmission. This includes + datagrams generated locally and those forwarded by this + entity. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 30 } + +ipIfStatsHCOutTransmits OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IP datagrams that this entity supplied + to the lower layers for transmission. This object counts + the same datagrams as ipIfStatsOutTransmits, but allows for + larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 31 } + +ipIfStatsOutOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets in IP datagrams delivered to the + lower layers for transmission. Octets from datagrams + counted in ipIfStatsOutTransmits MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 32 } + +ipIfStatsHCOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets in IP datagrams delivered to the + lower layers for transmission. This objects counts the same + octets as ipIfStatsOutOctets, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 33 } + +ipIfStatsInMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams received. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 34 } + +ipIfStatsHCInMcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams received. This object + counts the same datagrams as ipIfStatsInMcastPkts, but + allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 35 } + +ipIfStatsInMcastOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in IP multicast + + datagrams. Octets from datagrams counted in + ipIfStatsInMcastPkts MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 36 } + +ipIfStatsHCInMcastOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received in IP multicast + datagrams. This object counts the same octets as + ipIfStatsInMcastOctets, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 37 } + +ipIfStatsOutMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams transmitted. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 38 } + +ipIfStatsHCOutMcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP multicast datagrams transmitted. This + object counts the same datagrams as ipIfStatsOutMcastPkts, + but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 39 } + +ipIfStatsOutMcastOctets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted in IP multicast + datagrams. Octets from datagrams counted in + ipIfStatsOutMcastPkts MUST be counted here. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 40 } + +ipIfStatsHCOutMcastOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets transmitted in IP multicast + datagrams. This object counts the same octets as + ipIfStatsOutMcastOctets, but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 41 } + +ipIfStatsInBcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams received. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 42 } + +ipIfStatsHCInBcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams received. This object + counts the same datagrams as ipIfStatsInBcastPkts, but + allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 43 } + +ipIfStatsOutBcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams transmitted. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 44 } + +ipIfStatsHCOutBcastPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP broadcast datagrams transmitted. This + object counts the same datagrams as ipIfStatsOutBcastPkts, + but allows for larger values. + + Discontinuities in the value of this counter can occur at + re-initialization of the management system, and at other + times as indicated by the value of + ipIfStatsDiscontinuityTime." + ::= { ipIfStatsEntry 45 } + +ipIfStatsDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + + any one or more of this entry's counters suffered a + discontinuity. + + If no such discontinuities have occurred since the last re- + initialization of the local management subsystem, then this + object contains a zero value." + ::= { ipIfStatsEntry 46 } + +ipIfStatsRefreshRate OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milli-seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum reasonable polling interval for this entry. + This object provides an indication of the minimum amount of + time required to update the counters in this entry." + ::= { ipIfStatsEntry 47 } + +-- +-- Internet Address Prefix table +-- + +ipAddressPrefixTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpAddressPrefixEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table allows the user to determine the source of an IP + address or set of IP addresses, and allows other tables to + share the information via pointer rather than by copying. + + For example, when the node configures both a unicast and + anycast address for a prefix, the ipAddressPrefix objects + for those addresses will point to a single row in this + table. + + This table primarily provides support for IPv6 prefixes, and + several of the objects are less meaningful for IPv4. The + table continues to allow IPv4 addresses to allow future + flexibility. In order to promote a common configuration, + this document includes suggestions for default values for + IPv4 prefixes. Each of these values may be overridden if an + object is meaningful to the node. + + All prefixes used by this entity should be included in this + table independent of how the entity learned the prefix. + (This table isn't limited to prefixes learned from router + + advertisements.)" + ::= { ip 32 } + +ipAddressPrefixEntry OBJECT-TYPE + SYNTAX IpAddressPrefixEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the ipAddressPrefixTable." + INDEX { ipAddressPrefixIfIndex, ipAddressPrefixType, + ipAddressPrefixPrefix, ipAddressPrefixLength } + ::= { ipAddressPrefixTable 1 } + +IpAddressPrefixEntry ::= SEQUENCE { + ipAddressPrefixIfIndex InterfaceIndex, + ipAddressPrefixType InetAddressType, + ipAddressPrefixPrefix InetAddress, + ipAddressPrefixLength InetAddressPrefixLength, + ipAddressPrefixOrigin IpAddressPrefixOriginTC, + ipAddressPrefixOnLinkFlag TruthValue, + ipAddressPrefixAutonomousFlag TruthValue, + ipAddressPrefixAdvPreferredLifetime Unsigned32, + ipAddressPrefixAdvValidLifetime Unsigned32 + } + +ipAddressPrefixIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface on + which this prefix is configured. The interface identified + by a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipAddressPrefixEntry 1 } + +ipAddressPrefixType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of ipAddressPrefix." + ::= { ipAddressPrefixEntry 2 } + +ipAddressPrefixPrefix OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address prefix. The address type of this object is + specified in ipAddressPrefixType. The length of this object + is the standard length for objects of that type (4 or 16 + bytes). Any bits after ipAddressPrefixLength must be zero. + + Implementors need to be aware that, if the size of + ipAddressPrefixPrefix exceeds 114 octets, then OIDS of + instances of columns in this row will have more than 128 + sub-identifiers and cannot be accessed using SNMPv1, + SNMPv2c, or SNMPv3." + ::= { ipAddressPrefixEntry 3 } + +ipAddressPrefixLength OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The prefix length associated with this prefix. + + The value 0 has no special meaning for this object. It + simply refers to address '::/0'." + ::= { ipAddressPrefixEntry 4 } + +ipAddressPrefixOrigin OBJECT-TYPE + SYNTAX IpAddressPrefixOriginTC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The origin of this prefix." + ::= { ipAddressPrefixEntry 5 } + +ipAddressPrefixOnLinkFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object has the value 'true(1)', if this prefix can be + used for on-link determination; otherwise, the value is + 'false(2)'. + + The default for IPv4 prefixes is 'true(1)'." + REFERENCE "For IPv6 RFC 2461, especially sections 2 and 4.6.2 and + RFC 2462" + ::= { ipAddressPrefixEntry 6 } + +ipAddressPrefixAutonomousFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Autonomous address configuration flag. When true(1), + indicates that this prefix can be used for autonomous + address configuration (i.e., can be used to form a local + interface address). If false(2), it is not used to auto- + configure a local interface address. + + The default for IPv4 prefixes is 'false(2)'." + REFERENCE "For IPv6 RFC 2461, especially sections 2 and 4.6.2 and + RFC 2462" + ::= { ipAddressPrefixEntry 7 } + +ipAddressPrefixAdvPreferredLifetime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remaining length of time, in seconds, that this prefix + will continue to be preferred, i.e., time until deprecation. + + A value of 4,294,967,295 represents infinity. + + The address generated from a deprecated prefix should no + longer be used as a source address in new communications, + but packets received on such an interface are processed as + expected. + + The default for IPv4 prefixes is 4,294,967,295 (infinity)." + REFERENCE "For IPv6 RFC 2461, especially sections 2 and 4.6.2 and + RFC 2462" + ::= { ipAddressPrefixEntry 8 } + +ipAddressPrefixAdvValidLifetime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remaining length of time, in seconds, that this prefix + will continue to be valid, i.e., time until invalidation. A + value of 4,294,967,295 represents infinity. + + The address generated from an invalidated prefix should not + appear as the destination or source address of a packet. + + The default for IPv4 prefixes is 4,294,967,295 (infinity)." + REFERENCE "For IPv6 RFC 2461, especially sections 2 and 4.6.2 and + RFC 2462" + ::= { ipAddressPrefixEntry 9 } + +-- +-- Internet Address Table +-- + +ipAddressSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An advisory lock used to allow cooperating SNMP managers to + coordinate their use of the set operation in creating or + modifying rows within this table. + + In order to use this lock to coordinate the use of set + operations, managers should first retrieve + ipAddressTableSpinLock. They should then determine the + appropriate row to create or modify. Finally, they should + issue the appropriate set command, including the retrieved + value of ipAddressSpinLock. If another manager has altered + the table in the meantime, then the value of + ipAddressSpinLock will have changed, and the creation will + fail as it will be specifying an incorrect value for + ipAddressSpinLock. It is suggested, but not required, that + the ipAddressSpinLock be the first var bind for each set of + objects representing a 'row' in a PDU." + ::= { ip 33 } + +ipAddressTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains addressing information relevant to the + entity's interfaces. + + This table does not contain multicast address information. + Tables for such information should be contained in multicast + specific MIBs, such as RFC 3019. + + While this table is writable, the user will note that + several objects, such as ipAddressOrigin, are not. The + intention in allowing a user to write to this table is to + allow them to add or remove any entry that isn't + + permanent. The user should be allowed to modify objects + and entries when that would not cause inconsistencies + within the table. Allowing write access to objects, such + as ipAddressOrigin, could allow a user to insert an entry + and then label it incorrectly. + + Note well: When including IPv6 link-local addresses in this + table, the entry must use an InetAddressType of 'ipv6z' in + order to differentiate between the possible interfaces." + ::= { ip 34 } + +ipAddressEntry OBJECT-TYPE + SYNTAX IpAddressEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An address mapping for a particular interface." + INDEX { ipAddressAddrType, ipAddressAddr } + ::= { ipAddressTable 1 } + +IpAddressEntry ::= SEQUENCE { + ipAddressAddrType InetAddressType, + ipAddressAddr InetAddress, + ipAddressIfIndex InterfaceIndex, + ipAddressType INTEGER, + ipAddressPrefix RowPointer, + ipAddressOrigin IpAddressOriginTC, + ipAddressStatus IpAddressStatusTC, + ipAddressCreated TimeStamp, + ipAddressLastChanged TimeStamp, + ipAddressRowStatus RowStatus, + ipAddressStorageType StorageType + } + +ipAddressAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of ipAddressAddr." + ::= { ipAddressEntry 1 } + +ipAddressAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address to which this entry's addressing information + + pertains. The address type of this object is specified in + ipAddressAddrType. + + Implementors need to be aware that if the size of + ipAddressAddr exceeds 116 octets, then OIDS of instances of + columns in this row will have more than 128 sub-identifiers + and cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." + ::= { ipAddressEntry 2 } + +ipAddressIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipAddressEntry 3 } + +ipAddressType OBJECT-TYPE + SYNTAX INTEGER { + unicast(1), + anycast(2), + broadcast(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of address. broadcast(3) is not a valid value for + IPv6 addresses (RFC 3513)." + DEFVAL { unicast } + ::= { ipAddressEntry 4 } + +ipAddressPrefix OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A pointer to the row in the prefix table to which this + address belongs. May be { 0 0 } if there is no such row." + DEFVAL { zeroDotZero } + ::= { ipAddressEntry 5 } + +ipAddressOrigin OBJECT-TYPE + SYNTAX IpAddressOriginTC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The origin of the address." + ::= { ipAddressEntry 6 } + +ipAddressStatus OBJECT-TYPE + SYNTAX IpAddressStatusTC + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of the address, describing if the address can be + used for communication. + + In the absence of other information, an IPv4 address is + always preferred(1)." + DEFVAL { preferred } + ::= { ipAddressEntry 7 } + +ipAddressCreated OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this entry was created. + If this entry was created prior to the last re- + initialization of the local network management subsystem, + then this object contains a zero value." + ::= { ipAddressEntry 8 } + +ipAddressLastChanged OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this entry was last + updated. If this entry was updated prior to the last re- + initialization of the local network management subsystem, + then this object contains a zero value." + ::= { ipAddressEntry 9 } + +ipAddressRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + The RowStatus TC requires that this DESCRIPTION clause + states under which circumstances other objects in this row + + can be modified. The value of this object has no effect on + whether other objects in this conceptual row can be + modified. + + A conceptual row can not be made active until the + ipAddressIfIndex has been set to a valid index." + ::= { ipAddressEntry 10 } + +ipAddressStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. If this object + has a value of 'permanent', then no other objects are + required to be able to be modified." + DEFVAL { volatile } + ::= { ipAddressEntry 11 } + +-- +-- the Internet Address Translation table +-- + +ipNetToPhysicalTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpNetToPhysicalEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP Address Translation table used for mapping from IP + addresses to physical addresses. + + The Address Translation tables contain the IP address to + 'physical' address equivalences. Some interfaces do not use + translation tables for determining address equivalences + (e.g., DDN-X.25 has an algorithmic method); if all + interfaces are of this type, then the Address Translation + table is empty, i.e., has zero entries. + + While many protocols may be used to populate this table, ARP + and Neighbor Discovery are the most likely + options." + REFERENCE "RFC 826 and RFC 2461" + ::= { ip 35 } + +ipNetToPhysicalEntry OBJECT-TYPE + SYNTAX IpNetToPhysicalEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains one IP address to `physical' address + equivalence." + INDEX { ipNetToPhysicalIfIndex, + ipNetToPhysicalNetAddressType, + ipNetToPhysicalNetAddress } + ::= { ipNetToPhysicalTable 1 } + +IpNetToPhysicalEntry ::= SEQUENCE { + ipNetToPhysicalIfIndex InterfaceIndex, + ipNetToPhysicalNetAddressType InetAddressType, + ipNetToPhysicalNetAddress InetAddress, + ipNetToPhysicalPhysAddress PhysAddress, + ipNetToPhysicalLastUpdated TimeStamp, + ipNetToPhysicalType INTEGER, + ipNetToPhysicalState INTEGER, + ipNetToPhysicalRowStatus RowStatus + } + +ipNetToPhysicalIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipNetToPhysicalEntry 1 } + +ipNetToPhysicalNetAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of ipNetToPhysicalNetAddress." + ::= { ipNetToPhysicalEntry 2 } + +ipNetToPhysicalNetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP Address corresponding to the media-dependent + `physical' address. The address type of this object is + specified in ipNetToPhysicalAddressType. + + Implementors need to be aware that if the size of + + ipNetToPhysicalNetAddress exceeds 115 octets, then OIDS of + instances of columns in this row will have more than 128 + sub-identifiers and cannot be accessed using SNMPv1, + SNMPv2c, or SNMPv3." + ::= { ipNetToPhysicalEntry 3 } + +ipNetToPhysicalPhysAddress OBJECT-TYPE + SYNTAX PhysAddress (SIZE(0..65535)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The media-dependent `physical' address. + + As the entries in this table are typically not persistent + when this object is written the entity SHOULD NOT save the + change to non-volatile storage." + ::= { ipNetToPhysicalEntry 4 } + +ipNetToPhysicalLastUpdated OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this entry was last + updated. If this entry was updated prior to the last re- + initialization of the local network management subsystem, + then this object contains a zero value." + ::= { ipNetToPhysicalEntry 5 } + +ipNetToPhysicalType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + invalid(2), -- an invalidated mapping + dynamic(3), + static(4), + local(5) -- local interface + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of mapping. + + Setting this object to the value invalid(2) has the effect + of invalidating the corresponding entry in the + ipNetToPhysicalTable. That is, it effectively dis- + associates the interface identified with said entry from the + mapping identified with said entry. It is an + implementation-specific matter as to whether the agent + + removes an invalidated entry from the table. Accordingly, + management stations must be prepared to receive tabular + information from agents that corresponds to entries not + currently in use. Proper interpretation of such entries + requires examination of the relevant ipNetToPhysicalType + object. + + The 'dynamic(3)' type indicates that the IP address to + physical addresses mapping has been dynamically resolved + using e.g., IPv4 ARP or the IPv6 Neighbor Discovery + protocol. + + The 'static(4)' type indicates that the mapping has been + statically configured. Both of these refer to entries that + provide mappings for other entities addresses. + + The 'local(5)' type indicates that the mapping is provided + for an entity's own interface address. + + As the entries in this table are typically not persistent + when this object is written the entity SHOULD NOT save the + change to non-volatile storage." + DEFVAL { static } + ::= { ipNetToPhysicalEntry 6 } + +ipNetToPhysicalState OBJECT-TYPE + SYNTAX INTEGER { + reachable(1), -- confirmed reachability + + stale(2), -- unconfirmed reachability + + delay(3), -- waiting for reachability + -- confirmation before entering + -- the probe state + + probe(4), -- actively probing + + invalid(5), -- an invalidated mapping + + unknown(6), -- state can not be determined + -- for some reason. + + incomplete(7) -- address resolution is being + -- performed. + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Neighbor Unreachability Detection state for the + interface when the address mapping in this entry is used. + If Neighbor Unreachability Detection is not in use (e.g. for + IPv4), this object is always unknown(6)." + REFERENCE "RFC 2461" + ::= { ipNetToPhysicalEntry 7 } + +ipNetToPhysicalRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + The RowStatus TC requires that this DESCRIPTION clause + states under which circumstances other objects in this row + can be modified. The value of this object has no effect on + whether other objects in this conceptual row can be + modified. + + A conceptual row can not be made active until the + ipNetToPhysicalPhysAddress object has been set. + + Note that if the ipNetToPhysicalType is set to 'invalid', + the managed node may delete the entry independent of the + state of this object." + ::= { ipNetToPhysicalEntry 8 } + +-- +-- The IPv6 Scope Zone Index Table. +-- + +ipv6ScopeZoneIndexTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6ScopeZoneIndexEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table used to describe IPv6 unicast and multicast scope + zones. + + For those objects that have names rather than numbers, the + names were chosen to coincide with the names used in the + IPv6 address architecture document. " + REFERENCE "Section 2.7 of RFC 4291" + ::= { ip 36 } + +ipv6ScopeZoneIndexEntry OBJECT-TYPE + SYNTAX Ipv6ScopeZoneIndexEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the list of scope identifiers on a given + interface." + INDEX { ipv6ScopeZoneIndexIfIndex } + ::= { ipv6ScopeZoneIndexTable 1 } + +Ipv6ScopeZoneIndexEntry ::= SEQUENCE { + ipv6ScopeZoneIndexIfIndex InterfaceIndex, + ipv6ScopeZoneIndexLinkLocal InetZoneIndex, + ipv6ScopeZoneIndex3 InetZoneIndex, + ipv6ScopeZoneIndexAdminLocal InetZoneIndex, + ipv6ScopeZoneIndexSiteLocal InetZoneIndex, + ipv6ScopeZoneIndex6 InetZoneIndex, + ipv6ScopeZoneIndex7 InetZoneIndex, + ipv6ScopeZoneIndexOrganizationLocal InetZoneIndex, + ipv6ScopeZoneIndex9 InetZoneIndex, + ipv6ScopeZoneIndexA InetZoneIndex, + ipv6ScopeZoneIndexB InetZoneIndex, + ipv6ScopeZoneIndexC InetZoneIndex, + ipv6ScopeZoneIndexD InetZoneIndex + } + +ipv6ScopeZoneIndexIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface to + which these scopes belong. The interface identified by a + particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipv6ScopeZoneIndexEntry 1 } + +ipv6ScopeZoneIndexLinkLocal OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for the link-local scope on this interface." + ::= { ipv6ScopeZoneIndexEntry 2 } + +ipv6ScopeZoneIndex3 OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope 3 on this interface." + ::= { ipv6ScopeZoneIndexEntry 3 } + +ipv6ScopeZoneIndexAdminLocal OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for the admin-local scope on this interface." + ::= { ipv6ScopeZoneIndexEntry 4 } + +ipv6ScopeZoneIndexSiteLocal OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for the site-local scope on this interface." + ::= { ipv6ScopeZoneIndexEntry 5 } + +ipv6ScopeZoneIndex6 OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope 6 on this interface." + ::= { ipv6ScopeZoneIndexEntry 6 } + +ipv6ScopeZoneIndex7 OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope 7 on this interface." + ::= { ipv6ScopeZoneIndexEntry 7 } + +ipv6ScopeZoneIndexOrganizationLocal OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for the organization-local scope on this + interface." + ::= { ipv6ScopeZoneIndexEntry 8 } + +ipv6ScopeZoneIndex9 OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope 9 on this interface." + ::= { ipv6ScopeZoneIndexEntry 9 } + +ipv6ScopeZoneIndexA OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope A on this interface." + ::= { ipv6ScopeZoneIndexEntry 10 } + +ipv6ScopeZoneIndexB OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope B on this interface." + ::= { ipv6ScopeZoneIndexEntry 11 } + +ipv6ScopeZoneIndexC OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope C on this interface." + ::= { ipv6ScopeZoneIndexEntry 12 } + +ipv6ScopeZoneIndexD OBJECT-TYPE + SYNTAX InetZoneIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The zone index for scope D on this interface." + ::= { ipv6ScopeZoneIndexEntry 13 } + +-- +-- The Default Router Table +-- This table simply lists the default routers; for more information +-- about routing tables, see the routing MIBs +-- + +ipDefaultRouterTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpDefaultRouterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table used to describe the default routers known to this + + entity." + ::= { ip 37 } + +ipDefaultRouterEntry OBJECT-TYPE + SYNTAX IpDefaultRouterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains information about a default router known + to this entity." + INDEX {ipDefaultRouterAddressType, ipDefaultRouterAddress, + ipDefaultRouterIfIndex} + ::= { ipDefaultRouterTable 1 } + +IpDefaultRouterEntry ::= SEQUENCE { + ipDefaultRouterAddressType InetAddressType, + ipDefaultRouterAddress InetAddress, + ipDefaultRouterIfIndex InterfaceIndex, + ipDefaultRouterLifetime Unsigned32, + ipDefaultRouterPreference INTEGER + } + +ipDefaultRouterAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type for this row." + ::= { ipDefaultRouterEntry 1 } + +ipDefaultRouterAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address of the default router represented by this + row. The address type of this object is specified in + ipDefaultRouterAddressType. + + Implementers need to be aware that if the size of + ipDefaultRouterAddress exceeds 115 octets, then OIDS of + instances of columns in this row will have more than 128 + sub-identifiers and cannot be accessed using SNMPv1, + SNMPv2c, or SNMPv3." + ::= { ipDefaultRouterEntry 2 } + +ipDefaultRouterIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface by + which the router can be reached. The interface identified + by a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipDefaultRouterEntry 3 } + +ipDefaultRouterLifetime OBJECT-TYPE + SYNTAX Unsigned32 (0..65535) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remaining length of time, in seconds, that this router + will continue to be useful as a default router. A value of + zero indicates that it is no longer useful as a default + router. It is left to the implementer of the MIB as to + whether a router with a lifetime of zero is removed from the + list. + + For IPv6, this value should be extracted from the router + advertisement messages." + REFERENCE "For IPv6 RFC 2462 sections 4.2 and 6.3.4" + ::= { ipDefaultRouterEntry 4 } + +ipDefaultRouterPreference OBJECT-TYPE + SYNTAX INTEGER { + reserved (-2), + low (-1), + medium (0), + high (1) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indication of preference given to this router as a + default router as described in he Default Router + Preferences document. Treating the value as a + 2 bit signed integer allows for simple arithmetic + comparisons. + + For IPv4 routers or IPv6 routers that are not using the + updated router advertisement format, this object is set to + medium (0)." + REFERENCE "RFC 4291, section 2.1" + ::= { ipDefaultRouterEntry 5 } + +-- +-- Configuration information for constructing router advertisements +-- + +ipv6RouterAdvertSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An advisory lock used to allow cooperating SNMP managers to + coordinate their use of the set operation in creating or + modifying rows within this table. + + In order to use this lock to coordinate the use of set + operations, managers should first retrieve + ipv6RouterAdvertSpinLock. They should then determine the + appropriate row to create or modify. Finally, they should + issue the appropriate set command including the retrieved + value of ipv6RouterAdvertSpinLock. If another manager has + altered the table in the meantime, then the value of + ipv6RouterAdvertSpinLock will have changed and the creation + will fail as it will be specifying an incorrect value for + ipv6RouterAdvertSpinLock. It is suggested, but not + required, that the ipv6RouterAdvertSpinLock be the first var + bind for each set of objects representing a 'row' in a PDU." + ::= { ip 38 } + +ipv6RouterAdvertTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6RouterAdvertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table containing information used to construct router + advertisements." + ::= { ip 39 } + +ipv6RouterAdvertEntry OBJECT-TYPE + SYNTAX Ipv6RouterAdvertEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing information used to construct router + advertisements. + + Information in this table is persistent, and when this + object is written, the entity SHOULD save the change to + non-volatile storage." + INDEX { ipv6RouterAdvertIfIndex } + ::= { ipv6RouterAdvertTable 1 } + +Ipv6RouterAdvertEntry ::= SEQUENCE { + ipv6RouterAdvertIfIndex InterfaceIndex, + ipv6RouterAdvertSendAdverts TruthValue, + ipv6RouterAdvertMaxInterval Unsigned32, + ipv6RouterAdvertMinInterval Unsigned32, + ipv6RouterAdvertManagedFlag TruthValue, + ipv6RouterAdvertOtherConfigFlag TruthValue, + ipv6RouterAdvertLinkMTU Unsigned32, + ipv6RouterAdvertReachableTime Unsigned32, + ipv6RouterAdvertRetransmitTime Unsigned32, + ipv6RouterAdvertCurHopLimit Unsigned32, + ipv6RouterAdvertDefaultLifetime Unsigned32, + ipv6RouterAdvertRowStatus RowStatus + } + +ipv6RouterAdvertIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value that uniquely identifies the interface on + which router advertisements constructed with this + information will be transmitted. The interface identified + by a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipv6RouterAdvertEntry 1 } + +ipv6RouterAdvertSendAdverts OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A flag indicating whether the router sends periodic + router advertisements and responds to router solicitations + on this interface." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { false } + ::= { ipv6RouterAdvertEntry 2 } + +ipv6RouterAdvertMaxInterval OBJECT-TYPE + SYNTAX Unsigned32 (4..1800) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum time allowed between sending unsolicited router + + advertisements from this interface." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { 600 } + ::= { ipv6RouterAdvertEntry 3 } + +ipv6RouterAdvertMinInterval OBJECT-TYPE + SYNTAX Unsigned32 (3..1350) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The minimum time allowed between sending unsolicited router + advertisements from this interface. + + The default is 0.33 * ipv6RouterAdvertMaxInterval, however, + in the case of a low value for ipv6RouterAdvertMaxInterval, + the minimum value for this object is restricted to 3." + REFERENCE "RFC 2461 Section 6.2.1" + ::= { ipv6RouterAdvertEntry 4 } + +ipv6RouterAdvertManagedFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The true/false value to be placed into the 'managed address + configuration' flag field in router advertisements sent from + this interface." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { false } + ::= { ipv6RouterAdvertEntry 5 } + +ipv6RouterAdvertOtherConfigFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The true/false value to be placed into the 'other stateful + configuration' flag field in router advertisements sent from + this interface." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { false } + ::= { ipv6RouterAdvertEntry 6 } + +ipv6RouterAdvertLinkMTU OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value to be placed in MTU options sent by the router on + this interface. + + A value of zero indicates that no MTU options are sent." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { 0 } + ::= { ipv6RouterAdvertEntry 7 } + +ipv6RouterAdvertReachableTime OBJECT-TYPE + SYNTAX Unsigned32 (0..3600000) + UNITS "milliseconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value to be placed in the reachable time field in router + advertisement messages sent from this interface. + + A value of zero in the router advertisement indicates that + the advertisement isn't specifying a value for reachable + time." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { 0 } + ::= { ipv6RouterAdvertEntry 8 } + +ipv6RouterAdvertRetransmitTime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value to be placed in the retransmit timer field in + router advertisements sent from this interface. + + A value of zero in the router advertisement indicates that + the advertisement isn't specifying a value for retrans + time." + REFERENCE "RFC 2461 Section 6.2.1" + DEFVAL { 0 } + ::= { ipv6RouterAdvertEntry 9 } + +ipv6RouterAdvertCurHopLimit OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The default value to be placed in the current hop limit + field in router advertisements sent from this interface. + + The value should be set to the current diameter of the + Internet. + + A value of zero in the router advertisement indicates that + the advertisement isn't specifying a value for curHopLimit. + + The default should be set to the value specified in the IANA + web pages (www.iana.org) at the time of implementation." + REFERENCE "RFC 2461 Section 6.2.1" + ::= { ipv6RouterAdvertEntry 10 } + +ipv6RouterAdvertDefaultLifetime OBJECT-TYPE + SYNTAX Unsigned32 (0|4..9000) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value to be placed in the router lifetime field of + router advertisements sent from this interface. This value + MUST be either 0 or between ipv6RouterAdvertMaxInterval and + 9000 seconds. + + A value of zero indicates that the router is not to be used + as a default router. + + The default is 3 * ipv6RouterAdvertMaxInterval." + REFERENCE "RFC 2461 Section 6.2.1" + ::= { ipv6RouterAdvertEntry 11 } + +ipv6RouterAdvertRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + As all objects in this conceptual row have default values, a + row can be created and made active by setting this object + appropriately. + + The RowStatus TC requires that this DESCRIPTION clause + states under which circumstances other objects in this row + can be modified. The value of this object has no effect on + whether other objects in this conceptual row can be + modified." + ::= { ipv6RouterAdvertEntry 12 } + +-- + +-- ICMP section +-- + +icmp OBJECT IDENTIFIER ::= { mib-2 5 } + +-- +-- ICMP non-message-specific counters +-- + +-- These object IDs are reserved, as they were used in earlier +-- versions of the MIB module. In theory, OIDs are not assigned +-- until the specification is released as an RFC; however, as some +-- companies may have shipped code based on earlier versions of +-- the MIB, it seems best to reserve these OIDs. +-- ::= { icmp 27 } +-- ::= { icmp 28 } + +icmpStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF IcmpStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of generic system-wide ICMP counters." + ::= { icmp 29 } + +icmpStatsEntry OBJECT-TYPE + SYNTAX IcmpStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual row in the icmpStatsTable." + INDEX { icmpStatsIPVersion } + ::= { icmpStatsTable 1 } + +IcmpStatsEntry ::= SEQUENCE { + icmpStatsIPVersion InetVersion, + icmpStatsInMsgs Counter32, + icmpStatsInErrors Counter32, + icmpStatsOutMsgs Counter32, + icmpStatsOutErrors Counter32 + } + +icmpStatsIPVersion OBJECT-TYPE + SYNTAX InetVersion + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP version of the statistics." + ::= { icmpStatsEntry 1 } + +icmpStatsInMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of ICMP messages that the entity received. + Note that this counter includes all those counted by + icmpStatsInErrors." + ::= { icmpStatsEntry 2 } + +icmpStatsInErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP messages that the entity received but + determined as having ICMP-specific errors (bad ICMP + checksums, bad length, etc.)." + ::= { icmpStatsEntry 3 } + +icmpStatsOutMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of ICMP messages that the entity attempted + to send. Note that this counter includes all those counted + by icmpStatsOutErrors." + ::= { icmpStatsEntry 4 } + +icmpStatsOutErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP messages that this entity did not send + due to problems discovered within ICMP, such as a lack of + buffers. This value should not include errors discovered + outside the ICMP layer, such as the inability of IP to route + the resultant datagram. In some implementations, there may + be no types of error that contribute to this counter's + value." + ::= { icmpStatsEntry 5 } + +-- +-- per-version, per-message type ICMP counters + +-- + +icmpMsgStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF IcmpMsgStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of system-wide per-version, per-message type ICMP + counters." + ::= { icmp 30 } + +icmpMsgStatsEntry OBJECT-TYPE + SYNTAX IcmpMsgStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual row in the icmpMsgStatsTable. + + The system should track each ICMP type value, even if that + ICMP type is not supported by the system. However, a + given row need not be instantiated unless a message of that + type has been processed, i.e., the row for + icmpMsgStatsType=X MAY be instantiated before but MUST be + instantiated after the first message with Type=X is + received or transmitted. After receiving or transmitting + any succeeding messages with Type=X, the relevant counter + must be incremented." + INDEX { icmpMsgStatsIPVersion, icmpMsgStatsType } + ::= { icmpMsgStatsTable 1 } + +IcmpMsgStatsEntry ::= SEQUENCE { + icmpMsgStatsIPVersion InetVersion, + icmpMsgStatsType Integer32, + icmpMsgStatsInPkts Counter32, + icmpMsgStatsOutPkts Counter32 + } + +icmpMsgStatsIPVersion OBJECT-TYPE + SYNTAX InetVersion + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP version of the statistics." + ::= { icmpMsgStatsEntry 1 } + +icmpMsgStatsType OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The ICMP type field of the message type being counted by + this row. + + Note that ICMP message types are scoped by the address type + in use." + REFERENCE "http://www.iana.org/assignments/icmp-parameters and + http://www.iana.org/assignments/icmpv6-parameters" + ::= { icmpMsgStatsEntry 2 } + +icmpMsgStatsInPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input packets for this AF and type." + ::= { icmpMsgStatsEntry 3 } + +icmpMsgStatsOutPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output packets for this AF and type." + ::= { icmpMsgStatsEntry 4 } +-- +-- conformance information +-- + +ipMIBConformance OBJECT IDENTIFIER ::= { ipMIB 2 } + +ipMIBCompliances OBJECT IDENTIFIER ::= { ipMIBConformance 1 } +ipMIBGroups OBJECT IDENTIFIER ::= { ipMIBConformance 2 } + +-- compliance statements +ipMIBCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for systems that implement IP - + either IPv4 or IPv6. + + There are a number of INDEX objects that cannot be + represented in the form of OBJECT clauses in SMIv2, but + for which we have the following compliance requirements, + expressed in OBJECT clause form in this description + clause: + + -- OBJECT ipSystemStatsIPVersion + -- SYNTAX InetVersion {ipv4(1), ipv6(2)} + -- DESCRIPTION + -- This MIB requires support for only IPv4 and IPv6 + -- versions. + -- + -- OBJECT ipIfStatsIPVersion + -- SYNTAX InetVersion {ipv4(1), ipv6(2)} + -- DESCRIPTION + -- This MIB requires support for only IPv4 and IPv6 + -- versions. + -- + -- OBJECT icmpStatsIPVersion + -- SYNTAX InetVersion {ipv4(1), ipv6(2)} + -- DESCRIPTION + -- This MIB requires support for only IPv4 and IPv6 + -- versions. + -- + -- OBJECT icmpMsgStatsIPVersion + -- SYNTAX InetVersion {ipv4(1), ipv6(2)} + -- DESCRIPTION + -- This MIB requires support for only IPv4 and IPv6 + -- versions. + -- + -- OBJECT ipAddressPrefixType + -- SYNTAX InetAddressType {ipv4(1), ipv6(2)} + -- DESCRIPTION + -- This MIB requires support for only global IPv4 and + -- IPv6 address types. + -- + -- OBJECT ipAddressPrefixPrefix + -- SYNTAX InetAddress (Size(4 | 16)) + -- DESCRIPTION + -- This MIB requires support for only global IPv4 and + -- IPv6 addresses and so the size can be either 4 or + -- 16 bytes. + -- + -- OBJECT ipAddressAddrType + -- SYNTAX InetAddressType {ipv4(1), ipv6(2), + -- ipv4z(3), ipv6z(4)} + -- DESCRIPTION + -- This MIB requires support for only global and + -- non-global IPv4 and IPv6 address types. + -- + -- OBJECT ipAddressAddr + -- SYNTAX InetAddress (Size(4 | 8 | 16 | 20)) + -- DESCRIPTION + -- This MIB requires support for only global and + + -- non-global IPv4 and IPv6 addresses and so the size + -- can be 4, 8, 16, or 20 bytes. + -- + -- OBJECT ipNetToPhysicalNetAddressType + -- SYNTAX InetAddressType {ipv4(1), ipv6(2), + -- ipv4z(3), ipv6z(4)} + -- DESCRIPTION + -- This MIB requires support for only global and + -- non-global IPv4 and IPv6 address types. + -- + -- OBJECT ipNetToPhysicalNetAddress + -- SYNTAX InetAddress (Size(4 | 8 | 16 | 20)) + -- DESCRIPTION + -- This MIB requires support for only global and + -- non-global IPv4 and IPv6 addresses and so the size + -- can be 4, 8, 16, or 20 bytes. + -- + -- OBJECT ipDefaultRouterAddressType + -- SYNTAX InetAddressType {ipv4(1), ipv6(2), + -- ipv4z(3), ipv6z(4)} + -- DESCRIPTION + -- This MIB requires support for only global and + -- non-global IPv4 and IPv6 address types. + -- + -- OBJECT ipDefaultRouterAddress + -- SYNTAX InetAddress (Size(4 | 8 | 16 | 20)) + -- DESCRIPTION + -- This MIB requires support for only global and + -- non-global IPv4 and IPv6 addresses and so the size + -- can be 4, 8, 16, or 20 bytes." + + MODULE -- this module + + MANDATORY-GROUPS { ipSystemStatsGroup, ipAddressGroup, + ipNetToPhysicalGroup, ipDefaultRouterGroup, + icmpStatsGroup } + + GROUP ipSystemStatsHCOctetGroup + DESCRIPTION + "This group is mandatory for systems that have an aggregate + bandwidth of greater than 20MB. Including this group does + not allow an entity to neglect the 32 bit versions of these + objects." + + GROUP ipSystemStatsHCPacketGroup + DESCRIPTION + "This group is mandatory for systems that have an aggregate + bandwidth of greater than 650MB. Including this group + + does not allow an entity to neglect the 32 bit versions of + these objects." + + GROUP ipIfStatsGroup + DESCRIPTION + "This group is optional for all systems." + + GROUP ipIfStatsHCOctetGroup + DESCRIPTION + "This group is mandatory for systems that include the + ipIfStatsGroup and include links with bandwidths of greater + than 20MB. Including this group does not allow an entity to + neglect the 32 bit versions of these objects." + + GROUP ipIfStatsHCPacketGroup + DESCRIPTION + "This group is mandatory for systems that include the + ipIfStatsGroup and include links with bandwidths of greater + than 650MB. Including this group does not allow an entity + to neglect the 32 bit versions of these objects." + + GROUP ipv4GeneralGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4." + + GROUP ipv4IfGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4." + + GROUP ipv4SystemStatsGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4." + + GROUP ipv4SystemStatsHCPacketGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4 and + that have an aggregate bandwidth of greater than 650MB. + Including this group does not allow an entity to neglect the + 32 bit versions of these objects." + + GROUP ipv4IfStatsGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4 and + including the ipIfStatsGroup." + + GROUP ipv4IfStatsHCPacketGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv4 and + + including the ipIfStatsHCPacketGroup. Including this group + does not allow an entity to neglect the 32 bit versions of + these objects." + + GROUP ipv6GeneralGroup2 + DESCRIPTION + "This group is mandatory for all systems supporting IPv6." + + GROUP ipv6IfGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv6." + + GROUP ipAddressPrefixGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv6." + + GROUP ipv6ScopeGroup + DESCRIPTION + "This group is mandatory for all systems supporting IPv6." + + GROUP ipv6RouterAdvertGroup + DESCRIPTION + "This group is mandatory for all IPv6 routers." + + GROUP ipLastChangeGroup + DESCRIPTION + "This group is optional for all agents." + + OBJECT ipv6IpForwarding + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6IpDefaultHopLimit + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv4InterfaceEnableStatus + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6InterfaceEnableStatus + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6InterfaceForwarding + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipAddressSpinLock + MIN-ACCESS not-accessible + DESCRIPTION + "An agent is not required to provide write access to this + object. However, if an agent provides write access to any + of the other objects in the ipAddressGroup, it SHOULD + provide write access to this object as well." + + OBJECT ipAddressIfIndex + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipAddressType + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipAddressStatus + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipAddressRowStatus + SYNTAX RowStatus { active(1) } + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipAddressStorageType + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object. + + If an agent allows this object to be written or created, it + is not required to allow this object to be set to readOnly, + permanent, or nonVolatile." + + OBJECT ipNetToPhysicalPhysAddress + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipNetToPhysicalType + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + + OBJECT ipv6RouterAdvertSpinLock + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object. However, if an agent provides write access to + any of the other objects in the ipv6RouterAdvertGroup, it + SHOULD provide write access to this object as well." + + OBJECT ipv6RouterAdvertSendAdverts + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertMaxInterval + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertMinInterval + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertManagedFlag + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertOtherConfigFlag + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertLinkMTU + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertReachableTime + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertRetransmitTime + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertCurHopLimit + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertDefaultLifetime + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write access to this + object." + + OBJECT ipv6RouterAdvertRowStatus + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write or create access + to this object." + ::= { ipMIBCompliances 2 } + +-- units of conformance + +ipv4GeneralGroup OBJECT-GROUP + OBJECTS { ipForwarding, ipDefaultTTL, ipReasmTimeout } + STATUS current + DESCRIPTION + "The group of IPv4-specific objects for basic management of + IPv4 entities." + ::= { ipMIBGroups 3 } + +ipv4IfGroup OBJECT-GROUP + OBJECTS { ipv4InterfaceReasmMaxSize, ipv4InterfaceEnableStatus, + ipv4InterfaceRetransmitTime } + STATUS current + DESCRIPTION + "The group of IPv4-specific objects for basic management of + IPv4 interfaces." + ::= { ipMIBGroups 4 } + +ipv6GeneralGroup2 OBJECT-GROUP + OBJECTS { ipv6IpForwarding, ipv6IpDefaultHopLimit } + STATUS current + DESCRIPTION + "The IPv6 group of objects providing for basic management of + IPv6 entities." + ::= { ipMIBGroups 5 } + +ipv6IfGroup OBJECT-GROUP + OBJECTS { ipv6InterfaceReasmMaxSize, ipv6InterfaceIdentifier, + ipv6InterfaceEnableStatus, ipv6InterfaceReachableTime, + ipv6InterfaceRetransmitTime, ipv6InterfaceForwarding } + STATUS current + DESCRIPTION + "The group of IPv6-specific objects for basic management of + IPv6 interfaces." + ::= { ipMIBGroups 6 } + +ipLastChangeGroup OBJECT-GROUP + OBJECTS { ipv4InterfaceTableLastChange, + ipv6InterfaceTableLastChange, + ipIfStatsTableLastChange } + STATUS current + DESCRIPTION + "The last change objects associated with this MIB. These + objects are optional for all agents. They SHOULD be + implemented on agents where it is possible to determine the + proper values. Where it is not possible to determine the + proper values, for example when the tables are split amongst + several sub-agents using AgentX, the agent MUST NOT + implement these objects to return an incorrect or static + value." + ::= { ipMIBGroups 7 } + +ipSystemStatsGroup OBJECT-GROUP + OBJECTS { ipSystemStatsInReceives, + ipSystemStatsInOctets, + ipSystemStatsInHdrErrors, + ipSystemStatsInNoRoutes, + ipSystemStatsInAddrErrors, + ipSystemStatsInUnknownProtos, + ipSystemStatsInTruncatedPkts, + ipSystemStatsInForwDatagrams, + ipSystemStatsReasmReqds, + ipSystemStatsReasmOKs, + ipSystemStatsReasmFails, + ipSystemStatsInDiscards, + ipSystemStatsInDelivers, + ipSystemStatsOutRequests, + ipSystemStatsOutNoRoutes, + ipSystemStatsOutForwDatagrams, + ipSystemStatsOutDiscards, + ipSystemStatsOutFragReqds, + ipSystemStatsOutFragOKs, + ipSystemStatsOutFragFails, + ipSystemStatsOutFragCreates, + ipSystemStatsOutTransmits, + ipSystemStatsOutOctets, + ipSystemStatsInMcastPkts, + ipSystemStatsInMcastOctets, + ipSystemStatsOutMcastPkts, + ipSystemStatsOutMcastOctets, + ipSystemStatsDiscontinuityTime, + ipSystemStatsRefreshRate } + STATUS current + DESCRIPTION + "IP system wide statistics." + ::= { ipMIBGroups 8 } + +ipv4SystemStatsGroup OBJECT-GROUP + OBJECTS { ipSystemStatsInBcastPkts, ipSystemStatsOutBcastPkts } + STATUS current + DESCRIPTION + "IPv4 only system wide statistics." + ::= { ipMIBGroups 9 } + +ipSystemStatsHCOctetGroup OBJECT-GROUP + OBJECTS { ipSystemStatsHCInOctets, + ipSystemStatsHCOutOctets, + ipSystemStatsHCInMcastOctets, + ipSystemStatsHCOutMcastOctets +} + STATUS current + DESCRIPTION + "IP system wide statistics for systems that may overflow the + standard octet counters within 1 hour." + ::= { ipMIBGroups 10 } + +ipSystemStatsHCPacketGroup OBJECT-GROUP + OBJECTS { ipSystemStatsHCInReceives, + ipSystemStatsHCInForwDatagrams, + ipSystemStatsHCInDelivers, + ipSystemStatsHCOutRequests, + ipSystemStatsHCOutForwDatagrams, + ipSystemStatsHCOutTransmits, + ipSystemStatsHCInMcastPkts, + ipSystemStatsHCOutMcastPkts +} + STATUS current + DESCRIPTION + "IP system wide statistics for systems that may overflow the + standard packet counters within 1 hour." + ::= { ipMIBGroups 11 } + +ipv4SystemStatsHCPacketGroup OBJECT-GROUP + OBJECTS { ipSystemStatsHCInBcastPkts, + ipSystemStatsHCOutBcastPkts } + STATUS current + DESCRIPTION + "IPv4 only system wide statistics for systems that may + overflow the standard packet counters within 1 hour." + ::= { ipMIBGroups 12 } + +ipIfStatsGroup OBJECT-GROUP + OBJECTS { ipIfStatsInReceives, ipIfStatsInOctets, + ipIfStatsInHdrErrors, ipIfStatsInNoRoutes, + ipIfStatsInAddrErrors, ipIfStatsInUnknownProtos, + ipIfStatsInTruncatedPkts, ipIfStatsInForwDatagrams, + ipIfStatsReasmReqds, ipIfStatsReasmOKs, + ipIfStatsReasmFails, ipIfStatsInDiscards, + ipIfStatsInDelivers, ipIfStatsOutRequests, + ipIfStatsOutForwDatagrams, ipIfStatsOutDiscards, + ipIfStatsOutFragReqds, ipIfStatsOutFragOKs, + ipIfStatsOutFragFails, ipIfStatsOutFragCreates, + ipIfStatsOutTransmits, ipIfStatsOutOctets, + ipIfStatsInMcastPkts, ipIfStatsInMcastOctets, + ipIfStatsOutMcastPkts, ipIfStatsOutMcastOctets, + ipIfStatsDiscontinuityTime, ipIfStatsRefreshRate } + STATUS current + DESCRIPTION + "IP per-interface statistics." + ::= { ipMIBGroups 13 } + +ipv4IfStatsGroup OBJECT-GROUP + OBJECTS { ipIfStatsInBcastPkts, ipIfStatsOutBcastPkts } + STATUS current + DESCRIPTION + "IPv4 only per-interface statistics." + ::= { ipMIBGroups 14 } + +ipIfStatsHCOctetGroup OBJECT-GROUP + OBJECTS { ipIfStatsHCInOctets, ipIfStatsHCOutOctets, + ipIfStatsHCInMcastOctets, ipIfStatsHCOutMcastOctets } + STATUS current + DESCRIPTION + "IP per-interfaces statistics for systems that include + interfaces that may overflow the standard octet + counters within 1 hour." + ::= { ipMIBGroups 15 } + +ipIfStatsHCPacketGroup OBJECT-GROUP + OBJECTS { ipIfStatsHCInReceives, ipIfStatsHCInForwDatagrams, + ipIfStatsHCInDelivers, ipIfStatsHCOutRequests, + ipIfStatsHCOutForwDatagrams, ipIfStatsHCOutTransmits, + ipIfStatsHCInMcastPkts, ipIfStatsHCOutMcastPkts } + STATUS current + DESCRIPTION + "IP per-interfaces statistics for systems that include + interfaces that may overflow the standard packet counters + within 1 hour." + ::= { ipMIBGroups 16 } + +ipv4IfStatsHCPacketGroup OBJECT-GROUP + OBJECTS { ipIfStatsHCInBcastPkts, ipIfStatsHCOutBcastPkts } + STATUS current + DESCRIPTION + "IPv4 only per-interface statistics for systems that include + interfaces that may overflow the standard packet counters + within 1 hour." + ::= { ipMIBGroups 17 } + +ipAddressPrefixGroup OBJECT-GROUP + OBJECTS { ipAddressPrefixOrigin, + ipAddressPrefixOnLinkFlag, + ipAddressPrefixAutonomousFlag, + ipAddressPrefixAdvPreferredLifetime, + ipAddressPrefixAdvValidLifetime } + STATUS current + DESCRIPTION + "The group of objects for providing information about address + prefixes used by this node." + ::= { ipMIBGroups 18 } + +ipAddressGroup OBJECT-GROUP + OBJECTS { ipAddressSpinLock, ipAddressIfIndex, + ipAddressType, ipAddressPrefix, + ipAddressOrigin, ipAddressStatus, + ipAddressCreated, ipAddressLastChanged, + ipAddressRowStatus, ipAddressStorageType } + STATUS current + DESCRIPTION + "The group of objects for providing information about the + addresses relevant to this entity's interfaces." + ::= { ipMIBGroups 19 } + +ipNetToPhysicalGroup OBJECT-GROUP + OBJECTS { ipNetToPhysicalPhysAddress, ipNetToPhysicalLastUpdated, + ipNetToPhysicalType, ipNetToPhysicalState, + ipNetToPhysicalRowStatus } + STATUS current + DESCRIPTION + "The group of objects for providing information about the + mappings of network address to physical address known to + this node." + ::= { ipMIBGroups 20 } + +ipv6ScopeGroup OBJECT-GROUP + OBJECTS { ipv6ScopeZoneIndexLinkLocal, + ipv6ScopeZoneIndex3, + ipv6ScopeZoneIndexAdminLocal, + ipv6ScopeZoneIndexSiteLocal, + ipv6ScopeZoneIndex6, + ipv6ScopeZoneIndex7, + ipv6ScopeZoneIndexOrganizationLocal, + ipv6ScopeZoneIndex9, + ipv6ScopeZoneIndexA, + ipv6ScopeZoneIndexB, + ipv6ScopeZoneIndexC, + ipv6ScopeZoneIndexD } + STATUS current + DESCRIPTION + "The group of objects for managing IPv6 scope zones." + ::= { ipMIBGroups 21 } + +ipDefaultRouterGroup OBJECT-GROUP + OBJECTS { ipDefaultRouterLifetime, ipDefaultRouterPreference } + STATUS current + DESCRIPTION + "The group of objects for providing information about default + routers known to this node." + ::= { ipMIBGroups 22 } + +ipv6RouterAdvertGroup OBJECT-GROUP + OBJECTS { ipv6RouterAdvertSpinLock, + ipv6RouterAdvertSendAdverts, + ipv6RouterAdvertMaxInterval, + ipv6RouterAdvertMinInterval, + ipv6RouterAdvertManagedFlag, + ipv6RouterAdvertOtherConfigFlag, + ipv6RouterAdvertLinkMTU, + ipv6RouterAdvertReachableTime, + ipv6RouterAdvertRetransmitTime, + ipv6RouterAdvertCurHopLimit, + ipv6RouterAdvertDefaultLifetime, + ipv6RouterAdvertRowStatus +} + STATUS current + DESCRIPTION + "The group of objects for controlling information advertised + by IPv6 routers." + ::= { ipMIBGroups 23 } + +icmpStatsGroup OBJECT-GROUP + OBJECTS {icmpStatsInMsgs, icmpStatsInErrors, + icmpStatsOutMsgs, icmpStatsOutErrors, + icmpMsgStatsInPkts, icmpMsgStatsOutPkts } + STATUS current + DESCRIPTION + "The group of objects providing ICMP statistics." + ::= { ipMIBGroups 24 } + +-- +-- Deprecated objects +-- + +ipInReceives OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of input datagrams received from + interfaces, including those received in error. + + This object has been deprecated, as a new IP version-neutral + + table has been added. It is loosely replaced by + ipSystemStatsInRecieves." + ::= { ip 3 } + +ipInHdrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of input datagrams discarded due to errors in + their IPv4 headers, including bad checksums, version number + mismatch, other format errors, time-to-live exceeded, errors + discovered in processing their IPv4 options, etc. + + This object has been deprecated as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsInHdrErrors." + ::= { ip 4 } + +ipInAddrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of input datagrams discarded because the IPv4 + address in their IPv4 header's destination field was not a + valid address to be received at this entity. This count + includes invalid addresses (e.g., 0.0.0.0) and addresses of + unsupported Classes (e.g., Class E). For entities which are + not IPv4 routers, and therefore do not forward datagrams, + this counter includes datagrams discarded because the + destination address was not a local address. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsInAddrErrors." + ::= { ip 5 } + +ipForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of input datagrams for which this entity was not + their final IPv4 destination, as a result of which an + attempt was made to find a route to forward them to that + final destination. In entities which do not act as IPv4 + routers, this counter will include only those packets which + + were Source-Routed via this entity, and the Source-Route + option processing was successful. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsInForwDatagrams." + ::= { ip 6 } + +ipInUnknownProtos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of locally-addressed datagrams received + successfully but discarded because of an unknown or + unsupported protocol. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsInUnknownProtos." + ::= { ip 7 } + +ipInDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of input IPv4 datagrams for which no problems + were encountered to prevent their continued processing, but + which were discarded (e.g., for lack of buffer space). Note + that this counter does not include any datagrams discarded + while awaiting re-assembly. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsInDiscards." + ::= { ip 8 } + +ipInDelivers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of input datagrams successfully delivered + to IPv4 user-protocols (including ICMP). + + This object has been deprecated as a new IP version neutral + table has been added. It is loosely replaced by + + ipSystemStatsIndelivers." + ::= { ip 9 } + +ipOutRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of IPv4 datagrams which local IPv4 user + protocols (including ICMP) supplied to IPv4 in requests for + transmission. Note that this counter does not include any + datagrams counted in ipForwDatagrams. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsOutRequests." + ::= { ip 10 } + +ipOutDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of output IPv4 datagrams for which no problem was + encountered to prevent their transmission to their + destination, but which were discarded (e.g., for lack of + buffer space). Note that this counter would include + datagrams counted in ipForwDatagrams if any such packets met + this (discretionary) discard criterion. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsOutDiscards." + ::= { ip 11 } + +ipOutNoRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 datagrams discarded because no route + could be found to transmit them to their destination. Note + that this counter includes any packets counted in + ipForwDatagrams which meet this `no-route' criterion. Note + that this includes any datagrams which a host cannot route + because all of its default routers are down. + + This object has been deprecated, as a new IP version-neutral + + table has been added. It is loosely replaced by + ipSystemStatsOutNoRoutes." + ::= { ip 12 } + +ipReasmReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 fragments received which needed to be + reassembled at this entity. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsReasmReqds." + ::= { ip 14 } + +ipReasmOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 datagrams successfully re-assembled. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsReasmOKs." + ::= { ip 15 } + +ipReasmFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of failures detected by the IPv4 re-assembly + algorithm (for whatever reason: timed out, errors, etc). + Note that this is not necessarily a count of discarded IPv4 + fragments since some algorithms (notably the algorithm in + RFC 815) can lose track of the number of fragments by + combining them as they are received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsReasmFails." + ::= { ip 16 } + +ipFragOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 datagrams that have been successfully + fragmented at this entity. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsOutFragOKs." + ::= { ip 17 } + +ipFragFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 datagrams that have been discarded + because they needed to be fragmented at this entity but + could not be, e.g., because their Don't Fragment flag was + set. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + ipSystemStatsOutFragFails." + ::= { ip 18 } + +ipFragCreates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of IPv4 datagram fragments that have been + generated as a result of fragmentation at this entity. + + This object has been deprecated as a new IP version neutral + table has been added. It is loosely replaced by + ipSystemStatsOutFragCreates." + ::= { ip 19 } + +ipRoutingDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of routing entries which were chosen to be + discarded even though they are valid. One possible reason + for discarding such an entry could be to free-up buffer + space for other routing entries. + + This object was defined in pre-IPv6 versions of the IP MIB. + It was implicitly IPv4 only, but the original specifications + did not indicate this protocol restriction. In order to + clarify the specifications, this object has been deprecated + and a similar, but more thoroughly clarified, object has + been added to the IP-FORWARD-MIB." + ::= { ip 23 } + +-- the deprecated IPv4 address table + +ipAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpAddrEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The table of addressing information relevant to this + entity's IPv4 addresses. + + This table has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by the + ipAddressTable although several objects that weren't deemed + useful weren't carried forward while another + (ipAdEntReasmMaxSize) was moved to the ipv4InterfaceTable." + ::= { ip 20 } + +ipAddrEntry OBJECT-TYPE + SYNTAX IpAddrEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The addressing information for one of this entity's IPv4 + addresses." + INDEX { ipAdEntAddr } + ::= { ipAddrTable 1 } + +IpAddrEntry ::= SEQUENCE { + ipAdEntAddr IpAddress, + ipAdEntIfIndex INTEGER, + ipAdEntNetMask IpAddress, + ipAdEntBcastAddr INTEGER, + ipAdEntReasmMaxSize INTEGER + } + +ipAdEntAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The IPv4 address to which this entry's addressing + information pertains." + ::= { ipAddrEntry 1 } + +ipAdEntIfIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The index value which uniquely identifies the interface to + which this entry is applicable. The interface identified by + a particular value of this index is the same interface as + identified by the same value of the IF-MIB's ifIndex." + ::= { ipAddrEntry 2 } + +ipAdEntNetMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The subnet mask associated with the IPv4 address of this + entry. The value of the mask is an IPv4 address with all + the network bits set to 1 and all the hosts bits set to 0." + ::= { ipAddrEntry 3 } + +ipAdEntBcastAddr OBJECT-TYPE + SYNTAX INTEGER (0..1) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The value of the least-significant bit in the IPv4 broadcast + address used for sending datagrams on the (logical) + interface associated with the IPv4 address of this entry. + For example, when the Internet standard all-ones broadcast + address is used, the value will be 1. This value applies to + both the subnet and network broadcast addresses used by the + entity on this (logical) interface." + ::= { ipAddrEntry 4 } + +ipAdEntReasmMaxSize OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The size of the largest IPv4 datagram which this entity can + re-assemble from incoming IPv4 fragmented datagrams received + on this interface." + ::= { ipAddrEntry 5 } + +-- the deprecated IPv4 Address Translation table + +-- The Address Translation tables contain the IpAddress to +-- "physical" address equivalences. Some interfaces do not +-- use translation tables for determining address +-- equivalences (e.g., DDN-X.25 has an algorithmic method); +-- if all interfaces are of this type, then the Address +-- Translation table is empty, i.e., has zero entries. + +ipNetToMediaTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpNetToMediaEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The IPv4 Address Translation table used for mapping from + IPv4 addresses to physical addresses. + + This table has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by the + ipNetToPhysicalTable." + ::= { ip 22 } + +ipNetToMediaEntry OBJECT-TYPE + SYNTAX IpNetToMediaEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "Each entry contains one IpAddress to `physical' address + equivalence." + INDEX { ipNetToMediaIfIndex, + ipNetToMediaNetAddress } + ::= { ipNetToMediaTable 1 } + +IpNetToMediaEntry ::= SEQUENCE { + ipNetToMediaIfIndex INTEGER, + ipNetToMediaPhysAddress PhysAddress, + ipNetToMediaNetAddress IpAddress, + ipNetToMediaType INTEGER + } + +ipNetToMediaIfIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The interface on which this entry's equivalence is + effective. The interface identified by a particular value + of this index is the same interface as identified by the + + same value of the IF-MIB's ifIndex. + + This object predates the rule limiting index objects to a + max access value of 'not-accessible' and so continues to use + a value of 'read-create'." + ::= { ipNetToMediaEntry 1 } + +ipNetToMediaPhysAddress OBJECT-TYPE + SYNTAX PhysAddress (SIZE(0..65535)) + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The media-dependent `physical' address. This object should + return 0 when this entry is in the 'incomplete' state. + + As the entries in this table are typically not persistent + when this object is written the entity should not save the + change to non-volatile storage. Note: a stronger + requirement is not used because this object was previously + defined." + ::= { ipNetToMediaEntry 2 } + +ipNetToMediaNetAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The IpAddress corresponding to the media-dependent + `physical' address. + + This object predates the rule limiting index objects to a + max access value of 'not-accessible' and so continues to use + a value of 'read-create'." + ::= { ipNetToMediaEntry 3 } + +ipNetToMediaType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + invalid(2), -- an invalidated mapping + dynamic(3), + static(4) + } + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The type of mapping. + + Setting this object to the value invalid(2) has the effect + + of invalidating the corresponding entry in the + ipNetToMediaTable. That is, it effectively dis-associates + the interface identified with said entry from the mapping + identified with said entry. It is an implementation- + specific matter as to whether the agent removes an + invalidated entry from the table. Accordingly, management + stations must be prepared to receive tabular information + from agents that corresponds to entries not currently in + use. Proper interpretation of such entries requires + examination of the relevant ipNetToMediaType object. + + As the entries in this table are typically not persistent + when this object is written the entity should not save the + change to non-volatile storage. Note: a stronger + requirement is not used because this object was previously + defined." + ::= { ipNetToMediaEntry 4 } + +-- the deprecated ICMP group + +icmpInMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of ICMP messages which the entity received. + Note that this counter includes all those counted by + icmpInErrors. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + icmpStatsInMsgs." + ::= { icmp 1 } + +icmpInErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP messages which the entity received but + determined as having ICMP-specific errors (bad ICMP + checksums, bad length, etc.). + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + icmpStatsInErrors." + ::= { icmp 2 } + +icmpInDestUnreachs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Destination Unreachable messages + received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 3 } + +icmpInTimeExcds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Time Exceeded messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 4 } + +icmpInParmProbs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Parameter Problem messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 5 } + +icmpInSrcQuenchs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Source Quench messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 6 } + +icmpInRedirects OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Redirect messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 7 } + +icmpInEchos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Echo (request) messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 8 } + +icmpInEchoReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Echo Reply messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 9 } + +icmpInTimestamps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Timestamp (request) messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 10 } + +icmpInTimestampReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Timestamp Reply messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 11 } + +icmpInAddrMasks OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Address Mask Request messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 12 } + +icmpInAddrMaskReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Address Mask Reply messages received. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 13 } + +icmpOutMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The total number of ICMP messages which this entity + attempted to send. Note that this counter includes all + those counted by icmpOutErrors. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + icmpStatsOutMsgs." + ::= { icmp 14 } + +icmpOutErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP messages which this entity did not send + due to problems discovered within ICMP, such as a lack of + buffers. This value should not include errors discovered + outside the ICMP layer, such as the inability of IP to route + the resultant datagram. In some implementations, there may + be no types of error which contribute to this counter's + value. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by + icmpStatsOutErrors." + ::= { icmp 15 } + +icmpOutDestUnreachs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Destination Unreachable messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 16 } + +icmpOutTimeExcds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Time Exceeded messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 17 } + +icmpOutParmProbs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Parameter Problem messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 18 } + +icmpOutSrcQuenchs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Source Quench messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 19 } + +icmpOutRedirects OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Redirect messages sent. For a host, this + object will always be zero, since hosts do not send + redirects. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 20 } + +icmpOutEchos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Echo (request) messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 21 } + +icmpOutEchoReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Echo Reply messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 22 } + +icmpOutTimestamps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Timestamp (request) messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 23 } + +icmpOutTimestampReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Timestamp Reply messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 24 } + +icmpOutAddrMasks OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Address Mask Request messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 25 } + +icmpOutAddrMaskReps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The number of ICMP Address Mask Reply messages sent. + + This object has been deprecated, as a new IP version-neutral + table has been added. It is loosely replaced by a column in + the icmpMsgStatsTable." + ::= { icmp 26 } + +-- deprecated conformance information +-- deprecated compliance statements + +ipMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for systems that implement only + IPv4. For version-independence, this compliance statement + is deprecated in favor of ipMIBCompliance2." + MODULE -- this module + MANDATORY-GROUPS { ipGroup, + icmpGroup } + ::= { ipMIBCompliances 1 } + +-- deprecated units of conformance + +ipGroup OBJECT-GROUP + OBJECTS { ipForwarding, ipDefaultTTL, + ipInReceives, ipInHdrErrors, + ipInAddrErrors, ipForwDatagrams, + ipInUnknownProtos, ipInDiscards, + ipInDelivers, ipOutRequests, + ipOutDiscards, ipOutNoRoutes, + ipReasmTimeout, ipReasmReqds, + ipReasmOKs, ipReasmFails, + ipFragOKs, ipFragFails, + ipFragCreates, ipAdEntAddr, + ipAdEntIfIndex, ipAdEntNetMask, + ipAdEntBcastAddr, ipAdEntReasmMaxSize, + ipNetToMediaIfIndex, ipNetToMediaPhysAddress, + ipNetToMediaNetAddress, ipNetToMediaType, + ipRoutingDiscards +} + STATUS deprecated + DESCRIPTION + "The ip group of objects providing for basic management of IP + entities, exclusive of the management of IP routes. + + As part of the version independence, this group has been + deprecated. " + ::= { ipMIBGroups 1 } + +icmpGroup OBJECT-GROUP + OBJECTS { icmpInMsgs, icmpInErrors, + icmpInDestUnreachs, icmpInTimeExcds, + icmpInParmProbs, icmpInSrcQuenchs, + icmpInRedirects, icmpInEchos, + icmpInEchoReps, icmpInTimestamps, + icmpInTimestampReps, icmpInAddrMasks, + icmpInAddrMaskReps, icmpOutMsgs, + icmpOutErrors, icmpOutDestUnreachs, + icmpOutTimeExcds, icmpOutParmProbs, + icmpOutSrcQuenchs, icmpOutRedirects, + icmpOutEchos, icmpOutEchoReps, + icmpOutTimestamps, icmpOutTimestampReps, + icmpOutAddrMasks, icmpOutAddrMaskReps } + STATUS deprecated + DESCRIPTION + "The icmp group of objects providing ICMP statistics. + + As part of the version independence, this group has been + deprecated. " + ::= { ipMIBGroups 2 } + +END diff --git a/data/mibs/IPV6-FLOW-LABEL-MIB.txt b/data/mibs/IPV6-FLOW-LABEL-MIB.txt new file mode 100644 index 000000000..6fb36596b --- /dev/null +++ b/data/mibs/IPV6-FLOW-LABEL-MIB.txt @@ -0,0 +1,58 @@ +IPV6-FLOW-LABEL-MIB DEFINITIONS ::= BEGIN + +IMPORTS + + MODULE-IDENTITY, mib-2, Integer32 FROM SNMPv2-SMI + TEXTUAL-CONVENTION FROM SNMPv2-TC; + +ipv6FlowLabelMIB MODULE-IDENTITY + + LAST-UPDATED "200308280000Z" -- 28 August 2003 + ORGANIZATION "IETF Operations and Management Area" + CONTACT-INFO "Bert Wijnen (Editor) + Lucent Technologies + Schagen 33 + 3461 GL Linschoten + Netherlands + + Phone: +31 348-407-775 + EMail: bwijnen@lucent.com + + Send comments to <mibs@ops.ietf.org>. + " + DESCRIPTION "This MIB module provides commonly used textual + conventions for IPv6 Flow Labels. + + Copyright (C) The Internet Society (2003). This + version of this MIB module is part of RFC 3595, + see the RFC itself for full legal notices. + " + -- Revision History + + REVISION "200308280000Z" -- 28 August 2003 + DESCRIPTION "Initial version, published as RFC 3595." + ::= { mib-2 103 } + +IPv6FlowLabel ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION "The flow identifier or Flow Label in an IPv6 + packet header that may be used to discriminate + traffic flows. + " + REFERENCE "Internet Protocol, Version 6 (IPv6) specification, + section 6. RFC 2460. + " + SYNTAX Integer32 (0..1048575) + +IPv6FlowLabelOrAny ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION "The flow identifier or Flow Label in an IPv6 + packet header that may be used to discriminate + traffic flows. The value of -1 is used to + indicate a wildcard, i.e. any value. + " + SYNTAX Integer32 (-1 | 0..1048575) + +END diff --git a/data/mibs/IPV6-ICMP-MIB.txt b/data/mibs/IPV6-ICMP-MIB.txt new file mode 100644 index 000000000..bb66da576 --- /dev/null +++ b/data/mibs/IPV6-ICMP-MIB.txt @@ -0,0 +1,529 @@ + IPV6-ICMP-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Counter32, mib-2 FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + ipv6IfEntry FROM IPV6-MIB; + + ipv6IcmpMIB MODULE-IDENTITY + LAST-UPDATED "9801082155Z" + ORGANIZATION "IETF IPv6 Working Group" + CONTACT-INFO + " Dimitry Haskin + + Postal: Bay Networks, Inc. + 660 Techology Park Drive. + Billerica, MA 01821 + US + + Tel: +1-978-916-8124 + E-mail: dhaskin@baynetworks.com + + Steve Onishi + + Postal: Bay Networks, Inc. + 3 Federal Street + Billerica, MA 01821 + US + + Tel: +1-978-916-3816 + E-mail: sonishi@baynetworks.com" + DESCRIPTION + "The MIB module for entities implementing + the ICMPv6." + ::= { mib-2 56 } + + -- the ICMPv6 group + + ipv6IcmpMIBObjects OBJECT IDENTIFIER ::= { ipv6IcmpMIB 1 } + + -- Per-interface ICMPv6 statistics table + + ipv6IfIcmpTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6IfIcmpEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "IPv6 ICMP statistics. This table contains statistics + of ICMPv6 messages that are received and sourced by + the entity." + ::= { ipv6IcmpMIBObjects 1 } + + ipv6IfIcmpEntry OBJECT-TYPE + SYNTAX Ipv6IfIcmpEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An ICMPv6 statistics entry containing + objects at a particular IPv6 interface. + + Note that a receiving interface is + the interface to which a given ICMPv6 message + is addressed which may not be necessarily + the input interface for the message. + + Similarly, the sending interface is + the interface that sources a given + ICMP message which is usually but not + necessarily the output interface for the message." + AUGMENTS { ipv6IfEntry } + ::= { ipv6IfIcmpTable 1 } + + Ipv6IfIcmpEntry ::= SEQUENCE { + ipv6IfIcmpInMsgs + Counter32 , + ipv6IfIcmpInErrors + Counter32 , + ipv6IfIcmpInDestUnreachs + Counter32 , + ipv6IfIcmpInAdminProhibs + Counter32 , + ipv6IfIcmpInTimeExcds + Counter32 , + ipv6IfIcmpInParmProblems + Counter32 , + ipv6IfIcmpInPktTooBigs + Counter32 , + ipv6IfIcmpInEchos + Counter32 , + ipv6IfIcmpInEchoReplies + Counter32 , + ipv6IfIcmpInRouterSolicits + Counter32 , + ipv6IfIcmpInRouterAdvertisements + Counter32 , + ipv6IfIcmpInNeighborSolicits + Counter32 , + ipv6IfIcmpInNeighborAdvertisements + Counter32 , + ipv6IfIcmpInRedirects + Counter32 , + ipv6IfIcmpInGroupMembQueries + Counter32 , + ipv6IfIcmpInGroupMembResponses + Counter32 , + ipv6IfIcmpInGroupMembReductions + Counter32 , + ipv6IfIcmpOutMsgs + Counter32 , + ipv6IfIcmpOutErrors + Counter32 , + ipv6IfIcmpOutDestUnreachs + Counter32 , + ipv6IfIcmpOutAdminProhibs + Counter32 , + ipv6IfIcmpOutTimeExcds + Counter32 , + ipv6IfIcmpOutParmProblems + Counter32 , + ipv6IfIcmpOutPktTooBigs + Counter32 , + ipv6IfIcmpOutEchos + Counter32 , + ipv6IfIcmpOutEchoReplies + Counter32 , + ipv6IfIcmpOutRouterSolicits + Counter32 , + ipv6IfIcmpOutRouterAdvertisements + Counter32 , + ipv6IfIcmpOutNeighborSolicits + Counter32 , + ipv6IfIcmpOutNeighborAdvertisements + Counter32 , + ipv6IfIcmpOutRedirects + Counter32 , + ipv6IfIcmpOutGroupMembQueries + Counter32 , + ipv6IfIcmpOutGroupMembResponses + Counter32 , + ipv6IfIcmpOutGroupMembReductions + Counter32 + + } + + ipv6IfIcmpInMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of ICMP messages received + by the interface which includes all those + counted by ipv6IfIcmpInErrors. Note that this + interface is the interface to which the + ICMP messages were addressed which may not be + necessarily the input interface for the messages." + ::= { ipv6IfIcmpEntry 1 } + + ipv6IfIcmpInErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP messages which the interface + received but determined as having ICMP-specific + errors (bad ICMP checksums, bad length, etc.)." + ::= { ipv6IfIcmpEntry 2 } + + ipv6IfIcmpInDestUnreachs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Destination Unreachable + messages received by the interface." + ::= { ipv6IfIcmpEntry 3 } + + ipv6IfIcmpInAdminProhibs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP destination + unreachable/communication administratively + prohibited messages received by the interface." + ::= { ipv6IfIcmpEntry 4 } + + ipv6IfIcmpInTimeExcds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Time Exceeded messages + received by the interface." + ::= { ipv6IfIcmpEntry 5 } + + ipv6IfIcmpInParmProblems OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Parameter Problem messages + received by the interface." + ::= { ipv6IfIcmpEntry 6 } + + ipv6IfIcmpInPktTooBigs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Packet Too Big messages + received by the interface." + ::= { ipv6IfIcmpEntry 7 } + + ipv6IfIcmpInEchos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Echo (request) messages + received by the interface." + ::= { ipv6IfIcmpEntry 8 } + + ipv6IfIcmpInEchoReplies OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Echo Reply messages received + by the interface." + ::= { ipv6IfIcmpEntry 9 } + + ipv6IfIcmpInRouterSolicits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Router Solicit messages + received by the interface." + ::= { ipv6IfIcmpEntry 10 } + + ipv6IfIcmpInRouterAdvertisements OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Router Advertisement messages + received by the interface." + ::= { ipv6IfIcmpEntry 11 } + + ipv6IfIcmpInNeighborSolicits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Neighbor Solicit messages + received by the interface." + ::= { ipv6IfIcmpEntry 12 } + + ipv6IfIcmpInNeighborAdvertisements OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Neighbor Advertisement + messages received by the interface." + ::= { ipv6IfIcmpEntry 13 } + + ipv6IfIcmpInRedirects OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of Redirect messages received + by the interface." + ::= { ipv6IfIcmpEntry 14 } + + ipv6IfIcmpInGroupMembQueries OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Query + messages received by the interface." + ::= { ipv6IfIcmpEntry 15} + + ipv6IfIcmpInGroupMembResponses OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Response messages + received by the interface." + ::= { ipv6IfIcmpEntry 16} + + ipv6IfIcmpInGroupMembReductions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Reduction messages + received by the interface." + ::= { ipv6IfIcmpEntry 17} + + ipv6IfIcmpOutMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of ICMP messages which this + interface attempted to send. Note that this counter + includes all those counted by icmpOutErrors." + ::= { ipv6IfIcmpEntry 18 } + + ipv6IfIcmpOutErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP messages which this interface did + not send due to problems discovered within ICMP + such as a lack of buffers. This value should not + include errors discovered outside the ICMP layer + such as the inability of IPv6 to route the resultant + datagram. In some implementations there may be no + types of error which contribute to this counter's + value." + ::= { ipv6IfIcmpEntry 19 } + + ipv6IfIcmpOutDestUnreachs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Destination Unreachable + + messages sent by the interface." + ::= { ipv6IfIcmpEntry 20 } + + ipv6IfIcmpOutAdminProhibs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of ICMP dest unreachable/communication + administratively prohibited messages sent." + ::= { ipv6IfIcmpEntry 21 } + + ipv6IfIcmpOutTimeExcds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Time Exceeded messages sent + by the interface." + ::= { ipv6IfIcmpEntry 22 } + + ipv6IfIcmpOutParmProblems OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Parameter Problem messages + sent by the interface." + ::= { ipv6IfIcmpEntry 23 } + + ipv6IfIcmpOutPktTooBigs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Packet Too Big messages sent + by the interface." + ::= { ipv6IfIcmpEntry 24 } + + ipv6IfIcmpOutEchos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Echo (request) messages sent + by the interface." + ::= { ipv6IfIcmpEntry 25 } + + ipv6IfIcmpOutEchoReplies OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Echo Reply messages sent + by the interface." + ::= { ipv6IfIcmpEntry 26 } + + ipv6IfIcmpOutRouterSolicits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Router Solicitation messages + sent by the interface." + ::= { ipv6IfIcmpEntry 27 } + + ipv6IfIcmpOutRouterAdvertisements OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Router Advertisement messages + sent by the interface." + ::= { ipv6IfIcmpEntry 28 } + + ipv6IfIcmpOutNeighborSolicits OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Neighbor Solicitation + messages sent by the interface." + ::= { ipv6IfIcmpEntry 29 } + + ipv6IfIcmpOutNeighborAdvertisements OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMP Neighbor Advertisement + messages sent by the interface." + ::= { ipv6IfIcmpEntry 30 } + + ipv6IfIcmpOutRedirects OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of Redirect messages sent. For + a host, this object will always be zero, + since hosts do not send redirects." + ::= { ipv6IfIcmpEntry 31 } + + ipv6IfIcmpOutGroupMembQueries OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Query + messages sent." + ::= { ipv6IfIcmpEntry 32} + + ipv6IfIcmpOutGroupMembResponses OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Response + messages sent." + ::= { ipv6IfIcmpEntry 33} + + ipv6IfIcmpOutGroupMembReductions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ICMPv6 Group Membership Reduction + messages sent." + ::= { ipv6IfIcmpEntry 34} + +-- conformance information + +ipv6IcmpConformance OBJECT IDENTIFIER ::= { ipv6IcmpMIB 2 } + +ipv6IcmpCompliances + OBJECT IDENTIFIER ::= { ipv6IcmpConformance 1 } +ipv6IcmpGroups + OBJECT IDENTIFIER ::= { ipv6IcmpConformance 2 } + +-- compliance statements + +ipv6IcmpCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities which + implement ICMPv6." + MODULE -- this module + MANDATORY-GROUPS { ipv6IcmpGroup } + ::= { ipv6IcmpCompliances 1 } + +ipv6IcmpGroup OBJECT-GROUP + OBJECTS { + ipv6IfIcmpInMsgs, + ipv6IfIcmpInErrors, + ipv6IfIcmpInDestUnreachs, + ipv6IfIcmpInAdminProhibs, + ipv6IfIcmpInTimeExcds, + ipv6IfIcmpInParmProblems, + ipv6IfIcmpInPktTooBigs, + ipv6IfIcmpInEchos, + ipv6IfIcmpInEchoReplies, + ipv6IfIcmpInRouterSolicits, + ipv6IfIcmpInRouterAdvertisements, + ipv6IfIcmpInNeighborSolicits, + ipv6IfIcmpInNeighborAdvertisements, + ipv6IfIcmpInRedirects, + ipv6IfIcmpInGroupMembQueries, + ipv6IfIcmpInGroupMembResponses, + ipv6IfIcmpInGroupMembReductions, + ipv6IfIcmpOutMsgs, + ipv6IfIcmpOutErrors, + ipv6IfIcmpOutDestUnreachs, + ipv6IfIcmpOutAdminProhibs, + ipv6IfIcmpOutTimeExcds, + ipv6IfIcmpOutParmProblems, + ipv6IfIcmpOutPktTooBigs, + ipv6IfIcmpOutEchos, + ipv6IfIcmpOutEchoReplies, + ipv6IfIcmpOutRouterSolicits, + ipv6IfIcmpOutRouterAdvertisements, + ipv6IfIcmpOutNeighborSolicits, + ipv6IfIcmpOutNeighborAdvertisements, + ipv6IfIcmpOutRedirects, + ipv6IfIcmpOutGroupMembQueries, + ipv6IfIcmpOutGroupMembResponses, + ipv6IfIcmpOutGroupMembReductions + } + STATUS current + DESCRIPTION + "The ICMPv6 group of objects providing information + specific to ICMPv6." + ::= { ipv6IcmpGroups 1 } + + END diff --git a/data/mibs/IPV6-MIB.txt b/data/mibs/IPV6-MIB.txt new file mode 100644 index 000000000..6957af27f --- /dev/null +++ b/data/mibs/IPV6-MIB.txt @@ -0,0 +1,1443 @@ + IPV6-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + mib-2, Counter32, Unsigned32, Integer32, + Gauge32 FROM SNMPv2-SMI + DisplayString, PhysAddress, TruthValue, TimeStamp, + VariablePointer, RowPointer FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + Ipv6IfIndex, Ipv6Address, Ipv6AddressPrefix, + Ipv6AddressIfIdentifier, + Ipv6IfIndexOrZero FROM IPV6-TC; + + ipv6MIB MODULE-IDENTITY + LAST-UPDATED "9802052155Z" + ORGANIZATION "IETF IPv6 Working Group" + CONTACT-INFO + " Dimitry Haskin + + Postal: Bay Networks, Inc. + 660 Techology Park Drive. + Billerica, MA 01821 + + US + + Tel: +1-978-916-8124 + E-mail: dhaskin@baynetworks.com + + Steve Onishi + + Postal: Bay Networks, Inc. + 3 Federal Street + Billerica, MA 01821 + US + + Tel: +1-978-916-3816 + E-mail: sonishi@baynetworks.com" + DESCRIPTION + "The MIB module for entities implementing the IPv6 + protocol." + ::= { mib-2 55 } + + -- the IPv6 general group + + ipv6MIBObjects OBJECT IDENTIFIER ::= { ipv6MIB 1 } + + ipv6Forwarding OBJECT-TYPE + SYNTAX INTEGER { + forwarding(1), -- acting as a router + + -- NOT acting as + notForwarding(2) -- a router + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The indication of whether this entity is acting + as an IPv6 router in respect to the forwarding of + datagrams received by, but not addressed to, this + entity. IPv6 routers forward datagrams. IPv6 + hosts do not (except those source-routed via the + host). + + Note that for some managed nodes, this object may + take on only a subset of the values possible. + Accordingly, it is appropriate for an agent to + return a `wrongValue' response if a management + station attempts to change this object to an + inappropriate value." + ::= { ipv6MIBObjects 1 } + + ipv6DefaultHopLimit OBJECT-TYPE + SYNTAX INTEGER(0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The default value inserted into the Hop Limit + field of the IPv6 header of datagrams originated + at this entity, whenever a Hop Limit value is not + supplied by the transport layer protocol." + DEFVAL { 64 } + ::= { ipv6MIBObjects 2 } + +ipv6Interfaces OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 interfaces (regardless of + their current state) present on this system." + ::= { ipv6MIBObjects 3 } + +ipv6IfTableLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time of the last + insertion or removal of an entry in the + ipv6IfTable. If the number of entries has been + unchanged since the last re-initialization of + the local network management subsystem, then this + object contains a zero value." + ::= { ipv6MIBObjects 4 } + +-- the IPv6 Interfaces table + +ipv6IfTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6IfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPv6 Interfaces table contains information + on the entity's internetwork-layer interfaces. + An IPv6 interface constitutes a logical network + layer attachment to the layer immediately below + + IPv6 including internet layer 'tunnels', such as + tunnels over IPv4 or IPv6 itself." + ::= { ipv6MIBObjects 5 } + + ipv6IfEntry OBJECT-TYPE + SYNTAX Ipv6IfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An interface entry containing objects + about a particular IPv6 interface." + INDEX { ipv6IfIndex } + ::= { ipv6IfTable 1 } + + Ipv6IfEntry ::= SEQUENCE { + ipv6IfIndex Ipv6IfIndex, + ipv6IfDescr DisplayString, + ipv6IfLowerLayer VariablePointer, + ipv6IfEffectiveMtu Unsigned32, + ipv6IfReasmMaxSize Unsigned32, + ipv6IfIdentifier Ipv6AddressIfIdentifier, + ipv6IfIdentifierLength INTEGER, + ipv6IfPhysicalAddress PhysAddress, + ipv6IfAdminStatus INTEGER, + ipv6IfOperStatus INTEGER, + ipv6IfLastChange TimeStamp + } + + ipv6IfIndex OBJECT-TYPE + SYNTAX Ipv6IfIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A unique non-zero value identifying + the particular IPv6 interface." + ::= { ipv6IfEntry 1 } + + ipv6IfDescr OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A textual string containing information about the + interface. This string may be set by the network + management system." + ::= { ipv6IfEntry 2 } + + ipv6IfLowerLayer OBJECT-TYPE + SYNTAX VariablePointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object identifies the protocol layer over + which this network interface operates. If this + network interface operates over the data-link + layer, then the value of this object refers to an + instance of ifIndex [6]. If this network interface + operates over an IPv4 interface, the value of this + object refers to an instance of ipAdEntAddr [3]. + + If this network interface operates over another + IPv6 interface, the value of this object refers to + an instance of ipv6IfIndex. If this network + interface is not currently operating over an active + protocol layer, then the value of this object + should be set to the OBJECT ID { 0 0 }." + ::= { ipv6IfEntry 3 } + + ipv6IfEffectiveMtu OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest IPv6 packet which can be + sent/received on the interface, specified in + octets." + ::= { ipv6IfEntry 4 } + + ipv6IfReasmMaxSize OBJECT-TYPE + SYNTAX Unsigned32 (0..65535) + UNITS "octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The size of the largest IPv6 datagram which this + entity can re-assemble from incoming IPv6 fragmented + datagrams received on this interface." + ::= { ipv6IfEntry 5 } + + ipv6IfIdentifier OBJECT-TYPE + SYNTAX Ipv6AddressIfIdentifier + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The Interface Identifier for this interface that + + is (at least) unique on the link this interface is + attached to. The Interface Identifier is combined + with an address prefix to form an interface address. + + By default, the Interface Identifier is autoconfigured + according to the rules of the link type this + interface is attached to." + ::= { ipv6IfEntry 6 } + + ipv6IfIdentifierLength OBJECT-TYPE + SYNTAX INTEGER (0..64) + UNITS "bits" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The length of the Interface Identifier in bits." + ::= { ipv6IfEntry 7 } + + ipv6IfPhysicalAddress OBJECT-TYPE + SYNTAX PhysAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface's physical address. For example, for + an IPv6 interface attached to an 802.x link, this + object normally contains a MAC address. Note that + in some cases this address may differ from the + address of the interface's protocol sub-layer. The + interface's media-specific MIB must define the bit + and byte ordering and the format of the value of + this object. For interfaces which do not have such + an address (e.g., a serial line), this object should + contain an octet string of zero length." + ::= { ipv6IfEntry 8 } + +ipv6IfAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + down(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The desired state of the interface. When a managed + system initializes, all IPv6 interfaces start with + ipv6IfAdminStatus in the down(2) state. As a result + of either explicit management action or per + configuration information retained by the managed + + system, ipv6IfAdminStatus is then changed to + the up(1) state (or remains in the down(2) state)." + ::= { ipv6IfEntry 9 } + +ipv6IfOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + + down(2), + noIfIdentifier(3), -- no interface identifier + + -- status can not be + -- determined for some + unknown(4), -- reason + + -- some component is + notPresent(5) -- missing + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current operational state of the interface. + The noIfIdentifier(3) state indicates that no valid + Interface Identifier is assigned to the interface. + This state usually indicates that the link-local + interface address failed Duplicate Address Detection. + If ipv6IfAdminStatus is down(2) then ipv6IfOperStatus + should be down(2). If ipv6IfAdminStatus is changed + to up(1) then ipv6IfOperStatus should change to up(1) + if the interface is ready to transmit and receive + network traffic; it should remain in the down(2) or + noIfIdentifier(3) state if and only if there is a + fault that prevents it from going to the up(1) state; + it should remain in the notPresent(5) state if + the interface has missing (typically, lower layer) + components." + ::= { ipv6IfEntry 10 } + +ipv6IfLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the interface + entered its current operational state. If the + current state was entered prior to the last + re-initialization of the local network management + + subsystem, then this object contains a zero + value." + ::= { ipv6IfEntry 11 } + + -- IPv6 Interface Statistics table + + ipv6IfStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6IfStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "IPv6 interface traffic statistics." + ::= { ipv6MIBObjects 6 } + + ipv6IfStatsEntry OBJECT-TYPE + SYNTAX Ipv6IfStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An interface statistics entry containing objects + at a particular IPv6 interface." + AUGMENTS { ipv6IfEntry } + ::= { ipv6IfStatsTable 1 } + + Ipv6IfStatsEntry ::= SEQUENCE { + ipv6IfStatsInReceives + Counter32, + ipv6IfStatsInHdrErrors + Counter32, + ipv6IfStatsInTooBigErrors + Counter32, + ipv6IfStatsInNoRoutes + Counter32, + ipv6IfStatsInAddrErrors + Counter32, + ipv6IfStatsInUnknownProtos + Counter32, + ipv6IfStatsInTruncatedPkts + Counter32, + ipv6IfStatsInDiscards + Counter32, + ipv6IfStatsInDelivers + Counter32, + ipv6IfStatsOutForwDatagrams + Counter32, + ipv6IfStatsOutRequests + Counter32, + ipv6IfStatsOutDiscards + + Counter32, + ipv6IfStatsOutFragOKs + Counter32, + ipv6IfStatsOutFragFails + Counter32, + ipv6IfStatsOutFragCreates + Counter32, + ipv6IfStatsReasmReqds + Counter32, + ipv6IfStatsReasmOKs + Counter32, + ipv6IfStatsReasmFails + Counter32, + ipv6IfStatsInMcastPkts + Counter32, + ipv6IfStatsOutMcastPkts + Counter32 + } + + ipv6IfStatsInReceives OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of input datagrams received by + the interface, including those received in error." + ::= { ipv6IfStatsEntry 1 } + + ipv6IfStatsInHdrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams discarded due to + errors in their IPv6 headers, including version + number mismatch, other format errors, hop count + exceeded, errors discovered in processing their + IPv6 options, etc." + ::= { ipv6IfStatsEntry 2 } + + ipv6IfStatsInTooBigErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams that could not be + forwarded because their size exceeded the link MTU + of outgoing interface." + ::= { ipv6IfStatsEntry 3 } + + ipv6IfStatsInNoRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams discarded because no + route could be found to transmit them to their + destination." + ::= { ipv6IfStatsEntry 4 } + + ipv6IfStatsInAddrErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams discarded because + the IPv6 address in their IPv6 header's destination + field was not a valid address to be received at + this entity. This count includes invalid + addresses (e.g., ::0) and unsupported addresses + (e.g., addresses with unallocated prefixes). For + entities which are not IPv6 routers and therefore + do not forward datagrams, this counter includes + datagrams discarded because the destination address + was not a local address." + ::= { ipv6IfStatsEntry 5 } + + ipv6IfStatsInUnknownProtos OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of locally-addressed datagrams + received successfully but discarded because of an + unknown or unsupported protocol. This counter is + incremented at the interface to which these + datagrams were addressed which might not be + necessarily the input interface for some of + the datagrams." + ::= { ipv6IfStatsEntry 6 } + + ipv6IfStatsInTruncatedPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input datagrams discarded because + datagram frame didn't carry enough data." + ::= { ipv6IfStatsEntry 7 } + + ipv6IfStatsInDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of input IPv6 datagrams for which no + problems were encountered to prevent their + continued processing, but which were discarded + (e.g., for lack of buffer space). Note that this + counter does not include any datagrams discarded + while awaiting re-assembly." + ::= { ipv6IfStatsEntry 8 } + + ipv6IfStatsInDelivers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of datagrams successfully + delivered to IPv6 user-protocols (including ICMP). + This counter is incremented at the interface to + which these datagrams were addressed which might + not be necessarily the input interface for some of + the datagrams." + ::= { ipv6IfStatsEntry 9 } + + ipv6IfStatsOutForwDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output datagrams which this + entity received and forwarded to their final + destinations. In entities which do not act + as IPv6 routers, this counter will include + only those packets which were Source-Routed + via this entity, and the Source-Route + processing was successful. Note that for + a successfully forwarded datagram the counter + of the outgoing interface is incremented." + ::= { ipv6IfStatsEntry 10 } + + ipv6IfStatsOutRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPv6 datagrams which local IPv6 + user-protocols (including ICMP) supplied to IPv6 in + requests for transmission. Note that this counter + does not include any datagrams counted in + ipv6IfStatsOutForwDatagrams." + ::= { ipv6IfStatsEntry 11 } + + ipv6IfStatsOutDiscards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output IPv6 datagrams for which no + problem was encountered to prevent their + transmission to their destination, but which were + discarded (e.g., for lack of buffer space). Note + that this counter would include datagrams counted + in ipv6IfStatsOutForwDatagrams if any such packets + met this (discretionary) discard criterion." + ::= { ipv6IfStatsEntry 12 } + + ipv6IfStatsOutFragOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 datagrams that have been + successfully fragmented at this output interface." + ::= { ipv6IfStatsEntry 13 } + + ipv6IfStatsOutFragFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 datagrams that have been + discarded because they needed to be fragmented + at this output interface but could not be." + ::= { ipv6IfStatsEntry 14 } + + ipv6IfStatsOutFragCreates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of output datagram fragments that have + been generated as a result of fragmentation at + this output interface." + ::= { ipv6IfStatsEntry 15 } + + ipv6IfStatsReasmReqds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 fragments received which needed + to be reassembled at this interface. Note that this + counter is incremented at the interface to which + these fragments were addressed which might not + be necessarily the input interface for some of + the fragments." + ::= { ipv6IfStatsEntry 16 } + + ipv6IfStatsReasmOKs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 datagrams successfully + reassembled. Note that this counter is incremented + at the interface to which these datagrams were + addressed which might not be necessarily the input + interface for some of the fragments." + ::= { ipv6IfStatsEntry 17 } + + ipv6IfStatsReasmFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of failures detected by the IPv6 re- + assembly algorithm (for whatever reason: timed + out, errors, etc.). Note that this is not + necessarily a count of discarded IPv6 fragments + since some algorithms (notably the algorithm in + RFC 815) can lose track of the number of fragments + by combining them as they are received. + This counter is incremented at the interface to which + these fragments were addressed which might not be + necessarily the input interface for some of the + fragments." + ::= { ipv6IfStatsEntry 18 } + + ipv6IfStatsInMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of multicast packets received + by the interface" + ::= { ipv6IfStatsEntry 19 } + + ipv6IfStatsOutMcastPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of multicast packets transmitted + by the interface" + ::= { ipv6IfStatsEntry 20 } + + -- Address Prefix table + + -- The IPv6 Address Prefix table contains information on + -- the entity's IPv6 Address Prefixes that are associated + -- with IPv6 interfaces. + + ipv6AddrPrefixTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6AddrPrefixEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The list of IPv6 address prefixes of + IPv6 interfaces." + ::= { ipv6MIBObjects 7 } + + ipv6AddrPrefixEntry OBJECT-TYPE + SYNTAX Ipv6AddrPrefixEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An interface entry containing objects of + a particular IPv6 address prefix." + INDEX { ipv6IfIndex, + ipv6AddrPrefix, + ipv6AddrPrefixLength } + ::= { ipv6AddrPrefixTable 1 } + + Ipv6AddrPrefixEntry ::= SEQUENCE { + + ipv6AddrPrefix Ipv6AddressPrefix, + ipv6AddrPrefixLength INTEGER (0..128), + ipv6AddrPrefixOnLinkFlag TruthValue, + ipv6AddrPrefixAutonomousFlag TruthValue, + ipv6AddrPrefixAdvPreferredLifetime Unsigned32, + ipv6AddrPrefixAdvValidLifetime Unsigned32 + } + + ipv6AddrPrefix OBJECT-TYPE + SYNTAX Ipv6AddressPrefix + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The prefix associated with the this interface." + ::= { ipv6AddrPrefixEntry 1 } + + ipv6AddrPrefixLength OBJECT-TYPE + SYNTAX INTEGER (0..128) + UNITS "bits" + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The length of the prefix (in bits)." + ::= { ipv6AddrPrefixEntry 2 } + + ipv6AddrPrefixOnLinkFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object has the value 'true(1)', if this + prefix can be used for on-link determination + and the value 'false(2)' otherwise." + ::= { ipv6AddrPrefixEntry 3 } + + ipv6AddrPrefixAutonomousFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Autonomous address configuration flag. When + true(1), indicates that this prefix can be used + for autonomous address configuration (i.e. can + be used to form a local interface address). + If false(2), it is not used to autoconfigure + a local interface address." + ::= { ipv6AddrPrefixEntry 4 } + + ipv6AddrPrefixAdvPreferredLifetime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "It is the length of time in seconds that this + prefix will remain preferred, i.e. time until + deprecation. A value of 4,294,967,295 represents + infinity. + + The address generated from a deprecated prefix + should no longer be used as a source address in + new communications, but packets received on such + an interface are processed as expected." + ::= { ipv6AddrPrefixEntry 5 } + + ipv6AddrPrefixAdvValidLifetime OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "It is the length of time in seconds that this + prefix will remain valid, i.e. time until + invalidation. A value of 4,294,967,295 represents + infinity. + + The address generated from an invalidated prefix + should not appear as the destination or source + address of a packet." + ::= { ipv6AddrPrefixEntry 6 } + + -- the IPv6 Address table + + -- The IPv6 address table contains this node's IPv6 + -- addressing information. + + ipv6AddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6AddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of addressing information relevant to + this node's interface addresses." + ::= { ipv6MIBObjects 8 } + + ipv6AddrEntry OBJECT-TYPE + SYNTAX Ipv6AddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The addressing information for one of this + node's interface addresses." + INDEX { ipv6IfIndex, ipv6AddrAddress } + ::= { ipv6AddrTable 1 } + + Ipv6AddrEntry ::= + SEQUENCE { + ipv6AddrAddress Ipv6Address, + ipv6AddrPfxLength INTEGER, + ipv6AddrType INTEGER, + ipv6AddrAnycastFlag TruthValue, + ipv6AddrStatus INTEGER + } + + ipv6AddrAddress OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPv6 address to which this entry's addressing + information pertains." + ::= { ipv6AddrEntry 1 } + + ipv6AddrPfxLength OBJECT-TYPE + SYNTAX INTEGER(0..128) + UNITS "bits" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of the prefix (in bits) associated with + the IPv6 address of this entry." + ::= { ipv6AddrEntry 2 } + + ipv6AddrType OBJECT-TYPE + SYNTAX INTEGER { + -- address has been formed + -- using stateless + stateless(1), -- autoconfiguration + + -- address has been acquired + -- by stateful means + -- (e.g. DHCPv6, manual + stateful(2), -- configuration) + + -- type can not be determined + unknown(3) -- for some reason. + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of address. Note that 'stateless(1)' + refers to an address that was statelessly + autoconfigured; 'stateful(2)' refers to a address + which was acquired by via a stateful protocol + (e.g. DHCPv6, manual configuration)." + ::= { ipv6AddrEntry 3 } + + ipv6AddrAnycastFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object has the value 'true(1)', if this + address is an anycast address and the value + 'false(2)' otherwise." + ::= { ipv6AddrEntry 4 } + + ipv6AddrStatus OBJECT-TYPE + SYNTAX INTEGER { + preferred(1), + deprecated(2), + invalid(3), + inaccessible(4), + unknown(5) -- status can not be determined + -- for some reason. + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Address status. The preferred(1) state indicates + that this is a valid address that can appear as + the destination or source address of a packet. + The deprecated(2) state indicates that this is + a valid but deprecated address that should no longer + be used as a source address in new communications, + but packets addressed to such an address are + processed as expected. The invalid(3) state indicates + that this is not valid address which should not + + appear as the destination or source address of + a packet. The inaccessible(4) state indicates that + the address is not accessible because the interface + to which this address is assigned is not operational." + ::= { ipv6AddrEntry 5 } + + -- IPv6 Routing objects + + ipv6RouteNumber OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current ipv6RouteTable entries. + This is primarily to avoid having to read + the table in order to determine this number." + ::= { ipv6MIBObjects 9 } + + ipv6DiscardedRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of routing entries which were chosen + to be discarded even though they are valid. One + possible reason for discarding such an entry could + be to free-up buffer space for other routing + entries." + ::= { ipv6MIBObjects 10 } + + -- IPv6 Routing table + + ipv6RouteTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6RouteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "IPv6 Routing table. This table contains + an entry for each valid IPv6 unicast route + that can be used for packet forwarding + determination." + ::= { ipv6MIBObjects 11 } + + ipv6RouteEntry OBJECT-TYPE + SYNTAX Ipv6RouteEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A routing entry." + INDEX { ipv6RouteDest, + ipv6RoutePfxLength, + ipv6RouteIndex } + ::= { ipv6RouteTable 1 } + + Ipv6RouteEntry ::= SEQUENCE { + ipv6RouteDest Ipv6Address, + ipv6RoutePfxLength INTEGER, + ipv6RouteIndex Unsigned32, + ipv6RouteIfIndex Ipv6IfIndexOrZero, + ipv6RouteNextHop Ipv6Address, + ipv6RouteType INTEGER, + ipv6RouteProtocol INTEGER, + ipv6RoutePolicy Integer32, + ipv6RouteAge Unsigned32, + ipv6RouteNextHopRDI Unsigned32, + ipv6RouteMetric Unsigned32, + ipv6RouteWeight Unsigned32, + ipv6RouteInfo RowPointer, + ipv6RouteValid TruthValue + } + + ipv6RouteDest OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The destination IPv6 address of this route. + This object may not take a Multicast address + value." + ::= { ipv6RouteEntry 1 } + + ipv6RoutePfxLength OBJECT-TYPE + SYNTAX INTEGER(0..128) + UNITS "bits" + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Indicates the prefix length of the destination + address." + ::= { ipv6RouteEntry 2 } + + ipv6RouteIndex OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value which uniquely identifies the route + among the routes to the same network layer + destination. The way this value is chosen is + implementation specific but it must be unique for + ipv6RouteDest/ipv6RoutePfxLength pair and remain + constant for the life of the route." + ::= { ipv6RouteEntry 3 } + + ipv6RouteIfIndex OBJECT-TYPE + SYNTAX Ipv6IfIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value which uniquely identifies the local + interface through which the next hop of this + route should be reached. The interface identified + by a particular value of this index is the same + interface as identified by the same value of + ipv6IfIndex. For routes of the discard type this + value can be zero." + ::= { ipv6RouteEntry 4 } + + ipv6RouteNextHop OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "On remote routes, the address of the next + system en route; otherwise, ::0 + ('00000000000000000000000000000000'H in ASN.1 + string representation)." + ::= { ipv6RouteEntry 5 } + + ipv6RouteType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + + -- an route indicating that + -- packets to destinations + -- matching this route are + discard(2), -- to be discarded + + -- route to directly + local(3), -- connected (sub-)network + + -- route to a remote + + remote(4) -- destination + + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of route. Note that 'local(3)' refers + to a route for which the next hop is the final + destination; 'remote(4)' refers to a route for + which the next hop is not the final + destination; 'discard(2)' refers to a route + indicating that packets to destinations matching + this route are to be discarded (sometimes called + black-hole route)." + ::= { ipv6RouteEntry 6 } + + ipv6RouteProtocol OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + + -- non-protocol information, + -- e.g., manually configured + local(2), -- entries + + netmgmt(3), -- static route + + -- obtained via Neighbor + -- Discovery protocol, + ndisc(4), -- e.g., result of Redirect + + -- the following are all + -- dynamic routing protocols + rip(5), -- RIPng + ospf(6), -- Open Shortest Path First + bgp(7), -- Border Gateway Protocol + idrp(8), -- InterDomain Routing Protocol + igrp(9) -- InterGateway Routing Protocol + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The routing mechanism via which this route was + learned." + ::= { ipv6RouteEntry 7 } + + ipv6RoutePolicy OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The general set of conditions that would cause the + selection of one multipath route (set of next hops + for a given destination) is referred to as 'policy'. + Unless the mechanism indicated by ipv6RouteProtocol + specified otherwise, the policy specifier is the + 8-bit Traffic Class field of the IPv6 packet header + that is zero extended at the left to a 32-bit value. + + Protocols defining 'policy' otherwise must either + define a set of values which are valid for + this object or must implement an integer- + instanced policy table for which this object's + value acts as an index." + ::= { ipv6RouteEntry 8 } + + ipv6RouteAge OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of seconds since this route was last + updated or otherwise determined to be correct. + Note that no semantics of `too old' can be implied + except through knowledge of the routing protocol + by which the route was learned." + ::= { ipv6RouteEntry 9 } + + ipv6RouteNextHopRDI OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Routing Domain ID of the Next Hop. + The semantics of this object are determined by + the routing-protocol specified in the route's + ipv6RouteProtocol value. When this object is + unknown or not relevant its value should be set + to zero." + ::= { ipv6RouteEntry 10 } + + ipv6RouteMetric OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The routing metric for this route. The + semantics of this metric are determined by the + routing protocol specified in the route's + ipv6RouteProtocol value. When this is unknown + or not relevant to the protocol indicated by + ipv6RouteProtocol, the object value should be + set to its maximum value (4,294,967,295)." + ::= { ipv6RouteEntry 11 } + + ipv6RouteWeight OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system internal weight value for this route. + The semantics of this value are determined by + the implementation specific rules. Generally, + within routes with the same ipv6RoutePolicy value, + the lower the weight value the more preferred is + the route." + ::= { ipv6RouteEntry 12 } + + ipv6RouteInfo OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A reference to MIB definitions specific to the + particular routing protocol which is responsible + for this route, as determined by the value + specified in the route's ipv6RouteProto value. + If this information is not present, its value + should be set to the OBJECT ID { 0 0 }, + which is a syntactically valid object identifier, + and any implementation conforming to ASN.1 + and the Basic Encoding Rules must be able to + generate and recognize this value." + ::= { ipv6RouteEntry 13 } + + ipv6RouteValid OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting this object to the value 'false(2)' has + the effect of invalidating the corresponding entry + in the ipv6RouteTable object. That is, it + effectively disassociates the destination + + identified with said entry from the route + identified with said entry. It is an + implementation-specific matter as to whether the + agent removes an invalidated entry from the table. + Accordingly, management stations must be prepared + to receive tabular information from agents that + corresponds to entries not currently in use. + Proper interpretation of such entries requires + examination of the relevant ipv6RouteValid + object." + DEFVAL { true } + ::= { ipv6RouteEntry 14 } + + -- IPv6 Address Translation table + + ipv6NetToMediaTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6NetToMediaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPv6 Address Translation table used for + mapping from IPv6 addresses to physical addresses. + + The IPv6 address translation table contain the + Ipv6Address to `physical' address equivalencies. + Some interfaces do not use translation tables + for determining address equivalencies; if all + interfaces are of this type, then the Address + Translation table is empty, i.e., has zero + entries." + ::= { ipv6MIBObjects 12 } + + ipv6NetToMediaEntry OBJECT-TYPE + SYNTAX Ipv6NetToMediaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains one IPv6 address to `physical' + address equivalence." + INDEX { ipv6IfIndex, + ipv6NetToMediaNetAddress } + ::= { ipv6NetToMediaTable 1 } + + Ipv6NetToMediaEntry ::= SEQUENCE { + ipv6NetToMediaNetAddress + Ipv6Address, + ipv6NetToMediaPhysAddress + + PhysAddress, + ipv6NetToMediaType + INTEGER, + ipv6IfNetToMediaState + INTEGER, + ipv6IfNetToMediaLastUpdated + TimeStamp, + ipv6NetToMediaValid + TruthValue + } + + ipv6NetToMediaNetAddress OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPv6 Address corresponding to + the media-dependent `physical' address." + ::= { ipv6NetToMediaEntry 1 } + + ipv6NetToMediaPhysAddress OBJECT-TYPE + SYNTAX PhysAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The media-dependent `physical' address." + ::= { ipv6NetToMediaEntry 2 } + + ipv6NetToMediaType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + dynamic(2), -- dynamically resolved + static(3), -- statically configured + local(4) -- local interface + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of the mapping. The 'dynamic(2)' type + indicates that the IPv6 address to physical + addresses mapping has been dynamically + resolved using the IPv6 Neighbor Discovery + protocol. The static(3)' types indicates that + the mapping has been statically configured. + The local(4) indicates that the mapping is + provided for an entity's own interface address." + ::= { ipv6NetToMediaEntry 3 } + +ipv6IfNetToMediaState OBJECT-TYPE + SYNTAX INTEGER { + reachable(1), -- confirmed reachability + + stale(2), -- unconfirmed reachability + + delay(3), -- waiting for reachability + -- confirmation before entering + -- the probe state + + probe(4), -- actively probing + + invalid(5), -- an invalidated mapping + + unknown(6) -- state can not be determined + -- for some reason. + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Neighbor Unreachability Detection [8] state + for the interface when the address mapping in + this entry is used." + ::= { ipv6NetToMediaEntry 4 } + +ipv6IfNetToMediaLastUpdated OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this entry + was last updated. If this entry was updated prior + to the last re-initialization of the local network + management subsystem, then this object contains + a zero value." + ::= { ipv6NetToMediaEntry 5 } + + ipv6NetToMediaValid OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting this object to the value 'false(2)' has + the effect of invalidating the corresponding entry + in the ipv6NetToMediaTable. That is, it effectively + disassociates the interface identified with said + entry from the mapping identified with said entry. + It is an implementation-specific matter as to + + whether the agent removes an invalidated entry + from the table. Accordingly, management stations + must be prepared to receive tabular information + from agents that corresponds to entries not + currently in use. Proper interpretation of such + entries requires examination of the relevant + ipv6NetToMediaValid object." + DEFVAL { true } + ::= { ipv6NetToMediaEntry 6 } + +-- definition of IPv6-related notifications. +-- Note that we need ipv6NotificationPrefix with the 0 +-- sub-identifier to make this MIB to translate to +-- an SNMPv1 format in a reversible way. For example +-- it is needed for proxies that convert SNMPv1 traps +-- to SNMPv2 notifications without MIB knowledge. + +ipv6Notifications OBJECT IDENTIFIER + ::= { ipv6MIB 2 } +ipv6NotificationPrefix OBJECT IDENTIFIER + ::= { ipv6Notifications 0 } + +ipv6IfStateChange NOTIFICATION-TYPE + OBJECTS { + ipv6IfDescr, + ipv6IfOperStatus -- the new state of the If. + } + STATUS current + DESCRIPTION + "An ipv6IfStateChange notification signifies + that there has been a change in the state of + an ipv6 interface. This notification should + be generated when the interface's operational + status transitions to or from the up(1) state." + ::= { ipv6NotificationPrefix 1 } + +-- conformance information + +ipv6Conformance OBJECT IDENTIFIER ::= { ipv6MIB 3 } + +ipv6Compliances OBJECT IDENTIFIER ::= { ipv6Conformance 1 } +ipv6Groups OBJECT IDENTIFIER ::= { ipv6Conformance 2 } + +-- compliance statements + +ipv6Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities which + implement ipv6 MIB." + MODULE -- this module + MANDATORY-GROUPS { ipv6GeneralGroup, + ipv6NotificationGroup } + OBJECT ipv6Forwarding + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6DefaultHopLimit + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6IfDescr + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6IfIdentifier + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6IfIdentifierLength + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + + OBJECT ipv6IfAdminStatus + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6RouteValid + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + access to this object" + OBJECT ipv6NetToMediaValid + MIN-ACCESS read-only + DESCRIPTION + "An agent is not required to provide write + + access to this object" + ::= { ipv6Compliances 1 } + +ipv6GeneralGroup OBJECT-GROUP + OBJECTS { ipv6Forwarding, + ipv6DefaultHopLimit, + ipv6Interfaces, + ipv6IfTableLastChange, + ipv6IfDescr, + ipv6IfLowerLayer, + ipv6IfEffectiveMtu, + ipv6IfReasmMaxSize, + ipv6IfIdentifier, + ipv6IfIdentifierLength, + ipv6IfPhysicalAddress, + ipv6IfAdminStatus, + ipv6IfOperStatus, + ipv6IfLastChange, + ipv6IfStatsInReceives, + ipv6IfStatsInHdrErrors, + ipv6IfStatsInTooBigErrors, + ipv6IfStatsInNoRoutes, + ipv6IfStatsInAddrErrors, + ipv6IfStatsInUnknownProtos, + ipv6IfStatsInTruncatedPkts, + ipv6IfStatsInDiscards, + ipv6IfStatsInDelivers, + ipv6IfStatsOutForwDatagrams, + ipv6IfStatsOutRequests, + ipv6IfStatsOutDiscards, + ipv6IfStatsOutFragOKs, + ipv6IfStatsOutFragFails, + ipv6IfStatsOutFragCreates, + ipv6IfStatsReasmReqds, + ipv6IfStatsReasmOKs, + ipv6IfStatsReasmFails, + ipv6IfStatsInMcastPkts, + ipv6IfStatsOutMcastPkts, + ipv6AddrPrefixOnLinkFlag, + ipv6AddrPrefixAutonomousFlag, + ipv6AddrPrefixAdvPreferredLifetime, + ipv6AddrPrefixAdvValidLifetime, + ipv6AddrPfxLength, + ipv6AddrType, + ipv6AddrAnycastFlag, + ipv6AddrStatus, + ipv6RouteNumber, + ipv6DiscardedRoutes, + ipv6RouteIfIndex, + ipv6RouteNextHop, + ipv6RouteType, + ipv6RouteProtocol, + ipv6RoutePolicy, + ipv6RouteAge, + ipv6RouteNextHopRDI, + ipv6RouteMetric, + ipv6RouteWeight, + ipv6RouteInfo, + ipv6RouteValid, + ipv6NetToMediaPhysAddress, + ipv6NetToMediaType, + ipv6IfNetToMediaState, + ipv6IfNetToMediaLastUpdated, + ipv6NetToMediaValid } + STATUS current + DESCRIPTION + "The IPv6 group of objects providing for basic + management of IPv6 entities." + ::= { ipv6Groups 1 } + +ipv6NotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { ipv6IfStateChange } + STATUS current + DESCRIPTION + "The notification that an IPv6 entity is required + to implement." + ::= { ipv6Groups 2 } + + END diff --git a/data/mibs/IPV6-TC.txt b/data/mibs/IPV6-TC.txt new file mode 100644 index 000000000..05e1e7d98 --- /dev/null +++ b/data/mibs/IPV6-TC.txt @@ -0,0 +1,67 @@ +IPV6-TC DEFINITIONS ::= BEGIN + +IMPORTS + Integer32 FROM SNMPv2-SMI + TEXTUAL-CONVENTION FROM SNMPv2-TC; + +-- definition of textual conventions +Ipv6Address ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:" + STATUS current + DESCRIPTION + "This data type is used to model IPv6 addresses. + This is a binary string of 16 octets in network + byte-order." + SYNTAX OCTET STRING (SIZE (16)) + +Ipv6AddressPrefix ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:" + STATUS current + DESCRIPTION + "This data type is used to model IPv6 address + prefixes. This is a binary string of up to 16 + octets in network byte-order." + SYNTAX OCTET STRING (SIZE (0..16)) + +Ipv6AddressIfIdentifier ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2x:" + STATUS current + DESCRIPTION + "This data type is used to model IPv6 address + interface identifiers. This is a binary string + of up to 8 octets in network byte-order." + SYNTAX OCTET STRING (SIZE (0..8)) + +Ipv6IfIndex ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "A unique value, greater than zero for each + internetwork-layer interface in the managed + system. It is recommended that values are assigned + contiguously starting from 1. The value for each + internetwork-layer interface must remain constant + at least from one re-initialization of the entity's + network management system to the next + + re-initialization." + SYNTAX Integer32 (1..2147483647) + +Ipv6IfIndexOrZero ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "This textual convention is an extension of the + Ipv6IfIndex convention. The latter defines + a greater than zero value used to identify an IPv6 + interface in the managed system. This extension + permits the additional value of zero. The value + zero is object-specific and must therefore be + defined as part of the description of any object + which uses this syntax. Examples of the usage of + zero might include situations where interface was + unknown, or when none or all interfaces need to be + referenced." + SYNTAX Integer32 (0..2147483647) + +END diff --git a/data/mibs/IPV6-TCP-MIB.txt b/data/mibs/IPV6-TCP-MIB.txt new file mode 100644 index 000000000..a2fb857c0 --- /dev/null +++ b/data/mibs/IPV6-TCP-MIB.txt @@ -0,0 +1,211 @@ +IPV6-TCP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + MODULE-IDENTITY, OBJECT-TYPE, + mib-2, experimental FROM SNMPv2-SMI + Ipv6Address, Ipv6IfIndexOrZero FROM IPV6-TC; + +ipv6TcpMIB MODULE-IDENTITY + LAST-UPDATED "9801290000Z" + ORGANIZATION "IETF IPv6 MIB Working Group" + CONTACT-INFO + " Mike Daniele + + Postal: Compaq Computer Corporation + 110 Spitbrook Rd + Nashua, NH 03062. + US + + Phone: +1 603 884 1423 + Email: daniele@zk3.dec.com" + DESCRIPTION + "The MIB module for entities implementing TCP over IPv6." + ::= { experimental 86 } + +-- objects specific to TCP for IPv6 + +tcp OBJECT IDENTIFIER ::= { mib-2 6 } + +-- the TCP over IPv6 Connection table + +-- This connection table contains information about this +-- entity's existing TCP connections between IPv6 endpoints. +-- Only connections between IPv6 addresses are contained in +-- this table. This entity's connections between IPv4 +-- endpoints are contained in tcpConnTable. + +ipv6TcpConnTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6TcpConnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing TCP connection-specific information, + for only those connections whose endpoints are IPv6 addresses." + ::= { tcp 16 } + +ipv6TcpConnEntry OBJECT-TYPE + SYNTAX Ipv6TcpConnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual row of the ipv6TcpConnTable containing + information about a particular current TCP connection. + Each row of this table is transient, in that it ceases to + exist when (or soon after) the connection makes the transition + to the CLOSED state. + + Note that conceptual rows in this table require an additional + index object compared to tcpConnTable, since IPv6 addresses + are not guaranteed to be unique on the managed node." + INDEX { ipv6TcpConnLocalAddress, + ipv6TcpConnLocalPort, + ipv6TcpConnRemAddress, + ipv6TcpConnRemPort, + ipv6TcpConnIfIndex } + ::= { ipv6TcpConnTable 1 } + +Ipv6TcpConnEntry ::= + SEQUENCE { ipv6TcpConnLocalAddress Ipv6Address, + ipv6TcpConnLocalPort INTEGER (0..65535), + ipv6TcpConnRemAddress Ipv6Address, + ipv6TcpConnRemPort INTEGER (0..65535), + ipv6TcpConnIfIndex Ipv6IfIndexOrZero, + ipv6TcpConnState INTEGER } + +ipv6TcpConnLocalAddress OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local IPv6 address for this TCP connection. In + the case of a connection in the listen state which + is willing to accept connections for any IPv6 + address associated with the managed node, the value + ::0 is used." + ::= { ipv6TcpConnEntry 1 } + +ipv6TcpConnLocalPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local port number for this TCP connection." + ::= { ipv6TcpConnEntry 2 } + +ipv6TcpConnRemAddress OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote IPv6 address for this TCP connection." + ::= { ipv6TcpConnEntry 3 } + +ipv6TcpConnRemPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote port number for this TCP connection." + ::= { ipv6TcpConnEntry 4 } + +ipv6TcpConnIfIndex OBJECT-TYPE + SYNTAX Ipv6IfIndexOrZero + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index object used to disambiguate conceptual rows in + the table, since the connection 4-tuple may not be unique. + + If the connection's remote address (ipv6TcpConnRemAddress) + is a link-local address and the connection's local address + + (ipv6TcpConnLocalAddress) is not a link-local address, this + object identifies a local interface on the same link as + the connection's remote link-local address. + + Otherwise, this object identifies the local interface that + is associated with the ipv6TcpConnLocalAddress for this + TCP connection. If such a local interface cannot be determined, + this object should take on the value 0. (A possible example + of this would be if the value of ipv6TcpConnLocalAddress is ::0.) + + The interface identified by a particular non-0 value of this + index is the same interface as identified by the same value + of ipv6IfIndex. + + The value of this object must remain constant during the life + of the TCP connection." + ::= { ipv6TcpConnEntry 5 } + +ipv6TcpConnState OBJECT-TYPE + SYNTAX INTEGER { + closed(1), + listen(2), + synSent(3), + synReceived(4), + established(5), + finWait1(6), + finWait2(7), + closeWait(8), + lastAck(9), + closing(10), + timeWait(11), + deleteTCB(12) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The state of this TCP connection. + + The only value which may be set by a management station is + deleteTCB(12). Accordingly, it is appropriate for an agent + to return an error response (`badValue' for SNMPv1, 'wrongValue' + for SNMPv2) if a management station attempts to set this + object to any other value. + + If a management station sets this object to the value + deleteTCB(12), then this has the effect of deleting the TCB + (as defined in RFC 793) of the corresponding connection on + the managed node, resulting in immediate termination of the + connection. + + As an implementation-specific option, a RST segment may be + sent from the managed node to the other TCP endpoint (note + however that RST segments are not sent reliably)." + ::= { ipv6TcpConnEntry 6 } + +-- +-- conformance information +-- + +ipv6TcpConformance OBJECT IDENTIFIER ::= { ipv6TcpMIB 2 } + +ipv6TcpCompliances OBJECT IDENTIFIER ::= { ipv6TcpConformance 1 } +ipv6TcpGroups OBJECT IDENTIFIER ::= { ipv6TcpConformance 2 } + +-- compliance statements + +ipv6TcpCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities which + implement TCP over IPv6." + MODULE -- this module + MANDATORY-GROUPS { ipv6TcpGroup } + ::= { ipv6TcpCompliances 1 } + +ipv6TcpGroup OBJECT-GROUP + OBJECTS { -- these are defined in this module + -- ipv6TcpConnLocalAddress (not-accessible) + -- ipv6TcpConnLocalPort (not-accessible) + -- ipv6TcpConnRemAddress (not-accessible) + -- ipv6TcpConnRemPort (not-accessible) + -- ipv6TcpConnIfIndex (not-accessible) + ipv6TcpConnState } + STATUS current + DESCRIPTION + "The group of objects providing management of + TCP over IPv6." + ::= { ipv6TcpGroups 1 } + +END diff --git a/data/mibs/IPV6-UDP-MIB.txt b/data/mibs/IPV6-UDP-MIB.txt new file mode 100644 index 000000000..6c929eb7f --- /dev/null +++ b/data/mibs/IPV6-UDP-MIB.txt @@ -0,0 +1,141 @@ +IPV6-UDP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + MODULE-IDENTITY, OBJECT-TYPE, + mib-2, experimental FROM SNMPv2-SMI + Ipv6Address, Ipv6IfIndexOrZero FROM IPV6-TC; + +ipv6UdpMIB MODULE-IDENTITY + LAST-UPDATED "9801290000Z" + ORGANIZATION "IETF IPv6 MIB Working Group" + CONTACT-INFO + " Mike Daniele + + Postal: Compaq Computer Corporation + 110 Spitbrook Rd + Nashua, NH 03062. + US + + Phone: +1 603 884 1423 + Email: daniele@zk3.dec.com" + DESCRIPTION + "The MIB module for entities implementing UDP over IPv6." + ::= { experimental 87 } + +-- objects specific to UDP for IPv6 + +udp OBJECT IDENTIFIER ::= { mib-2 7 } + +-- the UDP over IPv6 Listener table + +-- This table contains information about this entity's +-- UDP/IPv6 endpoints. Only endpoints utilizing IPv6 addresses +-- are contained in this table. This entity's UDP/IPv4 endpoints +-- are contained in udpTable. + +ipv6UdpTable OBJECT-TYPE + SYNTAX SEQUENCE OF Ipv6UdpEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing UDP listener information for + UDP/IPv6 endpoints." + ::= { udp 6 } + +ipv6UdpEntry OBJECT-TYPE + SYNTAX Ipv6UdpEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a particular current UDP listener. + + Note that conceptual rows in this table require an + additional index object compared to udpTable, since + IPv6 addresses are not guaranteed to be unique on the + managed node." + INDEX { ipv6UdpLocalAddress, + ipv6UdpLocalPort, + ipv6UdpIfIndex } + ::= { ipv6UdpTable 1 } + +Ipv6UdpEntry ::= SEQUENCE { + ipv6UdpLocalAddress Ipv6Address, + ipv6UdpLocalPort INTEGER (0..65535), + ipv6UdpIfIndex Ipv6IfIndexOrZero } + +ipv6UdpLocalAddress OBJECT-TYPE + SYNTAX Ipv6Address + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local IPv6 address for this UDP listener. + In the case of a UDP listener which is willing + to accept datagrams for any IPv6 address + associated with the managed node, the value ::0 + is used." + ::= { ipv6UdpEntry 1 } + +ipv6UdpLocalPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local port number for this UDP listener." + ::= { ipv6UdpEntry 2 } + +ipv6UdpIfIndex OBJECT-TYPE + SYNTAX Ipv6IfIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index object used to disambiguate conceptual rows in + the table, since the ipv6UdpLocalAddress/ipv6UdpLocalPort + pair may not be unique. + + This object identifies the local interface that is + associated with ipv6UdpLocalAddress for this UDP listener. + If such a local interface cannot be determined, this object + should take on the value 0. (A possible example of this + would be if the value of ipv6UdpLocalAddress is ::0.) + + The interface identified by a particular non-0 value of + this index is the same interface as identified by the same + value of ipv6IfIndex. + + The value of this object must remain constant during + the life of this UDP endpoint." + ::= { ipv6UdpEntry 3 } + +-- +-- conformance information +-- + +ipv6UdpConformance OBJECT IDENTIFIER ::= { ipv6UdpMIB 2 } + +ipv6UdpCompliances OBJECT IDENTIFIER ::= { ipv6UdpConformance 1 } +ipv6UdpGroups OBJECT IDENTIFIER ::= { ipv6UdpConformance 2 } + +-- compliance statements + +ipv6UdpCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMPv2 entities which + implement UDP over IPv6." + MODULE -- this module + MANDATORY-GROUPS { ipv6UdpGroup } + ::= { ipv6UdpCompliances 1 } + +ipv6UdpGroup OBJECT-GROUP + OBJECTS { -- these are defined in this module + -- ipv6UdpLocalAddress (not-accessible) + -- ipv6UdpLocalPort (not-accessible) + ipv6UdpIfIndex } + STATUS current + DESCRIPTION + "The group of objects providing management of + UDP over IPv6." + ::= { ipv6UdpGroups 1 } + +END diff --git a/data/mibs/MTA-MIB.txt b/data/mibs/MTA-MIB.txt new file mode 100644 index 000000000..29618adc8 --- /dev/null +++ b/data/mibs/MTA-MIB.txt @@ -0,0 +1,1226 @@ +MTA-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, Counter32, Gauge32, MODULE-IDENTITY, mib-2 + FROM SNMPv2-SMI + TimeInterval + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + applIndex, URLString + FROM NETWORK-SERVICES-MIB; + +mta MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF Mail and Directory Management Working Group" + CONTACT-INFO + " Ned Freed + + Postal: Innosoft International, Inc. + 1050 Lakes Drive + West Covina, CA 91790 + US + + Tel: +1 626 919 3600 + Fax: +1 626 919 3614 + + E-Mail: ned.freed@innosoft.com" + DESCRIPTION + "The MIB module describing Message Transfer Agents (MTAs)" + REVISION "200003030000Z" + DESCRIPTION + "This revision, published in RFC 2789, changes a number of + DisplayStrings to SnmpAdminStrings. Note that this change + + is not strictly supported by SMIv2. However, the alternative + of deprecating the old objects and defining new objects + would have a more adverse impact on backward compatibility + and interoperability, given the particular semantics of + these objects. The defining reference for distinguished + names has also been updated from RFC 1779 to RFC 2253." + REVISION "199905120000Z" + DESCRIPTION + "This revision fixes a number of technical problems found in + previous versions: The conformance groups for different + versions of this MIB have been corrected, the recommendation + that an empty string be returned if the last operation was + successful has been removed from + mtaGroupInboundRejectionReason and + mtaGroupOutboundConnectFailureReason as it conflicts + with the stated purpose of these variables, and the + required mtaStatusCode entry has been added to + MtaGroupErrorEntry. It should be noted that this last + change in no way affects the bits on the wire." + REVISION "199708170000Z" + DESCRIPTION + "This revision, published in RFC 2249, adds the + mtaGroupDescription and mtaGroupURL fields, conversion + operation counters, a group hierarchy description mechanism, + counters for specific errors, oldest message IDs, per-MTA + and per-group loop counters, and a new table for tracking + any errors an MTA encounters." + REVISION "199311280000Z" + DESCRIPTION + "The original version of this MIB was published in RFC 1566" + ::= {mib-2 28} + +mtaTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information specific to an MTA." + ::= {mta 1} + +mtaEntry OBJECT-TYPE + SYNTAX MtaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry associated with each MTA." + INDEX {applIndex} + ::= {mtaTable 1} + +MtaEntry ::= SEQUENCE { + mtaReceivedMessages + Counter32, + mtaStoredMessages + Gauge32, + mtaTransmittedMessages + Counter32, + mtaReceivedVolume + Counter32, + mtaStoredVolume + Gauge32, + mtaTransmittedVolume + Counter32, + mtaReceivedRecipients + Counter32, + mtaStoredRecipients + Gauge32, + mtaTransmittedRecipients + Counter32, + mtaSuccessfulConvertedMessages + Counter32, + mtaFailedConvertedMessages + Counter32, + mtaLoopsDetected + Counter32 +} + +mtaReceivedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages received since MTA initialization. + This includes messages transmitted to this MTA from other + MTAs as well as messages that have been submitted to the + MTA directly by end-users or applications." + ::= {mtaEntry 1} + +mtaStoredMessages OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages currently stored in the MTA. + This includes messages that are awaiting transmission to + some other MTA or are waiting for delivery to an end-user + or application." + ::= {mtaEntry 2} + +mtaTransmittedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages transmitted since MTA initialization. + This includes messages that were transmitted to some other + MTA or are waiting for delivery to an end-user or + application." + ::= {mtaEntry 3} + +mtaReceivedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages received since MTA + initialization, measured in kilo-octets. This volume should + include all transferred data that is logically above the mail + transport protocol level. For example, an SMTP-based MTA + should use the number of kilo-octets in the message header + and body, while an X.400-based MTA should use the number of + kilo-octets of P2 data. This includes messages transmitted + to this MTA from other MTAs as well as messages that have + been submitted to the MTA directly by end-users or + applications." + ::= {mtaEntry 4} + +mtaStoredVolume OBJECT-TYPE + SYNTAX Gauge32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages currently stored in the MTA, + measured in kilo-octets. This volume should include all + stored data that is logically above the mail transport + protocol level. For example, an SMTP-based MTA should + use the number of kilo-octets in the message header and + body, while an X.400-based MTA would use the number of + kilo-octets of P2 data. This includes messages that are + awaiting transmission to some other MTA or are waiting + for delivery to an end-user or application." + ::= {mtaEntry 5} + +mtaTransmittedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages transmitted since MTA + initialization, measured in kilo-octets. This volume should + include all transferred data that is logically above the mail + transport protocol level. For example, an SMTP-based MTA + should use the number of kilo-octets in the message header + and body, while an X.400-based MTA should use the number of + kilo-octets of P2 data. This includes messages that were + transmitted to some other MTA or are waiting for delivery + to an end-user or application." + ::= {mtaEntry 6} + +mtaReceivedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + received since MTA initialization. Recipients this MTA + has no responsibility for, i.e. inactive envelope + recipients or ones referred to in message headers, + should not be counted even if information about such + recipients is available. This includes messages + transmitted to this MTA from other MTAs as well as + messages that have been submitted to the MTA directly + by end-users or applications." + ::= {mtaEntry 7} + +mtaStoredRecipients OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + currently stored in the MTA. Recipients this MTA has no + responsibility for, i.e. inactive envelope recipients or + ones referred to in message headers, should not be + counted. This includes messages that are awaiting + transmission to some other MTA or are waiting for + delivery to an end-user or application." + ::= {mtaEntry 8} + +mtaTransmittedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + transmitted since MTA initialization. Recipients this + MTA had no responsibility for, i.e. inactive envelope + recipients or ones referred to in message headers, + should not be counted. This includes messages that were + transmitted to some other MTA or are waiting for + delivery to an end-user or application." + ::= {mtaEntry 9} + +mtaSuccessfulConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages that have been successfully + converted from one form to another since MTA + initialization." + ::= {mtaEntry 10} + +mtaFailedConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages for which an unsuccessful + attempt was made to convert them from one form to + another since MTA initialization." + ::= {mtaEntry 11} + +mtaLoopsDetected OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A message loop is defined as a situation where the MTA + decides that a given message will never be delivered to + one or more recipients and instead will continue to + loop endlessly through one or more MTAs. This variable + counts the number of times the MTA has detected such a + situation since MTA initialization. Note that the + mechanism MTAs use to detect loops (e.g., trace field + counting, count of references to this MTA in a trace + field, examination of DNS or other directory information, + etc.), the level at which loops are detected (e.g., per + message, per recipient, per directory entry, etc.), and + the handling of a loop once it is detected (e.g., looping + + messages are held, looping messages are bounced or sent + to the postmaster, messages that the MTA knows will loop + won't be accepted, etc.) vary widely from one MTA to the + next and cannot be inferred from this variable." + ::= {mtaEntry 12} + +-- MTAs typically group inbound reception, queue storage, and +-- outbound transmission in some way, rather than accounting for +-- such operations only across the MTA as a whole. In the most +-- extreme case separate information will be maintained for each +-- different entity that receives messages and for each entity +-- the MTA stores messages for and delivers messages to. Other +-- MTAs may elect to treat all reception equally, all queue +-- storage equally, all deliveries equally, or some combination +-- of this. Overlapped groupings are also possible, where an MTA +-- decomposes its traffic in different ways for different +-- purposes. + +-- In any case, a grouping abstraction is an extremely useful for +-- breaking down the activities of an MTA. For purposes of +-- labelling this will be called a "group" in this MIB. + +-- Each group contains all the variables needed to monitor all +-- aspects of an MTA's operation. However, the fact that all +-- groups contain all possible variables does not imply that all +-- groups must use all possible variables. For example, a single +-- group might be used to monitor only one kind of event (inbound +-- processing, outbound processing, or storage). In this sort of +-- configuration any counters that are unused as a result of a +-- given MTA's use of the group construct must be inaccessible; +-- e.g., returning either a noSuchName error (for an SNMPv1 get), +-- or a noSuchInstance exception (for an SNMPv2 get). + +-- Groups can be created at any time after MTA initialization. Once +-- a group is created it should not be deleted or its mtaGroupIndex +-- changed unless the MTA is reinitialized. + +-- Groups are not necessarily mutually exclusive. A given event may +-- be recorded by more than one group, a message may be seen as +-- stored by more than one group, and so on. Groups should be all +-- inclusive, however: if groups are implemented all aspects of an +-- MTA's operation should be registered in at least one group. +-- This freedom lets implementors use different sets of groups to +-- provide different "views" of an MTA. + +-- The possibility of overlap between groups means that summing +-- variables across groups may not produce values equal to those in +-- the mtaTable. mtaTable should always provide accurate information + +-- about the MTA as a whole. + +-- The term "channel" is often used in MTA implementations; channels +-- are usually, but not always, equivalent to a group. However, +-- this MIB does not use the term "channel" because there is no +-- requirement that an MTA supporting this MIB has to map its +-- "channel" abstraction one-to-one onto the MIB's group abstraction. + +-- An MTA may create a group or group of groups at any time. Once +-- created, however, an MTA cannot delete an entry for a group from +-- the group table. Deletion is only allowed when the MTA is +-- reinitialized, and is not required even then. This restriction +-- is imposed so that monitoring agents can rely on group +-- assignments being consistent across multiple query operations. + +-- Groups may be laid out so as to form a hierarchical arrangement, +-- with some groups acting as subgroups for other groups. +-- Alternately, disjoint groups of groups may be used to provide +-- different sorts of "snapshots" of MTA operation. The +-- mtaGroupHierarchy variable provides an indication of how each +-- group fits into the overall arrangement being used. + +-- Note that SNMP also defines and uses term "group". MTA groups are +-- NOT the same as SNMP groups. + +mtaGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information specific to each MTA group." + ::= {mta 2} + +mtaGroupEntry OBJECT-TYPE + SYNTAX MtaGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry associated with each MTA group." + INDEX {applIndex, mtaGroupIndex} + ::= {mtaGroupTable 1} + +MtaGroupEntry ::= SEQUENCE { + mtaGroupIndex + INTEGER, + mtaGroupReceivedMessages + Counter32, + mtaGroupRejectedMessages + + Counter32, + mtaGroupStoredMessages + Gauge32, + mtaGroupTransmittedMessages + Counter32, + mtaGroupReceivedVolume + Counter32, + mtaGroupStoredVolume + Gauge32, + mtaGroupTransmittedVolume + Counter32, + mtaGroupReceivedRecipients + Counter32, + mtaGroupStoredRecipients + Gauge32, + mtaGroupTransmittedRecipients + Counter32, + mtaGroupOldestMessageStored + TimeInterval, + mtaGroupInboundAssociations + Gauge32, + mtaGroupOutboundAssociations + Gauge32, + mtaGroupAccumulatedInboundAssociations + Counter32, + mtaGroupAccumulatedOutboundAssociations + Counter32, + mtaGroupLastInboundActivity + TimeInterval, + mtaGroupLastOutboundActivity + TimeInterval, + mtaGroupLastOutboundAssociationAttempt + TimeInterval, + mtaGroupRejectedInboundAssociations + Counter32, + mtaGroupFailedOutboundAssociations + Counter32, + mtaGroupInboundRejectionReason + SnmpAdminString, + mtaGroupOutboundConnectFailureReason + SnmpAdminString, + mtaGroupScheduledRetry + TimeInterval, + mtaGroupMailProtocol + OBJECT IDENTIFIER, + mtaGroupName + SnmpAdminString, + mtaGroupSuccessfulConvertedMessages + + Counter32, + mtaGroupFailedConvertedMessages + Counter32, + mtaGroupDescription + SnmpAdminString, + mtaGroupURL + URLString, + mtaGroupCreationTime + TimeInterval, + mtaGroupHierarchy + INTEGER, + mtaGroupOldestMessageId + SnmpAdminString, + mtaGroupLoopsDetected + Counter32 +} + +mtaGroupIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index associated with a group for a given MTA." + ::= {mtaGroupEntry 1} + +mtaGroupReceivedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages received to this group since + group creation." + ::= {mtaGroupEntry 2} + +mtaGroupRejectedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages rejected by this group since + group creation." + ::= {mtaGroupEntry 3} + +mtaGroupStoredMessages OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages currently stored in this + group's queue." + ::= {mtaGroupEntry 4} + +mtaGroupTransmittedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages transmitted by this group since + group creation." + ::= {mtaGroupEntry 5} + +mtaGroupReceivedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages received to this group since + group creation, measured in kilo-octets. This volume + should include all transferred data that is logically above + the mail transport protocol level. For example, an + SMTP-based MTA should use the number of kilo-octets in the + message header and body, while an X.400-based MTA should use + the number of kilo-octets of P2 data." + ::= {mtaGroupEntry 6} + +mtaGroupStoredVolume OBJECT-TYPE + SYNTAX Gauge32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages currently stored in this + group's queue, measured in kilo-octets. This volume should + include all stored data that is logically above the mail + transport protocol level. For example, an SMTP-based + MTA should use the number of kilo-octets in the message + header and body, while an X.400-based MTA would use the + number of kilo-octets of P2 data." + ::= {mtaGroupEntry 7} + +mtaGroupTransmittedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages transmitted by this group + since group creation, measured in kilo-octets. This + volume should include all transferred data that is logically + above the mail transport protocol level. For example, an + SMTP-based MTA should use the number of kilo-octets in the + message header and body, while an X.400-based MTA should use + the number of kilo-octets of P2 data." + ::= {mtaGroupEntry 8} + +mtaGroupReceivedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + received to this group since group creation. + Recipients this MTA has no responsibility for should not + be counted." + ::= {mtaGroupEntry 9} + +mtaGroupStoredRecipients OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + currently stored in this group's queue. Recipients this + MTA has no responsibility for should not be counted." + ::= {mtaGroupEntry 10} + +mtaGroupTransmittedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + transmitted by this group since group creation. + Recipients this MTA had no responsibility for should not + be counted." + ::= {mtaGroupEntry 11} + +mtaGroupOldestMessageStored OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the oldest message in this group's queue was + + placed in the queue." + ::= {mtaGroupEntry 12} + +mtaGroupInboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the group, where the + group is the responder." + ::= {mtaGroupEntry 13} + +mtaGroupOutboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the group, where the + group is the initiator." + ::= {mtaGroupEntry 14} + +mtaGroupAccumulatedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the group since + group creation, where the MTA was the responder." + ::= {mtaGroupEntry 15} + +mtaGroupAccumulatedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations from the group since + group creation, where the MTA was the initiator." + ::= {mtaGroupEntry 16} + +mtaGroupLastInboundActivity OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group had an active + inbound association for purposes of message reception." + ::= {mtaGroupEntry 17} + +mtaGroupLastOutboundActivity OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group had a + successful outbound association for purposes of + message delivery." + ::= {mtaGroupEntry 18} + +mtaGroupLastOutboundAssociationAttempt OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group attempted + to make an outbound association for purposes of + message delivery." + ::= {mtaGroupEntry 34} + +mtaGroupRejectedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound associations the group has + rejected, since group creation. Rejected associations + are not counted in the accumulated association totals." + ::= {mtaGroupEntry 19} + +mtaGroupFailedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number associations where the group was the + initiator and association establishment has failed, + since group creation. Failed associations are + not counted in the accumulated association totals." + ::= {mtaGroupEntry 20} + +mtaGroupInboundRejectionReason OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The failure reason, if any, for the last association this + group refused to respond to. If no association attempt + + has been made since the MTA was initialized the value + should be 'never'." + ::= {mtaGroupEntry 21} + +mtaGroupOutboundConnectFailureReason OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The failure reason, if any, for the last association attempt + this group initiated. If no association attempt has been + made since the MTA was initialized the value should be + 'never'." + ::= {mtaGroupEntry 22} + +mtaGroupScheduledRetry OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time until this group is next scheduled to + attempt to make an association." + ::= {mtaGroupEntry 23} + +mtaGroupMailProtocol OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An identification of the protocol being used by this group. + For an group employing OSI protocols, this will be the + Application Context. For Internet applications, OID + values of the form {applTCPProtoID port} or {applUDPProtoID + port} are used for TCP-based and UDP-based protocols, + respectively. In either case 'port' corresponds to the + primary port number being used by the protocol. The + usual IANA procedures may be used to register ports for + new protocols. applTCPProtoID and applUDPProtoID are + defined in the NETWORK-SERVICES-MIB, RFC 2788." + ::= {mtaGroupEntry 24} + +mtaGroupName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A descriptive name for the group. If this group connects to + a single remote MTA this should be the name of that MTA. If + + this in turn is an Internet MTA this should be the domain + name. For an OSI MTA it should be the string encoded + distinguished name of the managed object using the format + defined in RFC 2253. For X.400(1984) MTAs which do not + have a Distinguished Name, the RFC 2156 syntax + 'mta in globalid' used in X400-Received: fields can be + used." + ::= {mtaGroupEntry 25} + +mtaGroupSuccessfulConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages that have been successfully + converted from one form to another in this group + since group creation." + ::= {mtaGroupEntry 26} + +mtaGroupFailedConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages for which an unsuccessful + attempt was made to convert them from one form to + another in this group since group creation." + ::= {mtaGroupEntry 27} + +mtaGroupDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the group's purpose. This information is + intended to identify the group in a status display." + ::= {mtaGroupEntry 28} + +mtaGroupURL OBJECT-TYPE + SYNTAX URLString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A URL pointing to a description of the group. This + information is intended to identify and briefly describe + the group in a status display." + ::= {mtaGroupEntry 29} + +mtaGroupCreationTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since this group was first created." + ::= {mtaGroupEntry 30} + +mtaGroupHierarchy OBJECT-TYPE + SYNTAX INTEGER (-2147483648..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Describes how this group fits into the hierarchy. A + positive value is interpreted as an mtaGroupIndex + value for some other group whose variables include + those of this group (and usually others). A negative + value is interpreted as a group collection code: Groups + with common negative hierarchy values comprise one + particular breakdown of MTA activity as a whole. A + zero value means that this MIB implementation doesn't + implement hierarchy indicators and thus the overall + group hierarchy cannot be determined." + ::= {mtaGroupEntry 31} + +mtaGroupOldestMessageId OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Message ID of the oldest message in the group's queue. + Whenever possible this should be in the form of an + RFC 822 msg-id; X.400 may convert X.400 message + identifiers to this form by following the rules laid + out in RFC2156." + ::= {mtaGroupEntry 32} + +mtaGroupLoopsDetected OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A message loop is defined as a situation where the MTA + decides that a given message will never be delivered to + one or more recipients and instead will continue to + loop endlessly through one or more MTAs. This variable + counts the number of times the MTA has detected such a + situation in conjunction with something associated with + + this group since group creation. Note that the + mechanism MTAs use to detect loops (e.g., trace field + counting, count of references to this MTA in a trace + field, examination of DNS or other directory information, + etc.), the level at which loops are detected (e.g., per + message, per recipient, per directory entry, etc.), and + the handling of a loop once it is detected (e.g., looping + messages are held, looping messages are bounced or sent + to the postmaster, messages that the MTA knows will loop + won't be accepted, etc.) vary widely from one MTA to the + next and cannot be inferred from this variable." + ::= {mtaGroupEntry 33} + +-- The mtaGroupAssociationTable provides a means of correlating +-- entries in the network services association table with the +-- MTA group responsible for the association. + +mtaGroupAssociationTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupAssociationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information regarding the associations + for each MTA group." + ::= {mta 3} + +mtaGroupAssociationEntry OBJECT-TYPE + SYNTAX MtaGroupAssociationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holding information regarding the associations + for each MTA group." + INDEX {applIndex, mtaGroupIndex, mtaGroupAssociationIndex} + ::= {mtaGroupAssociationTable 1} + +MtaGroupAssociationEntry ::= SEQUENCE { + mtaGroupAssociationIndex + INTEGER +} + +mtaGroupAssociationIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference into association table to allow correlation of + this group's active associations with the association table." + ::= {mtaGroupAssociationEntry 1} + +-- The mtaGroupErrorTable gives each group a way of tallying +-- the specific errors it has encountered. The mechanism +-- defined here uses RFC 1893 status codes to identify +-- various specific errors. There are also classes for generic +-- errors of various sorts, and the entire mechanism is also +-- extensible, in that new error codes can be defined at any +-- time. + +mtaGroupErrorTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information regarding accumulated errors + for each MTA group." + ::= {mta 5} + +mtaGroupErrorEntry OBJECT-TYPE + SYNTAX MtaGroupErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holding information regarding accumulated + errors for each MTA group." + INDEX {applIndex, mtaGroupIndex, mtaStatusCode} + ::= {mtaGroupErrorTable 1} + +MtaGroupErrorEntry ::= SEQUENCE { + mtaStatusCode + INTEGER (4000000..5999999), + mtaGroupInboundErrorCount + Counter32, + mtaGroupInternalErrorCount + Counter32, + mtaGroupOutboundErrorCount + Counter32 +} + +mtaGroupInboundErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group + while processing incoming messages. In the case of SMTP + + these will typically be errors reporting by an SMTP + server to the remote client; in the case of X.400 + these will typically be errors encountered while + processing an incoming message." + ::= {mtaGroupErrorEntry 1} + +mtaGroupInternalErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group + during internal MTA processing." + ::= {mtaGroupErrorEntry 2} + +mtaGroupOutboundErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group's + outbound connection activities. In the case of an SMTP + client these will typically be errors reported while + attempting to contact or while communicating with the + remote SMTP server. In the case of X.400 these will + typically be errors encountered while constructing + or attempting to deliver an outgoing message." + ::= {mtaGroupErrorEntry 3} + +mtaStatusCode OBJECT-TYPE + SYNTAX INTEGER (4000000..5999999) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index capable of representing an Enhanced Mail System + Status Code. Enhanced Mail System Status Codes are + defined in RFC 1893. These codes have the form + + class.subject.detail + + Here 'class' is either 2, 4, or 5 and both 'subject' and + 'detail' are integers in the range 0..999. Given a status + code the corresponding index value is defined to be + ((class * 1000) + subject) * 1000 + detail. Both SMTP + error response codes and X.400 reason and diagnostic codes + can be mapped into these codes, resulting in a namespace + + capable of describing most error conditions a mail system + encounters in a generic yet detailed way." + ::= {mtaGroupErrorEntry 4} + +-- Conformance information + +mtaConformance OBJECT IDENTIFIER ::= {mta 4} + +mtaGroups OBJECT IDENTIFIER ::= {mtaConformance 1} +mtaCompliances OBJECT IDENTIFIER ::= {mtaConformance 2} + +-- Compliance statements + +mtaCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 1566 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC1566Group} + ::= {mtaCompliances 1} + +mtaAssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 1566 implementations + which support the Mail Monitoring MIB for monitoring + of MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC1566Group, mtaRFC1566AssocGroup} + ::= {mtaCompliances 2} + +mtaRFC2249Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group} + ::= {mtaCompliances 5} + +mtaRFC2249AssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + + which support the Mail Monitoring MIB for monitoring of + MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249AssocGroup} + ::= {mtaCompliances 6} + +mtaRFC2249ErrorCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249ErrorGroup} + ::= {mtaCompliances 7} + +mtaRFC2249FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the full Mail Monitoring MIB for + monitoring of MTAs, associations, and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249AssocGroup, + mtaRFC2249ErrorGroup} + ::= {mtaCompliances 8} + +mtaRFC2789Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group} + ::= {mtaCompliances 9} + +mtaRFC2789AssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789AssocGroup} + ::= {mtaCompliances 10} + +mtaRFC2789ErrorCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789ErrorGroup} + ::= {mtaCompliances 11} + +mtaRFC2789FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the full Mail Monitoring MIB for + monitoring of MTAs, associations, and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789AssocGroup, + mtaRFC2789ErrorGroup} + ::= {mtaCompliances 12} + +-- Units of conformance + +mtaRFC1566Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + This is the original set of such objects defined in RFC + 1566." + ::= {mtaGroups 10} + +mtaRFC1566AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This is the original set of such objects + defined in RFC 1566." + ::= {mtaGroups 11} + +mtaRFC2249Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaSuccessfulConvertedMessages, mtaFailedConvertedMessages, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, mtaLoopsDetected, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupLastOutboundAssociationAttempt, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName, + mtaGroupSuccessfulConvertedMessages, + mtaGroupFailedConvertedMessages, mtaGroupDescription, + mtaGroupURL, mtaGroupCreationTime, mtaGroupHierarchy, + mtaGroupOldestMessageId, mtaGroupLoopsDetected} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + This group was originally defined in RFC 2249." + ::= {mtaGroups 4} + +mtaRFC2249AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This group was originally defined in RFC + 2249." + ::= {mtaGroups 5} + +mtaRFC2249ErrorGroup OBJECT-GROUP + OBJECTS { + mtaGroupInboundErrorCount, mtaGroupInternalErrorCount, + mtaGroupOutboundErrorCount} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of + detailed MTA errors. This group was originally defined + in RFC 2249." + ::= {mtaGroups 6} + +mtaRFC2789Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaSuccessfulConvertedMessages, mtaFailedConvertedMessages, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, mtaLoopsDetected, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupLastOutboundAssociationAttempt, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName, + mtaGroupSuccessfulConvertedMessages, + mtaGroupFailedConvertedMessages, mtaGroupDescription, + mtaGroupURL, mtaGroupCreationTime, mtaGroupHierarchy, + mtaGroupOldestMessageId, mtaGroupLoopsDetected} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + + This is the appropriate group for RFC 2789." + ::= {mtaGroups 7} + +mtaRFC2789AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This is the appropriate group for RFC + 2789 association monitoring." + ::= {mtaGroups 8} + +mtaRFC2789ErrorGroup OBJECT-GROUP + OBJECTS { + mtaGroupInboundErrorCount, mtaGroupInternalErrorCount, + mtaGroupOutboundErrorCount} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of + detailed MTA errors. This is the appropriate group + for RFC 2789 error monitoring." + ::= {mtaGroups 9} + +END diff --git a/data/mibs/NETWORK-SERVICES-MIB.txt b/data/mibs/NETWORK-SERVICES-MIB.txt new file mode 100644 index 000000000..0f2cabecb --- /dev/null +++ b/data/mibs/NETWORK-SERVICES-MIB.txt @@ -0,0 +1,626 @@ +NETWORK-SERVICES-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, Counter32, Gauge32, MODULE-IDENTITY, mib-2 + FROM SNMPv2-SMI + TimeStamp, TEXTUAL-CONVENTION + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + +application MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF Mail and Directory Management Working Group" + + CONTACT-INFO + " Ned Freed + + Postal: Innosoft International, Inc. + 1050 Lakes Drive + West Covina, CA 91790 + US + + Tel: +1 626 919 3600 + Fax: +1 626 919 3614 + + E-Mail: ned.freed@innosoft.com" + DESCRIPTION + "The MIB module describing network service applications" + REVISION "200003030000Z" + DESCRIPTION + "This revision, published in RFC 2788, changes a number of + DisplayStrings to SnmpAdminStrings. Note that this change + is not strictly supported by SMIv2. However, the alternative + of deprecating the old objects and defining new objects + would have a more adverse impact on backward compatibility + and interoperability, given the particular semantics of + these objects. The defining reference for distinguished + names has also been updated from RFC 1779 to RFC 2253." + REVISION "199905120000Z" + DESCRIPTION + "This revision fixes a few small technical problems found + in previous versions, mostly in regards to the conformance + groups for different versions of this MIB. No changes have + been made to the objects this MIB defines since RFC 2248." + REVISION "199708170000Z" + DESCRIPTION + "This revision, published in RFC 2248, adds the + applDescription and applURL objects, adds the quiescing + state to the applOperStatus object and renames the MIB + from the APPLICATION-MIB to the NETWORK-SERVICE-MIB." + REVISION "199311280000Z" + DESCRIPTION + "The original version of this MIB was published in RFC 1565" + ::= {mib-2 27} + +-- Textual conventions + +-- DistinguishedName is used to refer to objects in the +-- directory. + +DistinguishedName ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "A Distinguished Name represented in accordance with + RFC 2253, presented in the UTF-8 charset defined in + RFC 2279." + SYNTAX OCTET STRING (SIZE (0..255)) + +-- Uniform Resource Locators are stored in URLStrings. + +URLString ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "A Uniform Resource Locator represented in accordance + with RFCs 1738 and 2368, presented in the NVT ASCII + charset defined in RFC 854." + SYNTAX OCTET STRING (SIZE (0..255)) + +-- The basic applTable contains a list of the application +-- entities. + +applTable OBJECT-TYPE + SYNTAX SEQUENCE OF ApplEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding objects which apply to all different + kinds of applications providing network services. + Each network service application capable of being + monitored should have a single entry in this table." + ::= {application 1} + +applEntry OBJECT-TYPE + SYNTAX ApplEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry associated with a single network service + application." + INDEX {applIndex} + ::= {applTable 1} + +ApplEntry ::= SEQUENCE { + applIndex + INTEGER, + applName + SnmpAdminString, + applDirectoryName + + DistinguishedName, + applVersion + SnmpAdminString, + applUptime + TimeStamp, + applOperStatus + INTEGER, + applLastChange + TimeStamp, + applInboundAssociations + Gauge32, + applOutboundAssociations + Gauge32, + applAccumulatedInboundAssociations + Counter32, + applAccumulatedOutboundAssociations + Counter32, + applLastInboundActivity + TimeStamp, + applLastOutboundActivity + TimeStamp, + applRejectedInboundAssociations + Counter32, + applFailedOutboundAssociations + Counter32, + applDescription + SnmpAdminString, + applURL + URLString +} + +applIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index to uniquely identify the network service + application. This attribute is the index used for + lexicographic ordering of the table." + ::= {applEntry 1} + +applName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name the network service application chooses to be + known by." + ::= {applEntry 2} + +applDirectoryName OBJECT-TYPE + SYNTAX DistinguishedName + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Distinguished Name of the directory entry where + static information about this application is stored. + An empty string indicates that no information about + the application is available in the directory." + ::= {applEntry 3} + +applVersion OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version of network service application software. + This field is usually defined by the vendor of the + network service application software." + ::= {applEntry 4} +applUptime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the network service + application was last initialized. If the application was + last initialized prior to the last initialization of the + network management subsystem, then this object contains + a zero value." + ::= {applEntry 5} + +applOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2), + halted(3), + congested(4), + restarting(5), + quiescing(6) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the operational status of the network service + application. 'down' indicates that the network service is + + not available. 'up' indicates that the network service + is operational and available. 'halted' indicates that the + service is operational but not available. 'congested' + indicates that the service is operational but no additional + inbound associations can be accommodated. 'restarting' + indicates that the service is currently unavailable but is + in the process of restarting and will be available soon. + 'quiescing' indicates that service is currently operational + but is in the process of shutting down. Additional inbound + associations may be rejected by applications in the + 'quiescing' state." + ::= {applEntry 6} + +applLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the network service + application entered its current operational state. If + the current state was entered prior to the last + initialization of the local network management subsystem, + then this object contains a zero value." + ::= {applEntry 7} + +applInboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the network service + application, where it is the responder. An inbound + association occurs when another application successfully + connects to this one." + ::= {applEntry 8} + +applOutboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the network service + application, where it is the initiator. An outbound + association occurs when this application successfully + connects to another one." + ::= {applEntry 9} + +applAccumulatedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the application entity + since application initialization, where it was the responder." + ::= {applEntry 10} + +applAccumulatedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the application entity + since application initialization, where it was the initiator." + ::= {applEntry 11} + +applLastInboundActivity OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this application last + had an inbound association. If the last association + occurred prior to the last initialization of the network + subsystem, then this object contains a zero value." + ::= {applEntry 12} + +applLastOutboundActivity OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this application last + had an outbound association. If the last association + occurred prior to the last initialization of the network + subsystem, then this object contains a zero value." + ::= {applEntry 13} + +applRejectedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound associations the application + entity has rejected, since application initialization. + Rejected associations are not counted in the accumulated + association totals. Note that this only counts + + associations the application entity has rejected itself; + it does not count rejections that occur at lower layers + of the network. Thus, this counter may not reflect the + true number of failed inbound associations." + ::= {applEntry 14} + +applFailedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number associations where the application entity + is initiator and association establishment has failed, + since application initialization. Failed associations are + not counted in the accumulated association totals." + ::= {applEntry 15} + +applDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A text description of the application. This information + is intended to identify and briefly describe the + application in a status display." + ::= {applEntry 16} + +applURL OBJECT-TYPE + SYNTAX URLString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A URL pointing to a description of the application. + This information is intended to identify and describe + the application in a status display." + ::= {applEntry 17} + +-- The assocTable augments the information in the applTable +-- with information about associations. Note that two levels +-- of compliance are specified below, depending on whether +-- association monitoring is mandated. + +assocTable OBJECT-TYPE + SYNTAX SEQUENCE OF AssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding a set of all active application + + associations." + ::= {application 2} + +assocEntry OBJECT-TYPE + SYNTAX AssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry associated with an association for a network + service application." + INDEX {applIndex, assocIndex} + ::= {assocTable 1} + +AssocEntry ::= SEQUENCE { + assocIndex + INTEGER, + assocRemoteApplication + SnmpAdminString, + assocApplicationProtocol + OBJECT IDENTIFIER, + assocApplicationType + INTEGER, + assocDuration + TimeStamp +} + +assocIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index to uniquely identify each association for a network + service application. This attribute is the index that is + used for lexicographic ordering of the table. Note that the + table is also indexed by the applIndex." + ::= {assocEntry 1} + +assocRemoteApplication OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the system running remote network service + application. For an IP-based application this should be + either a domain name or IP address. For an OSI application + it should be the string encoded distinguished name of the + managed object. For X.400(1984) MTAs which do not have a + Distinguished Name, the RFC 2156 syntax 'mta in + + globalid' used in X400-Received: fields can be used. Note, + however, that not all connections an MTA makes are + necessarily to another MTA." + ::= {assocEntry 2} + +assocApplicationProtocol OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An identification of the protocol being used for the + application. For an OSI Application, this will be the + Application Context. For Internet applications, OID + values of the form {applTCPProtoID port} or {applUDPProtoID + port} are used for TCP-based and UDP-based protocols, + respectively. In either case 'port' corresponds to the + primary port number being used by the protocol. The + usual IANA procedures may be used to register ports for + new protocols." + ::= {assocEntry 3} + +assocApplicationType OBJECT-TYPE + SYNTAX INTEGER { + uainitiator(1), + uaresponder(2), + peerinitiator(3), + peerresponder(4)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates whether the remote application is some type of + client making use of this network service (e.g., a Mail User + Agent) or a server acting as a peer. Also indicated is whether + the remote end initiated an incoming connection to the network + service or responded to an outgoing connection made by the + local application. MTAs and messaging gateways are + considered to be peers for the purposes of this variable." + ::= {assocEntry 4} + +assocDuration OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this association was + started. If this association started prior to the last + initialization of the network subsystem, then this + object contains a zero value." + ::= {assocEntry 5} + +-- Conformance information + +applConformance OBJECT IDENTIFIER ::= {application 3} + +applGroups OBJECT IDENTIFIER ::= {applConformance 1} +applCompliances OBJECT IDENTIFIER ::= {applConformance 2} + +-- Compliance statements + +applCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for RFC 1565 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications. + This is the basic compliance statement for RFC 1565." + MODULE + MANDATORY-GROUPS {applRFC1565Group} + ::= {applCompliances 1} + +assocCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for RFC 1565 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications + and their associations." + MODULE + MANDATORY-GROUPS {applRFC1565Group, assocRFC1565Group} + ::= {applCompliances 2} + +applRFC2248Compliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for RFC 2248 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications." + MODULE + MANDATORY-GROUPS {applRFC2248Group} + ::= {applCompliances 3} + +assocRFC2248Compliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for RFC 2248 implementations + + which support the Network Services Monitoring MIB for + basic monitoring of network service applications and + their associations." + MODULE + MANDATORY-GROUPS {applRFC2248Group, assocRFC2248Group} + ::= {applCompliances 4} + +applRFC2788Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2788 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications." + MODULE + MANDATORY-GROUPS {applRFC2788Group} + ::= {applCompliances 5} + +assocRFC2788Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2788 implementations + which support the Network Services Monitoring MIB for + basic monitoring of network service applications and + their associations." + MODULE + MANDATORY-GROUPS {applRFC2788Group, assocRFC2788Group} + ::= {applCompliances 6} + +-- Units of conformance + +applRFC1565Group OBJECT-GROUP + OBJECTS { + applName, applVersion, applUptime, applOperStatus, + applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations} + STATUS obsolete + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This is the original set + of such objects defined in RFC 1565." + ::= {applGroups 7} + +assocRFC1565Group OBJECT-GROUP + OBJECTS { + + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS obsolete + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This is the + original set of such objects defined in RFC 1565." + ::= {applGroups 2} + +applRFC2248Group OBJECT-GROUP + OBJECTS { + applName, applVersion, applUptime, applOperStatus, + applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations, applDescription, applURL} + STATUS deprecated + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This group was originally + defined in RFC 2248; note that applDirectoryName is + missing." + ::= {applGroups 3} + +assocRFC2248Group OBJECT-GROUP + OBJECTS { + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS deprecated + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This group + was originally defined by RFC 2248." + ::= {applGroups 4} + +applRFC2788Group OBJECT-GROUP + OBJECTS { + applName, applDirectoryName, applVersion, applUptime, + applOperStatus, applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations, applDescription, applURL} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This is the appropriate + + group for RFC 2788 -- it adds the applDirectoryName object + missing in RFC 2248." + ::= {applGroups 5} + +assocRFC2788Group OBJECT-GROUP + OBJECTS { + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This is + the appropriate group for RFC 2788." + ::= {applGroups 6} + +-- OIDs of the form {applTCPProtoID port} are intended to be used +-- for TCP-based protocols that don't have OIDs assigned by other +-- means. {applUDPProtoID port} serves the same purpose for +-- UDP-based protocols. In either case 'port' corresponds to +-- the primary port number being used by the protocol. For example, +-- assuming no other OID is assigned for SMTP, an OID of +-- {applTCPProtoID 25} could be used, since SMTP is a TCP-based +-- protocol that uses port 25 as its primary port. + +applTCPProtoID OBJECT IDENTIFIER ::= {application 4} +applUDPProtoID OBJECT IDENTIFIER ::= {application 5} + +END diff --git a/data/mibs/NOTIFICATION-LOG-MIB.txt b/data/mibs/NOTIFICATION-LOG-MIB.txt new file mode 100644 index 000000000..c7da93465 --- /dev/null +++ b/data/mibs/NOTIFICATION-LOG-MIB.txt @@ -0,0 +1,753 @@ +NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Integer32, Unsigned32, + TimeTicks, Counter32, Counter64, + IpAddress, Opaque, mib-2 FROM SNMPv2-SMI + TimeStamp, DateAndTime, + StorageType, RowStatus, + TAddress, TDomain FROM SNMPv2-TC + SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; + +notificationLogMIB MODULE-IDENTITY + LAST-UPDATED "200011270000Z" -- 27 November 2000 + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO "Ramanathan Kavasseri + Cisco Systems, Inc. + 170 West Tasman Drive, + San Jose CA 95134-1706. + Phone: +1 408 527 2446 + Email: ramk@cisco.com" + DESCRIPTION + "The MIB module for logging SNMP Notifications, that is, Traps + + and Informs." +-- Revision History + + REVISION "200011270000Z" -- 27 November 2000 + DESCRIPTION "This is the initial version of this MIB. + Published as RFC 3014" + ::= { mib-2 92 } + +notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } + +nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } +nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } +nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } + +-- +-- Configuration Section +-- + +nlmConfigGlobalEntryLimit OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of notification entries that may be held + in nlmLogTable for all nlmLogNames added together. A particular + setting does not guarantee that much data can be held. + + If an application changes the limit while there are + Notifications in the log, the oldest Notifications MUST be + discarded to bring the log down to the new limit - thus the + value of nlmConfigGlobalEntryLimit MUST take precedence over + the values of nlmConfigGlobalAgeOut and nlmConfigLogEntryLimit, + even if the Notification being discarded has been present for + fewer minutes than the value of nlmConfigGlobalAgeOut, or if + the named log has fewer entries than that specified in + nlmConfigLogEntryLimit. + + A value of 0 means no limit. + + Please be aware that contention between multiple managers + trying to set this object to different values MAY affect the + reliability and completeness of data seen by each manager." + DEFVAL { 0 } + ::= { nlmConfig 1 } + +nlmConfigGlobalAgeOut OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "minutes" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of minutes a Notification SHOULD be kept in a log + before it is automatically removed. + + If an application changes the value of nlmConfigGlobalAgeOut, + Notifications older than the new time MAY be discarded to meet the + new time. + + A value of 0 means no age out. + + Please be aware that contention between multiple managers + trying to set this object to different values MAY affect the + reliability and completeness of data seen by each manager." + DEFVAL { 1440 } -- 24 hours + ::= { nlmConfig 2 } + +-- +-- Basic Log Configuration Table +-- + +nlmConfigLogTable OBJECT-TYPE + SYNTAX SEQUENCE OF NlmConfigLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of logging control entries." + ::= { nlmConfig 3 } + +nlmConfigLogEntry OBJECT-TYPE + SYNTAX NlmConfigLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A logging control entry. Depending on the entry's storage type + entries may be supplied by the system or created and deleted by + applications using nlmConfigLogEntryStatus." + INDEX { nlmLogName } + ::= { nlmConfigLogTable 1 } + +NlmConfigLogEntry ::= SEQUENCE { + nlmLogName SnmpAdminString, + nlmConfigLogFilterName SnmpAdminString, + nlmConfigLogEntryLimit Unsigned32, + nlmConfigLogAdminStatus INTEGER, + nlmConfigLogOperStatus INTEGER, + nlmConfigLogStorageType StorageType, + nlmConfigLogEntryStatus RowStatus + } + +nlmLogName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The name of the log. + + An implementation may allow multiple named logs, up to some + implementation-specific limit (which may be none). A + zero-length log name is reserved for creation and deletion by + the managed system, and MUST be used as the default log name by + systems that do not support named logs." + ::= { nlmConfigLogEntry 1 } + +nlmConfigLogFilterName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A value of snmpNotifyFilterProfileName as used as an index + into the snmpNotifyFilterTable in the SNMP Notification MIB, + specifying the locally or remotely originated Notifications + to be filtered out and not logged in this log. + + A zero-length value or a name that does not identify an + existing entry in snmpNotifyFilterTable indicate no + Notifications are to be logged in this log." + DEFVAL { ''H } + ::= { nlmConfigLogEntry 2 } + +nlmConfigLogEntryLimit OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of notification entries that can be held in + nlmLogTable for this named log. A particular setting does not + guarantee that that much data can be held. + + If an application changes the limit while there are + Notifications in the log, the oldest Notifications are discarded + to bring the log down to the new limit. + + A value of 0 indicates no limit. + + Please be aware that contention between multiple managers + trying to set this object to different values MAY affect the + reliability and completeness of data seen by each manager." + DEFVAL { 0 } + ::= { nlmConfigLogEntry 3 } + +nlmConfigLogAdminStatus OBJECT-TYPE + SYNTAX INTEGER { enabled(1), disabled(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Control to enable or disable the log without otherwise + disturbing the log's entry. + + Please be aware that contention between multiple managers + trying to set this object to different values MAY affect the + reliability and completeness of data seen by each manager." + DEFVAL { enabled } + ::= { nlmConfigLogEntry 4 } + +nlmConfigLogOperStatus OBJECT-TYPE + SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The operational status of this log: + + disabled administratively disabled + + operational administratively enabled and working + + noFilter administratively enabled but either + nlmConfigLogFilterName is zero length + or does not name an existing entry in + snmpNotifyFilterTable" + ::= { nlmConfigLogEntry 5 } + +nlmConfigLogStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type of this conceptual row." + ::= { nlmConfigLogEntry 6 } + +nlmConfigLogEntryStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Control for creating and deleting entries. Entries may be + modified while active. + + For non-null-named logs, the managed system records the security + credentials from the request that sets nlmConfigLogStatus + to 'active' and uses that identity to apply access control to + the objects in the Notification to decide if that Notification + may be logged." + ::= { nlmConfigLogEntry 7 } + +-- +-- Statistics Section +-- + +nlmStatsGlobalNotificationsLogged OBJECT-TYPE + SYNTAX Counter32 + UNITS "notifications" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of Notifications put into the nlmLogTable. This + counts a Notification once for each log entry, so a Notification + put into multiple logs is counted multiple times." + ::= { nlmStats 1 } + +nlmStatsGlobalNotificationsBumped OBJECT-TYPE + SYNTAX Counter32 + UNITS "notifications" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of log entries discarded to make room for a new entry + due to lack of resources or the value of nlmConfigGlobalEntryLimit + or nlmConfigLogEntryLimit. This does not include entries discarded + due to the value of nlmConfigGlobalAgeOut." + ::= { nlmStats 2 } + +-- +-- Log Statistics Table +-- + +nlmStatsLogTable OBJECT-TYPE + SYNTAX SEQUENCE OF NlmStatsLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of Notification log statistics entries." + ::= { nlmStats 3 } + +nlmStatsLogEntry OBJECT-TYPE + SYNTAX NlmStatsLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Notification log statistics entry." + AUGMENTS { nlmConfigLogEntry } + ::= { nlmStatsLogTable 1 } + +NlmStatsLogEntry ::= SEQUENCE { + nlmStatsLogNotificationsLogged Counter32, + nlmStatsLogNotificationsBumped Counter32 +} + +nlmStatsLogNotificationsLogged OBJECT-TYPE + SYNTAX Counter32 + UNITS "notifications" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of Notifications put in this named log." + ::= { nlmStatsLogEntry 1 } + +nlmStatsLogNotificationsBumped OBJECT-TYPE + SYNTAX Counter32 + UNITS "notifications" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of log entries discarded from this named log to make + room for a new entry due to lack of resources or the value of + nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not + include entries discarded due to the value of + nlmConfigGlobalAgeOut." + ::= { nlmStatsLogEntry 2 } + +-- +-- Log Section +-- + +-- +-- Log Table + +-- + +nlmLogTable OBJECT-TYPE + SYNTAX SEQUENCE OF NlmLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of Notification log entries. + + It is an implementation-specific matter whether entries in this + table are preserved across initializations of the management + system. In general one would expect that they are not. + + Note that keeping entries across initializations of the + management system leads to some confusion with counters and + TimeStamps, since both of those are based on sysUpTime, which + resets on management initialization. In this situation, + counters apply only after the reset and nlmLogTime for entries + made before the reset MUST be set to 0." + ::= { nlmLog 1 } + +nlmLogEntry OBJECT-TYPE + SYNTAX NlmLogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Notification log entry. + + Entries appear in this table when Notifications occur and pass + filtering by nlmConfigLogFilterName and access control. They are + removed to make way for new entries due to lack of resources or + the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or + nlmConfigLogEntryLimit. + + If adding an entry would exceed nlmConfigGlobalEntryLimit or system + resources in general, the oldest entry in any log SHOULD be removed + to make room for the new one. + + If adding an entry would exceed nlmConfigLogEntryLimit the oldest + entry in that log SHOULD be removed to make room for the new one. + + Before the managed system puts a locally-generated Notification + into a non-null-named log it assures that the creator of the log + has access to the information in the Notification. If not it + does not log that Notification in that log." + INDEX { nlmLogName, nlmLogIndex } + ::= { nlmLogTable 1 } + +NlmLogEntry ::= SEQUENCE { + nlmLogIndex Unsigned32, + nlmLogTime TimeStamp, + nlmLogDateAndTime DateAndTime, + nlmLogEngineID SnmpEngineID, + nlmLogEngineTAddress TAddress, + nlmLogEngineTDomain TDomain, + nlmLogContextEngineID SnmpEngineID, + nlmLogContextName SnmpAdminString, + nlmLogNotificationID OBJECT IDENTIFIER +} + +nlmLogIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A monotonically increasing integer for the sole purpose of + indexing entries within the named log. When it reaches the + maximum value, an extremely unlikely event, the agent wraps the + value back to 1." + ::= { nlmLogEntry 1 } + +nlmLogTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the entry was placed in the log. If + the entry occurred before the most recent management system + initialization this object value MUST be set to zero." + ::= { nlmLogEntry 2 } + +nlmLogDateAndTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local date and time when the entry was logged, instantiated + only by systems that have date and time capability." + ::= { nlmLogEntry 3 } + +nlmLogEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The identification of the SNMP engine at which the Notification + + originated. + + If the log can contain Notifications from only one engine + or the Trap is in SNMPv1 format, this object is a zero-length + string." + ::= { nlmLogEntry 4 } + +nlmLogEngineTAddress OBJECT-TYPE + SYNTAX TAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The transport service address of the SNMP engine from which the + Notification was received, formatted according to the corresponding + value of nlmLogEngineTDomain. This is used to identify the source + of an SNMPv1 trap, since an nlmLogEngineId cannot be extracted + from the SNMPv1 trap pdu. + + This object MUST always be instantiated, even if the log + can contain Notifications from only one engine. + + Please be aware that the nlmLogEngineTAddress may not uniquely + identify the SNMP engine from which the Notification was received. + For example, if an SNMP engine uses DHCP or NAT to obtain + ip addresses, the address it uses may be shared with other + network devices, and hence will not uniquely identify the + SNMP engine." + ::= { nlmLogEntry 5 } + +nlmLogEngineTDomain OBJECT-TYPE + SYNTAX TDomain + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the kind of transport service by which a Notification + was received from an SNMP engine. nlmLogEngineTAddress contains + the transport service address of the SNMP engine from which + this Notification was received. + + Possible values for this object are presently found in the + Transport Mappings for SNMPv2 document (RFC 1906 [8])." + ::= { nlmLogEntry 6 } + +nlmLogContextEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "If the Notification was received in a protocol which has a + contextEngineID element like SNMPv3, this object has that value. + Otherwise its value is a zero-length string." + ::= { nlmLogEntry 7 } + +nlmLogContextName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the SNMP MIB context from which the Notification came. + For SNMPv1 Traps this is the community string from the Trap." + ::= { nlmLogEntry 8 } + +nlmLogNotificationID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The NOTIFICATION-TYPE object identifier of the Notification that + occurred." + ::= { nlmLogEntry 9 } + +-- +-- Log Variable Table +-- + +nlmLogVariableTable OBJECT-TYPE + SYNTAX SEQUENCE OF NlmLogVariableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of variables to go with Notification log entries." + ::= { nlmLog 2 } + +nlmLogVariableEntry OBJECT-TYPE + SYNTAX NlmLogVariableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Notification log entry variable. + + Entries appear in this table when there are variables in + the varbind list of a Notification in nlmLogTable." + INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } + ::= { nlmLogVariableTable 1 } + +NlmLogVariableEntry ::= SEQUENCE { + + nlmLogVariableIndex Unsigned32, + nlmLogVariableID OBJECT IDENTIFIER, + nlmLogVariableValueType INTEGER, + nlmLogVariableCounter32Val Counter32, + nlmLogVariableUnsigned32Val Unsigned32, + nlmLogVariableTimeTicksVal TimeTicks, + nlmLogVariableInteger32Val Integer32, + nlmLogVariableOctetStringVal OCTET STRING, + nlmLogVariableIpAddressVal IpAddress, + nlmLogVariableOidVal OBJECT IDENTIFIER, + nlmLogVariableCounter64Val Counter64, + nlmLogVariableOpaqueVal Opaque +} + +nlmLogVariableIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A monotonically increasing integer, starting at 1 for a given + nlmLogIndex, for indexing variables within the logged + Notification." + ::= { nlmLogVariableEntry 1 } + +nlmLogVariableID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The variable's object identifier." + ::= { nlmLogVariableEntry 2 } + +nlmLogVariableValueType OBJECT-TYPE + SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), + integer32(4), ipAddress(5), octetString(6), + objectId(7), counter64(8), opaque(9) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of the value. One and only one of the value + objects that follow must be instantiated, based on this type." + ::= { nlmLogVariableEntry 3 } + +nlmLogVariableCounter32Val OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'counter32'." + ::= { nlmLogVariableEntry 4 } + +nlmLogVariableUnsigned32Val OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'unsigned32'." + ::= { nlmLogVariableEntry 5 } + +nlmLogVariableTimeTicksVal OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'timeTicks'." + ::= { nlmLogVariableEntry 6 } + +nlmLogVariableInteger32Val OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'integer32'." + ::= { nlmLogVariableEntry 7 } + +nlmLogVariableOctetStringVal OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'octetString'." + ::= { nlmLogVariableEntry 8 } + +nlmLogVariableIpAddressVal OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'ipAddress'. + Although this seems to be unfriendly for IPv6, we + have to recognize that there are a number of older + MIBs that do contain an IPv4 format address, known + as IpAddress. + + IPv6 addresses are represented using TAddress or + InetAddress, and so the underlying datatype is + + OCTET STRING, and their value would be stored in + the nlmLogVariableOctetStringVal column." + ::= { nlmLogVariableEntry 9 } + +nlmLogVariableOidVal OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'objectId'." + ::= { nlmLogVariableEntry 10 } + +nlmLogVariableCounter64Val OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'counter64'." + ::= { nlmLogVariableEntry 11 } + +nlmLogVariableOpaqueVal OBJECT-TYPE + SYNTAX Opaque + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value when nlmLogVariableType is 'opaque'." + ::= { nlmLogVariableEntry 12 } + +-- +-- Conformance +-- + +notificationLogMIBConformance OBJECT IDENTIFIER ::= + { notificationLogMIB 3 } +notificationLogMIBCompliances OBJECT IDENTIFIER ::= + { notificationLogMIBConformance 1 } +notificationLogMIBGroups OBJECT IDENTIFIER ::= + { notificationLogMIBConformance 2 } + +-- Compliance + +notificationLogMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the Notification Log MIB." + MODULE -- this module + + MANDATORY-GROUPS { + notificationLogConfigGroup, + notificationLogStatsGroup, + notificationLogLogGroup + } + + OBJECT nlmConfigGlobalEntryLimit + SYNTAX Unsigned32 (0..4294967295) + MIN-ACCESS read-only + DESCRIPTION + "Implementations may choose a limit and not allow it to be + changed or may enforce an upper or lower bound on the + limit." + + OBJECT nlmConfigLogEntryLimit + SYNTAX Unsigned32 (0..4294967295) + MIN-ACCESS read-only + DESCRIPTION + "Implementations may choose a limit and not allow it to be + changed or may enforce an upper or lower bound on the + limit." + + OBJECT nlmConfigLogEntryStatus + MIN-ACCESS read-only + DESCRIPTION + "Implementations may disallow the creation of named logs." + + GROUP notificationLogDateGroup + DESCRIPTION + "This group is mandatory on systems that keep wall clock + date and time and should not be implemented on systems that + do not have a wall clock date." + ::= { notificationLogMIBCompliances 1 } + +-- Units of Conformance + +notificationLogConfigGroup OBJECT-GROUP + OBJECTS { + nlmConfigGlobalEntryLimit, + nlmConfigGlobalAgeOut, + nlmConfigLogFilterName, + nlmConfigLogEntryLimit, + nlmConfigLogAdminStatus, + nlmConfigLogOperStatus, + nlmConfigLogStorageType, + nlmConfigLogEntryStatus + } + STATUS current + DESCRIPTION + "Notification log configuration management." + ::= { notificationLogMIBGroups 1 } + +notificationLogStatsGroup OBJECT-GROUP + OBJECTS { + nlmStatsGlobalNotificationsLogged, + nlmStatsGlobalNotificationsBumped, + nlmStatsLogNotificationsLogged, + nlmStatsLogNotificationsBumped + } + STATUS current + DESCRIPTION + "Notification log statistics." + ::= { notificationLogMIBGroups 2 } + +notificationLogLogGroup OBJECT-GROUP + OBJECTS { + nlmLogTime, + nlmLogEngineID, + nlmLogEngineTAddress, + nlmLogEngineTDomain, + nlmLogContextEngineID, + nlmLogContextName, + nlmLogNotificationID, + nlmLogVariableID, + nlmLogVariableValueType, + nlmLogVariableCounter32Val, + nlmLogVariableUnsigned32Val, + nlmLogVariableTimeTicksVal, + nlmLogVariableInteger32Val, + nlmLogVariableOctetStringVal, + nlmLogVariableIpAddressVal, + nlmLogVariableOidVal, + nlmLogVariableCounter64Val, + nlmLogVariableOpaqueVal + } + STATUS current + DESCRIPTION + "Notification log data." + ::= { notificationLogMIBGroups 3 } + +notificationLogDateGroup OBJECT-GROUP + OBJECTS { + nlmLogDateAndTime + } + STATUS current + DESCRIPTION + "Conditionally mandatory notification log data. + This group is mandatory on systems that keep wall + clock date and time and should not be implemented + on systems that do not have a wall clock date." + ::= { notificationLogMIBGroups 4 } + +END diff --git a/data/mibs/OSPF-MIB.txt b/data/mibs/OSPF-MIB.txt new file mode 100644 index 000000000..de7d03f5e --- /dev/null +++ b/data/mibs/OSPF-MIB.txt @@ -0,0 +1,2723 @@ +OSPF-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, + Integer32, IpAddress + FROM SNMPv2-SMI + TEXTUAL-CONVENTION, TruthValue, RowStatus + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + mib-2 FROM RFC1213-MIB; + +-- This MIB module uses the extended OBJECT-TYPE macro as +-- defined in [9]. + +ospf MODULE-IDENTITY + LAST-UPDATED "9501201225Z" -- Fri Jan 20 12:25:50 PST 1995 + ORGANIZATION "IETF OSPF Working Group" + CONTACT-INFO + " Fred Baker + Postal: Cisco Systems + 519 Lado Drive + Santa Barbara, California 93111 + Tel: +1 805 681 0115 + E-Mail: fred@cisco.com + + Rob Coltun + Postal: RainbowBridge Communications + Tel: (301) 340-9416 + E-Mail: rcoltun@rainbow-bridge.com" + DESCRIPTION + "The MIB module to describe the OSPF Version 2 + Protocol" + ::= { mib-2 14 } + +-- The Area ID, in OSPF, has the same format as an IP Address, +-- but has the function of defining a summarization point for +-- Link State Advertisements + +AreaID ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "An OSPF Area Identifier." + SYNTAX IpAddress + + +-- The Router ID, in OSPF, has the same format as an IP Address, +-- but identifies the router independent of its IP Address. + +RouterID ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A OSPF Router Identifier." + SYNTAX IpAddress + + +-- The OSPF Metric is defined as an unsigned value in the range + +Metric ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The OSPF Internal Metric." + SYNTAX Integer32 (0..'FFFF'h) + +BigMetric ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The OSPF External Metric." + SYNTAX Integer32 (0..'FFFFFF'h) + +-- Status Values + +Status ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The status of an interface: 'enabled' indicates that + it is willing to communicate with other OSPF Routers, + while 'disabled' indicates that it is not." + SYNTAX INTEGER { enabled (1), disabled (2) } + +-- Time Durations measured in seconds + +PositiveInteger ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A positive integer. Values in excess are precluded as + unnecessary and prone to interoperability issues." + SYNTAX Integer32 (0..'7FFFFFFF'h) + +HelloRange ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The range of intervals on which hello messages are + exchanged." + SYNTAX Integer32 (1..'FFFF'h) + +UpToMaxAge ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The values that one might find or configure for + variables bounded by the maximum age of an LSA." + SYNTAX Integer32 (0..3600) + + +-- The range of ifIndex + +InterfaceIndex ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The range of ifIndex." + SYNTAX Integer32 + + +-- Potential Priorities for the Designated Router Election + +DesignatedRouterPriority ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The values defined for the priority of a system for + becoming the designated router." + SYNTAX Integer32 (0..'FF'h) + +TOSType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Type of Service is defined as a mapping to the IP Type of + Service Flags as defined in the IP Forwarding Table MIB + + +-----+-----+-----+-----+-----+-----+-----+-----+ + | | | | + | PRECEDENCE | TYPE OF SERVICE | 0 | + | | | | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + IP TOS IP TOS + Field Policy Field Policy + + Contents Code Contents Code + 0 0 0 0 ==> 0 0 0 0 1 ==> 2 + 0 0 1 0 ==> 4 0 0 1 1 ==> 6 + 0 1 0 0 ==> 8 0 1 0 1 ==> 10 + 0 1 1 0 ==> 12 0 1 1 1 ==> 14 + 1 0 0 0 ==> 16 1 0 0 1 ==> 18 + 1 0 1 0 ==> 20 1 0 1 1 ==> 22 + 1 1 0 0 ==> 24 1 1 0 1 ==> 26 + 1 1 1 0 ==> 28 1 1 1 1 ==> 30 + + The remaining values are left for future definition." + SYNTAX Integer32 (0..30) + + +-- OSPF General Variables + +-- These parameters apply globally to the Router's +-- OSPF Process. + +ospfGeneralGroup OBJECT IDENTIFIER ::= { ospf 1 } + + + ospfRouterId OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A 32-bit integer uniquely identifying the + router in the Autonomous System. + + By convention, to ensure uniqueness, this + should default to the value of one of the + router's IP interface addresses." + REFERENCE + "OSPF Version 2, C.1 Global parameters" + ::= { ospfGeneralGroup 1 } + + + ospfAdminStat OBJECT-TYPE + SYNTAX Status + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The administrative status of OSPF in the + router. The value 'enabled' denotes that the + OSPF Process is active on at least one inter- + face; 'disabled' disables it on all inter- + faces." + ::= { ospfGeneralGroup 2 } + + ospfVersionNumber OBJECT-TYPE + SYNTAX INTEGER { version2 (2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current version number of the OSPF proto- + col is 2." + REFERENCE + "OSPF Version 2, Title" + ::= { ospfGeneralGroup 3 } + + + ospfAreaBdrRtrStatus OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A flag to note whether this router is an area + border router." + REFERENCE + "OSPF Version 2, Section 3 Splitting the AS into + Areas" + ::= { ospfGeneralGroup 4 } + + + ospfASBdrRtrStatus OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A flag to note whether this router is config- + ured as an Autonomous System border router." + REFERENCE + "OSPF Version 2, Section 3.3 Classification of + routers" + ::= { ospfGeneralGroup 5 } + + ospfExternLsaCount OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of external (LS type 5) link-state + advertisements in the link-state database." + REFERENCE + "OSPF Version 2, Appendix A.4.5 AS external link + advertisements" + ::= { ospfGeneralGroup 6 } + + + ospfExternLsaCksumSum OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32-bit unsigned sum of the LS checksums of + the external link-state advertisements con- + tained in the link-state database. This sum + can be used to determine if there has been a + change in a router's link state database, and + to compare the link-state database of two + routers." + ::= { ospfGeneralGroup 7 } + + + ospfTOSSupport OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The router's support for type-of-service rout- + ing." + REFERENCE + "OSPF Version 2, Appendix F.1.2 Optional TOS + support" + ::= { ospfGeneralGroup 8 } + + ospfOriginateNewLsas OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of new link-state advertisements + that have been originated. This number is in- + cremented each time the router originates a new + LSA." + ::= { ospfGeneralGroup 9 } + + + ospfRxNewLsas OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of link-state advertisements re- + ceived determined to be new instantiations. + This number does not include newer instantia- + tions of self-originated link-state advertise- + ments." + ::= { ospfGeneralGroup 10 } + + ospfExtLsdbLimit OBJECT-TYPE + SYNTAX Integer32 (-1..'7FFFFFFF'h) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of non-default AS- + external-LSAs entries that can be stored in the + link-state database. If the value is -1, then + there is no limit. + + When the number of non-default AS-external-LSAs + in a router's link-state database reaches + ospfExtLsdbLimit, the router enters Overflow- + State. The router never holds more than + ospfExtLsdbLimit non-default AS-external-LSAs + in its database. OspfExtLsdbLimit MUST be set + identically in all routers attached to the OSPF + backbone and/or any regular OSPF area. (i.e., + OSPF stub areas and NSSAs are excluded)." + DEFVAL { -1 } + ::= { ospfGeneralGroup 11 } + + ospfMulticastExtensions OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A Bit Mask indicating whether the router is + forwarding IP multicast (Class D) datagrams + based on the algorithms defined in the Multi- + cast Extensions to OSPF. + + Bit 0, if set, indicates that the router can + forward IP multicast datagrams in the router's + directly attached areas (called intra-area mul- + ticast routing). + + Bit 1, if set, indicates that the router can + forward IP multicast datagrams between OSPF + areas (called inter-area multicast routing). + + Bit 2, if set, indicates that the router can + forward IP multicast datagrams between Auto- + nomous Systems (called inter-AS multicast rout- + ing). + + Only certain combinations of bit settings are + allowed, namely: 0 (no multicast forwarding is + enabled), 1 (intra-area multicasting only), 3 + (intra-area and inter-area multicasting), 5 + (intra-area and inter-AS multicasting) and 7 + (multicasting everywhere). By default, no mul- + ticast forwarding is enabled." + DEFVAL { 0 } + ::= { ospfGeneralGroup 12 } + + ospfExitOverflowInterval OBJECT-TYPE + SYNTAX PositiveInteger + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The number of seconds that, after entering + OverflowState, a router will attempt to leave + OverflowState. This allows the router to again + originate non-default AS-external-LSAs. When + set to 0, the router will not leave Overflow- + State until restarted." + DEFVAL { 0 } + ::= { ospfGeneralGroup 13 } + + + ospfDemandExtensions OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The router's support for demand routing." + REFERENCE + "OSPF Version 2, Appendix on Demand Routing" + ::= { ospfGeneralGroup 14 } + + +-- The OSPF Area Data Structure contains information +-- regarding the various areas. The interfaces and +-- virtual links are configured as part of these areas. +-- Area 0.0.0.0, by definition, is the Backbone Area + + + ospfAreaTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfAreaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information describing the configured parame- + ters and cumulative statistics of the router's + attached areas." + REFERENCE + "OSPF Version 2, Section 6 The Area Data Struc- + ture" + ::= { ospf 2 } + + + ospfAreaEntry OBJECT-TYPE + SYNTAX OspfAreaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information describing the configured parame- + ters and cumulative statistics of one of the + router's attached areas." + INDEX { ospfAreaId } + ::= { ospfAreaTable 1 } + +OspfAreaEntry ::= + SEQUENCE { + ospfAreaId + AreaID, + ospfAuthType + Integer32, + ospfImportAsExtern + INTEGER, + ospfSpfRuns + Counter32, + ospfAreaBdrRtrCount + Gauge32, + ospfAsBdrRtrCount + Gauge32, + ospfAreaLsaCount + Gauge32, + ospfAreaLsaCksumSum + Integer32, + ospfAreaSummary + INTEGER, + ospfAreaStatus + RowStatus + } + + ospfAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A 32-bit integer uniquely identifying an area. + Area ID 0.0.0.0 is used for the OSPF backbone." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaEntry 1 } + + + ospfAuthType OBJECT-TYPE + SYNTAX Integer32 + -- none (0), + -- simplePassword (1) + -- md5 (2) + -- reserved for specification by IANA (> 2) + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The authentication type specified for an area. + Additional authentication types may be assigned + locally on a per Area basis." + REFERENCE + "OSPF Version 2, Appendix E Authentication" + DEFVAL { 0 } -- no authentication, by default + ::= { ospfAreaEntry 2 } + + ospfImportAsExtern OBJECT-TYPE + SYNTAX INTEGER { + importExternal (1), + importNoExternal (2), + importNssa (3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The area's support for importing AS external + link- state advertisements." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + DEFVAL { importExternal } + ::= { ospfAreaEntry 3 } + + + ospfSpfRuns OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that the intra-area route + table has been calculated using this area's + link-state database. This is typically done + using Dijkstra's algorithm." + ::= { ospfAreaEntry 4 } + + + ospfAreaBdrRtrCount OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of area border routers reach- + able within this area. This is initially zero, + and is calculated in each SPF Pass." + ::= { ospfAreaEntry 5 } + + ospfAsBdrRtrCount OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of Autonomous System border + routers reachable within this area. This is + initially zero, and is calculated in each SPF + Pass." + ::= { ospfAreaEntry 6 } + + + ospfAreaLsaCount OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of link-state advertisements + in this area's link-state database, excluding + AS External LSA's." + ::= { ospfAreaEntry 7 } + + + ospfAreaLsaCksumSum OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32-bit unsigned sum of the link-state ad- + vertisements' LS checksums contained in this + area's link-state database. This sum excludes + external (LS type 5) link-state advertisements. + The sum can be used to determine if there has + been a change in a router's link state data- + base, and to compare the link-state database of + two routers." + DEFVAL { 0 } + ::= { ospfAreaEntry 8 } + + ospfAreaSummary OBJECT-TYPE + SYNTAX INTEGER { + noAreaSummary (1), + sendAreaSummary (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The variable ospfAreaSummary controls the im- + port of summary LSAs into stub areas. It has + no effect on other areas. + + If it is noAreaSummary, the router will neither + originate nor propagate summary LSAs into the + stub area. It will rely entirely on its de- + fault route. + + If it is sendAreaSummary, the router will both + summarize and propagate summary LSAs." + DEFVAL { noAreaSummary } + ::= { ospfAreaEntry 9 } + + + ospfAreaStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfAreaEntry 10 } + + +-- OSPF Area Default Metric Table + +-- The OSPF Area Default Metric Table describes the metrics +-- that a default Area Border Router will advertise into a +-- Stub area. + + + ospfStubAreaTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfStubAreaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The set of metrics that will be advertised by + a default Area Border Router into a stub area." + REFERENCE + "OSPF Version 2, Appendix C.2, Area Parameters" + ::= { ospf 3 } + + + ospfStubAreaEntry OBJECT-TYPE + SYNTAX OspfStubAreaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The metric for a given Type of Service that + will be advertised by a default Area Border + Router into a stub area." + REFERENCE + "OSPF Version 2, Appendix C.2, Area Parameters" + INDEX { ospfStubAreaId, ospfStubTOS } + ::= { ospfStubAreaTable 1 } + +OspfStubAreaEntry ::= + SEQUENCE { + ospfStubAreaId + AreaID, + ospfStubTOS + TOSType, + ospfStubMetric + BigMetric, + ospfStubStatus + RowStatus, + ospfStubMetricType + INTEGER + } + + ospfStubAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32 bit identifier for the Stub Area. On + creation, this can be derived from the in- + stance." + ::= { ospfStubAreaEntry 1 } + + + ospfStubTOS OBJECT-TYPE + SYNTAX TOSType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Type of Service associated with the + metric. On creation, this can be derived from + the instance." + ::= { ospfStubAreaEntry 2 } + + + ospfStubMetric OBJECT-TYPE + SYNTAX BigMetric + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The metric value applied at the indicated type + of service. By default, this equals the least + metric at the type of service among the inter- + faces to other areas." + ::= { ospfStubAreaEntry 3 } + + + ospfStubStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfStubAreaEntry 4 } + + ospfStubMetricType OBJECT-TYPE + SYNTAX INTEGER { + ospfMetric (1), -- OSPF Metric + comparableCost (2), -- external type 1 + nonComparable (3) -- external type 2 + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the type of metric ad- + vertised as a default route." + DEFVAL { ospfMetric } + ::= { ospfStubAreaEntry 5 } + +-- OSPF Link State Database + +-- The Link State Database contains the Link State +-- Advertisements from throughout the areas that the +-- device is attached to. + + + ospfLsdbTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfLsdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The OSPF Process's Link State Database." + REFERENCE + "OSPF Version 2, Section 12 Link State Adver- + tisements" + ::= { ospf 4 } + + + ospfLsdbEntry OBJECT-TYPE + SYNTAX OspfLsdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A single Link State Advertisement." + INDEX { ospfLsdbAreaId, ospfLsdbType, + ospfLsdbLsid, ospfLsdbRouterId } + ::= { ospfLsdbTable 1 } + +OspfLsdbEntry ::= + SEQUENCE { + ospfLsdbAreaId + AreaID, + ospfLsdbType + INTEGER, + ospfLsdbLsid + IpAddress, + ospfLsdbRouterId + RouterID, + ospfLsdbSequence + Integer32, + ospfLsdbAge + Integer32, + ospfLsdbChecksum + Integer32, + ospfLsdbAdvertisement + OCTET STRING + } + ospfLsdbAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32 bit identifier of the Area from which + the LSA was received." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfLsdbEntry 1 } + +-- External Link State Advertisements are permitted +-- for backward compatibility, but should be displayed in +-- the ospfExtLsdbTable rather than here. + + ospfLsdbType OBJECT-TYPE + SYNTAX INTEGER { + routerLink (1), + networkLink (2), + summaryLink (3), + asSummaryLink (4), + asExternalLink (5), -- but see ospfExtLsdbTable + multicastLink (6), + nssaExternalLink (7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of the link state advertisement. + Each link state type has a separate advertise- + ment format." + REFERENCE + "OSPF Version 2, Appendix A.4.1 The Link State + Advertisement header" + ::= { ospfLsdbEntry 2 } + + ospfLsdbLsid OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Link State ID is an LS Type Specific field + containing either a Router ID or an IP Address; + it identifies the piece of the routing domain + that is being described by the advertisement." + REFERENCE + "OSPF Version 2, Section 12.1.4 Link State ID" + ::= { ospfLsdbEntry 3 } + ospfLsdbRouterId OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32 bit number that uniquely identifies the + originating router in the Autonomous System." + REFERENCE + "OSPF Version 2, Appendix C.1 Global parameters" + ::= { ospfLsdbEntry 4 } + +-- Note that the OSPF Sequence Number is a 32 bit signed +-- integer. It starts with the value '80000001'h, +-- or -'7FFFFFFF'h, and increments until '7FFFFFFF'h +-- Thus, a typical sequence number will be very negative. + + ospfLsdbSequence OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The sequence number field is a signed 32-bit + integer. It is used to detect old and dupli- + cate link state advertisements. The space of + sequence numbers is linearly ordered. The + larger the sequence number the more recent the + advertisement." + REFERENCE + "OSPF Version 2, Section 12.1.6 LS sequence + number" + ::= { ospfLsdbEntry 5 } + + + ospfLsdbAge OBJECT-TYPE + SYNTAX Integer32 -- Should be 0..MaxAge + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This field is the age of the link state adver- + tisement in seconds." + REFERENCE + "OSPF Version 2, Section 12.1.1 LS age" + ::= { ospfLsdbEntry 6 } + + ospfLsdbChecksum OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This field is the checksum of the complete + contents of the advertisement, excepting the + age field. The age field is excepted so that + an advertisement's age can be incremented + without updating the checksum. The checksum + used is the same that is used for ISO connec- + tionless datagrams; it is commonly referred to + as the Fletcher checksum." + REFERENCE + "OSPF Version 2, Section 12.1.7 LS checksum" + ::= { ospfLsdbEntry 7 } + + + ospfLsdbAdvertisement OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (1..65535)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The entire Link State Advertisement, including + its header." + REFERENCE + "OSPF Version 2, Section 12 Link State Adver- + tisements" + ::= { ospfLsdbEntry 8 } + + +-- Address Range Table + +-- The Address Range Table acts as an adjunct to the Area +-- Table; It describes those Address Range Summaries that +-- are configured to be propagated from an Area to reduce +-- the amount of information about it which is known beyond +-- its borders. + + ospfAreaRangeTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfAreaRangeEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "A range if IP addresses specified by an IP + address/IP network mask pair. For example, + class B address range of X.X.X.X with a network + mask of 255.255.0.0 includes all IP addresses + from X.X.0.0 to X.X.255.255" + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospf 5 } + ospfAreaRangeEntry OBJECT-TYPE + SYNTAX OspfAreaRangeEntry + MAX-ACCESS not-accessible + STATUS obsolete + DESCRIPTION + "A range if IP addresses specified by an IP + address/IP network mask pair. For example, + class B address range of X.X.X.X with a network + mask of 255.255.0.0 includes all IP addresses + from X.X.0.0 to X.X.255.255" + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + INDEX { ospfAreaRangeAreaId, ospfAreaRangeNet } + ::= { ospfAreaRangeTable 1 } + +OspfAreaRangeEntry ::= + SEQUENCE { + ospfAreaRangeAreaId + AreaID, + ospfAreaRangeNet + IpAddress, + ospfAreaRangeMask + IpAddress, + ospfAreaRangeStatus + RowStatus, + ospfAreaRangeEffect + INTEGER + } + + ospfAreaRangeAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The Area the Address Range is to be found + within." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaRangeEntry 1 } + + + ospfAreaRangeNet OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The IP Address of the Net or Subnet indicated + by the range." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaRangeEntry 2 } + + + ospfAreaRangeMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "The Subnet Mask that pertains to the Net or + Subnet." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaRangeEntry 3 } + + ospfAreaRangeStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfAreaRangeEntry 4 } + + + ospfAreaRangeEffect OBJECT-TYPE + SYNTAX INTEGER { + advertiseMatching (1), + doNotAdvertiseMatching (2) + } + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Subnets subsumed by ranges either trigger the + advertisement of the indicated summary (adver- + tiseMatching), or result in the subnet's not + being advertised at all outside the area." + DEFVAL { advertiseMatching } + ::= { ospfAreaRangeEntry 5 } + + + +-- OSPF Host Table + +-- The Host/Metric Table indicates what hosts are directly +-- attached to the Router, and what metrics and types of +-- service should be advertised for them. + + ospfHostTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfHostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The list of Hosts, and their metrics, that the + router will advertise as host routes." + REFERENCE + "OSPF Version 2, Appendix C.6 Host route param- + eters" + ::= { ospf 6 } + + + ospfHostEntry OBJECT-TYPE + SYNTAX OspfHostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A metric to be advertised, for a given type of + service, when a given host is reachable." + INDEX { ospfHostIpAddress, ospfHostTOS } + ::= { ospfHostTable 1 } + +OspfHostEntry ::= + SEQUENCE { + ospfHostIpAddress + IpAddress, + ospfHostTOS + TOSType, + ospfHostMetric + Metric, + ospfHostStatus + RowStatus, + ospfHostAreaID + AreaID + } + + ospfHostIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of the Host." + REFERENCE + "OSPF Version 2, Appendix C.6 Host route parame- + ters" + ::= { ospfHostEntry 1 } + + + ospfHostTOS OBJECT-TYPE + SYNTAX TOSType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Type of Service of the route being config- + ured." + REFERENCE + "OSPF Version 2, Appendix C.6 Host route parame- + ters" + ::= { ospfHostEntry 2 } + + + ospfHostMetric OBJECT-TYPE + SYNTAX Metric + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Metric to be advertised." + REFERENCE + "OSPF Version 2, Appendix C.6 Host route parame- + ters" + ::= { ospfHostEntry 3 } + + ospfHostStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfHostEntry 4 } + + + ospfHostAreaID OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Area the Host Entry is to be found within. + By default, the area that a subsuming OSPF in- + terface is in, or 0.0.0.0" + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfHostEntry 5 } + + +-- OSPF Interface Table + +-- The OSPF Interface Table augments the ipAddrTable +-- with OSPF specific information. + + ospfIfTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The OSPF Interface Table describes the inter- + faces from the viewpoint of OSPF." + REFERENCE + "OSPF Version 2, Appendix C.3 Router interface + parameters" + ::= { ospf 7 } + + + ospfIfEntry OBJECT-TYPE + SYNTAX OspfIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The OSPF Interface Entry describes one inter- + face from the viewpoint of OSPF." + INDEX { ospfIfIpAddress, ospfAddressLessIf } + ::= { ospfIfTable 1 } + +OspfIfEntry ::= + SEQUENCE { + ospfIfIpAddress + IpAddress, + ospfAddressLessIf + Integer32, + ospfIfAreaId + AreaID, + ospfIfType + INTEGER, + ospfIfAdminStat + Status, + ospfIfRtrPriority + DesignatedRouterPriority, + ospfIfTransitDelay + UpToMaxAge, + ospfIfRetransInterval + UpToMaxAge, + ospfIfHelloInterval + HelloRange, + ospfIfRtrDeadInterval + PositiveInteger, + ospfIfPollInterval + PositiveInteger, + ospfIfState + INTEGER, + ospfIfDesignatedRouter + IpAddress, + ospfIfBackupDesignatedRouter + IpAddress, + ospfIfEvents + Counter32, + ospfIfAuthType + INTEGER, + ospfIfAuthKey + OCTET STRING, + ospfIfStatus + RowStatus, + ospfIfMulticastForwarding + INTEGER, + ospfIfDemand + TruthValue + } + + ospfIfIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of this OSPF interface." + ::= { ospfIfEntry 1 } + + ospfAddressLessIf OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For the purpose of easing the instancing of + addressed and addressless interfaces; This + variable takes the value 0 on interfaces with + IP Addresses, and the corresponding value of + ifIndex for interfaces having no IP Address." + ::= { ospfIfEntry 2 } + ospfIfAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A 32-bit integer uniquely identifying the area + to which the interface connects. Area ID + 0.0.0.0 is used for the OSPF backbone." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { ospfIfEntry 3 } + + ospfIfType OBJECT-TYPE + SYNTAX INTEGER { + broadcast (1), + nbma (2), + pointToPoint (3), + pointToMultipoint (5) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The OSPF interface type. + + By way of a default, this field may be intuited + from the corresponding value of ifType. Broad- + cast LANs, such as Ethernet and IEEE 802.5, + take the value 'broadcast', X.25 and similar + technologies take the value 'nbma', and links + that are definitively point to point take the + value 'pointToPoint'." + ::= { ospfIfEntry 4 } + + + ospfIfAdminStat OBJECT-TYPE + SYNTAX Status + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The OSPF interface's administrative status. + The value formed on the interface, and the in- + terface will be advertised as an internal route + to some area. The value 'disabled' denotes + that the interface is external to OSPF." + DEFVAL { enabled } + ::= { ospfIfEntry 5 } + + ospfIfRtrPriority OBJECT-TYPE + SYNTAX DesignatedRouterPriority + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The priority of this interface. Used in + multi-access networks, this field is used in + the designated router election algorithm. The + value 0 signifies that the router is not eligi- + ble to become the designated router on this + particular network. In the event of a tie in + this value, routers will use their Router ID as + a tie breaker." + DEFVAL { 1 } + ::= { ospfIfEntry 6 } + + + ospfIfTransitDelay OBJECT-TYPE + SYNTAX UpToMaxAge + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The estimated number of seconds it takes to + transmit a link state update packet over this + interface." + DEFVAL { 1 } + ::= { ospfIfEntry 7 } + + + ospfIfRetransInterval OBJECT-TYPE + SYNTAX UpToMaxAge + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds between link-state ad- + vertisement retransmissions, for adjacencies + belonging to this interface. This value is + also used when retransmitting database descrip- + tion and link-state request packets." + DEFVAL { 5 } + ::= { ospfIfEntry 8 } + + + ospfIfHelloInterval OBJECT-TYPE + SYNTAX HelloRange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The length of time, in seconds, between the + Hello packets that the router sends on the in- + terface. This value must be the same for all + routers attached to a common network." + DEFVAL { 10 } + ::= { ospfIfEntry 9 } + + + ospfIfRtrDeadInterval OBJECT-TYPE + SYNTAX PositiveInteger + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds that a router's Hello + packets have not been seen before it's neigh- + bors declare the router down. This should be + some multiple of the Hello interval. This + value must be the same for all routers attached + to a common network." + DEFVAL { 40 } + ::= { ospfIfEntry 10 } + + + ospfIfPollInterval OBJECT-TYPE + SYNTAX PositiveInteger + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The larger time interval, in seconds, between + the Hello packets sent to an inactive non- + broadcast multi- access neighbor." + DEFVAL { 120 } + ::= { ospfIfEntry 11 } + + + ospfIfState OBJECT-TYPE + SYNTAX INTEGER { + down (1), + loopback (2), + waiting (3), + pointToPoint (4), + designatedRouter (5), + backupDesignatedRouter (6), + otherDesignatedRouter (7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The OSPF Interface State." + DEFVAL { down } + ::= { ospfIfEntry 12 } + + + ospfIfDesignatedRouter OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of the Designated Router." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { ospfIfEntry 13 } + + + ospfIfBackupDesignatedRouter OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of the Backup Designated + Router." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { ospfIfEntry 14 } + + ospfIfEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this OSPF interface has + changed its state, or an error has occurred." + ::= { ospfIfEntry 15 } + + + ospfIfAuthKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..256)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Authentication Key. If the Area's Author- + ization Type is simplePassword, and the key + length is shorter than 8 octets, the agent will + left adjust and zero fill to 8 octets. + + Note that unauthenticated interfaces need no + authentication key, and simple password authen- + tication cannot use a key of more than 8 oc- + tets. Larger keys are useful only with authen- + tication mechanisms not specified in this docu- + ment. + + When read, ospfIfAuthKey always returns an Oc- + tet String of length zero." + REFERENCE + "OSPF Version 2, Section 9 The Interface Data + Structure" + DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0 + ::= { ospfIfEntry 16 } + + ospfIfStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfIfEntry 17 } + + + ospfIfMulticastForwarding OBJECT-TYPE + SYNTAX INTEGER { + blocked (1), -- no multicast forwarding + multicast (2), -- using multicast address + unicast (3) -- to each OSPF neighbor + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The way multicasts should forwarded on this + interface; not forwarded, forwarded as data + link multicasts, or forwarded as data link uni- + casts. Data link multicasting is not meaning- + ful on point to point and NBMA interfaces, and + setting ospfMulticastForwarding to 0 effective- + ly disables all multicast forwarding." + DEFVAL { blocked } + ::= { ospfIfEntry 18 } + + + ospfIfDemand OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Indicates whether Demand OSPF procedures (hel- + lo supression to FULL neighbors and setting the + DoNotAge flag on proogated LSAs) should be per- + formed on this interface." + DEFVAL { false } + ::= { ospfIfEntry 19 } + + + ospfIfAuthType OBJECT-TYPE + SYNTAX INTEGER (0..255) + -- none (0), + -- simplePassword (1) + -- md5 (2) + -- reserved for specification by IANA (> 2) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The authentication type specified for an in- + terface. Additional authentication types may + be assigned locally." + REFERENCE + "OSPF Version 2, Appendix E Authentication" + DEFVAL { 0 } -- no authentication, by default + ::= { ospfIfEntry 20 } + + +-- OSPF Interface Metric Table + +-- The Metric Table describes the metrics to be advertised +-- for a specified interface at the various types of service. +-- As such, this table is an adjunct of the OSPF Interface +-- Table. + +-- Types of service, as defined by RFC 791, have the ability +-- to request low delay, high bandwidth, or reliable linkage. + +-- For the purposes of this specification, the measure of +-- bandwidth + +-- Metric = 10^8 / ifSpeed + +-- is the default value. For multiple link interfaces, note +-- that ifSpeed is the sum of the individual link speeds. +-- This yields a number having the following typical values: + +-- Network Type/bit rate Metric + +-- >= 100 MBPS 1 +-- Ethernet/802.3 10 +-- E1 48 +-- T1 (ESF) 65 +-- 64 KBPS 1562 +-- 56 KBPS 1785 +-- 19.2 KBPS 5208 +-- 9.6 KBPS 10416 + +-- Routes that are not specified use the default (TOS 0) metric + + ospfIfMetricTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfIfMetricEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The TOS metrics for a non-virtual interface + identified by the interface index." + REFERENCE + "OSPF Version 2, Appendix C.3 Router interface + parameters" + ::= { ospf 8 } + + ospfIfMetricEntry OBJECT-TYPE + SYNTAX OspfIfMetricEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A particular TOS metric for a non-virtual in- + terface identified by the interface index." + REFERENCE + "OSPF Version 2, Appendix C.3 Router interface + parameters" + INDEX { ospfIfMetricIpAddress, + ospfIfMetricAddressLessIf, + ospfIfMetricTOS } + ::= { ospfIfMetricTable 1 } + +OspfIfMetricEntry ::= + SEQUENCE { + ospfIfMetricIpAddress + IpAddress, + ospfIfMetricAddressLessIf + Integer32, + ospfIfMetricTOS + TOSType, + ospfIfMetricValue + Metric, + ospfIfMetricStatus + RowStatus + } + + ospfIfMetricIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of this OSPF interface. On row + creation, this can be derived from the in- + stance." + ::= { ospfIfMetricEntry 1 } + + ospfIfMetricAddressLessIf OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "For the purpose of easing the instancing of + addressed and addressless interfaces; This + variable takes the value 0 on interfaces with + IP Addresses, and the value of ifIndex for in- + terfaces having no IP Address. On row crea- + tion, this can be derived from the instance." + ::= { ospfIfMetricEntry 2 } + + + ospfIfMetricTOS OBJECT-TYPE + SYNTAX TOSType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of service metric being referenced. + On row creation, this can be derived from the + instance." + ::= { ospfIfMetricEntry 3 } + + + ospfIfMetricValue OBJECT-TYPE + SYNTAX Metric + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The metric of using this type of service on + this interface. The default value of the TOS 0 + Metric is 10^8 / ifSpeed." + ::= { ospfIfMetricEntry 4 } + + ospfIfMetricStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfIfMetricEntry 5 } + + +-- OSPF Virtual Interface Table + +-- The Virtual Interface Table describes the virtual +-- links that the OSPF Process is configured to +-- carry on. + + ospfVirtIfTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfVirtIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about this router's virtual inter- + faces." + REFERENCE + "OSPF Version 2, Appendix C.4 Virtual link + parameters" + ::= { ospf 9 } + + + ospfVirtIfEntry OBJECT-TYPE + SYNTAX OspfVirtIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a single Virtual Interface." + INDEX { ospfVirtIfAreaId, ospfVirtIfNeighbor } + ::= { ospfVirtIfTable 1 } + +OspfVirtIfEntry ::= + SEQUENCE { + ospfVirtIfAreaId + AreaID, + ospfVirtIfNeighbor + RouterID, + ospfVirtIfTransitDelay + UpToMaxAge, + ospfVirtIfRetransInterval + UpToMaxAge, + ospfVirtIfHelloInterval + HelloRange, + ospfVirtIfRtrDeadInterval + PositiveInteger, + ospfVirtIfState + INTEGER, + ospfVirtIfEvents + Counter32, + ospfVirtIfAuthType + INTEGER, + ospfVirtIfAuthKey + OCTET STRING, + ospfVirtIfStatus + RowStatus + } + + ospfVirtIfAreaId OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transit Area that the Virtual Link + traverses. By definition, this is not 0.0.0.0" + ::= { ospfVirtIfEntry 1 } + + + ospfVirtIfNeighbor OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Router ID of the Virtual Neighbor." + ::= { ospfVirtIfEntry 2 } + + + ospfVirtIfTransitDelay OBJECT-TYPE + SYNTAX UpToMaxAge + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The estimated number of seconds it takes to + transmit a link- state update packet over this + interface." + DEFVAL { 1 } + ::= { ospfVirtIfEntry 3 } + + + ospfVirtIfRetransInterval OBJECT-TYPE + SYNTAX UpToMaxAge + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds between link-state ad- + vertisement retransmissions, for adjacencies + belonging to this interface. This value is + also used when retransmitting database descrip- + tion and link-state request packets. This + value should be well over the expected round- + trip time." + DEFVAL { 5 } + ::= { ospfVirtIfEntry 4 } + + + ospfVirtIfHelloInterval OBJECT-TYPE + SYNTAX HelloRange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The length of time, in seconds, between the + Hello packets that the router sends on the in- + terface. This value must be the same for the + virtual neighbor." + DEFVAL { 10 } + ::= { ospfVirtIfEntry 5 } + + + ospfVirtIfRtrDeadInterval OBJECT-TYPE + SYNTAX PositiveInteger + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds that a router's Hello + packets have not been seen before it's neigh- + bors declare the router down. This should be + some multiple of the Hello interval. This + value must be the same for the virtual neigh- + bor." + DEFVAL { 60 } + ::= { ospfVirtIfEntry 6 } + + + ospfVirtIfState OBJECT-TYPE + SYNTAX INTEGER { + down (1), -- these use the same encoding + pointToPoint (4) -- as the ospfIfTable + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "OSPF virtual interface states." + DEFVAL { down } + ::= { ospfVirtIfEntry 7 } + + + ospfVirtIfEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of state changes or error events on + this Virtual Link" + ::= { ospfVirtIfEntry 8 } + + + ospfVirtIfAuthKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..256)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "If Authentication Type is simplePassword, the + device will left adjust and zero fill to 8 oc- + tets. + + Note that unauthenticated interfaces need no + authentication key, and simple password authen- + tication cannot use a key of more than 8 oc- + tets. Larger keys are useful only with authen- + tication mechanisms not specified in this docu- + ment. + + When read, ospfVifAuthKey always returns a + string of length zero." + REFERENCE + "OSPF Version 2, Section 9 The Interface Data + Structure" + DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0 + ::= { ospfVirtIfEntry 9 } + + + ospfVirtIfStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfVirtIfEntry 10 } + + + ospfVirtIfAuthType OBJECT-TYPE + SYNTAX INTEGER (0..255) + -- none (0), + -- simplePassword (1) + -- md5 (2) + -- reserved for specification by IANA (> 2) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The authentication type specified for a virtu- + al interface. Additional authentication types + may be assigned locally." + REFERENCE + "OSPF Version 2, Appendix E Authentication" + DEFVAL { 0 } -- no authentication, by default + ::= { ospfVirtIfEntry 11 } + + +-- OSPF Neighbor Table + +-- The OSPF Neighbor Table describes all neighbors in +-- the locality of the subject router. + + ospfNbrTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfNbrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of non-virtual neighbor information." + REFERENCE + "OSPF Version 2, Section 10 The Neighbor Data + Structure" + ::= { ospf 10 } + + + ospfNbrEntry OBJECT-TYPE + SYNTAX OspfNbrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information regarding a single neighbor." + REFERENCE + "OSPF Version 2, Section 10 The Neighbor Data + Structure" + INDEX { ospfNbrIpAddr, ospfNbrAddressLessIndex } + ::= { ospfNbrTable 1 } + +OspfNbrEntry ::= + SEQUENCE { + ospfNbrIpAddr + IpAddress, + ospfNbrAddressLessIndex + InterfaceIndex, + ospfNbrRtrId + RouterID, + ospfNbrOptions + Integer32, + ospfNbrPriority + DesignatedRouterPriority, + ospfNbrState + INTEGER, + ospfNbrEvents + Counter32, + ospfNbrLsRetransQLen + Gauge32, + ospfNbmaNbrStatus + RowStatus, + ospfNbmaNbrPermanence + INTEGER, + ospfNbrHelloSuppressed + TruthValue + } + + ospfNbrIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address this neighbor is using in its + IP Source Address. Note that, on addressless + links, this will not be 0.0.0.0, but the ad- + dress of another of the neighbor's interfaces." + ::= { ospfNbrEntry 1 } + + + ospfNbrAddressLessIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "On an interface having an IP Address, zero. + On addressless interfaces, the corresponding + value of ifIndex in the Internet Standard MIB. + On row creation, this can be derived from the + instance." + ::= { ospfNbrEntry 2 } + + + ospfNbrRtrId OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A 32-bit integer (represented as a type IpAd- + dress) uniquely identifying the neighboring + router in the Autonomous System." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { ospfNbrEntry 3 } + + + ospfNbrOptions OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Bit Mask corresponding to the neighbor's op- + tions field. + + Bit 0, if set, indicates that the system will + operate on Type of Service metrics other than + TOS 0. If zero, the neighbor will ignore all + metrics except the TOS 0 metric. + + Bit 1, if set, indicates that the associated + area accepts and operates on external informa- + tion; if zero, it is a stub area. + + Bit 2, if set, indicates that the system is ca- + pable of routing IP Multicast datagrams; i.e., + that it implements the Multicast Extensions to + OSPF. + + Bit 3, if set, indicates that the associated + area is an NSSA. These areas are capable of + carrying type 7 external advertisements, which + are translated into type 5 external advertise- + ments at NSSA borders." + REFERENCE + "OSPF Version 2, Section 12.1.2 Options" + DEFVAL { 0 } + ::= { ospfNbrEntry 4 } + + + ospfNbrPriority OBJECT-TYPE + SYNTAX DesignatedRouterPriority + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The priority of this neighbor in the designat- + ed router election algorithm. The value 0 sig- + nifies that the neighbor is not eligible to be- + come the designated router on this particular + network." + DEFVAL { 1 } + ::= { ospfNbrEntry 5 } + + + ospfNbrState OBJECT-TYPE + SYNTAX INTEGER { + down (1), + attempt (2), + init (3), + twoWay (4), + exchangeStart (5), + exchange (6), + loading (7), + full (8) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The State of the relationship with this Neigh- + bor." + REFERENCE + "OSPF Version 2, Section 10.1 Neighbor States" + DEFVAL { down } + ::= { ospfNbrEntry 6 } + + + ospfNbrEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this neighbor relationship + has changed state, or an error has occurred." + ::= { ospfNbrEntry 7 } + + + ospfNbrLsRetransQLen OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current length of the retransmission + queue." + ::= { ospfNbrEntry 8 } + + + ospfNbmaNbrStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfNbrEntry 9 } + + + ospfNbmaNbrPermanence OBJECT-TYPE + SYNTAX INTEGER { + dynamic (1), -- learned through protocol + permanent (2) -- configured address + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. 'dynamic' and 'permanent' refer to how + the neighbor became known." + DEFVAL { permanent } + ::= { ospfNbrEntry 10 } + + + ospfNbrHelloSuppressed OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates whether Hellos are being suppressed + to the neighbor" + ::= { ospfNbrEntry 11 } + + +-- OSPF Virtual Neighbor Table + +-- This table describes all virtual neighbors. +-- Since Virtual Links are configured in the +-- virtual interface table, this table is read-only. + + ospfVirtNbrTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfVirtNbrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of virtual neighbor information." + REFERENCE + "OSPF Version 2, Section 15 Virtual Links" + ::= { ospf 11 } + + + ospfVirtNbrEntry OBJECT-TYPE + SYNTAX OspfVirtNbrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Virtual neighbor information." + INDEX { ospfVirtNbrArea, ospfVirtNbrRtrId } + ::= { ospfVirtNbrTable 1 } + +OspfVirtNbrEntry ::= + SEQUENCE { + ospfVirtNbrArea + AreaID, + ospfVirtNbrRtrId + RouterID, + ospfVirtNbrIpAddr + IpAddress, + ospfVirtNbrOptions + Integer32, + ospfVirtNbrState + INTEGER, + ospfVirtNbrEvents + Counter32, + ospfVirtNbrLsRetransQLen + Gauge32, + ospfVirtNbrHelloSuppressed + TruthValue + } + + ospfVirtNbrArea OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Transit Area Identifier." + ::= { ospfVirtNbrEntry 1 } + + + ospfVirtNbrRtrId OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A 32-bit integer uniquely identifying the + neighboring router in the Autonomous System." + ::= { ospfVirtNbrEntry 2 } + + + ospfVirtNbrIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address this Virtual Neighbor is us- + ing." + ::= { ospfVirtNbrEntry 3 } + + + ospfVirtNbrOptions OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Bit Mask corresponding to the neighbor's op- + tions field. + + Bit 1, if set, indicates that the system will + operate on Type of Service metrics other than + TOS 0. If zero, the neighbor will ignore all + metrics except the TOS 0 metric. + + Bit 2, if set, indicates that the system is + Network Multicast capable; ie, that it imple- + ments OSPF Multicast Routing." + ::= { ospfVirtNbrEntry 4 } + ospfVirtNbrState OBJECT-TYPE + SYNTAX INTEGER { + down (1), + attempt (2), + init (3), + twoWay (4), + exchangeStart (5), + exchange (6), + loading (7), + full (8) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The state of the Virtual Neighbor Relation- + ship." + ::= { ospfVirtNbrEntry 5 } + + + ospfVirtNbrEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this virtual link has + changed its state, or an error has occurred." + ::= { ospfVirtNbrEntry 6 } + + + ospfVirtNbrLsRetransQLen OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current length of the retransmission + queue." + ::= { ospfVirtNbrEntry 7 } + + + ospfVirtNbrHelloSuppressed OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates whether Hellos are being suppressed + to the neighbor" + ::= { ospfVirtNbrEntry 8 } + +-- OSPF Link State Database, External + +-- The Link State Database contains the Link State +-- Advertisements from throughout the areas that the +-- device is attached to. + +-- This table is identical to the OSPF LSDB Table in +-- format, but contains only External Link State +-- Advertisements. The purpose is to allow external +-- LSAs to be displayed once for the router rather +-- than once in each non-stub area. + + ospfExtLsdbTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfExtLsdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The OSPF Process's Links State Database." + REFERENCE + "OSPF Version 2, Section 12 Link State Adver- + tisements" + ::= { ospf 12 } + + + ospfExtLsdbEntry OBJECT-TYPE + SYNTAX OspfExtLsdbEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A single Link State Advertisement." + INDEX { ospfExtLsdbType, ospfExtLsdbLsid, ospfExtLsdbRouterId } + ::= { ospfExtLsdbTable 1 } + +OspfExtLsdbEntry ::= + SEQUENCE { + ospfExtLsdbType + INTEGER, + ospfExtLsdbLsid + IpAddress, + ospfExtLsdbRouterId + RouterID, + ospfExtLsdbSequence + Integer32, + ospfExtLsdbAge + Integer32, + ospfExtLsdbChecksum + Integer32, + ospfExtLsdbAdvertisement + OCTET STRING + } + + ospfExtLsdbType OBJECT-TYPE + SYNTAX INTEGER { + asExternalLink (5) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of the link state advertisement. + Each link state type has a separate advertise- + ment format." + REFERENCE + "OSPF Version 2, Appendix A.4.1 The Link State + Advertisement header" + ::= { ospfExtLsdbEntry 1 } + + + ospfExtLsdbLsid OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Link State ID is an LS Type Specific field + containing either a Router ID or an IP Address; + it identifies the piece of the routing domain + that is being described by the advertisement." + REFERENCE + "OSPF Version 2, Section 12.1.4 Link State ID" + ::= { ospfExtLsdbEntry 2 } + + + ospfExtLsdbRouterId OBJECT-TYPE + SYNTAX RouterID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The 32 bit number that uniquely identifies the + originating router in the Autonomous System." + REFERENCE + "OSPF Version 2, Appendix C.1 Global parameters" + ::= { ospfExtLsdbEntry 3 } + +-- Note that the OSPF Sequence Number is a 32 bit signed +-- integer. It starts with the value '80000001'h, +-- or -'7FFFFFFF'h, and increments until '7FFFFFFF'h +-- Thus, a typical sequence number will be very negative. + ospfExtLsdbSequence OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The sequence number field is a signed 32-bit + integer. It is used to detect old and dupli- + cate link state advertisements. The space of + sequence numbers is linearly ordered. The + larger the sequence number the more recent the + advertisement." + REFERENCE + "OSPF Version 2, Section 12.1.6 LS sequence + number" + ::= { ospfExtLsdbEntry 4 } + + + ospfExtLsdbAge OBJECT-TYPE + SYNTAX Integer32 -- Should be 0..MaxAge + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This field is the age of the link state adver- + tisement in seconds." + REFERENCE + "OSPF Version 2, Section 12.1.1 LS age" + ::= { ospfExtLsdbEntry 5 } + + + ospfExtLsdbChecksum OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This field is the checksum of the complete + contents of the advertisement, excepting the + age field. The age field is excepted so that + an advertisement's age can be incremented + without updating the checksum. The checksum + used is the same that is used for ISO connec- + tionless datagrams; it is commonly referred to + as the Fletcher checksum." + REFERENCE + "OSPF Version 2, Section 12.1.7 LS checksum" + ::= { ospfExtLsdbEntry 6 } + + + ospfExtLsdbAdvertisement OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(36)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The entire Link State Advertisement, including + its header." + REFERENCE + "OSPF Version 2, Section 12 Link State Adver- + tisements" + ::= { ospfExtLsdbEntry 7 } + + +-- OSPF Use of the CIDR Route Table + +ospfRouteGroup OBJECT IDENTIFIER ::= { ospf 13 } + +-- The IP Forwarding Table defines a number of objects for use by +-- the routing protocol to externalize its information. Most of +-- the variables (ipForwardDest, ipForwardMask, ipForwardPolicy, +-- ipForwardNextHop, ipForwardIfIndex, ipForwardType, +-- ipForwardProto, ipForwardAge, and ipForwardNextHopAS) are +-- defined there. + +-- Those that leave some discretion are defined here. + +-- ipCidrRouteProto is, of course, ospf (13). + +-- ipCidrRouteAge is the time since the route was first calculated, +-- as opposed to the time since the last SPF run. + +-- ipCidrRouteInfo is an OBJECT IDENTIFIER for use by the routing +-- protocol. The following values shall be found there depending +-- on the way the route was calculated. + +ospfIntraArea OBJECT IDENTIFIER ::= { ospfRouteGroup 1 } +ospfInterArea OBJECT IDENTIFIER ::= { ospfRouteGroup 2 } +ospfExternalType1 OBJECT IDENTIFIER ::= { ospfRouteGroup 3 } +ospfExternalType2 OBJECT IDENTIFIER ::= { ospfRouteGroup 4 } + +-- ipCidrRouteMetric1 is, by definition, the primary routing +-- metric. Therefore, it should be the metric that route +-- selection is based on. For intra-area and inter-area routes, +-- it is an OSPF metric. For External Type 1 (comparable value) +-- routes, it is an OSPF metric plus the External Metric. For +-- external Type 2 (non-comparable value) routes, it is the +-- external metric. + +-- ipCidrRouteMetric2 is, by definition, a secondary routing +-- metric. Therefore, it should be the metric that breaks a tie +-- among routes having equal metric1 values and the same +-- calculation rule. For intra-area, inter-area routes, and +-- External Type 1 (comparable value) routes, it is unused. For +-- external Type 2 (non-comparable value) routes, it is the metric +-- to the AS border router. + +-- ipCidrRouteMetric3, ipCidrRouteMetric4, and ipCidrRouteMetric5 are +-- unused. + +-- +-- The OSPF Area Aggregate Table +-- +-- This table replaces the OSPF Area Summary Table, being an +-- extension of that for CIDR routers. + + ospfAreaAggregateTable OBJECT-TYPE + SYNTAX SEQUENCE OF OspfAreaAggregateEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A range of IP addresses specified by an IP + address/IP network mask pair. For example, + class B address range of X.X.X.X with a network + mask of 255.255.0.0 includes all IP addresses + from X.X.0.0 to X.X.255.255. Note that if + ranges are configured such that one range sub- + sumes another range (e.g., 10.0.0.0 mask + 255.0.0.0 and 10.1.0.0 mask 255.255.0.0), the + most specific match is the preferred one." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospf 14 } + + + ospfAreaAggregateEntry OBJECT-TYPE + SYNTAX OspfAreaAggregateEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A range of IP addresses specified by an IP + address/IP network mask pair. For example, + class B address range of X.X.X.X with a network + mask of 255.255.0.0 includes all IP addresses + from X.X.0.0 to X.X.255.255. Note that if + ranges are range configured such that one range + subsumes another range (e.g., 10.0.0.0 mask + 255.0.0.0 and 10.1.0.0 mask 255.255.0.0), the + most specific match is the preferred one." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + INDEX { ospfAreaAggregateAreaID, ospfAreaAggregateLsdbType, + ospfAreaAggregateNet, ospfAreaAggregateMask } + ::= { ospfAreaAggregateTable 1 } + + +OspfAreaAggregateEntry ::= + SEQUENCE { + ospfAreaAggregateAreaID + AreaID, + ospfAreaAggregateLsdbType + INTEGER, + ospfAreaAggregateNet + IpAddress, + ospfAreaAggregateMask + IpAddress, + ospfAreaAggregateStatus + RowStatus, + ospfAreaAggregateEffect + INTEGER + } + + ospfAreaAggregateAreaID OBJECT-TYPE + SYNTAX AreaID + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Area the Address Aggregate is to be found + within." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaAggregateEntry 1 } + + + ospfAreaAggregateLsdbType OBJECT-TYPE + SYNTAX INTEGER { + summaryLink (3), + nssaExternalLink (7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of the Address Aggregate. This field + specifies the Lsdb type that this Address Ag- + gregate applies to." + REFERENCE + "OSPF Version 2, Appendix A.4.1 The Link State + Advertisement header" + ::= { ospfAreaAggregateEntry 2 } + + + ospfAreaAggregateNet OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of the Net or Subnet indicated + by the range." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaAggregateEntry 3 } + + + ospfAreaAggregateMask OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Subnet Mask that pertains to the Net or + Subnet." + REFERENCE + "OSPF Version 2, Appendix C.2 Area parameters" + ::= { ospfAreaAggregateEntry 4 } + + + ospfAreaAggregateStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable displays the status of the en- + try. Setting it to 'invalid' has the effect of + rendering it inoperative. The internal effect + (row removal) is implementation dependent." + ::= { ospfAreaAggregateEntry 5 } + + + ospfAreaAggregateEffect OBJECT-TYPE + SYNTAX INTEGER { + advertiseMatching (1), + doNotAdvertiseMatching (2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Subnets subsumed by ranges either trigger the + advertisement of the indicated aggregate (ad- + vertiseMatching), or result in the subnet's not + being advertised at all outside the area." + DEFVAL { advertiseMatching } + ::= { ospfAreaAggregateEntry 6 } + + +-- conformance information + +ospfConformance OBJECT IDENTIFIER ::= { ospf 15 } + +ospfGroups OBJECT IDENTIFIER ::= { ospfConformance 1 } +ospfCompliances OBJECT IDENTIFIER ::= { ospfConformance 2 } + +-- compliance statements + + ospfCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement " + MODULE -- this module + MANDATORY-GROUPS { + ospfBasicGroup, + ospfAreaGroup, + ospfStubAreaGroup, + ospfIfGroup, + ospfIfMetricGroup, + ospfVirtIfGroup, + ospfNbrGroup, + ospfVirtNbrGroup, + ospfAreaAggregateGroup + } + ::= { ospfCompliances 1 } + + +-- units of conformance + + ospfBasicGroup OBJECT-GROUP + OBJECTS { + ospfRouterId, + ospfAdminStat, + ospfVersionNumber, + ospfAreaBdrRtrStatus, + ospfASBdrRtrStatus, + ospfExternLsaCount, + ospfExternLsaCksumSum, + ospfTOSSupport, + ospfOriginateNewLsas, + ospfRxNewLsas, + ospfExtLsdbLimit, + ospfMulticastExtensions, + ospfExitOverflowInterval, + ospfDemandExtensions + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 1 } + + + ospfAreaGroup OBJECT-GROUP + OBJECTS { + ospfAreaId, + ospfImportAsExtern, + ospfSpfRuns, + ospfAreaBdrRtrCount, + ospfAsBdrRtrCount, + ospfAreaLsaCount, + ospfAreaLsaCksumSum, + ospfAreaSummary, + ospfAreaStatus + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems + supporting areas." + ::= { ospfGroups 2 } + + + ospfStubAreaGroup OBJECT-GROUP + OBJECTS { + ospfStubAreaId, + ospfStubTOS, + ospfStubMetric, + ospfStubStatus, + ospfStubMetricType + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems + supporting stub areas." + ::= { ospfGroups 3 } + + + ospfLsdbGroup OBJECT-GROUP + OBJECTS { + ospfLsdbAreaId, + ospfLsdbType, + ospfLsdbLsid, + ospfLsdbRouterId, + ospfLsdbSequence, + ospfLsdbAge, + ospfLsdbChecksum, + ospfLsdbAdvertisement + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems + that display their link state database." + ::= { ospfGroups 4 } + + + ospfAreaRangeGroup OBJECT-GROUP + OBJECTS { + ospfAreaRangeAreaId, + ospfAreaRangeNet, + ospfAreaRangeMask, + ospfAreaRangeStatus, + ospfAreaRangeEffect + } + STATUS obsolete + DESCRIPTION + "These objects are required for non-CIDR OSPF + systems that support multiple areas." + ::= { ospfGroups 5 } + + + ospfHostGroup OBJECT-GROUP + OBJECTS { + ospfHostIpAddress, + ospfHostTOS, + ospfHostMetric, + ospfHostStatus, + ospfHostAreaID + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems + that support attached hosts." + ::= { ospfGroups 6 } + + + ospfIfGroup OBJECT-GROUP + OBJECTS { + ospfIfIpAddress, + ospfAddressLessIf, + ospfIfAreaId, + ospfIfType, + ospfIfAdminStat, + ospfIfRtrPriority, + ospfIfTransitDelay, + ospfIfRetransInterval, + ospfIfHelloInterval, + ospfIfRtrDeadInterval, + ospfIfPollInterval, + ospfIfState, + ospfIfDesignatedRouter, + ospfIfBackupDesignatedRouter, + ospfIfEvents, + ospfIfAuthType, + ospfIfAuthKey, + ospfIfStatus, + ospfIfMulticastForwarding, + ospfIfDemand + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 7 } + + + ospfIfMetricGroup OBJECT-GROUP + OBJECTS { + ospfIfMetricIpAddress, + ospfIfMetricAddressLessIf, + ospfIfMetricTOS, + ospfIfMetricValue, + ospfIfMetricStatus + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 8 } + + + ospfVirtIfGroup OBJECT-GROUP + OBJECTS { + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfVirtIfTransitDelay, + ospfVirtIfRetransInterval, + ospfVirtIfHelloInterval, + ospfVirtIfRtrDeadInterval, + ospfVirtIfState, + ospfVirtIfEvents, + ospfVirtIfAuthType, + ospfVirtIfAuthKey, + ospfVirtIfStatus + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 9 } + + + ospfNbrGroup OBJECT-GROUP + OBJECTS { + ospfNbrIpAddr, + ospfNbrAddressLessIndex, + ospfNbrRtrId, + ospfNbrOptions, + ospfNbrPriority, + ospfNbrState, + ospfNbrEvents, + ospfNbrLsRetransQLen, + ospfNbmaNbrStatus, + ospfNbmaNbrPermanence, + ospfNbrHelloSuppressed + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 10 } + + + ospfVirtNbrGroup OBJECT-GROUP + OBJECTS { + ospfVirtNbrArea, + ospfVirtNbrRtrId, + ospfVirtNbrIpAddr, + ospfVirtNbrOptions, + ospfVirtNbrState, + ospfVirtNbrEvents, + ospfVirtNbrLsRetransQLen, + ospfVirtNbrHelloSuppressed + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 11 } + + + ospfExtLsdbGroup OBJECT-GROUP + OBJECTS { + ospfExtLsdbType, + ospfExtLsdbLsid, + ospfExtLsdbRouterId, + ospfExtLsdbSequence, + ospfExtLsdbAge, + ospfExtLsdbChecksum, + ospfExtLsdbAdvertisement + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems + that display their link state database." + ::= { ospfGroups 12 } + + + ospfAreaAggregateGroup OBJECT-GROUP + OBJECTS { + ospfAreaAggregateAreaID, + ospfAreaAggregateLsdbType, + ospfAreaAggregateNet, + ospfAreaAggregateMask, + ospfAreaAggregateStatus, + ospfAreaAggregateEffect + } + STATUS current + DESCRIPTION + "These objects are required for OSPF systems." + ::= { ospfGroups 13 } + +END diff --git a/data/mibs/OSPF-TRAP-MIB.txt b/data/mibs/OSPF-TRAP-MIB.txt new file mode 100644 index 000000000..8a3ab990c --- /dev/null +++ b/data/mibs/OSPF-TRAP-MIB.txt @@ -0,0 +1,443 @@ +OSPF-TRAP-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress + FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + ospfRouterId, ospfIfIpAddress, ospfAddressLessIf, ospfIfState, + ospfVirtIfAreaId, ospfVirtIfNeighbor, ospfVirtIfState, + ospfNbrIpAddr, ospfNbrAddressLessIndex, ospfNbrRtrId, + ospfNbrState, ospfVirtNbrArea, ospfVirtNbrRtrId, ospfVirtNbrState, + ospfLsdbType, ospfLsdbLsid, ospfLsdbRouterId, ospfLsdbAreaId, + ospfExtLsdbLimit, ospf + FROM OSPF-MIB; + + ospfTrap MODULE-IDENTITY + LAST-UPDATED "9501201225Z" -- Fri Jan 20 12:25:50 PST 1995 + ORGANIZATION "IETF OSPF Working Group" + CONTACT-INFO + " Fred Baker + Postal: Cisco Systems + 519 Lado Drive + Santa Barbara, California 93111 + Tel: +1 805 681 0115 + E-Mail: fred@cisco.com + + Rob Coltun + Postal: RainbowBridge Communications + Tel: (301) 340-9416 + E-Mail: rcoltun@rainbow-bridge.com" + DESCRIPTION + "The MIB module to describe traps for the OSPF + Version 2 Protocol." + ::= { ospf 16 } + +-- Trap Support Objects + +-- The following are support objects for the OSPF traps. + +ospfTrapControl OBJECT IDENTIFIER ::= { ospfTrap 1 } +ospfTraps OBJECT IDENTIFIER ::= { ospfTrap 2 } + + ospfSetTrap OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(4)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A four-octet string serving as a bit map for + the trap events defined by the OSPF traps. This + object is used to enable and disable specific + OSPF traps where a 1 in the bit field + represents enabled. The right-most bit (least + significant) represents trap 0." + ::= { ospfTrapControl 1 } + + + ospfConfigErrorType OBJECT-TYPE + SYNTAX INTEGER { + badVersion (1), + areaMismatch (2), + unknownNbmaNbr (3), -- Router is Dr eligible + unknownVirtualNbr (4), + authTypeMismatch(5), + authFailure (6), + netMaskMismatch (7), + helloIntervalMismatch (8), + deadIntervalMismatch (9), + optionMismatch (10) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Potential types of configuration conflicts. + Used by the ospfConfigError and ospfConfigVir- + tError traps." + ::= { ospfTrapControl 2 } + + + ospfPacketType OBJECT-TYPE + SYNTAX INTEGER { + hello (1), + dbDescript (2), + lsReq (3), + lsUpdate (4), + lsAck (5) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "OSPF packet types." + ::= { ospfTrapControl 3 } + + + ospfPacketSrc OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of an inbound packet that can- + not be identified by a neighbor instance." + ::= { ospfTrapControl 4 } + + +-- Traps + + + ospfIfStateChange NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfIfIpAddress, + ospfAddressLessIf, + ospfIfState -- The new state + } + STATUS current + DESCRIPTION + "An ospfIfStateChange trap signifies that there + has been a change in the state of a non-virtual + OSPF interface. This trap should be generated + when the interface state regresses (e.g., goes + from Dr to Down) or progresses to a terminal + state (i.e., Point-to-Point, DR Other, Dr, or + Backup)." + ::= { ospfTraps 16 } + + + ospfVirtIfStateChange NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfVirtIfState -- The new state + } + STATUS current + DESCRIPTION + "An ospfIfStateChange trap signifies that there + has been a change in the state of an OSPF vir- + tual interface. + This trap should be generated when the inter- + face state regresses (e.g., goes from Point- + to-Point to Down) or progresses to a terminal + state (i.e., Point-to-Point)." + ::= { ospfTraps 1 } + + + ospfNbrStateChange NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfNbrIpAddr, + ospfNbrAddressLessIndex, + ospfNbrRtrId, + ospfNbrState -- The new state + } + STATUS current + DESCRIPTION + "An ospfNbrStateChange trap signifies that + there has been a change in the state of a non- + virtual OSPF neighbor. This trap should be + generated when the neighbor state regresses + (e.g., goes from Attempt or Full to 1-Way or + Down) or progresses to a terminal state (e.g., + 2-Way or Full). When an neighbor transitions + from or to Full on non-broadcast multi-access + and broadcast networks, the trap should be gen- + erated by the designated router. A designated + router transitioning to Down will be noted by + ospfIfStateChange." + ::= { ospfTraps 2 } + + + ospfVirtNbrStateChange NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtNbrArea, + ospfVirtNbrRtrId, + ospfVirtNbrState -- The new state + } + STATUS current + DESCRIPTION + "An ospfIfStateChange trap signifies that there + has been a change in the state of an OSPF vir- + tual neighbor. This trap should be generated + when the neighbor state regresses (e.g., goes + from Attempt or Full to 1-Way or Down) or + progresses to a terminal state (e.g., Full)." + ::= { ospfTraps 3 } + ospfIfConfigError NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfIfIpAddress, + ospfAddressLessIf, + ospfPacketSrc, -- The source IP address + ospfConfigErrorType, -- Type of error + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfIfConfigError trap signifies that a + packet has been received on a non-virtual in- + terface from a router whose configuration + parameters conflict with this router's confi- + guration parameters. Note that the event op- + tionMismatch should cause a trap only if it + prevents an adjacency from forming." + ::= { ospfTraps 4 } + + + ospfVirtIfConfigError NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfConfigErrorType, -- Type of error + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfConfigError trap signifies that a pack- + et has been received on a virtual interface + from a router whose configuration parameters + conflict with this router's configuration + parameters. Note that the event optionMismatch + should cause a trap only if it prevents an ad- + jacency from forming." + ::= { ospfTraps 5 } + + + ospfIfAuthFailure NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfIfIpAddress, + ospfAddressLessIf, + ospfPacketSrc, -- The source IP address + ospfConfigErrorType, -- authTypeMismatch or + -- authFailure + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfIfAuthFailure trap signifies that a + packet has been received on a non-virtual in- + terface from a router whose authentication key + or authentication type conflicts with this + router's authentication key or authentication + type." + ::= { ospfTraps 6 } + + + ospfVirtIfAuthFailure NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfConfigErrorType, -- authTypeMismatch or + -- authFailure + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfVirtIfAuthFailure trap signifies that a + packet has been received on a virtual interface + from a router whose authentication key or au- + thentication type conflicts with this router's + authentication key or authentication type." + ::= { ospfTraps 7 } + + + ospfIfRxBadPacket NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfIfIpAddress, + ospfAddressLessIf, + ospfPacketSrc, -- The source IP address + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfIfRxBadPacket trap signifies that an + OSPF packet has been received on a non-virtual + interface that cannot be parsed." + ::= { ospfTraps 8 } + + ospfVirtIfRxBadPacket NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfPacketType + } + STATUS current + DESCRIPTION + "An ospfRxBadPacket trap signifies that an OSPF + packet has been received on a virtual interface + that cannot be parsed." + ::= { ospfTraps 9 } + + + ospfTxRetransmit NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfIfIpAddress, + ospfAddressLessIf, + ospfNbrRtrId, -- Destination + ospfPacketType, + ospfLsdbType, + ospfLsdbLsid, + ospfLsdbRouterId + } + STATUS current + DESCRIPTION + "An ospfTxRetransmit trap signifies than an + OSPF packet has been retransmitted on a non- + virtual interface. All packets that may be re- + transmitted are associated with an LSDB entry. + The LS type, LS ID, and Router ID are used to + identify the LSDB entry." + ::= { ospfTraps 10 } + + + ospfVirtIfTxRetransmit NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfVirtIfAreaId, + ospfVirtIfNeighbor, + ospfPacketType, + ospfLsdbType, + ospfLsdbLsid, + ospfLsdbRouterId + } + STATUS current + DESCRIPTION + "An ospfTxRetransmit trap signifies than an + OSPF packet has been retransmitted on a virtual + interface. All packets that may be retransmit- + ted are associated with an LSDB entry. The LS + type, LS ID, and Router ID are used to identify + the LSDB entry." + ::= { ospfTraps 11 } + + + ospfOriginateLsa NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfLsdbAreaId, -- 0.0.0.0 for AS Externals + ospfLsdbType, + ospfLsdbLsid, + ospfLsdbRouterId + } + STATUS current + DESCRIPTION + "An ospfOriginateLsa trap signifies that a new + LSA has been originated by this router. This + trap should not be invoked for simple refreshes + of LSAs (which happesn every 30 minutes), but + instead will only be invoked when an LSA is + (re)originated due to a topology change. Addi- + tionally, this trap does not include LSAs that + are being flushed because they have reached + MaxAge." + ::= { ospfTraps 12 } + + + ospfMaxAgeLsa NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfLsdbAreaId, -- 0.0.0.0 for AS Externals + ospfLsdbType, + ospfLsdbLsid, + ospfLsdbRouterId + } + STATUS current + DESCRIPTION + "An ospfMaxAgeLsa trap signifies that one of + the LSA in the router's link-state database has + aged to MaxAge." + ::= { ospfTraps 13 } + + + ospfLsdbOverflow NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfExtLsdbLimit + } + STATUS current + DESCRIPTION + "An ospfLsdbOverflow trap signifies that the + number of LSAs in the router's link-state data- + base has exceeded ospfExtLsdbLimit." + ::= { ospfTraps 14 } + + + ospfLsdbApproachingOverflow NOTIFICATION-TYPE + OBJECTS { + ospfRouterId, -- The originator of the trap + ospfExtLsdbLimit + } + STATUS current + DESCRIPTION + "An ospfLsdbApproachingOverflow trap signifies + that the number of LSAs in the router's link- + state database has exceeded ninety percent of + ospfExtLsdbLimit." + ::= { ospfTraps 15 } + + +-- conformance information + +ospfTrapConformance OBJECT IDENTIFIER ::= { ospfTrap 3 } + +ospfTrapGroups OBJECT IDENTIFIER ::= { ospfTrapConformance 1 } +ospfTrapCompliances OBJECT IDENTIFIER ::= { ospfTrapConformance 2 } + +-- compliance statements + + ospfTrapCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement " + MODULE -- this module + MANDATORY-GROUPS { ospfTrapControlGroup } + + + GROUP ospfTrapControlGroup + DESCRIPTION + "This group is optional but recommended for all + OSPF systems" + ::= { ospfTrapCompliances 1 } + + +-- units of conformance + + ospfTrapControlGroup OBJECT-GROUP + OBJECTS { + ospfSetTrap, + ospfConfigErrorType, + ospfPacketType, + ospfPacketSrc + } + STATUS current + DESCRIPTION + "These objects are required to control traps + from OSPF systems." + ::= { ospfTrapGroups 1 } + + +END diff --git a/data/mibs/RFC1155-SMI.txt b/data/mibs/RFC1155-SMI.txt new file mode 100644 index 000000000..3abc7ffb7 --- /dev/null +++ b/data/mibs/RFC1155-SMI.txt @@ -0,0 +1,119 @@ +RFC1155-SMI DEFINITIONS ::= BEGIN + +EXPORTS -- EVERYTHING + internet, directory, mgmt, + experimental, private, enterprises, + OBJECT-TYPE, ObjectName, ObjectSyntax, SimpleSyntax, + ApplicationSyntax, NetworkAddress, IpAddress, + Counter, Gauge, TimeTicks, Opaque; + + -- the path to the root + + internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 } + + directory OBJECT IDENTIFIER ::= { internet 1 } + + mgmt OBJECT IDENTIFIER ::= { internet 2 } + + experimental OBJECT IDENTIFIER ::= { internet 3 } + + private OBJECT IDENTIFIER ::= { internet 4 } + enterprises OBJECT IDENTIFIER ::= { private 1 } + + -- definition of object types + + OBJECT-TYPE MACRO ::= + BEGIN + TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) + "ACCESS" Access + "STATUS" Status + VALUE NOTATION ::= value (VALUE ObjectName) + + Access ::= "read-only" + | "read-write" + | "write-only" + | "not-accessible" + Status ::= "mandatory" + | "optional" + | "obsolete" + END + + -- names of objects in the MIB + + ObjectName ::= + OBJECT IDENTIFIER + + -- syntax of objects in the MIB + + ObjectSyntax ::= + CHOICE { + simple + SimpleSyntax, + -- note that simple SEQUENCEs are not directly + -- mentioned here to keep things simple (i.e., + -- prevent mis-use). However, application-wide + -- types which are IMPLICITly encoded simple + -- SEQUENCEs may appear in the following CHOICE + + application-wide + ApplicationSyntax + } + + SimpleSyntax ::= + CHOICE { + number + INTEGER, + string + OCTET STRING, + object + OBJECT IDENTIFIER, + empty + NULL + } + + ApplicationSyntax ::= + CHOICE { + address + NetworkAddress, + counter + Counter, + gauge + Gauge, + ticks + TimeTicks, + arbitrary + Opaque + + -- other application-wide types, as they are + -- defined, will be added here + } + + -- application-wide types + + NetworkAddress ::= + CHOICE { + internet + IpAddress + } + + IpAddress ::= + [APPLICATION 0] -- in network-byte order + IMPLICIT OCTET STRING (SIZE (4)) + + Counter ::= + [APPLICATION 1] + IMPLICIT INTEGER (0..4294967295) + + Gauge ::= + [APPLICATION 2] + IMPLICIT INTEGER (0..4294967295) + + TimeTicks ::= + [APPLICATION 3] + IMPLICIT INTEGER (0..4294967295) + + Opaque ::= + [APPLICATION 4] -- arbitrary ASN.1 value, + IMPLICIT OCTET STRING -- "double-wrapped" + + END diff --git a/data/mibs/RFC1213-MIB.txt b/data/mibs/RFC1213-MIB.txt new file mode 100644 index 000000000..408ccd796 --- /dev/null +++ b/data/mibs/RFC1213-MIB.txt @@ -0,0 +1,2613 @@ +RFC1213-MIB DEFINITIONS ::= BEGIN + +IMPORTS + mgmt, NetworkAddress, IpAddress, Counter, Gauge, + TimeTicks + FROM RFC1155-SMI + OBJECT-TYPE + FROM RFC-1212; + +-- This MIB module uses the extended OBJECT-TYPE macro as +-- defined in [14]; + +-- MIB-II (same prefix as MIB-I) + +mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } + +-- textual conventions + +DisplayString ::= + OCTET STRING +-- This data type is used to model textual information taken +-- from the NVT ASCII character set. By convention, objects +-- with this syntax are declared as having + +-- +-- SIZE (0..255) + +PhysAddress ::= + OCTET STRING +-- This data type is used to model media addresses. For many +-- types of media, this will be in a binary representation. +-- For example, an ethernet address would be represented as +-- a string of 6 octets. + +-- groups in MIB-II + +system OBJECT IDENTIFIER ::= { mib-2 1 } + +interfaces OBJECT IDENTIFIER ::= { mib-2 2 } + +at OBJECT IDENTIFIER ::= { mib-2 3 } + +ip OBJECT IDENTIFIER ::= { mib-2 4 } + +icmp OBJECT IDENTIFIER ::= { mib-2 5 } + +tcp OBJECT IDENTIFIER ::= { mib-2 6 } + +udp OBJECT IDENTIFIER ::= { mib-2 7 } + +egp OBJECT IDENTIFIER ::= { mib-2 8 } + +-- historical (some say hysterical) +-- cmot OBJECT IDENTIFIER ::= { mib-2 9 } + +transmission OBJECT IDENTIFIER ::= { mib-2 10 } + +snmp OBJECT IDENTIFIER ::= { mib-2 11 } + +-- the System group + +-- Implementation of the System group is mandatory for all +-- systems. If an agent is not configured to have a value +-- for any of these variables, a string of length 0 is +-- returned. + +sysDescr OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A textual description of the entity. This value + should include the full name and version + identification of the system's hardware type, + software operating-system, and networking + software. It is mandatory that this only contain + printable ASCII characters." + ::= { system 1 } + +sysObjectID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The vendor's authoritative identification of the + network management subsystem contained in the + entity. This value is allocated within the SMI + enterprises subtree (1.3.6.1.4.1) and provides an + easy and unambiguous means for determining `what + kind of box' is being managed. For example, if + vendor `Flintstones, Inc.' was assigned the + subtree 1.3.6.1.4.1.4242, it could assign the + identifier 1.3.6.1.4.1.4242.1.1 to its `Fred + Router'." + ::= { system 2 } + +sysUpTime OBJECT-TYPE + SYNTAX TimeTicks + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The time (in hundredths of a second) since the + network management portion of the system was last + re-initialized." + ::= { system 3 } + +sysContact OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The textual identification of the contact person + for this managed node, together with information + on how to contact this person." + ::= { system 4 } + +sysName OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-write + STATUS mandatory + DESCRIPTION + "An administratively-assigned name for this + managed node. By convention, this is the node's + fully-qualified domain name." + ::= { system 5 } + +sysLocation OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The physical location of this node (e.g., + `telephone closet, 3rd floor')." + ::= { system 6 } + +sysServices OBJECT-TYPE + SYNTAX INTEGER (0..127) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A value which indicates the set of services that + this entity primarily offers. + + The value is a sum. This sum initially takes the + value zero, Then, for each layer, L, in the range + 1 through 7, that this node performs transactions + for, 2 raised to (L - 1) is added to the sum. For + example, a node which performs primarily routing + functions would have a value of 4 (2^(3-1)). In + contrast, a node which is a host offering + application services would have a value of 72 + (2^(4-1) + 2^(7-1)). Note that in the context of + the Internet suite of protocols, values should be + calculated accordingly: + + layer functionality + 1 physical (e.g., repeaters) + 2 datalink/subnetwork (e.g., bridges) + 3 internet (e.g., IP gateways) + 4 end-to-end (e.g., IP hosts) + 7 applications (e.g., mail relays) + + For systems including OSI protocols, layers 5 and + 6 may also be counted." + ::= { system 7 } + +-- the Interfaces group + +-- Implementation of the Interfaces group is mandatory for +-- all systems. + +ifNumber OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of network interfaces (regardless of + their current state) present on this system." + ::= { interfaces 1 } + +-- the Interfaces table + +-- The Interfaces table contains information on the entity's +-- interfaces. Each interface is thought of as being +-- attached to a `subnetwork'. Note that this term should +-- not be confused with `subnet' which refers to an +-- addressing partitioning scheme used in the Internet suite +-- of protocols. + +ifTable OBJECT-TYPE + SYNTAX SEQUENCE OF IfEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A list of interface entries. The number of + entries is given by the value of ifNumber." + ::= { interfaces 2 } + +ifEntry OBJECT-TYPE + SYNTAX IfEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "An interface entry containing objects at the + subnetwork layer and below for a particular + interface." + INDEX { ifIndex } + ::= { ifTable 1 } + +IfEntry ::= + SEQUENCE { + ifIndex + INTEGER, + ifDescr + DisplayString, + ifType + INTEGER, + ifMtu + INTEGER, + ifSpeed + Gauge, + ifPhysAddress + PhysAddress, + ifAdminStatus + INTEGER, + ifOperStatus + INTEGER, + ifLastChange + TimeTicks, + ifInOctets + Counter, + ifInUcastPkts + Counter, + ifInNUcastPkts + Counter, + ifInDiscards + Counter, + ifInErrors + Counter, + ifInUnknownProtos + Counter, + ifOutOctets + Counter, + ifOutUcastPkts + Counter, + ifOutNUcastPkts + Counter, + ifOutDiscards + Counter, + ifOutErrors + Counter, + ifOutQLen + Gauge, + ifSpecific + OBJECT IDENTIFIER + } + +ifIndex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A unique value for each interface. Its value + ranges between 1 and the value of ifNumber. The + value for each interface must remain constant at + least from one re-initialization of the entity's + network management system to the next re- + initialization." + ::= { ifEntry 1 } + +ifDescr OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A textual string containing information about the + interface. This string should include the name of + the manufacturer, the product name and the version + of the hardware interface." + ::= { ifEntry 2 } + +ifType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + regular1822(2), + hdh1822(3), + ddn-x25(4), + rfc877-x25(5), + ethernet-csmacd(6), + iso88023-csmacd(7), + iso88024-tokenBus(8), + iso88025-tokenRing(9), + iso88026-man(10), + starLan(11), + proteon-10Mbit(12), + proteon-80Mbit(13), + hyperchannel(14), + fddi(15), + lapb(16), + sdlc(17), + ds1(18), -- T-1 + e1(19), -- european equiv. of T-1 + basicISDN(20), + primaryISDN(21), -- proprietary serial + propPointToPointSerial(22), + ppp(23), + softwareLoopback(24), + eon(25), -- CLNP over IP [11] + ethernet-3Mbit(26), + nsip(27), -- XNS over IP + slip(28), -- generic SLIP + ultra(29), -- ULTRA technologies + ds3(30), -- T-3 + sip(31), -- SMDS + frame-relay(32) + } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The type of interface, distinguished according to + the physical/link protocol(s) immediately `below' + the network layer in the protocol stack." + ::= { ifEntry 3 } + +ifMtu OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The size of the largest datagram which can be + sent/received on the interface, specified in + octets. For interfaces that are used for + transmitting network datagrams, this is the size + of the largest network datagram that can be sent + on the interface." + ::= { ifEntry 4 } + +ifSpeed OBJECT-TYPE + SYNTAX Gauge + ACCESS read-only + STATUS mandatory + DESCRIPTION + "An estimate of the interface's current bandwidth + in bits per second. For interfaces which do not + vary in bandwidth or for those where no accurate + estimation can be made, this object should contain + the nominal bandwidth." + ::= { ifEntry 5 } + +ifPhysAddress OBJECT-TYPE + SYNTAX PhysAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The interface's address at the protocol layer + immediately `below' the network layer in the + protocol stack. For interfaces which do not have + + such an address (e.g., a serial line), this object + should contain an octet string of zero length." + ::= { ifEntry 6 } + +ifAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + down(2), + testing(3) -- in some test mode + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The desired state of the interface. The + testing(3) state indicates that no operational + packets can be passed." + ::= { ifEntry 7 } + +ifOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), -- ready to pass packets + down(2), + testing(3) -- in some test mode + } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The current operational state of the interface. + The testing(3) state indicates that no operational + packets can be passed." + ::= { ifEntry 8 } + +ifLastChange OBJECT-TYPE + SYNTAX TimeTicks + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The value of sysUpTime at the time the interface + entered its current operational state. If the + current state was entered prior to the last re- + initialization of the local network management + subsystem, then this object contains a zero + value." + ::= { ifEntry 9 } + +ifInOctets OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of octets received on the + interface, including framing characters." + ::= { ifEntry 10 } + +ifInUcastPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of subnetwork-unicast packets + delivered to a higher-layer protocol." + ::= { ifEntry 11 } + +ifInNUcastPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of non-unicast (i.e., subnetwork- + broadcast or subnetwork-multicast) packets + delivered to a higher-layer protocol." + ::= { ifEntry 12 } + +ifInDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of inbound packets which were chosen + to be discarded even though no errors had been + detected to prevent their being deliverable to a + higher-layer protocol. One possible reason for + discarding such a packet could be to free up + buffer space." + ::= { ifEntry 13 } + +ifInErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of inbound packets that contained + errors preventing them from being deliverable to a + higher-layer protocol." + ::= { ifEntry 14 } + +ifInUnknownProtos OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of packets received via the interface + which were discarded because of an unknown or + unsupported protocol." + ::= { ifEntry 15 } + +ifOutOctets OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of octets transmitted out of the + interface, including framing characters." + ::= { ifEntry 16 } + +ifOutUcastPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of packets that higher-level + protocols requested be transmitted to a + subnetwork-unicast address, including those that + were discarded or not sent." + ::= { ifEntry 17 } + +ifOutNUcastPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of packets that higher-level + protocols requested be transmitted to a non- + unicast (i.e., a subnetwork-broadcast or + subnetwork-multicast) address, including those + that were discarded or not sent." + ::= { ifEntry 18 } + +ifOutDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of outbound packets which were chosen + + to be discarded even though no errors had been + detected to prevent their being transmitted. One + possible reason for discarding such a packet could + be to free up buffer space." + ::= { ifEntry 19 } + +ifOutErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of outbound packets that could not be + transmitted because of errors." + ::= { ifEntry 20 } + +ifOutQLen OBJECT-TYPE + SYNTAX Gauge + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The length of the output packet queue (in + packets)." + ::= { ifEntry 21 } + +ifSpecific OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A reference to MIB definitions specific to the + particular media being used to realize the + interface. For example, if the interface is + realized by an ethernet, then the value of this + object refers to a document defining objects + specific to ethernet. If this information is not + present, its value should be set to the OBJECT + IDENTIFIER { 0 0 }, which is a syntatically valid + object identifier, and any conformant + implementation of ASN.1 and BER must be able to + generate and recognize this value." + ::= { ifEntry 22 } + +-- the Address Translation group + +-- Implementation of the Address Translation group is +-- mandatory for all systems. Note however that this group +-- is deprecated by MIB-II. That is, it is being included + +-- solely for compatibility with MIB-I nodes, and will most +-- likely be excluded from MIB-III nodes. From MIB-II and +-- onwards, each network protocol group contains its own +-- address translation tables. + +-- The Address Translation group contains one table which is +-- the union across all interfaces of the translation tables +-- for converting a NetworkAddress (e.g., an IP address) into +-- a subnetwork-specific address. For lack of a better term, +-- this document refers to such a subnetwork-specific address +-- as a `physical' address. + +-- Examples of such translation tables are: for broadcast +-- media where ARP is in use, the translation table is +-- equivalent to the ARP cache; or, on an X.25 network where +-- non-algorithmic translation to X.121 addresses is +-- required, the translation table contains the +-- NetworkAddress to X.121 address equivalences. + +atTable OBJECT-TYPE + SYNTAX SEQUENCE OF AtEntry + ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The Address Translation tables contain the + NetworkAddress to `physical' address equivalences. + Some interfaces do not use translation tables for + determining address equivalences (e.g., DDN-X.25 + has an algorithmic method); if all interfaces are + of this type, then the Address Translation table + is empty, i.e., has zero entries." + ::= { at 1 } + +atEntry OBJECT-TYPE + SYNTAX AtEntry + ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "Each entry contains one NetworkAddress to + `physical' address equivalence." + INDEX { atIfIndex, + atNetAddress } + ::= { atTable 1 } + +AtEntry ::= + SEQUENCE { + atIfIndex + INTEGER, + atPhysAddress + PhysAddress, + atNetAddress + NetworkAddress + } + +atIfIndex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS deprecated + DESCRIPTION + "The interface on which this entry's equivalence + is effective. The interface identified by a + particular value of this index is the same + interface as identified by the same value of + ifIndex." + ::= { atEntry 1 } + +atPhysAddress OBJECT-TYPE + SYNTAX PhysAddress + ACCESS read-write + STATUS deprecated + DESCRIPTION + "The media-dependent `physical' address. + + Setting this object to a null string (one of zero + length) has the effect of invaliding the + corresponding entry in the atTable object. That + is, it effectively dissasociates the interface + identified with said entry from the mapping + identified with said entry. It is an + implementation-specific matter as to whether the + agent removes an invalidated entry from the table. + Accordingly, management stations must be prepared + to receive tabular information from agents that + corresponds to entries not currently in use. + Proper interpretation of such entries requires + examination of the relevant atPhysAddress object." + ::= { atEntry 2 } + +atNetAddress OBJECT-TYPE + SYNTAX NetworkAddress + ACCESS read-write + STATUS deprecated + DESCRIPTION + "The NetworkAddress (e.g., the IP address) + corresponding to the media-dependent `physical' + address." + ::= { atEntry 3 } + +-- the IP group + +-- Implementation of the IP group is mandatory for all +-- systems. + +ipForwarding OBJECT-TYPE + SYNTAX INTEGER { + forwarding(1), -- acting as a gateway + not-forwarding(2) -- NOT acting as a gateway + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The indication of whether this entity is acting + as an IP gateway in respect to the forwarding of + datagrams received by, but not addressed to, this + entity. IP gateways forward datagrams. IP hosts + do not (except those source-routed via the host). + + Note that for some managed nodes, this object may + take on only a subset of the values possible. + Accordingly, it is appropriate for an agent to + return a `badValue' response if a management + station attempts to change this object to an + inappropriate value." + ::= { ip 1 } + +ipDefaultTTL OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The default value inserted into the Time-To-Live + field of the IP header of datagrams originated at + this entity, whenever a TTL value is not supplied + by the transport layer protocol." + ::= { ip 2 } + +ipInReceives OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of input datagrams received from + interfaces, including those received in error." + ::= { ip 3 } + +ipInHdrErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of input datagrams discarded due to + errors in their IP headers, including bad + checksums, version number mismatch, other format + errors, time-to-live exceeded, errors discovered + in processing their IP options, etc." + ::= { ip 4 } + +ipInAddrErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of input datagrams discarded because + the IP address in their IP header's destination + field was not a valid address to be received at + this entity. This count includes invalid + addresses (e.g., 0.0.0.0) and addresses of + unsupported Classes (e.g., Class E). For entities + which are not IP Gateways and therefore do not + forward datagrams, this counter includes datagrams + discarded because the destination address was not + a local address." + ::= { ip 5 } + +ipForwDatagrams OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of input datagrams for which this + entity was not their final IP destination, as a + result of which an attempt was made to find a + route to forward them to that final destination. + In entities which do not act as IP Gateways, this + counter will include only those packets which were + Source-Routed via this entity, and the Source- + Route option processing was successful." + ::= { ip 6 } + +ipInUnknownProtos OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of locally-addressed datagrams + received successfully but discarded because of an + unknown or unsupported protocol." + ::= { ip 7 } + +ipInDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of input IP datagrams for which no + problems were encountered to prevent their + continued processing, but which were discarded + (e.g., for lack of buffer space). Note that this + counter does not include any datagrams discarded + while awaiting re-assembly." + ::= { ip 8 } + +ipInDelivers OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of input datagrams successfully + delivered to IP user-protocols (including ICMP)." + ::= { ip 9 } + +ipOutRequests OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of IP datagrams which local IP + user-protocols (including ICMP) supplied to IP in + requests for transmission. Note that this counter + does not include any datagrams counted in + ipForwDatagrams." + ::= { ip 10 } + +ipOutDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of output IP datagrams for which no + + problem was encountered to prevent their + transmission to their destination, but which were + discarded (e.g., for lack of buffer space). Note + that this counter would include datagrams counted + in ipForwDatagrams if any such packets met this + (discretionary) discard criterion." + ::= { ip 11 } + +ipOutNoRoutes OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP datagrams discarded because no + route could be found to transmit them to their + destination. Note that this counter includes any + packets counted in ipForwDatagrams which meet this + `no-route' criterion. Note that this includes any + datagarms which a host cannot route because all of + its default gateways are down." + ::= { ip 12 } + +ipReasmTimeout OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The maximum number of seconds which received + fragments are held while they are awaiting + reassembly at this entity." + ::= { ip 13 } + +ipReasmReqds OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP fragments received which needed + to be reassembled at this entity." + ::= { ip 14 } + +ipReasmOKs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP datagrams successfully re- + assembled." + ::= { ip 15 } + +ipReasmFails OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of failures detected by the IP re- + assembly algorithm (for whatever reason: timed + out, errors, etc). Note that this is not + necessarily a count of discarded IP fragments + since some algorithms (notably the algorithm in + RFC 815) can lose track of the number of fragments + by combining them as they are received." + ::= { ip 16 } + +ipFragOKs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP datagrams that have been + successfully fragmented at this entity." + ::= { ip 17 } + +ipFragFails OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP datagrams that have been + discarded because they needed to be fragmented at + this entity but could not be, e.g., because their + Don't Fragment flag was set." + ::= { ip 18 } + +ipFragCreates OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of IP datagram fragments that have + been generated as a result of fragmentation at + this entity." + ::= { ip 19 } + +-- the IP address table + +-- The IP address table contains this entity's IP addressing +-- information. + +ipAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpAddrEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The table of addressing information relevant to + this entity's IP addresses." + ::= { ip 20 } + +ipAddrEntry OBJECT-TYPE + SYNTAX IpAddrEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The addressing information for one of this + entity's IP addresses." + INDEX { ipAdEntAddr } + ::= { ipAddrTable 1 } + +IpAddrEntry ::= + SEQUENCE { + ipAdEntAddr + IpAddress, + ipAdEntIfIndex + INTEGER, + ipAdEntNetMask + IpAddress, + ipAdEntBcastAddr + INTEGER, + ipAdEntReasmMaxSize + INTEGER (0..65535) + } + +ipAdEntAddr OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The IP address to which this entry's addressing + information pertains." + ::= { ipAddrEntry 1 } + +ipAdEntIfIndex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The index value which uniquely identifies the + interface to which this entry is applicable. The + interface identified by a particular value of this + index is the same interface as identified by the + same value of ifIndex." + ::= { ipAddrEntry 2 } + +ipAdEntNetMask OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The subnet mask associated with the IP address of + this entry. The value of the mask is an IP + address with all the network bits set to 1 and all + the hosts bits set to 0." + ::= { ipAddrEntry 3 } + +ipAdEntBcastAddr OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The value of the least-significant bit in the IP + broadcast address used for sending datagrams on + the (logical) interface associated with the IP + address of this entry. For example, when the + Internet standard all-ones broadcast address is + used, the value will be 1. This value applies to + both the subnet and network broadcasts addresses + used by the entity on this (logical) interface." + ::= { ipAddrEntry 4 } + +ipAdEntReasmMaxSize OBJECT-TYPE + SYNTAX INTEGER (0..65535) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The size of the largest IP datagram which this + entity can re-assemble from incoming IP fragmented + datagrams received on this interface." + ::= { ipAddrEntry 5 } + +-- the IP routing table + +-- The IP routing table contains an entry for each route +-- presently known to this entity. + +ipRouteTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpRouteEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "This entity's IP Routing table." + ::= { ip 21 } + +ipRouteEntry OBJECT-TYPE + SYNTAX IpRouteEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A route to a particular destination." + INDEX { ipRouteDest } + ::= { ipRouteTable 1 } + +IpRouteEntry ::= + SEQUENCE { + ipRouteDest + IpAddress, + ipRouteIfIndex + INTEGER, + ipRouteMetric1 + INTEGER, + ipRouteMetric2 + INTEGER, + ipRouteMetric3 + INTEGER, + ipRouteMetric4 + INTEGER, + ipRouteNextHop + IpAddress, + ipRouteType + INTEGER, + ipRouteProto + INTEGER, + ipRouteAge + INTEGER, + ipRouteMask + IpAddress, + ipRouteMetric5 + INTEGER, + ipRouteInfo + OBJECT IDENTIFIER + } + +ipRouteDest OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The destination IP address of this route. An + entry with a value of 0.0.0.0 is considered a + default route. Multiple routes to a single + destination can appear in the table, but access to + such multiple entries is dependent on the table- + access mechanisms defined by the network + management protocol in use." + ::= { ipRouteEntry 1 } + +ipRouteIfIndex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The index value which uniquely identifies the + local interface through which the next hop of this + route should be reached. The interface identified + by a particular value of this index is the same + interface as identified by the same value of + ifIndex." + ::= { ipRouteEntry 2 } + +ipRouteMetric1 OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The primary routing metric for this route. The + semantics of this metric are determined by the + routing-protocol specified in the route's + ipRouteProto value. If this metric is not used, + its value should be set to -1." + ::= { ipRouteEntry 3 } + +ipRouteMetric2 OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the + routing-protocol specified in the route's + ipRouteProto value. If this metric is not used, + its value should be set to -1." + ::= { ipRouteEntry 4 } + +ipRouteMetric3 OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the + routing-protocol specified in the route's + ipRouteProto value. If this metric is not used, + its value should be set to -1." + ::= { ipRouteEntry 5 } + +ipRouteMetric4 OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the + routing-protocol specified in the route's + ipRouteProto value. If this metric is not used, + its value should be set to -1." + ::= { ipRouteEntry 6 } + +ipRouteNextHop OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The IP address of the next hop of this route. + (In the case of a route bound to an interface + which is realized via a broadcast media, the value + of this field is the agent's IP address on that + interface.)" + ::= { ipRouteEntry 7 } + +ipRouteType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + + invalid(2), -- an invalidated route + + -- route to directly + direct(3), -- connected (sub-)network + + -- route to a non-local + indirect(4) -- host/network/sub-network + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The type of route. Note that the values + direct(3) and indirect(4) refer to the notion of + direct and indirect routing in the IP + architecture. + + Setting this object to the value invalid(2) has + the effect of invalidating the corresponding entry + in the ipRouteTable object. That is, it + effectively dissasociates the destination + identified with said entry from the route + identified with said entry. It is an + implementation-specific matter as to whether the + agent removes an invalidated entry from the table. + Accordingly, management stations must be prepared + to receive tabular information from agents that + corresponds to entries not currently in use. + Proper interpretation of such entries requires + examination of the relevant ipRouteType object." + ::= { ipRouteEntry 8 } + +ipRouteProto OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + + -- non-protocol information, + -- e.g., manually configured + local(2), -- entries + + -- set via a network + netmgmt(3), -- management protocol + + -- obtained via ICMP, + icmp(4), -- e.g., Redirect + + -- the remaining values are + -- all gateway routing + -- protocols + egp(5), + ggp(6), + hello(7), + rip(8), + is-is(9), + es-is(10), + ciscoIgrp(11), + bbnSpfIgp(12), + ospf(13), + bgp(14) + } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The routing mechanism via which this route was + learned. Inclusion of values for gateway routing + protocols is not intended to imply that hosts + should support those protocols." + ::= { ipRouteEntry 9 } + +ipRouteAge OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The number of seconds since this route was last + updated or otherwise determined to be correct. + Note that no semantics of `too old' can be implied + except through knowledge of the routing protocol + by which the route was learned." + ::= { ipRouteEntry 10 } + +ipRouteMask OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-write + STATUS mandatory + DESCRIPTION + "Indicate the mask to be logical-ANDed with the + destination address before being compared to the + value in the ipRouteDest field. For those systems + that do not support arbitrary subnet masks, an + agent constructs the value of the ipRouteMask by + determining whether the value of the correspondent + ipRouteDest field belong to a class-A, B, or C + network, and then using one of: + + mask network + 255.0.0.0 class-A + 255.255.0.0 class-B + 255.255.255.0 class-C + + If the value of the ipRouteDest is 0.0.0.0 (a + default route), then the mask value is also + 0.0.0.0. It should be noted that all IP routing + subsystems implicitly use this mechanism." + ::= { ipRouteEntry 11 } + +ipRouteMetric5 OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "An alternate routing metric for this route. The + semantics of this metric are determined by the + routing-protocol specified in the route's + ipRouteProto value. If this metric is not used, + its value should be set to -1." + ::= { ipRouteEntry 12 } + +ipRouteInfo OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A reference to MIB definitions specific to the + particular routing protocol which is responsible + for this route, as determined by the value + specified in the route's ipRouteProto value. If + this information is not present, its value should + be set to the OBJECT IDENTIFIER { 0 0 }, which is + a syntatically valid object identifier, and any + conformant implementation of ASN.1 and BER must be + able to generate and recognize this value." + ::= { ipRouteEntry 13 } + +-- the IP Address Translation table + +-- The IP address translation table contain the IpAddress to +-- `physical' address equivalences. Some interfaces do not +-- use translation tables for determining address +-- equivalences (e.g., DDN-X.25 has an algorithmic method); +-- if all interfaces are of this type, then the Address +-- Translation table is empty, i.e., has zero entries. + +ipNetToMediaTable OBJECT-TYPE + SYNTAX SEQUENCE OF IpNetToMediaEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The IP Address Translation table used for mapping + from IP addresses to physical addresses." + ::= { ip 22 } + +ipNetToMediaEntry OBJECT-TYPE + SYNTAX IpNetToMediaEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "Each entry contains one IpAddress to `physical' + address equivalence." + INDEX { ipNetToMediaIfIndex, + ipNetToMediaNetAddress } + ::= { ipNetToMediaTable 1 } + +IpNetToMediaEntry ::= + SEQUENCE { + ipNetToMediaIfIndex + INTEGER, + ipNetToMediaPhysAddress + PhysAddress, + ipNetToMediaNetAddress + IpAddress, + ipNetToMediaType + INTEGER + } + +ipNetToMediaIfIndex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The interface on which this entry's equivalence + is effective. The interface identified by a + particular value of this index is the same + interface as identified by the same value of + ifIndex." + ::= { ipNetToMediaEntry 1 } + +ipNetToMediaPhysAddress OBJECT-TYPE + SYNTAX PhysAddress + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The media-dependent `physical' address." + ::= { ipNetToMediaEntry 2 } + +ipNetToMediaNetAddress OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The IpAddress corresponding to the media- + dependent `physical' address." + ::= { ipNetToMediaEntry 3 } + +ipNetToMediaType OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + invalid(2), -- an invalidated mapping + dynamic(3), + static(4) + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The type of mapping. + + Setting this object to the value invalid(2) has + the effect of invalidating the corresponding entry + in the ipNetToMediaTable. That is, it effectively + dissasociates the interface identified with said + entry from the mapping identified with said entry. + It is an implementation-specific matter as to + whether the agent removes an invalidated entry + from the table. Accordingly, management stations + must be prepared to receive tabular information + from agents that corresponds to entries not + currently in use. Proper interpretation of such + entries requires examination of the relevant + ipNetToMediaType object." + ::= { ipNetToMediaEntry 4 } + +-- additional IP objects + +ipRoutingDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of routing entries which were chosen + to be discarded even though they are valid. One + possible reason for discarding such an entry could + be to free-up buffer space for other routing + + entries." + ::= { ip 23 } + +-- the ICMP group + +-- Implementation of the ICMP group is mandatory for all +-- systems. + +icmpInMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of ICMP messages which the + entity received. Note that this counter includes + all those counted by icmpInErrors." + ::= { icmp 1 } + +icmpInErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP messages which the entity + received but determined as having ICMP-specific + errors (bad ICMP checksums, bad length, etc.)." + ::= { icmp 2 } + +icmpInDestUnreachs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Destination Unreachable + messages received." + ::= { icmp 3 } + +icmpInTimeExcds OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Time Exceeded messages + received." + ::= { icmp 4 } + +icmpInParmProbs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Parameter Problem messages + received." + ::= { icmp 5 } + +icmpInSrcQuenchs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Source Quench messages + received." + ::= { icmp 6 } + +icmpInRedirects OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Redirect messages received." + ::= { icmp 7 } + +icmpInEchos OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Echo (request) messages + received." + ::= { icmp 8 } + +icmpInEchoReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Echo Reply messages received." + ::= { icmp 9 } + +icmpInTimestamps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Timestamp (request) messages + received." + ::= { icmp 10 } + +icmpInTimestampReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Timestamp Reply messages + received." + ::= { icmp 11 } + +icmpInAddrMasks OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Address Mask Request messages + received." + ::= { icmp 12 } + +icmpInAddrMaskReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Address Mask Reply messages + received." + ::= { icmp 13 } + +icmpOutMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of ICMP messages which this + entity attempted to send. Note that this counter + includes all those counted by icmpOutErrors." + ::= { icmp 14 } + +icmpOutErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP messages which this entity did + not send due to problems discovered within ICMP + + such as a lack of buffers. This value should not + include errors discovered outside the ICMP layer + such as the inability of IP to route the resultant + datagram. In some implementations there may be no + types of error which contribute to this counter's + value." + ::= { icmp 15 } + +icmpOutDestUnreachs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Destination Unreachable + messages sent." + ::= { icmp 16 } + +icmpOutTimeExcds OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Time Exceeded messages sent." + ::= { icmp 17 } + +icmpOutParmProbs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Parameter Problem messages + sent." + ::= { icmp 18 } + +icmpOutSrcQuenchs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Source Quench messages sent." + ::= { icmp 19 } + +icmpOutRedirects OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Redirect messages sent. For a + + host, this object will always be zero, since hosts + do not send redirects." + ::= { icmp 20 } + +icmpOutEchos OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Echo (request) messages sent." + ::= { icmp 21 } + +icmpOutEchoReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Echo Reply messages sent." + ::= { icmp 22 } + +icmpOutTimestamps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Timestamp (request) messages + sent." + ::= { icmp 23 } + +icmpOutTimestampReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Timestamp Reply messages + sent." + ::= { icmp 24 } + +icmpOutAddrMasks OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Address Mask Request messages + sent." + ::= { icmp 25 } + +icmpOutAddrMaskReps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ICMP Address Mask Reply messages + sent." + ::= { icmp 26 } + +-- the TCP group + +-- Implementation of the TCP group is mandatory for all +-- systems that implement the TCP. + +-- Note that instances of object types that represent +-- information about a particular TCP connection are +-- transient; they persist only as long as the connection +-- in question. + +tcpRtoAlgorithm OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + + constant(2), -- a constant rto + rsre(3), -- MIL-STD-1778, Appendix B + vanj(4) -- Van Jacobson's algorithm [10] + } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The algorithm used to determine the timeout value + used for retransmitting unacknowledged octets." + ::= { tcp 1 } + +tcpRtoMin OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The minimum value permitted by a TCP + implementation for the retransmission timeout, + measured in milliseconds. More refined semantics + for objects of this type depend upon the algorithm + used to determine the retransmission timeout. In + particular, when the timeout algorithm is rsre(3), + an object of this type has the semantics of the + LBOUND quantity described in RFC 793." + ::= { tcp 2 } + +tcpRtoMax OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The maximum value permitted by a TCP + implementation for the retransmission timeout, + measured in milliseconds. More refined semantics + for objects of this type depend upon the algorithm + used to determine the retransmission timeout. In + particular, when the timeout algorithm is rsre(3), + an object of this type has the semantics of the + UBOUND quantity described in RFC 793." + ::= { tcp 3 } + +tcpMaxConn OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The limit on the total number of TCP connections + the entity can support. In entities where the + maximum number of connections is dynamic, this + object should contain the value -1." + ::= { tcp 4 } + +tcpActiveOpens OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of times TCP connections have made a + direct transition to the SYN-SENT state from the + CLOSED state." + ::= { tcp 5 } + +tcpPassiveOpens OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of times TCP connections have made a + direct transition to the SYN-RCVD state from the + LISTEN state." + ::= { tcp 6 } + +tcpAttemptFails OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of times TCP connections have made a + direct transition to the CLOSED state from either + the SYN-SENT state or the SYN-RCVD state, plus the + number of times TCP connections have made a direct + transition to the LISTEN state from the SYN-RCVD + state." + ::= { tcp 7 } + +tcpEstabResets OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of times TCP connections have made a + direct transition to the CLOSED state from either + the ESTABLISHED state or the CLOSE-WAIT state." + ::= { tcp 8 } + +tcpCurrEstab OBJECT-TYPE + SYNTAX Gauge + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of TCP connections for which the + current state is either ESTABLISHED or CLOSE- + WAIT." + ::= { tcp 9 } + +tcpInSegs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of segments received, including + those received in error. This count includes + segments received on currently established + connections." + ::= { tcp 10 } + +tcpOutSegs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of segments sent, including + those on current connections but excluding those + containing only retransmitted octets." + ::= { tcp 11 } + +tcpRetransSegs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of segments retransmitted - that + is, the number of TCP segments transmitted + containing one or more previously transmitted + octets." + ::= { tcp 12 } + +-- the TCP Connection table + +-- The TCP connection table contains information about this +-- entity's existing TCP connections. + +tcpConnTable OBJECT-TYPE + SYNTAX SEQUENCE OF TcpConnEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A table containing TCP connection-specific + information." + ::= { tcp 13 } + +tcpConnEntry OBJECT-TYPE + SYNTAX TcpConnEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "Information about a particular current TCP + connection. An object of this type is transient, + in that it ceases to exist when (or soon after) + the connection makes the transition to the CLOSED + state." + INDEX { tcpConnLocalAddress, + tcpConnLocalPort, + tcpConnRemAddress, + tcpConnRemPort } + ::= { tcpConnTable 1 } + +TcpConnEntry ::= + SEQUENCE { + tcpConnState + INTEGER, + tcpConnLocalAddress + IpAddress, + tcpConnLocalPort + INTEGER (0..65535), + tcpConnRemAddress + IpAddress, + tcpConnRemPort + INTEGER (0..65535) + } + +tcpConnState OBJECT-TYPE + SYNTAX INTEGER { + closed(1), + listen(2), + synSent(3), + synReceived(4), + established(5), + finWait1(6), + finWait2(7), + closeWait(8), + lastAck(9), + closing(10), + timeWait(11), + deleteTCB(12) + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The state of this TCP connection. + + The only value which may be set by a management + station is deleteTCB(12). Accordingly, it is + appropriate for an agent to return a `badValue' + response if a management station attempts to set + this object to any other value. + + If a management station sets this object to the + value deleteTCB(12), then this has the effect of + deleting the TCB (as defined in RFC 793) of the + corresponding connection on the managed node, + resulting in immediate termination of the + connection. + + As an implementation-specific option, a RST + + segment may be sent from the managed node to the + other TCP endpoint (note however that RST segments + are not sent reliably)." + ::= { tcpConnEntry 1 } + +tcpConnLocalAddress OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The local IP address for this TCP connection. In + the case of a connection in the listen state which + is willing to accept connections for any IP + interface associated with the node, the value + 0.0.0.0 is used." + ::= { tcpConnEntry 2 } + +tcpConnLocalPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The local port number for this TCP connection." + ::= { tcpConnEntry 3 } + +tcpConnRemAddress OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The remote IP address for this TCP connection." + ::= { tcpConnEntry 4 } + +tcpConnRemPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The remote port number for this TCP connection." + ::= { tcpConnEntry 5 } + +-- additional TCP objects + +tcpInErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of segments received in error + (e.g., bad TCP checksums)." + ::= { tcp 14 } + +tcpOutRsts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of TCP segments sent containing the + RST flag." + ::= { tcp 15 } + +-- the UDP group + +-- Implementation of the UDP group is mandatory for all +-- systems which implement the UDP. + +udpInDatagrams OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of UDP datagrams delivered to + UDP users." + ::= { udp 1 } + +udpNoPorts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of received UDP datagrams for + which there was no application at the destination + port." + ::= { udp 2 } + +udpInErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of received UDP datagrams that could + not be delivered for reasons other than the lack + of an application at the destination port." + ::= { udp 3 } + +udpOutDatagrams OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of UDP datagrams sent from this + entity." + ::= { udp 4 } + +-- the UDP Listener table + +-- The UDP listener table contains information about this +-- entity's UDP end-points on which a local application is +-- currently accepting datagrams. + +udpTable OBJECT-TYPE + SYNTAX SEQUENCE OF UdpEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A table containing UDP listener information." + ::= { udp 5 } + +udpEntry OBJECT-TYPE + SYNTAX UdpEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "Information about a particular current UDP + listener." + INDEX { udpLocalAddress, udpLocalPort } + ::= { udpTable 1 } + +UdpEntry ::= + SEQUENCE { + udpLocalAddress + IpAddress, + udpLocalPort + INTEGER (0..65535) + } + +udpLocalAddress OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The local IP address for this UDP listener. In + + the case of a UDP listener which is willing to + accept datagrams for any IP interface associated + with the node, the value 0.0.0.0 is used." + ::= { udpEntry 1 } + +udpLocalPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The local port number for this UDP listener." + ::= { udpEntry 2 } + +-- the EGP group + +-- Implementation of the EGP group is mandatory for all +-- systems which implement the EGP. + +egpInMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP messages received without + error." + ::= { egp 1 } + +egpInErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP messages received that proved + to be in error." + ::= { egp 2 } + +egpOutMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of locally generated EGP + messages." + ::= { egp 3 } + +egpOutErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of locally generated EGP messages not + sent due to resource limitations within an EGP + entity." + ::= { egp 4 } + +-- the EGP Neighbor table + +-- The EGP neighbor table contains information about this +-- entity's EGP neighbors. + +egpNeighTable OBJECT-TYPE + SYNTAX SEQUENCE OF EgpNeighEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The EGP neighbor table." + ::= { egp 5 } + +egpNeighEntry OBJECT-TYPE + SYNTAX EgpNeighEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "Information about this entity's relationship with + a particular EGP neighbor." + INDEX { egpNeighAddr } + ::= { egpNeighTable 1 } + +EgpNeighEntry ::= + SEQUENCE { + egpNeighState + INTEGER, + egpNeighAddr + IpAddress, + egpNeighAs + INTEGER, + egpNeighInMsgs + Counter, + egpNeighInErrs + Counter, + egpNeighOutMsgs + Counter, + egpNeighOutErrs + Counter, + egpNeighInErrMsgs + Counter, + egpNeighOutErrMsgs + Counter, + egpNeighStateUps + Counter, + egpNeighStateDowns + Counter, + egpNeighIntervalHello + INTEGER, + egpNeighIntervalPoll + INTEGER, + egpNeighMode + INTEGER, + egpNeighEventTrigger + INTEGER + } + +egpNeighState OBJECT-TYPE + SYNTAX INTEGER { + idle(1), + acquisition(2), + down(3), + up(4), + cease(5) + } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The EGP state of the local system with respect to + this entry's EGP neighbor. Each EGP state is + represented by a value that is one greater than + the numerical value associated with said state in + RFC 904." + ::= { egpNeighEntry 1 } + +egpNeighAddr OBJECT-TYPE + SYNTAX IpAddress + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The IP address of this entry's EGP neighbor." + ::= { egpNeighEntry 2 } + +egpNeighAs OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The autonomous system of this EGP peer. Zero + should be specified if the autonomous system + number of the neighbor is not yet known." + ::= { egpNeighEntry 3 } + +egpNeighInMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP messages received without error + from this EGP peer." + ::= { egpNeighEntry 4 } + +egpNeighInErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP messages received from this EGP + peer that proved to be in error (e.g., bad EGP + checksum)." + ::= { egpNeighEntry 5 } + +egpNeighOutMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of locally generated EGP messages to + this EGP peer." + ::= { egpNeighEntry 6 } + +egpNeighOutErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of locally generated EGP messages not + sent to this EGP peer due to resource limitations + within an EGP entity." + ::= { egpNeighEntry 7 } + +egpNeighInErrMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP-defined error messages received + from this EGP peer." + ::= { egpNeighEntry 8 } + +egpNeighOutErrMsgs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP-defined error messages sent to + this EGP peer." + ::= { egpNeighEntry 9 } + +egpNeighStateUps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP state transitions to the UP + state with this EGP peer." + ::= { egpNeighEntry 10 } + +egpNeighStateDowns OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of EGP state transitions from the UP + state to any other state with this EGP peer." + ::= { egpNeighEntry 11 } + +egpNeighIntervalHello OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The interval between EGP Hello command + retransmissions (in hundredths of a second). This + represents the t1 timer as defined in RFC 904." + ::= { egpNeighEntry 12 } + +egpNeighIntervalPoll OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The interval between EGP poll command + + retransmissions (in hundredths of a second). This + represents the t3 timer as defined in RFC 904." + ::= { egpNeighEntry 13 } + +egpNeighMode OBJECT-TYPE + SYNTAX INTEGER { active(1), passive(2) } + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The polling mode of this EGP entity, either + passive or active." + ::= { egpNeighEntry 14 } + +egpNeighEventTrigger OBJECT-TYPE + SYNTAX INTEGER { start(1), stop(2) } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "A control variable used to trigger operator- + initiated Start and Stop events. When read, this + variable always returns the most recent value that + egpNeighEventTrigger was set to. If it has not + been set since the last initialization of the + network management subsystem on the node, it + returns a value of `stop'. + + When set, this variable causes a Start or Stop + event on the specified neighbor, as specified on + pages 8-10 of RFC 904. Briefly, a Start event + causes an Idle peer to begin neighbor acquisition + and a non-Idle peer to reinitiate neighbor + acquisition. A stop event causes a non-Idle peer + to return to the Idle state until a Start event + occurs, either via egpNeighEventTrigger or + otherwise." + ::= { egpNeighEntry 15 } + +-- additional EGP objects + +egpAs OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The autonomous system number of this EGP entity." + ::= { egp 6 } + +-- the Transmission group + +-- Based on the transmission media underlying each interface +-- on a system, the corresponding portion of the Transmission +-- group is mandatory for that system. + +-- When Internet-standard definitions for managing +-- transmission media are defined, the transmission group is +-- used to provide a prefix for the names of those objects. + +-- Typically, such definitions reside in the experimental +-- portion of the MIB until they are "proven", then as a +-- part of the Internet standardization process, the +-- definitions are accordingly elevated and a new object +-- identifier, under the transmission group is defined. By +-- convention, the name assigned is: +-- +-- type OBJECT IDENTIFIER ::= { transmission number } +-- +-- where "type" is the symbolic value used for the media in +-- the ifType column of the ifTable object, and "number" is +-- the actual integer value corresponding to the symbol. + +-- the SNMP group + +-- Implementation of the SNMP group is mandatory for all +-- systems which support an SNMP protocol entity. Some of +-- the objects defined below will be zero-valued in those +-- SNMP implementations that are optimized to support only +-- those functions specific to either a management agent or +-- a management station. In particular, it should be +-- observed that the objects below refer to an SNMP entity, +-- and there may be several SNMP entities residing on a +-- managed node (e.g., if the node is hosting acting as +-- a management station). + +snmpInPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of Messages delivered to the + SNMP entity from the transport service." + ::= { snmp 1 } + +snmpOutPkts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Messages which were + passed from the SNMP protocol entity to the + transport service." + ::= { snmp 2 } + +snmpInBadVersions OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Messages which were + delivered to the SNMP protocol entity and were for + an unsupported SNMP version." + ::= { snmp 3 } + +snmpInBadCommunityNames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Messages delivered to + the SNMP protocol entity which used a SNMP + community name not known to said entity." + ::= { snmp 4 } + +snmpInBadCommunityUses OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Messages delivered to + the SNMP protocol entity which represented an SNMP + operation which was not allowed by the SNMP + community named in the Message." + ::= { snmp 5 } + +snmpInASNParseErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of ASN.1 or BER errors + encountered by the SNMP protocol entity when + decoding received SNMP Messages." + ::= { snmp 6 } + +-- { snmp 7 } is not used + +snmpInTooBigs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field is + `tooBig'." + ::= { snmp 8 } + +snmpInNoSuchNames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field is + `noSuchName'." + ::= { snmp 9 } + +snmpInBadValues OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field is + `badValue'." + ::= { snmp 10 } + +snmpInReadOnlys OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number valid SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field is + `readOnly'. It should be noted that it is a + protocol error to generate an SNMP PDU which + contains the value `readOnly' in the error-status + field, as such this object is provided as a means + of detecting incorrect implementations of the + + SNMP." + ::= { snmp 11 } + +snmpInGenErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field is + `genErr'." + ::= { snmp 12 } + +snmpInTotalReqVars OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of MIB objects which have been + retrieved successfully by the SNMP protocol entity + as the result of receiving valid SNMP Get-Request + and Get-Next PDUs." + ::= { snmp 13 } + +snmpInTotalSetVars OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of MIB objects which have been + altered successfully by the SNMP protocol entity + as the result of receiving valid SNMP Set-Request + PDUs." + ::= { snmp 14 } + +snmpInGetRequests OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Request PDUs which + have been accepted and processed by the SNMP + protocol entity." + ::= { snmp 15 } + +snmpInGetNexts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Next PDUs which have + been accepted and processed by the SNMP protocol + entity." + ::= { snmp 16 } + +snmpInSetRequests OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Set-Request PDUs which + have been accepted and processed by the SNMP + protocol entity." + ::= { snmp 17 } + +snmpInGetResponses OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Response PDUs which + have been accepted and processed by the SNMP + protocol entity." + ::= { snmp 18 } + +snmpInTraps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Trap PDUs which have + been accepted and processed by the SNMP protocol + entity." + ::= { snmp 19 } + +snmpOutTooBigs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + generated by the SNMP protocol entity and for + which the value of the error-status field is + `tooBig.'" + ::= { snmp 20 } + +snmpOutNoSuchNames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + generated by the SNMP protocol entity and for + which the value of the error-status is + `noSuchName'." + ::= { snmp 21 } + +snmpOutBadValues OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + generated by the SNMP protocol entity and for + which the value of the error-status field is + `badValue'." + ::= { snmp 22 } + +-- { snmp 23 } is not used + +snmpOutGenErrs OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP PDUs which were + generated by the SNMP protocol entity and for + which the value of the error-status field is + `genErr'." + ::= { snmp 24 } + +snmpOutGetRequests OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Request PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 25 } + +snmpOutGetNexts OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Next PDUs which have + been generated by the SNMP protocol entity." + ::= { snmp 26 } + +snmpOutSetRequests OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Set-Request PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 27 } + +snmpOutGetResponses OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Get-Response PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 28 } + +snmpOutTraps OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of SNMP Trap PDUs which have + been generated by the SNMP protocol entity." + ::= { snmp 29 } + +snmpEnableAuthenTraps OBJECT-TYPE + SYNTAX INTEGER { enabled(1), disabled(2) } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "Indicates whether the SNMP agent process is + permitted to generate authentication-failure + traps. The value of this object overrides any + configuration information; as such, it provides a + means whereby all authentication-failure traps may + be disabled. + + Note that it is strongly recommended that this + object be stored in non-volatile memory so that it + remains constant between re-initializations of the + network management system." + ::= { snmp 30 } + +END diff --git a/data/mibs/RIPv2-MIB.txt b/data/mibs/RIPv2-MIB.txt new file mode 100644 index 000000000..6c92fb5f0 --- /dev/null +++ b/data/mibs/RIPv2-MIB.txt @@ -0,0 +1,530 @@ + RIPv2-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Counter32, + TimeTicks, IpAddress FROM SNMPv2-SMI + TEXTUAL-CONVENTION, RowStatus FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + mib-2 FROM RFC1213-MIB; + + -- This MIB module uses the extended OBJECT-TYPE macro as + -- defined in [9]. + + rip2 MODULE-IDENTITY + LAST-UPDATED "9407272253Z" -- Wed Jul 27 22:53:04 PDT 1994 + ORGANIZATION "IETF RIP-II Working Group" + CONTACT-INFO + " Fred Baker + Postal: Cisco Systems + 519 Lado Drive + Santa Barbara, California 93111 + Tel: +1 805 681 0115 + E-Mail: fbaker@cisco.com + + Postal: Gary Malkin + Xylogics, Inc. + 53 Third Avenue + Burlington, MA 01803 + + Phone: (617) 272-8140 + EMail: gmalkin@Xylogics.COM" + DESCRIPTION + "The MIB module to describe the RIP2 Version 2 Protocol" + ::= { mib-2 23 } + + -- RIP-2 Management Information Base + + -- the RouteTag type represents the contents of the + -- Route Domain field in the packet header or route entry. + -- The use of the Route Domain is deprecated. + + RouteTag ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "the RouteTag type represents the contents of the Route Domain + field in the packet header or route entry" + SYNTAX OCTET STRING (SIZE (2)) + +--4.1 Global Counters + +-- The RIP-2 Globals Group. +-- Implementation of this group is mandatory for systems +-- which implement RIP-2. + +-- These counters are intended to facilitate debugging quickly +-- changing routes or failing neighbors + +rip2Globals OBJECT IDENTIFIER ::= { rip2 1 } + + rip2GlobalRouteChanges OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of route changes made to the IP Route + Database by RIP. This does not include the refresh + of a route's age." + ::= { rip2Globals 1 } + + rip2GlobalQueries OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of responses sent to RIP queries + from other systems." + ::= { rip2Globals 2 } + +--4.2 RIP Interface Tables + +-- RIP Interfaces Groups +-- Implementation of these Groups is mandatory for systems +-- which implement RIP-2. + +-- The RIP Interface Status Table. + + rip2IfStatTable OBJECT-TYPE + SYNTAX SEQUENCE OF Rip2IfStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of subnets which require separate + status monitoring in RIP." + ::= { rip2 2 } + + rip2IfStatEntry OBJECT-TYPE + SYNTAX Rip2IfStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Single Routing Domain in a single Subnet." + INDEX { rip2IfStatAddress } + ::= { rip2IfStatTable 1 } + + Rip2IfStatEntry ::= + SEQUENCE { + rip2IfStatAddress + IpAddress, + rip2IfStatRcvBadPackets + Counter32, + rip2IfStatRcvBadRoutes + Counter32, + rip2IfStatSentUpdates + Counter32, + rip2IfStatStatus + RowStatus + } + + rip2IfStatAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of this system on the indicated + subnet. For unnumbered interfaces, the value 0.0.0.N, + where the least significant 24 bits (N) is the ifIndex + for the IP Interface in network byte order." + ::= { rip2IfStatEntry 1 } + + rip2IfStatRcvBadPackets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of RIP response packets received by + the RIP process which were subsequently discarded + for any reason (e.g. a version 0 packet, or an + unknown command type)." + ::= { rip2IfStatEntry 2 } + + rip2IfStatRcvBadRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of routes, in valid RIP packets, + which were ignored for any reason (e.g. unknown + address family, or invalid metric)." + ::= { rip2IfStatEntry 3 } + + rip2IfStatSentUpdates OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of triggered RIP updates actually + sent on this interface. This explicitly does + NOT include full updates sent containing new + information." + ::= { rip2IfStatEntry 4 } + + rip2IfStatStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Writing invalid has the effect of deleting + this interface." + ::= { rip2IfStatEntry 5 } + +-- The RIP Interface Configuration Table. + + rip2IfConfTable OBJECT-TYPE + SYNTAX SEQUENCE OF Rip2IfConfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of subnets which require separate + configuration in RIP." + ::= { rip2 3 } + + rip2IfConfEntry OBJECT-TYPE + SYNTAX Rip2IfConfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Single Routing Domain in a single Subnet." + INDEX { rip2IfConfAddress } + ::= { rip2IfConfTable 1 } + + Rip2IfConfEntry ::= + SEQUENCE { + rip2IfConfAddress + IpAddress, + rip2IfConfDomain + RouteTag, + rip2IfConfAuthType + INTEGER, + rip2IfConfAuthKey + OCTET STRING (SIZE(0..16)), + rip2IfConfSend + INTEGER, + rip2IfConfReceive + INTEGER, + rip2IfConfDefaultMetric + INTEGER, + rip2IfConfStatus + RowStatus, + rip2IfConfSrcAddress + IpAddress + } + + rip2IfConfAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address of this system on the indicated + subnet. For unnumbered interfaces, the value 0.0.0.N, + where the least significant 24 bits (N) is the ifIndex + for the IP Interface in network byte order." + ::= { rip2IfConfEntry 1 } + + rip2IfConfDomain OBJECT-TYPE + SYNTAX RouteTag + MAX-ACCESS read-create + STATUS obsolete + DESCRIPTION + "Value inserted into the Routing Domain field + of all RIP packets sent on this interface." + DEFVAL { '0000'h } + ::= { rip2IfConfEntry 2 } + + rip2IfConfAuthType OBJECT-TYPE + SYNTAX INTEGER { + noAuthentication (1), + simplePassword (2), + md5 (3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of Authentication used on this + interface." + DEFVAL { noAuthentication } + ::= { rip2IfConfEntry 3 } + + rip2IfConfAuthKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value to be used as the Authentication Key + whenever the corresponding instance of + rip2IfConfAuthType has a value other than + noAuthentication. A modification of the corresponding + instance of rip2IfConfAuthType does not modify + the rip2IfConfAuthKey value. If a string shorter + than 16 octets is supplied, it will be left- + justified and padded to 16 octets, on the right, + with nulls (0x00). + + Reading this object always results in an OCTET + STRING of length zero; authentication may not + be bypassed by reading the MIB object." + DEFVAL { ''h } + ::= { rip2IfConfEntry 4 } + + rip2IfConfSend OBJECT-TYPE + SYNTAX INTEGER { + doNotSend (1), + ripVersion1 (2), + rip1Compatible (3), + ripVersion2 (4), + ripV1Demand (5), + ripV2Demand (6) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "What the router sends on this interface. + ripVersion1 implies sending RIP updates compliant + with RFC 1058. rip1Compatible implies + broadcasting RIP-2 updates using RFC 1058 route + subsumption rules. ripVersion2 implies + multicasting RIP-2 updates. ripV1Demand indicates + the use of Demand RIP on a WAN interface under RIP + Version 1 rules. ripV2Demand indicates the use of + Demand RIP on a WAN interface under Version 2 rules." + DEFVAL { rip1Compatible } + ::= { rip2IfConfEntry 5 } + + rip2IfConfReceive OBJECT-TYPE + SYNTAX INTEGER { + rip1 (1), + rip2 (2), + rip1OrRip2 (3), + doNotRecieve (4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This indicates which version of RIP updates + are to be accepted. Note that rip2 and + rip1OrRip2 implies reception of multicast + packets." + DEFVAL { rip1OrRip2 } + ::= { rip2IfConfEntry 6 } + + rip2IfConfDefaultMetric OBJECT-TYPE + SYNTAX INTEGER ( 0..15 ) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This variable indicates the metric that is to + be used for the default route entry in RIP updates + originated on this interface. A value of zero + indicates that no default route should be + originated; in this case, a default route via + another router may be propagated." + ::= { rip2IfConfEntry 7 } + + rip2IfConfStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Writing invalid has the effect of deleting + this interface." + ::= { rip2IfConfEntry 8 } + + rip2IfConfSrcAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The IP Address this system will use as a source + address on this interface. If it is a numbered + interface, this MUST be the same value as + rip2IfConfAddress. On unnumbered interfaces, + it must be the value of rip2IfConfAddress for + some interface on the system." + ::= { rip2IfConfEntry 9 } + +--4.3 Peer Table + +-- Peer Table + +-- The RIP Peer Group +-- Implementation of this Group is Optional + +-- This group provides information about active peer +-- relationships intended to assist in debugging. An +-- active peer is a router from which a valid RIP +-- updated has been heard in the last 180 seconds. + + rip2PeerTable OBJECT-TYPE + SYNTAX SEQUENCE OF Rip2PeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of RIP Peers." + ::= { rip2 4 } + + rip2PeerEntry OBJECT-TYPE + SYNTAX Rip2PeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information regarding a single routing peer." + INDEX { rip2PeerAddress, rip2PeerDomain } + ::= { rip2PeerTable 1 } + + Rip2PeerEntry ::= + SEQUENCE { + rip2PeerAddress + IpAddress, + rip2PeerDomain + RouteTag, + rip2PeerLastUpdate + TimeTicks, + rip2PeerVersion + INTEGER, + rip2PeerRcvBadPackets + Counter32, + rip2PeerRcvBadRoutes + Counter32 + } + + rip2PeerAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP Address that the peer is using as its source + address. Note that on an unnumbered link, this may + not be a member of any subnet on the system." + ::= { rip2PeerEntry 1 } + + rip2PeerDomain OBJECT-TYPE + SYNTAX RouteTag + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value in the Routing Domain field in RIP + packets received from the peer. As domain suuport + is deprecated, this must be zero." + ::= { rip2PeerEntry 2 } + + rip2PeerLastUpdate OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the most recent + RIP update was received from this system." + ::= { rip2PeerEntry 3 } + + rip2PeerVersion OBJECT-TYPE + SYNTAX INTEGER ( 0..255 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The RIP version number in the header of the + last RIP packet received." + ::= { rip2PeerEntry 4 } + + rip2PeerRcvBadPackets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of RIP response packets from this + peer discarded as invalid." + ::= { rip2PeerEntry 5 } + + + rip2PeerRcvBadRoutes OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of routes from this peer that were + ignored because the entry format was invalid." + ::= { rip2PeerEntry 6 } + +-- conformance information + +rip2Conformance OBJECT IDENTIFIER ::= { rip2 5 } + +rip2Groups OBJECT IDENTIFIER ::= { rip2Conformance 1 } +rip2Compliances OBJECT IDENTIFIER ::= { rip2Conformance 2 } + +-- compliance statements +rip2Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement " + MODULE -- this module + MANDATORY-GROUPS { + rip2GlobalGroup, + rip2IfStatGroup, + rip2IfConfGroup, + rip2PeerGroup + } + GROUP rip2GlobalGroup + DESCRIPTION + "This group defines global controls for RIP-II systems." + GROUP rip2IfStatGroup + DESCRIPTION + "This group defines interface statistics for RIP-II systems." + GROUP rip2IfConfGroup + DESCRIPTION + "This group defines interface configuration for RIP-II systems." + GROUP rip2PeerGroup + DESCRIPTION + "This group defines peer information for RIP-II systems." + ::= { rip2Compliances 1 } + +-- units of conformance + +rip2GlobalGroup OBJECT-GROUP + OBJECTS { + rip2GlobalRouteChanges, + rip2GlobalQueries + } + STATUS current + DESCRIPTION + "This group defines global controls for RIP-II systems." + ::= { rip2Groups 1 } +rip2IfStatGroup OBJECT-GROUP + OBJECTS { + rip2IfStatAddress, + rip2IfStatRcvBadPackets, + rip2IfStatRcvBadRoutes, + rip2IfStatSentUpdates, + rip2IfStatStatus + } + STATUS current + DESCRIPTION + "This group defines interface statistics for RIP-II systems." + ::= { rip2Groups 2 } +rip2IfConfGroup OBJECT-GROUP + OBJECTS { + rip2IfConfAddress, + rip2IfConfAuthType, + rip2IfConfAuthKey, + rip2IfConfSend, + rip2IfConfReceive, + rip2IfConfDefaultMetric, + rip2IfConfStatus, + rip2IfConfSrcAddress + } + STATUS current + DESCRIPTION + "This group defines interface configuration for RIP-II systems." + ::= { rip2Groups 3 } +rip2PeerGroup OBJECT-GROUP + OBJECTS { + rip2PeerAddress, + rip2PeerDomain, + rip2PeerLastUpdate, + rip2PeerVersion, + rip2PeerRcvBadPackets, + rip2PeerRcvBadRoutes + } + STATUS current + DESCRIPTION + "This group defines peer information for RIP-II systems." + ::= { rip2Groups 4 } +END diff --git a/data/mibs/RMON-MIB.txt b/data/mibs/RMON-MIB.txt new file mode 100644 index 000000000..983c22ef5 --- /dev/null +++ b/data/mibs/RMON-MIB.txt @@ -0,0 +1,3980 @@ +RMON-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, + NOTIFICATION-TYPE, mib-2, Counter32, + Integer32, TimeTicks FROM SNMPv2-SMI + + TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF; + +-- Remote Network Monitoring MIB + +rmonMibModule MODULE-IDENTITY + LAST-UPDATED "200005110000Z" -- 11 May, 2000 + ORGANIZATION "IETF RMON MIB Working Group" + CONTACT-INFO + "Steve Waldbusser + Phone: +1-650-948-6500 + Fax: +1-650-745-0671 + Email: waldbusser@nextbeacon.com" + DESCRIPTION + "Remote network monitoring devices, often called + monitors or probes, are instruments that exist for + the purpose of managing a network. This MIB defines + objects for managing remote network monitoring devices." + + REVISION "200005110000Z" -- 11 May, 2000 + DESCRIPTION + "Reformatted into SMIv2 format. + + This version published as RFC 2819." + + REVISION "199502010000Z" -- 1 Feb, 1995 + DESCRIPTION + "Bug fixes, clarifications and minor changes based on + implementation experience, published as RFC1757 [18]. + + Two changes were made to object definitions: + + 1) A new status bit has been defined for the + captureBufferPacketStatus object, indicating that the + packet order within the capture buffer may not be identical to + the packet order as received off the wire. This bit may only + + be used for packets transmitted by the probe. Older NMS + applications can safely ignore this status bit, which might be + used by newer agents. + + 2) The packetMatch trap has been removed. This trap was never + actually 'approved' and was not added to this document along + with the risingAlarm and fallingAlarm traps. The packetMatch + trap could not be throttled, which could cause disruption of + normal network traffic under some circumstances. An NMS should + configure a risingAlarm threshold on the appropriate + channelMatches instance if a trap is desired for a packetMatch + event. Note that logging of packetMatch events is still + supported--only trap generation for such events has been + removed. + + In addition, several clarifications to individual object + definitions have been added to assist agent and NMS + implementors: + + - global definition of 'good packets' and 'bad packets' + + - more detailed text governing conceptual row creation and + modification + + - instructions for probes relating to interface changes and + disruptions + + - clarification of some ethernet counter definitions + + - recommended formula for calculating network utilization + + - clarification of channel and captureBuffer behavior for some + unusual conditions + + - examples of proper instance naming for each table" + + REVISION "199111010000Z" -- 1 Nov, 1991 + DESCRIPTION + "The original version of this MIB, published as RFC1271." + ::= { rmonConformance 8 } + + rmon OBJECT IDENTIFIER ::= { mib-2 16 } + + -- textual conventions + +OwnerString ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This data type is used to model an administratively + assigned name of the owner of a resource. Implementations + must accept values composed of well-formed NVT ASCII + sequences. In addition, implementations should accept + values composed of well-formed UTF-8 sequences. + + It is suggested that this name contain one or more of + the following: IP address, management station name, + network manager's name, location, or phone number. + In some cases the agent itself will be the owner of + an entry. In these cases, this string shall be set + to a string starting with 'monitor'. + + SNMP access control is articulated entirely in terms + of the contents of MIB views; access to a particular + SNMP object instance depends only upon its presence + or absence in a particular MIB view and never upon + its value or the value of related object instances. + Thus, objects of this type afford resolution of + resource contention only among cooperating + managers; they realize no access control function + with respect to uncooperative parties." + SYNTAX OCTET STRING (SIZE (0..127)) + +EntryStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The status of a table entry. + + Setting this object to the value invalid(4) has the + effect of invalidating the corresponding entry. + That is, it effectively disassociates the mapping + identified with said entry. + It is an implementation-specific matter as to whether + the agent removes an invalidated entry from the table. + Accordingly, management stations must be prepared to + receive tabular information from agents that corresponds + to entries currently not in use. Proper + interpretation of such entries requires examination + of the relevant EntryStatus object. + + An existing instance of this object cannot be set to + createRequest(2). This object may only be set to + createRequest(2) when this instance is created. When + this object is created, the agent may wish to create + supplemental object instances with default values + to complete a conceptual row in this table. Because the + + creation of these default objects is entirely at the option + of the agent, the manager must not assume that any will be + created, but may make use of any that are created. + Immediately after completing the create operation, the agent + must set this object to underCreation(3). + + When in the underCreation(3) state, an entry is allowed to + exist in a possibly incomplete, possibly inconsistent state, + usually to allow it to be modified in multiple PDUs. When in + this state, an entry is not fully active. + Entries shall exist in the underCreation(3) state until + the management station is finished configuring the entry + and sets this object to valid(1) or aborts, setting this + object to invalid(4). If the agent determines that an + entry has been in the underCreation(3) state for an + abnormally long time, it may decide that the management + station has crashed. If the agent makes this decision, + it may set this object to invalid(4) to reclaim the + entry. A prudent agent will understand that the + management station may need to wait for human input + and will allow for that possibility in its + determination of this abnormally long period. + + An entry in the valid(1) state is fully configured and + consistent and fully represents the configuration or + operation such a row is intended to represent. For + example, it could be a statistical function that is + configured and active, or a filter that is available + in the list of filters processed by the packet capture + process. + + A manager is restricted to changing the state of an entry in + the following ways: + + To: valid createRequest underCreation invalid + From: + valid OK NO OK OK + createRequest N/A N/A N/A N/A + underCreation OK NO OK OK + invalid NO NO NO OK + nonExistent NO OK NO OK + + In the table above, it is not applicable to move the state + from the createRequest state to any other state because the + manager will never find the variable in that state. The + nonExistent state is not a value of the enumeration, rather + it means that the entryStatus variable does not exist at all. + + An agent may allow an entryStatus variable to change state in + additional ways, so long as the semantics of the states are + followed. This allowance is made to ease the implementation of + the agent and is made despite the fact that managers should + never exercise these additional state transitions." + SYNTAX INTEGER { + valid(1), + createRequest(2), + underCreation(3), + invalid(4) + } + + statistics OBJECT IDENTIFIER ::= { rmon 1 } + history OBJECT IDENTIFIER ::= { rmon 2 } + alarm OBJECT IDENTIFIER ::= { rmon 3 } + hosts OBJECT IDENTIFIER ::= { rmon 4 } + hostTopN OBJECT IDENTIFIER ::= { rmon 5 } + matrix OBJECT IDENTIFIER ::= { rmon 6 } + filter OBJECT IDENTIFIER ::= { rmon 7 } + capture OBJECT IDENTIFIER ::= { rmon 8 } + event OBJECT IDENTIFIER ::= { rmon 9 } + rmonConformance OBJECT IDENTIFIER ::= { rmon 20 } + +-- The Ethernet Statistics Group +-- +-- Implementation of the Ethernet Statistics group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The ethernet statistics group contains statistics measured by the +-- probe for each monitored interface on this device. These +-- statistics take the form of free running counters that start from +-- zero when a valid entry is created. +-- +-- This group currently has statistics defined only for +-- Ethernet interfaces. Each etherStatsEntry contains statistics +-- for one Ethernet interface. The probe must create one +-- etherStats entry for each monitored Ethernet interface +-- on the device. + +etherStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF EtherStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of Ethernet statistics entries." + ::= { statistics 1 } + +etherStatsEntry OBJECT-TYPE + SYNTAX EtherStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A collection of statistics kept for a particular + Ethernet interface. As an example, an instance of the + etherStatsPkts object might be named etherStatsPkts.1" + INDEX { etherStatsIndex } + ::= { etherStatsTable 1 } + +EtherStatsEntry ::= SEQUENCE { + etherStatsIndex Integer32, + etherStatsDataSource OBJECT IDENTIFIER, + etherStatsDropEvents Counter32, + etherStatsOctets Counter32, + etherStatsPkts Counter32, + etherStatsBroadcastPkts Counter32, + etherStatsMulticastPkts Counter32, + etherStatsCRCAlignErrors Counter32, + etherStatsUndersizePkts Counter32, + etherStatsOversizePkts Counter32, + etherStatsFragments Counter32, + etherStatsJabbers Counter32, + etherStatsCollisions Counter32, + etherStatsPkts64Octets Counter32, + etherStatsPkts65to127Octets Counter32, + etherStatsPkts128to255Octets Counter32, + etherStatsPkts256to511Octets Counter32, + etherStatsPkts512to1023Octets Counter32, + etherStatsPkts1024to1518Octets Counter32, + etherStatsOwner OwnerString, + etherStatsStatus EntryStatus +} + +etherStatsIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object uniquely identifies this + etherStats entry." + ::= { etherStatsEntry 1 } + +etherStatsDataSource OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object identifies the source of the data that + this etherStats entry is configured to analyze. This + source can be any ethernet interface on this device. + In order to identify a particular interface, this object + shall identify the instance of the ifIndex object, + defined in RFC 2233 [17], for the desired interface. + For example, if an entry were to receive data from + interface #1, this object would be set to ifIndex.1. + + The statistics in this group reflect all packets + on the local network segment attached to the identified + interface. + + An agent may or may not be able to tell if fundamental + changes to the media of the interface have occurred and + necessitate an invalidation of this entry. For example, a + hot-pluggable ethernet card could be pulled out and replaced + by a token-ring card. In such a case, if the agent has such + knowledge of the change, it is recommended that it + invalidate this entry. + + This object may not be modified if the associated + etherStatsStatus object is equal to valid(1)." + ::= { etherStatsEntry 2 } + +etherStatsDropEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of events in which packets + were dropped by the probe due to lack of resources. + Note that this number is not necessarily the number of + packets dropped; it is just the number of times this + condition has been detected." + ::= { etherStatsEntry 3 } + +etherStatsOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets of data (including + those in bad packets) received on the + network (excluding framing bits but including + FCS octets). + + This object can be used as a reasonable estimate of + 10-Megabit ethernet utilization. If greater precision is + desired, the etherStatsPkts and etherStatsOctets objects + should be sampled before and after a common interval. The + differences in the sampled values are Pkts and Octets, + respectively, and the number of seconds in the interval is + Interval. These values are used to calculate the Utilization + as follows: + + Pkts * (9.6 + 6.4) + (Octets * .8) + Utilization = ------------------------------------- + Interval * 10,000 + + The result of this equation is the value Utilization which + is the percent utilization of the ethernet segment on a + scale of 0 to 100 percent." + ::= { etherStatsEntry 4 } + +etherStatsPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad packets, + broadcast packets, and multicast packets) received." + ::= { etherStatsEntry 5 } + +etherStatsBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of good packets received that were + directed to the broadcast address. Note that this + does not include multicast packets." + ::= { etherStatsEntry 6 } + +etherStatsMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of good packets received that were + directed to a multicast address. Note that this number + does not include packets directed to the broadcast + + address." + ::= { etherStatsEntry 7 } + +etherStatsCRCAlignErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received that + had a length (excluding framing bits, but + including FCS octets) of between 64 and 1518 + octets, inclusive, but had either a bad + Frame Check Sequence (FCS) with an integral + number of octets (FCS Error) or a bad FCS with + a non-integral number of octets (Alignment Error)." + ::= { etherStatsEntry 8 } + +etherStatsUndersizePkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received that were + less than 64 octets long (excluding framing bits, + but including FCS octets) and were otherwise well + formed." + ::= { etherStatsEntry 9 } + +etherStatsOversizePkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received that were + longer than 1518 octets (excluding framing bits, + but including FCS octets) and were otherwise + well formed." + ::= { etherStatsEntry 10 } + +etherStatsFragments OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received that were less than + 64 octets in length (excluding framing bits but including + FCS octets) and had either a bad Frame Check Sequence + (FCS) with an integral number of octets (FCS Error) or a + bad FCS with a non-integral number of octets (Alignment + Error). + + Note that it is entirely normal for etherStatsFragments to + increment. This is because it counts both runts (which are + normal occurrences due to collisions) and noise hits." + ::= { etherStatsEntry 11 } + +etherStatsJabbers OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received that were + longer than 1518 octets (excluding framing bits, + but including FCS octets), and had either a bad + Frame Check Sequence (FCS) with an integral number + of octets (FCS Error) or a bad FCS with a non-integral + number of octets (Alignment Error). + + Note that this definition of jabber is different + than the definition in IEEE-802.3 section 8.2.1.5 + (10BASE5) and section 10.3.1.4 (10BASE2). These + documents define jabber as the condition where any + packet exceeds 20 ms. The allowed range to detect + jabber is between 20 ms and 150 ms." + ::= { etherStatsEntry 12 } + +etherStatsCollisions OBJECT-TYPE + SYNTAX Counter32 + UNITS "Collisions" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The best estimate of the total number of collisions + on this Ethernet segment. + + The value returned will depend on the location of the + RMON probe. Section 8.2.1.3 (10BASE-5) and section + 10.3.1.3 (10BASE-2) of IEEE standard 802.3 states that a + station must detect a collision, in the receive mode, if + three or more stations are transmitting simultaneously. A + repeater port must detect a collision when two or more + + stations are transmitting simultaneously. Thus a probe + placed on a repeater port could record more collisions + than a probe connected to a station on the same segment + would. + + Probe location plays a much smaller role when considering + 10BASE-T. 14.2.1.4 (10BASE-T) of IEEE standard 802.3 + defines a collision as the simultaneous presence of signals + on the DO and RD circuits (transmitting and receiving + at the same time). A 10BASE-T station can only detect + collisions when it is transmitting. Thus probes placed on + a station and a repeater, should report the same number of + collisions. + + Note also that an RMON probe inside a repeater should + ideally report collisions between the repeater and one or + more other hosts (transmit collisions as defined by IEEE + 802.3k) plus receiver collisions observed on any coax + segments to which the repeater is connected." + ::= { etherStatsEntry 13 } + +etherStatsPkts64Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were 64 octets in length + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 14 } + +etherStatsPkts65to127Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were between + 65 and 127 octets in length inclusive + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 15 } + +etherStatsPkts128to255Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were between + 128 and 255 octets in length inclusive + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 16 } + +etherStatsPkts256to511Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were between + 256 and 511 octets in length inclusive + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 17 } + +etherStatsPkts512to1023Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were between + 512 and 1023 octets in length inclusive + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 18 } + +etherStatsPkts1024to1518Octets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets (including bad + packets) received that were between + 1024 and 1518 octets in length inclusive + (excluding framing bits but including FCS octets)." + ::= { etherStatsEntry 19 } + +etherStatsOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { etherStatsEntry 20 } + +etherStatsStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this etherStats entry." + ::= { etherStatsEntry 21 } + +-- The History Control Group + +-- Implementation of the History Control group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The history control group controls the periodic statistical +-- sampling of data from various types of networks. The +-- historyControlTable stores configuration entries that each +-- define an interface, polling period, and other parameters. +-- Once samples are taken, their data is stored in an entry +-- in a media-specific table. Each such entry defines one +-- sample, and is associated with the historyControlEntry that +-- caused the sample to be taken. Each counter in the +-- etherHistoryEntry counts the same event as its similarly-named +-- counterpart in the etherStatsEntry, except that each value here +-- is a cumulative sum during a sampling period. +-- +-- If the probe keeps track of the time of day, it should start +-- the first sample of the history at a time such that +-- when the next hour of the day begins, a sample is +-- started at that instant. This tends to make more +-- user-friendly reports, and enables comparison of reports +-- from different probes that have relatively accurate time +-- of day. +-- +-- The probe is encouraged to add two history control entries +-- per monitored interface upon initialization that describe a short +-- term and a long term polling period. Suggested parameters are 30 +-- seconds for the short term polling period and 30 minutes for +-- the long term period. + +historyControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF HistoryControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of history control entries." + ::= { history 1 } + +historyControlEntry OBJECT-TYPE + SYNTAX HistoryControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of parameters that set up a periodic sampling of + statistics. As an example, an instance of the + historyControlInterval object might be named + historyControlInterval.2" + INDEX { historyControlIndex } + ::= { historyControlTable 1 } + +HistoryControlEntry ::= SEQUENCE { + historyControlIndex Integer32, + historyControlDataSource OBJECT IDENTIFIER, + historyControlBucketsRequested Integer32, + historyControlBucketsGranted Integer32, + historyControlInterval Integer32, + historyControlOwner OwnerString, + historyControlStatus EntryStatus +} + +historyControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + historyControl table. Each such entry defines a + set of samples at a particular interval for an + interface on the device." + ::= { historyControlEntry 1 } + +historyControlDataSource OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object identifies the source of the data for + which historical data was collected and + placed in a media-specific table on behalf of this + historyControlEntry. This source can be any + interface on this device. In order to identify + + a particular interface, this object shall identify + the instance of the ifIndex object, defined + in RFC 2233 [17], for the desired interface. + For example, if an entry were to receive data from + interface #1, this object would be set to ifIndex.1. + + The statistics in this group reflect all packets + on the local network segment attached to the identified + interface. + + An agent may or may not be able to tell if fundamental + changes to the media of the interface have occurred and + necessitate an invalidation of this entry. For example, a + hot-pluggable ethernet card could be pulled out and replaced + by a token-ring card. In such a case, if the agent has such + knowledge of the change, it is recommended that it + invalidate this entry. + + This object may not be modified if the associated + historyControlStatus object is equal to valid(1)." + ::= { historyControlEntry 2 } + +historyControlBucketsRequested OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The requested number of discrete time intervals + over which data is to be saved in the part of the + media-specific table associated with this + historyControlEntry. + + When this object is created or modified, the probe + should set historyControlBucketsGranted as closely to + this object as is possible for the particular probe + implementation and available resources." + DEFVAL { 50 } + ::= { historyControlEntry 3 } + +historyControlBucketsGranted OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of discrete sampling intervals + over which data shall be saved in the part of + the media-specific table associated with this + historyControlEntry. + + When the associated historyControlBucketsRequested + object is created or modified, the probe + should set this object as closely to the requested + value as is possible for the particular + probe implementation and available resources. The + probe must not lower this value except as a result + of a modification to the associated + historyControlBucketsRequested object. + + There will be times when the actual number of + buckets associated with this entry is less than + the value of this object. In this case, at the + end of each sampling interval, a new bucket will + be added to the media-specific table. + + When the number of buckets reaches the value of + this object and a new bucket is to be added to the + media-specific table, the oldest bucket associated + with this historyControlEntry shall be deleted by + the agent so that the new bucket can be added. + + When the value of this object changes to a value less + than the current value, entries are deleted + from the media-specific table associated with this + historyControlEntry. Enough of the oldest of these + entries shall be deleted by the agent so that their + number remains less than or equal to the new value of + this object. + + When the value of this object changes to a value greater + than the current value, the number of associated media- + specific entries may be allowed to grow." + ::= { historyControlEntry 4 } + +historyControlInterval OBJECT-TYPE + SYNTAX Integer32 (1..3600) + UNITS "Seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The interval in seconds over which the data is + sampled for each bucket in the part of the + media-specific table associated with this + historyControlEntry. This interval can + be set to any number of seconds between 1 and + 3600 (1 hour). + + Because the counters in a bucket may overflow at their + + maximum value with no indication, a prudent manager will + take into account the possibility of overflow in any of + the associated counters. It is important to consider the + minimum time in which any counter could overflow on a + particular media type and set the historyControlInterval + object to a value less than this interval. This is + typically most important for the 'octets' counter in any + media-specific table. For example, on an Ethernet + network, the etherHistoryOctets counter could overflow + in about one hour at the Ethernet's maximum + utilization. + + This object may not be modified if the associated + historyControlStatus object is equal to valid(1)." + DEFVAL { 1800 } + ::= { historyControlEntry 5 } + +historyControlOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { historyControlEntry 6 } + +historyControlStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this historyControl entry. + + Each instance of the media-specific table associated + with this historyControlEntry will be deleted by the agent + if this historyControlEntry is not equal to valid(1)." + ::= { historyControlEntry 7 } + +-- The Ethernet History Group + +-- Implementation of the Ethernet History group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Ethernet History group records periodic statistical samples +-- from a network and stores them for later retrieval. +-- Once samples are taken, their data is stored in an entry +-- in a media-specific table. Each such entry defines one + +-- sample, and is associated with the historyControlEntry that +-- caused the sample to be taken. This group defines the +-- etherHistoryTable, for Ethernet networks. +-- + +etherHistoryTable OBJECT-TYPE + SYNTAX SEQUENCE OF EtherHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of Ethernet history entries." + ::= { history 2 } + +etherHistoryEntry OBJECT-TYPE + SYNTAX EtherHistoryEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An historical sample of Ethernet statistics on a particular + Ethernet interface. This sample is associated with the + historyControlEntry which set up the parameters for + a regular collection of these samples. As an example, an + instance of the etherHistoryPkts object might be named + etherHistoryPkts.2.89" + INDEX { etherHistoryIndex , etherHistorySampleIndex } + ::= { etherHistoryTable 1 } + +EtherHistoryEntry ::= SEQUENCE { + etherHistoryIndex Integer32, + etherHistorySampleIndex Integer32, + etherHistoryIntervalStart TimeTicks, + etherHistoryDropEvents Counter32, + etherHistoryOctets Counter32, + etherHistoryPkts Counter32, + etherHistoryBroadcastPkts Counter32, + etherHistoryMulticastPkts Counter32, + etherHistoryCRCAlignErrors Counter32, + etherHistoryUndersizePkts Counter32, + etherHistoryOversizePkts Counter32, + etherHistoryFragments Counter32, + etherHistoryJabbers Counter32, + etherHistoryCollisions Counter32, + etherHistoryUtilization Integer32 +} + +etherHistoryIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The history of which this entry is a part. The + history identified by a particular value of this + index is the same history as identified + by the same value of historyControlIndex." + ::= { etherHistoryEntry 1 } + +etherHistorySampleIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies the particular + sample this entry represents among all samples + associated with the same historyControlEntry. + This index starts at 1 and increases by one + as each new sample is taken." + ::= { etherHistoryEntry 2 } + +etherHistoryIntervalStart OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the start of the interval + over which this sample was measured. If the probe + keeps track of the time of day, it should start + the first sample of the history at a time such that + when the next hour of the day begins, a sample is + started at that instant. Note that following this + rule may require the probe to delay collecting the + first sample of the history, as each sample must be + of the same interval. Also note that the sample which + is currently being collected is not accessible in this + table until the end of its interval." + ::= { etherHistoryEntry 3 } + +etherHistoryDropEvents OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of events in which packets + were dropped by the probe due to lack of resources + during this sampling interval. Note that this number + is not necessarily the number of packets dropped, it + is just the number of times this condition has been + + detected." + ::= { etherHistoryEntry 4 } + +etherHistoryOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets of data (including + those in bad packets) received on the + network (excluding framing bits but including + FCS octets)." + ::= { etherHistoryEntry 5 } + +etherHistoryPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets (including bad packets) + received during this sampling interval." + ::= { etherHistoryEntry 6 } + +etherHistoryBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets received during this + sampling interval that were directed to the + broadcast address." + ::= { etherHistoryEntry 7 } + +etherHistoryMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets received during this + sampling interval that were directed to a + multicast address. Note that this number does not + include packets addressed to the broadcast address." + ::= { etherHistoryEntry 8 } + +etherHistoryCRCAlignErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets received during this + sampling interval that had a length (excluding + framing bits but including FCS octets) between + 64 and 1518 octets, inclusive, but had either a bad Frame + Check Sequence (FCS) with an integral number of octets + (FCS Error) or a bad FCS with a non-integral number + of octets (Alignment Error)." + ::= { etherHistoryEntry 9 } + +etherHistoryUndersizePkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets received during this + sampling interval that were less than 64 octets + long (excluding framing bits but including FCS + octets) and were otherwise well formed." + ::= { etherHistoryEntry 10 } + +etherHistoryOversizePkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets received during this + sampling interval that were longer than 1518 + octets (excluding framing bits but including + FCS octets) but were otherwise well formed." + ::= { etherHistoryEntry 11 } + +etherHistoryFragments OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received during this + sampling interval that were less than 64 octets in + length (excluding framing bits but including FCS + + octets) had either a bad Frame Check Sequence (FCS) + with an integral number of octets (FCS Error) or a bad + FCS with a non-integral number of octets (Alignment + Error). + + Note that it is entirely normal for etherHistoryFragments to + increment. This is because it counts both runts (which are + normal occurrences due to collisions) and noise hits." + ::= { etherHistoryEntry 12 } + +etherHistoryJabbers OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets received during this + sampling interval that were longer than 1518 octets + (excluding framing bits but including FCS octets), + and had either a bad Frame Check Sequence (FCS) + with an integral number of octets (FCS Error) or + a bad FCS with a non-integral number of octets + (Alignment Error). + + Note that this definition of jabber is different + than the definition in IEEE-802.3 section 8.2.1.5 + (10BASE5) and section 10.3.1.4 (10BASE2). These + documents define jabber as the condition where any + packet exceeds 20 ms. The allowed range to detect + jabber is between 20 ms and 150 ms." + ::= { etherHistoryEntry 13 } + +etherHistoryCollisions OBJECT-TYPE + SYNTAX Counter32 + UNITS "Collisions" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The best estimate of the total number of collisions + on this Ethernet segment during this sampling + interval. + + The value returned will depend on the location of the + RMON probe. Section 8.2.1.3 (10BASE-5) and section + 10.3.1.3 (10BASE-2) of IEEE standard 802.3 states that a + station must detect a collision, in the receive mode, if + three or more stations are transmitting simultaneously. A + repeater port must detect a collision when two or more + + stations are transmitting simultaneously. Thus a probe + placed on a repeater port could record more collisions + than a probe connected to a station on the same segment + would. + + Probe location plays a much smaller role when considering + 10BASE-T. 14.2.1.4 (10BASE-T) of IEEE standard 802.3 + defines a collision as the simultaneous presence of signals + on the DO and RD circuits (transmitting and receiving + at the same time). A 10BASE-T station can only detect + collisions when it is transmitting. Thus probes placed on + a station and a repeater, should report the same number of + collisions. + + Note also that an RMON probe inside a repeater should + ideally report collisions between the repeater and one or + more other hosts (transmit collisions as defined by IEEE + 802.3k) plus receiver collisions observed on any coax + segments to which the repeater is connected." + ::= { etherHistoryEntry 14 } + +etherHistoryUtilization OBJECT-TYPE + SYNTAX Integer32 (0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The best estimate of the mean physical layer + network utilization on this interface during this + sampling interval, in hundredths of a percent." + ::= { etherHistoryEntry 15 } + +-- The Alarm Group + +-- Implementation of the Alarm group is optional. The Alarm Group +-- requires the implementation of the Event group. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Alarm group periodically takes statistical samples from +-- variables in the probe and compares them to thresholds that have +-- been configured. The alarm table stores configuration +-- entries that each define a variable, polling period, and +-- threshold parameters. If a sample is found to cross the +-- threshold values, an event is generated. Only variables that +-- resolve to an ASN.1 primitive type of INTEGER (INTEGER, Integer32, +-- Counter32, Counter64, Gauge32, or TimeTicks) may be monitored in +-- this way. +-- + +-- This function has a hysteresis mechanism to limit the generation +-- of events. This mechanism generates one event as a threshold +-- is crossed in the appropriate direction. No more events are +-- generated for that threshold until the opposite threshold is +-- crossed. +-- +-- In the case of a sampling a deltaValue, a probe may implement +-- this mechanism with more precision if it takes a delta sample +-- twice per period, each time comparing the sum of the latest two +-- samples to the threshold. This allows the detection of threshold +-- crossings that span the sampling boundary. Note that this does +-- not require any special configuration of the threshold value. +-- It is suggested that probes implement this more precise algorithm. + +alarmTable OBJECT-TYPE + SYNTAX SEQUENCE OF AlarmEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of alarm entries." + ::= { alarm 1 } + +alarmEntry OBJECT-TYPE + SYNTAX AlarmEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of parameters that set up a periodic checking + for alarm conditions. For example, an instance of the + alarmValue object might be named alarmValue.8" + INDEX { alarmIndex } + ::= { alarmTable 1 } + +AlarmEntry ::= SEQUENCE { + alarmIndex Integer32, + alarmInterval Integer32, + alarmVariable OBJECT IDENTIFIER, + alarmSampleType INTEGER, + alarmValue Integer32, + alarmStartupAlarm INTEGER, + alarmRisingThreshold Integer32, + alarmFallingThreshold Integer32, + alarmRisingEventIndex Integer32, + alarmFallingEventIndex Integer32, + alarmOwner OwnerString, + alarmStatus EntryStatus +} + +alarmIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + alarm table. Each such entry defines a + diagnostic sample at a particular interval + for an object on the device." + ::= { alarmEntry 1 } + +alarmInterval OBJECT-TYPE + SYNTAX Integer32 + UNITS "Seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The interval in seconds over which the data is + sampled and compared with the rising and falling + thresholds. When setting this variable, care + should be taken in the case of deltaValue + sampling - the interval should be set short enough + that the sampled variable is very unlikely to + increase or decrease by more than 2^31 - 1 during + a single sampling interval. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 2 } + +alarmVariable OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object identifier of the particular variable to be + sampled. Only variables that resolve to an ASN.1 primitive + type of INTEGER (INTEGER, Integer32, Counter32, Counter64, + Gauge, or TimeTicks) may be sampled. + + Because SNMP access control is articulated entirely + in terms of the contents of MIB views, no access + control mechanism exists that can restrict the value of + this object to identify only those objects that exist + in a particular MIB view. Because there is thus no + acceptable means of restricting the read access that + could be obtained through the alarm mechanism, the + probe must only grant write access to this object in + + those views that have read access to all objects on + the probe. + + During a set operation, if the supplied variable name is + not available in the selected MIB view, a badValue error + must be returned. If at any time the variable name of + an established alarmEntry is no longer available in the + selected MIB view, the probe must change the status of + this alarmEntry to invalid(4). + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 3 } + +alarmSampleType OBJECT-TYPE + SYNTAX INTEGER { + absoluteValue(1), + deltaValue(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The method of sampling the selected variable and + calculating the value to be compared against the + thresholds. If the value of this object is + absoluteValue(1), the value of the selected variable + will be compared directly with the thresholds at the + end of the sampling interval. If the value of this + object is deltaValue(2), the value of the selected + variable at the last sample will be subtracted from + the current value, and the difference compared with + the thresholds. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 4 } + +alarmValue OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the statistic during the last sampling + period. For example, if the sample type is deltaValue, + this value will be the difference between the samples + at the beginning and end of the period. If the sample + type is absoluteValue, this value will be the sampled + value at the end of the period. + + This is the value that is compared with the rising and + falling thresholds. + + The value during the current sampling period is not + made available until the period is completed and will + remain available until the next period completes." + ::= { alarmEntry 5 } + +alarmStartupAlarm OBJECT-TYPE + SYNTAX INTEGER { + risingAlarm(1), + fallingAlarm(2), + risingOrFallingAlarm(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The alarm that may be sent when this entry is first + set to valid. If the first sample after this entry + becomes valid is greater than or equal to the + risingThreshold and alarmStartupAlarm is equal to + risingAlarm(1) or risingOrFallingAlarm(3), then a single + rising alarm will be generated. If the first sample + after this entry becomes valid is less than or equal + to the fallingThreshold and alarmStartupAlarm is equal + to fallingAlarm(2) or risingOrFallingAlarm(3), then a + single falling alarm will be generated. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 6 } + +alarmRisingThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A threshold for the sampled statistic. When the current + sampled value is greater than or equal to this threshold, + and the value at the last sampling interval was less than + this threshold, a single event will be generated. + A single event will also be generated if the first + sample after this entry becomes valid is greater than or + equal to this threshold and the associated + alarmStartupAlarm is equal to risingAlarm(1) or + risingOrFallingAlarm(3). + + After a rising event is generated, another such event + + will not be generated until the sampled value + falls below this threshold and reaches the + alarmFallingThreshold. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 7 } + +alarmFallingThreshold OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A threshold for the sampled statistic. When the current + sampled value is less than or equal to this threshold, + and the value at the last sampling interval was greater than + this threshold, a single event will be generated. + A single event will also be generated if the first + sample after this entry becomes valid is less than or + equal to this threshold and the associated + alarmStartupAlarm is equal to fallingAlarm(2) or + risingOrFallingAlarm(3). + + After a falling event is generated, another such event + will not be generated until the sampled value + rises above this threshold and reaches the + alarmRisingThreshold. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 8 } + +alarmRisingEventIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The index of the eventEntry that is + used when a rising threshold is crossed. The + eventEntry identified by a particular value of + this index is the same as identified by the same value + of the eventIndex object. If there is no + corresponding entry in the eventTable, then + no association exists. In particular, if this value + is zero, no associated event will be generated, as + zero is not a valid event index. + + This object may not be modified if the associated + + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 9 } + +alarmFallingEventIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The index of the eventEntry that is + used when a falling threshold is crossed. The + eventEntry identified by a particular value of + this index is the same as identified by the same value + of the eventIndex object. If there is no + corresponding entry in the eventTable, then + no association exists. In particular, if this value + is zero, no associated event will be generated, as + zero is not a valid event index. + + This object may not be modified if the associated + alarmStatus object is equal to valid(1)." + ::= { alarmEntry 10 } + +alarmOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { alarmEntry 11 } + +alarmStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this alarm entry." + ::= { alarmEntry 12 } + +-- The Host Group + +-- Implementation of the Host group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The host group discovers new hosts on the network by +-- keeping a list of source and destination MAC Addresses seen +-- in good packets. For each of these addresses, the host group + +-- keeps a set of statistics. The hostControlTable controls +-- which interfaces this function is performed on, and contains +-- some information about the process. On behalf of each +-- hostControlEntry, data is collected on an interface and placed +-- in both the hostTable and the hostTimeTable. If the +-- monitoring device finds itself short of resources, it may +-- delete entries as needed. It is suggested that the device +-- delete the least recently used entries first. + +-- The hostTable contains entries for each address discovered on +-- a particular interface. Each entry contains statistical +-- data about that host. This table is indexed by the +-- MAC address of the host, through which a random access +-- may be achieved. + +-- The hostTimeTable contains data in the same format as the +-- hostTable, and must contain the same set of hosts, but is +-- indexed using hostTimeCreationOrder rather than hostAddress. +-- The hostTimeCreationOrder is an integer which reflects +-- the relative order in which a particular entry was discovered +-- and thus inserted into the table. As this order, and thus +-- the index, is among those entries currently in the table, +-- the index for a particular entry may change if an +-- (earlier) entry is deleted. Thus the association between +-- hostTimeCreationOrder and hostTimeEntry may be broken at +-- any time. + +-- The hostTimeTable has two important uses. The first is the +-- fast download of this potentially large table. Because the +-- index of this table runs from 1 to the size of the table, +-- inclusive, its values are predictable. This allows very +-- efficient packing of variables into SNMP PDU's and allows +-- a table transfer to have multiple packets outstanding. +-- These benefits increase transfer rates tremendously. + +-- The second use of the hostTimeTable is the efficient discovery +-- by the management station of new entries added to the table. +-- After the management station has downloaded the entire table, +-- it knows that new entries will be added immediately after the +-- end of the current table. It can thus detect new entries there +-- and retrieve them easily. + +-- Because the association between hostTimeCreationOrder and +-- hostTimeEntry may be broken at any time, the management +-- station must monitor the related hostControlLastDeleteTime +-- object. When the management station thus detects a deletion, +-- it must assume that any such associations have been broken, +-- and invalidate any it has stored locally. This includes + +-- restarting any download of the hostTimeTable that may have been +-- in progress, as well as rediscovering the end of the +-- hostTimeTable so that it may detect new entries. If the +-- management station does not detect the broken association, +-- it may continue to refer to a particular host by its +-- creationOrder while unwittingly retrieving the data associated +-- with another host entirely. If this happens while downloading +-- the host table, the management station may fail to download +-- all of the entries in the table. + +hostControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF HostControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of host table control entries." + ::= { hosts 1 } + +hostControlEntry OBJECT-TYPE + SYNTAX HostControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of parameters that set up the discovery of hosts + on a particular interface and the collection of statistics + about these hosts. For example, an instance of the + hostControlTableSize object might be named + hostControlTableSize.1" + INDEX { hostControlIndex } + ::= { hostControlTable 1 } + +HostControlEntry ::= SEQUENCE { + + hostControlIndex Integer32, + hostControlDataSource OBJECT IDENTIFIER, + hostControlTableSize Integer32, + hostControlLastDeleteTime TimeTicks, + hostControlOwner OwnerString, + hostControlStatus EntryStatus +} + +hostControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + + hostControl table. Each such entry defines + a function that discovers hosts on a particular interface + and places statistics about them in the hostTable and + the hostTimeTable on behalf of this hostControlEntry." + ::= { hostControlEntry 1 } + +hostControlDataSource OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object identifies the source of the data for + this instance of the host function. This source + can be any interface on this device. In order + to identify a particular interface, this object shall + identify the instance of the ifIndex object, defined + in RFC 2233 [17], for the desired interface. + For example, if an entry were to receive data from + interface #1, this object would be set to ifIndex.1. + + The statistics in this group reflect all packets + on the local network segment attached to the identified + interface. + + An agent may or may not be able to tell if fundamental + changes to the media of the interface have occurred and + necessitate an invalidation of this entry. For example, a + hot-pluggable ethernet card could be pulled out and replaced + by a token-ring card. In such a case, if the agent has such + knowledge of the change, it is recommended that it + invalidate this entry. + + This object may not be modified if the associated + hostControlStatus object is equal to valid(1)." + ::= { hostControlEntry 2 } + +hostControlTableSize OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of hostEntries in the hostTable and the + hostTimeTable associated with this hostControlEntry." + ::= { hostControlEntry 3 } + +hostControlLastDeleteTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the last entry + was deleted from the portion of the hostTable + associated with this hostControlEntry. If no + deletions have occurred, this value shall be zero." + ::= { hostControlEntry 4 } + +hostControlOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { hostControlEntry 5 } + +hostControlStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this hostControl entry. + + If this object is not equal to valid(1), all associated + entries in the hostTable, hostTimeTable, and the + hostTopNTable shall be deleted by the agent." + ::= { hostControlEntry 6 } + +hostTable OBJECT-TYPE + SYNTAX SEQUENCE OF HostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of host entries." + ::= { hosts 2 } + +hostEntry OBJECT-TYPE + SYNTAX HostEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A collection of statistics for a particular host that has + been discovered on an interface of this device. For example, + an instance of the hostOutBroadcastPkts object might be + named hostOutBroadcastPkts.1.6.8.0.32.27.3.176" + INDEX { hostIndex, hostAddress } + ::= { hostTable 1 } + +HostEntry ::= SEQUENCE { + hostAddress OCTET STRING, + hostCreationOrder Integer32, + hostIndex Integer32, + hostInPkts Counter32, + hostOutPkts Counter32, + hostInOctets Counter32, + hostOutOctets Counter32, + hostOutErrors Counter32, + hostOutBroadcastPkts Counter32, + hostOutMulticastPkts Counter32 +} + +hostAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The physical address of this host." + ::= { hostEntry 1 } + +hostCreationOrder OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that defines the relative ordering of + the creation time of hosts captured for a + particular hostControlEntry. This index shall + be between 1 and N, where N is the value of + the associated hostControlTableSize. The ordering + of the indexes is based on the order of each entry's + insertion into the table, in which entries added earlier + have a lower index value than entries added later. + + It is important to note that the order for a + particular entry may change as an (earlier) entry + is deleted from the table. Because this order may + change, management stations should make use of the + hostControlLastDeleteTime variable in the + hostControlEntry associated with the relevant + portion of the hostTable. By observing + this variable, the management station may detect + the circumstances where a previous association + between a value of hostCreationOrder + and a hostEntry may no longer hold." + ::= { hostEntry 2 } + +hostIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The set of collected host statistics of which + this entry is a part. The set of hosts + identified by a particular value of this + index is associated with the hostControlEntry + as identified by the same value of hostControlIndex." + ::= { hostEntry 3 } + +hostInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted to this + address since it was added to the hostTable." + ::= { hostEntry 4 } + +hostOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, including bad packets, transmitted + by this address since it was added to the hostTable." + ::= { hostEntry 5 } + +hostInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets transmitted to this address since + it was added to the hostTable (excluding framing + bits but including FCS octets), except for those + octets in bad packets." + ::= { hostEntry 6 } + +hostOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets transmitted by this address since + it was added to the hostTable (excluding framing + bits but including FCS octets), including those + octets in bad packets." + ::= { hostEntry 7 } + +hostOutErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bad packets transmitted by this address + since this host was added to the hostTable." + ::= { hostEntry 8 } + +hostOutBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted by this + address that were directed to the broadcast address + since this host was added to the hostTable." + ::= { hostEntry 9 } + +hostOutMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted by this + address that were directed to a multicast address + since this host was added to the hostTable. + Note that this number does not include packets + directed to the broadcast address." + ::= { hostEntry 10 } + +-- host Time Table + +hostTimeTable OBJECT-TYPE + SYNTAX SEQUENCE OF HostTimeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of time-ordered host table entries." + ::= { hosts 3 } + +hostTimeEntry OBJECT-TYPE + SYNTAX HostTimeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A collection of statistics for a particular host that has + been discovered on an interface of this device. This + collection includes the relative ordering of the creation + time of this object. For example, an instance of the + hostTimeOutBroadcastPkts object might be named + hostTimeOutBroadcastPkts.1.687" + INDEX { hostTimeIndex, hostTimeCreationOrder } + ::= { hostTimeTable 1 } + +HostTimeEntry ::= SEQUENCE { + hostTimeAddress OCTET STRING, + hostTimeCreationOrder Integer32, + hostTimeIndex Integer32, + hostTimeInPkts Counter32, + hostTimeOutPkts Counter32, + hostTimeInOctets Counter32, + hostTimeOutOctets Counter32, + hostTimeOutErrors Counter32, + hostTimeOutBroadcastPkts Counter32, + hostTimeOutMulticastPkts Counter32 +} + +hostTimeAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The physical address of this host." + ::= { hostTimeEntry 1 } + +hostTimeCreationOrder OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in + the hostTime table among those entries associated + with the same hostControlEntry. This index shall + be between 1 and N, where N is the value of + + the associated hostControlTableSize. The ordering + of the indexes is based on the order of each entry's + insertion into the table, in which entries added earlier + have a lower index value than entries added later. + Thus the management station has the ability to + learn of new entries added to this table without + downloading the entire table. + + It is important to note that the index for a + particular entry may change as an (earlier) entry + is deleted from the table. Because this order may + change, management stations should make use of the + hostControlLastDeleteTime variable in the + hostControlEntry associated with the relevant + portion of the hostTimeTable. By observing + this variable, the management station may detect + the circumstances where a download of the table + may have missed entries, and where a previous + association between a value of hostTimeCreationOrder + and a hostTimeEntry may no longer hold." + ::= { hostTimeEntry 2 } + +hostTimeIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The set of collected host statistics of which + this entry is a part. The set of hosts + identified by a particular value of this + index is associated with the hostControlEntry + as identified by the same value of hostControlIndex." + ::= { hostTimeEntry 3 } + +hostTimeInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted to this + address since it was added to the hostTimeTable." + ::= { hostTimeEntry 4 } + +hostTimeOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets, including bad packets, transmitted + by this address since it was added to the hostTimeTable." + ::= { hostTimeEntry 5 } + +hostTimeInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets transmitted to this address since + it was added to the hostTimeTable (excluding framing + bits but including FCS octets), except for those + octets in bad packets." + ::= { hostTimeEntry 6 } + +hostTimeOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets transmitted by this address since + it was added to the hostTimeTable (excluding framing + bits but including FCS octets), including those + octets in bad packets." + ::= { hostTimeEntry 7 } + +hostTimeOutErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bad packets transmitted by this address + since this host was added to the hostTimeTable." + ::= { hostTimeEntry 8 } + +hostTimeOutBroadcastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted by this + address that were directed to the broadcast address + + since this host was added to the hostTimeTable." + ::= { hostTimeEntry 9 } + +hostTimeOutMulticastPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of good packets transmitted by this + address that were directed to a multicast address + since this host was added to the hostTimeTable. + Note that this number does not include packets directed + to the broadcast address." + ::= { hostTimeEntry 10 } + +-- The Host Top "N" Group + +-- Implementation of the Host Top N group is optional. The Host Top N +-- group requires the implementation of the host group. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Host Top N group is used to prepare reports that describe +-- the hosts that top a list ordered by one of their statistics. +-- The available statistics are samples of one of their +-- base statistics, over an interval specified by the management +-- station. Thus, these statistics are rate based. The management +-- station also selects how many such hosts are reported. + +-- The hostTopNControlTable is used to initiate the generation of +-- such a report. The management station may select the parameters +-- of such a report, such as which interface, which statistic, +-- how many hosts, and the start and stop times of the sampling. +-- When the report is prepared, entries are created in the +-- hostTopNTable associated with the relevant hostTopNControlEntry. +-- These entries are static for each report after it has been +-- prepared. + +hostTopNControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF HostTopNControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of top N host control entries." + ::= { hostTopN 1 } + +hostTopNControlEntry OBJECT-TYPE + SYNTAX HostTopNControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of parameters that control the creation of a report + of the top N hosts according to several metrics. For + example, an instance of the hostTopNDuration object might + be named hostTopNDuration.3" + INDEX { hostTopNControlIndex } + ::= { hostTopNControlTable 1 } + +HostTopNControlEntry ::= SEQUENCE { + hostTopNControlIndex Integer32, + hostTopNHostIndex Integer32, + hostTopNRateBase INTEGER, + hostTopNTimeRemaining Integer32, + hostTopNDuration Integer32, + hostTopNRequestedSize Integer32, + hostTopNGrantedSize Integer32, + hostTopNStartTime TimeTicks, + hostTopNOwner OwnerString, + hostTopNStatus EntryStatus +} + +hostTopNControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry + in the hostTopNControl table. Each such + entry defines one top N report prepared for + one interface." + ::= { hostTopNControlEntry 1 } + +hostTopNHostIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The host table for which a top N report will be prepared + on behalf of this entry. The host table identified by a + particular value of this index is associated with the same + host table as identified by the same value of + hostIndex. + + This object may not be modified if the associated + hostTopNStatus object is equal to valid(1)." + ::= { hostTopNControlEntry 2 } + +hostTopNRateBase OBJECT-TYPE + SYNTAX INTEGER { + hostTopNInPkts(1), + hostTopNOutPkts(2), + hostTopNInOctets(3), + hostTopNOutOctets(4), + hostTopNOutErrors(5), + hostTopNOutBroadcastPkts(6), + hostTopNOutMulticastPkts(7) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The variable for each host that the hostTopNRate + variable is based upon. + + This object may not be modified if the associated + hostTopNStatus object is equal to valid(1)." + ::= { hostTopNControlEntry 3 } + +hostTopNTimeRemaining OBJECT-TYPE + SYNTAX Integer32 + UNITS "Seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The number of seconds left in the report currently being + collected. When this object is modified by the management + station, a new collection is started, possibly aborting + a currently running report. The new value is used + as the requested duration of this report, which is + loaded into the associated hostTopNDuration object. + + When this object is set to a non-zero value, any + associated hostTopNEntries shall be made + inaccessible by the monitor. While the value of this + object is non-zero, it decrements by one per second until + it reaches zero. During this time, all associated + hostTopNEntries shall remain inaccessible. At the time + that this object decrements to zero, the report is made + accessible in the hostTopNTable. Thus, the hostTopN + table needs to be created only at the end of the collection + interval." + DEFVAL { 0 } + ::= { hostTopNControlEntry 4 } + +hostTopNDuration OBJECT-TYPE + SYNTAX Integer32 + UNITS "Seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of seconds that this report has collected + during the last sampling interval, or if this + report is currently being collected, the number + of seconds that this report is being collected + during this sampling interval. + + When the associated hostTopNTimeRemaining object is set, + this object shall be set by the probe to the same value + and shall not be modified until the next time + the hostTopNTimeRemaining is set. + + This value shall be zero if no reports have been + requested for this hostTopNControlEntry." + DEFVAL { 0 } + ::= { hostTopNControlEntry 5 } + +hostTopNRequestedSize OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of hosts requested for the top N + table. + + When this object is created or modified, the probe + should set hostTopNGrantedSize as closely to this + object as is possible for the particular probe + implementation and available resources." + DEFVAL { 10 } + ::= { hostTopNControlEntry 6 } + +hostTopNGrantedSize OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of hosts in the top N table. + + When the associated hostTopNRequestedSize object is + created or modified, the probe should set this + object as closely to the requested value as is possible + for the particular implementation and available + + resources. The probe must not lower this value except + as a result of a set to the associated + hostTopNRequestedSize object. + + Hosts with the highest value of hostTopNRate shall be + placed in this table in decreasing order of this rate + until there is no more room or until there are no more + hosts." + ::= { hostTopNControlEntry 7 } + +hostTopNStartTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when this top N report was + last started. In other words, this is the time that + the associated hostTopNTimeRemaining object was + modified to start the requested report." + ::= { hostTopNControlEntry 8 } + +hostTopNOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { hostTopNControlEntry 9 } + +hostTopNStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this hostTopNControl entry. + + If this object is not equal to valid(1), all associated + hostTopNEntries shall be deleted by the agent." + ::= { hostTopNControlEntry 10 } + +hostTopNTable OBJECT-TYPE + SYNTAX SEQUENCE OF HostTopNEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of top N host entries." + ::= { hostTopN 2 } + +hostTopNEntry OBJECT-TYPE + SYNTAX HostTopNEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of statistics for a host that is part of a top N + report. For example, an instance of the hostTopNRate + object might be named hostTopNRate.3.10" + INDEX { hostTopNReport, hostTopNIndex } + ::= { hostTopNTable 1 } + +HostTopNEntry ::= SEQUENCE { + hostTopNReport Integer32, + hostTopNIndex Integer32, + hostTopNAddress OCTET STRING, + hostTopNRate Integer32 +} + +hostTopNReport OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object identifies the top N report of which + this entry is a part. The set of hosts + identified by a particular value of this + object is part of the same report as identified + by the same value of the hostTopNControlIndex object." + ::= { hostTopNEntry 1 } + +hostTopNIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in + the hostTopN table among those in the same report. + This index is between 1 and N, where N is the + number of entries in this table. Increasing values + of hostTopNIndex shall be assigned to entries with + decreasing values of hostTopNRate until index N + is assigned to the entry with the lowest value of + hostTopNRate or there are no more hostTopNEntries." + ::= { hostTopNEntry 2 } + +hostTopNAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The physical address of this host." + ::= { hostTopNEntry 3 } + +hostTopNRate OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of change in the selected variable + during this sampling interval. The selected + variable is this host's instance of the object + selected by hostTopNRateBase." + ::= { hostTopNEntry 4 } + +-- The Matrix Group + +-- Implementation of the Matrix group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Matrix group consists of the matrixControlTable, matrixSDTable +-- and the matrixDSTable. These tables store statistics for a +-- particular conversation between two addresses. As the device +-- detects a new conversation, including those to a non-unicast +-- address, it creates a new entry in both of the matrix tables. +-- It must only create new entries based on information +-- received in good packets. If the monitoring device finds +-- itself short of resources, it may delete entries as needed. +-- It is suggested that the device delete the least recently used +-- entries first. + +matrixControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF MatrixControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of information entries for the + traffic matrix on each interface." + ::= { matrix 1 } + +matrixControlEntry OBJECT-TYPE + SYNTAX MatrixControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a traffic matrix on a particular + + interface. For example, an instance of the + matrixControlLastDeleteTime object might be named + matrixControlLastDeleteTime.1" + INDEX { matrixControlIndex } + ::= { matrixControlTable 1 } + +MatrixControlEntry ::= SEQUENCE { + matrixControlIndex Integer32, + matrixControlDataSource OBJECT IDENTIFIER, + matrixControlTableSize Integer32, + matrixControlLastDeleteTime TimeTicks, + matrixControlOwner OwnerString, + matrixControlStatus EntryStatus +} + +matrixControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + matrixControl table. Each such entry defines + a function that discovers conversations on a particular + interface and places statistics about them in the + matrixSDTable and the matrixDSTable on behalf of this + matrixControlEntry." + ::= { matrixControlEntry 1 } + +matrixControlDataSource OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object identifies the source of + the data from which this entry creates a traffic matrix. + This source can be any interface on this device. In + order to identify a particular interface, this object + shall identify the instance of the ifIndex object, + defined in RFC 2233 [17], for the desired + interface. For example, if an entry were to receive data + from interface #1, this object would be set to ifIndex.1. + + The statistics in this group reflect all packets + on the local network segment attached to the identified + interface. + + An agent may or may not be able to tell if fundamental + changes to the media of the interface have occurred and + + necessitate an invalidation of this entry. For example, a + hot-pluggable ethernet card could be pulled out and replaced + by a token-ring card. In such a case, if the agent has such + knowledge of the change, it is recommended that it + invalidate this entry. + + This object may not be modified if the associated + matrixControlStatus object is equal to valid(1)." + ::= { matrixControlEntry 2 } + +matrixControlTableSize OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of matrixSDEntries in the matrixSDTable + for this interface. This must also be the value of + the number of entries in the matrixDSTable for this + interface." + ::= { matrixControlEntry 3 } + +matrixControlLastDeleteTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when the last entry + was deleted from the portion of the matrixSDTable + or matrixDSTable associated with this matrixControlEntry. + If no deletions have occurred, this value shall be + zero." + ::= { matrixControlEntry 4 } + +matrixControlOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { matrixControlEntry 5 } + +matrixControlStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this matrixControl entry. + + If this object is not equal to valid(1), all associated + entries in the matrixSDTable and the matrixDSTable + shall be deleted by the agent." + ::= { matrixControlEntry 6 } + +matrixSDTable OBJECT-TYPE + SYNTAX SEQUENCE OF MatrixSDEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of traffic matrix entries indexed by + source and destination MAC address." + ::= { matrix 2 } + +matrixSDEntry OBJECT-TYPE + SYNTAX MatrixSDEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A collection of statistics for communications between + two addresses on a particular interface. For example, + an instance of the matrixSDPkts object might be named + matrixSDPkts.1.6.8.0.32.27.3.176.6.8.0.32.10.8.113" + INDEX { matrixSDIndex, + matrixSDSourceAddress, matrixSDDestAddress } + ::= { matrixSDTable 1 } + +MatrixSDEntry ::= SEQUENCE { + matrixSDSourceAddress OCTET STRING, + matrixSDDestAddress OCTET STRING, + matrixSDIndex Integer32, + matrixSDPkts Counter32, + matrixSDOctets Counter32, + matrixSDErrors Counter32 +} + +matrixSDSourceAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The source physical address." + ::= { matrixSDEntry 1 } + +matrixSDDestAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The destination physical address." + ::= { matrixSDEntry 2 } + +matrixSDIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The set of collected matrix statistics of which + this entry is a part. The set of matrix statistics + identified by a particular value of this index + is associated with the same matrixControlEntry + as identified by the same value of matrixControlIndex." + ::= { matrixSDEntry 3 } + +matrixSDPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets transmitted from the source + address to the destination address (this number includes + bad packets)." + ::= { matrixSDEntry 4 } + +matrixSDOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets (excluding framing bits but + including FCS octets) contained in all packets + transmitted from the source address to the + destination address." + ::= { matrixSDEntry 5 } + +matrixSDErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bad packets transmitted from + the source address to the destination address." + ::= { matrixSDEntry 6 } + +-- Traffic matrix tables from destination to source + +matrixDSTable OBJECT-TYPE + SYNTAX SEQUENCE OF MatrixDSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of traffic matrix entries indexed by + destination and source MAC address." + ::= { matrix 3 } + +matrixDSEntry OBJECT-TYPE + SYNTAX MatrixDSEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A collection of statistics for communications between + two addresses on a particular interface. For example, + an instance of the matrixSDPkts object might be named + matrixSDPkts.1.6.8.0.32.10.8.113.6.8.0.32.27.3.176" + INDEX { matrixDSIndex, + matrixDSDestAddress, matrixDSSourceAddress } + ::= { matrixDSTable 1 } + +MatrixDSEntry ::= SEQUENCE { + matrixDSSourceAddress OCTET STRING, + matrixDSDestAddress OCTET STRING, + matrixDSIndex Integer32, + matrixDSPkts Counter32, + matrixDSOctets Counter32, + matrixDSErrors Counter32 +} + +matrixDSSourceAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The source physical address." + ::= { matrixDSEntry 1 } + +matrixDSDestAddress OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The destination physical address." + ::= { matrixDSEntry 2 } + +matrixDSIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The set of collected matrix statistics of which + this entry is a part. The set of matrix statistics + identified by a particular value of this index + is associated with the same matrixControlEntry + as identified by the same value of matrixControlIndex." + ::= { matrixDSEntry 3 } + +matrixDSPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets transmitted from the source + address to the destination address (this number includes + bad packets)." + ::= { matrixDSEntry 4 } + +matrixDSOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of octets (excluding framing bits + but including FCS octets) contained in all packets + transmitted from the source address to the + destination address." + ::= { matrixDSEntry 5 } + +matrixDSErrors OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bad packets transmitted from + the source address to the destination address." + ::= { matrixDSEntry 6 } + +-- The Filter Group + +-- Implementation of the Filter group is optional. + +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Filter group allows packets to be captured with an +-- arbitrary filter expression. A logical data and +-- event stream or "channel" is formed by the packets +-- that match the filter expression. +-- +-- This filter mechanism allows the creation of an arbitrary +-- logical expression with which to filter packets. Each +-- filter associated with a channel is OR'ed with the others. +-- Within a filter, any bits checked in the data and status are +-- AND'ed with respect to other bits in the same filter. The +-- NotMask also allows for checking for inequality. Finally, +-- the channelAcceptType object allows for inversion of the +-- whole equation. +-- +-- If a management station wishes to receive a trap to alert it +-- that new packets have been captured and are available for +-- download, it is recommended that it set up an alarm entry that +-- monitors the value of the relevant channelMatches instance. +-- +-- The channel can be turned on or off, and can also +-- generate events when packets pass through it. + +filterTable OBJECT-TYPE + SYNTAX SEQUENCE OF FilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of packet filter entries." + ::= { filter 1 } + +filterEntry OBJECT-TYPE + SYNTAX FilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of parameters for a packet filter applied on a + particular interface. As an example, an instance of the + filterPktData object might be named filterPktData.12" + INDEX { filterIndex } + ::= { filterTable 1 } + +FilterEntry ::= SEQUENCE { + filterIndex Integer32, + filterChannelIndex Integer32, + filterPktDataOffset Integer32, + filterPktData OCTET STRING, + filterPktDataMask OCTET STRING, + filterPktDataNotMask OCTET STRING, + filterPktStatus Integer32, + filterPktStatusMask Integer32, + filterPktStatusNotMask Integer32, + filterOwner OwnerString, + filterStatus EntryStatus +} + +filterIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry + in the filter table. Each such entry defines + one filter that is to be applied to every packet + received on an interface." + ::= { filterEntry 1 } + +filterChannelIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object identifies the channel of which this filter + is a part. The filters identified by a particular value + of this object are associated with the same channel as + identified by the same value of the channelIndex object." + ::= { filterEntry 2 } + +filterPktDataOffset OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The offset from the beginning of each packet where + a match of packet data will be attempted. This offset + is measured from the point in the physical layer + packet after the framing bits, if any. For example, + in an Ethernet frame, this point is at the beginning of + the destination MAC address. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + DEFVAL { 0 } + ::= { filterEntry 3 } + +filterPktData OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The data that is to be matched with the input packet. + For each packet received, this filter and the accompanying + filterPktDataMask and filterPktDataNotMask will be + adjusted for the offset. The only bits relevant to this + match algorithm are those that have the corresponding + filterPktDataMask bit equal to one. The following three + rules are then applied to every packet: + + (1) If the packet is too short and does not have data + corresponding to part of the filterPktData, the packet + will fail this data match. + + (2) For each relevant bit from the packet with the + corresponding filterPktDataNotMask bit set to zero, if + the bit from the packet is not equal to the corresponding + bit from the filterPktData, then the packet will fail + this data match. + + (3) If for every relevant bit from the packet with the + corresponding filterPktDataNotMask bit set to one, the + bit from the packet is equal to the corresponding bit + from the filterPktData, then the packet will fail this + data match. + + Any packets that have not failed any of the three matches + above have passed this data match. In particular, a zero + length filter will match any packet. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 4 } + +filterPktDataMask OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The mask that is applied to the match process. + After adjusting this mask for the offset, only those + bits in the received packet that correspond to bits set + in this mask are relevant for further processing by the + + match algorithm. The offset is applied to filterPktDataMask + in the same way it is applied to the filter. For the + purposes of the matching algorithm, if the associated + filterPktData object is longer than this mask, this mask is + conceptually extended with '1' bits until it reaches the + length of the filterPktData object. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 5 } + +filterPktDataNotMask OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The inversion mask that is applied to the match + process. After adjusting this mask for the offset, + those relevant bits in the received packet that correspond + to bits cleared in this mask must all be equal to their + corresponding bits in the filterPktData object for the packet + to be accepted. In addition, at least one of those relevant + bits in the received packet that correspond to bits set in + this mask must be different to its corresponding bit in the + filterPktData object. + + For the purposes of the matching algorithm, if the associated + filterPktData object is longer than this mask, this mask is + conceptually extended with '0' bits until it reaches the + length of the filterPktData object. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 6 } + +filterPktStatus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status that is to be matched with the input packet. + The only bits relevant to this match algorithm are those that + have the corresponding filterPktStatusMask bit equal to one. + The following two rules are then applied to every packet: + + (1) For each relevant bit from the packet status with the + corresponding filterPktStatusNotMask bit set to zero, if + the bit from the packet status is not equal to the + + corresponding bit from the filterPktStatus, then the + packet will fail this status match. + + (2) If for every relevant bit from the packet status with the + corresponding filterPktStatusNotMask bit set to one, the + bit from the packet status is equal to the corresponding + bit from the filterPktStatus, then the packet will fail + this status match. + + Any packets that have not failed either of the two matches + above have passed this status match. In particular, a zero + length status filter will match any packet's status. + + The value of the packet status is a sum. This sum + initially takes the value zero. Then, for each + error, E, that has been discovered in this packet, + 2 raised to a value representing E is added to the sum. + The errors and the bits that represent them are dependent + on the media type of the interface that this channel + is receiving packets from. + + The errors defined for a packet captured off of an + Ethernet interface are as follows: + + bit # Error + 0 Packet is longer than 1518 octets + 1 Packet is shorter than 64 octets + 2 Packet experienced a CRC or Alignment error + + For example, an Ethernet fragment would have a + value of 6 (2^1 + 2^2). + + As this MIB is expanded to new media types, this object + will have other media-specific errors defined. + + For the purposes of this status matching algorithm, if the + packet status is longer than this filterPktStatus object, + this object is conceptually extended with '0' bits until it + reaches the size of the packet status. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 7 } + +filterPktStatusMask OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The mask that is applied to the status match process. + Only those bits in the received packet that correspond to + bits set in this mask are relevant for further processing + by the status match algorithm. For the purposes + of the matching algorithm, if the associated filterPktStatus + object is longer than this mask, this mask is conceptually + extended with '1' bits until it reaches the size of the + filterPktStatus. In addition, if a packet status is longer + than this mask, this mask is conceptually extended with '0' + bits until it reaches the size of the packet status. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 8 } + +filterPktStatusNotMask OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The inversion mask that is applied to the status match + process. Those relevant bits in the received packet status + that correspond to bits cleared in this mask must all be + equal to their corresponding bits in the filterPktStatus + object for the packet to be accepted. In addition, at least + one of those relevant bits in the received packet status + that correspond to bits set in this mask must be different + to its corresponding bit in the filterPktStatus object for + the packet to be accepted. + + For the purposes of the matching algorithm, if the associated + filterPktStatus object or a packet status is longer than this + mask, this mask is conceptually extended with '0' bits until + it reaches the longer of the lengths of the filterPktStatus + object and the packet status. + + This object may not be modified if the associated + filterStatus object is equal to valid(1)." + ::= { filterEntry 9 } + +filterOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { filterEntry 10 } + +filterStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this filter entry." + ::= { filterEntry 11 } + +channelTable OBJECT-TYPE + SYNTAX SEQUENCE OF ChannelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of packet channel entries." + ::= { filter 2 } + +channelEntry OBJECT-TYPE + SYNTAX ChannelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of parameters for a packet channel applied on a + particular interface. As an example, an instance of the + channelMatches object might be named channelMatches.3" + INDEX { channelIndex } + ::= { channelTable 1 } + +ChannelEntry ::= SEQUENCE { + channelIndex Integer32, + channelIfIndex Integer32, + channelAcceptType INTEGER, + channelDataControl INTEGER, + channelTurnOnEventIndex Integer32, + channelTurnOffEventIndex Integer32, + channelEventIndex Integer32, + channelEventStatus INTEGER, + channelMatches Counter32, + channelDescription DisplayString, + channelOwner OwnerString, + channelStatus EntryStatus +} + +channelIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the channel + table. Each such entry defines one channel, a logical + data and event stream. + + It is suggested that before creating a channel, an + application should scan all instances of the + filterChannelIndex object to make sure that there are no + pre-existing filters that would be inadvertently be linked + to the channel." + ::= { channelEntry 1 } + +channelIfIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object uniquely identifies the + interface on this remote network monitoring device to which + the associated filters are applied to allow data into this + channel. The interface identified by a particular value + of this object is the same interface as identified by the + same value of the ifIndex object, defined in RFC 2233 [17]. + + The filters in this group are applied to all packets on + the local network segment attached to the identified + interface. + + An agent may or may not be able to tell if fundamental + changes to the media of the interface have occurred and + necessitate an invalidation of this entry. For example, a + hot-pluggable ethernet card could be pulled out and replaced + by a token-ring card. In such a case, if the agent has such + knowledge of the change, it is recommended that it + invalidate this entry. + + This object may not be modified if the associated + channelStatus object is equal to valid(1)." + ::= { channelEntry 2 } + +channelAcceptType OBJECT-TYPE + SYNTAX INTEGER { + acceptMatched(1), + acceptFailed(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object controls the action of the filters + associated with this channel. If this object is equal + to acceptMatched(1), packets will be accepted to this + channel if they are accepted by both the packet data and + packet status matches of an associated filter. If + this object is equal to acceptFailed(2), packets will + be accepted to this channel only if they fail either + the packet data match or the packet status match of + each of the associated filters. + + In particular, a channel with no associated filters will + match no packets if set to acceptMatched(1) case and will + match all packets in the acceptFailed(2) case. + + This object may not be modified if the associated + channelStatus object is equal to valid(1)." + ::= { channelEntry 3 } + +channelDataControl OBJECT-TYPE + SYNTAX INTEGER { + on(1), + off(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object controls the flow of data through this channel. + If this object is on(1), data, status and events flow + through this channel. If this object is off(2), data, + status and events will not flow through this channel." + DEFVAL { off } + ::= { channelEntry 4 } + +channelTurnOnEventIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object identifies the event + that is configured to turn the associated + channelDataControl from off to on when the event is + generated. The event identified by a particular value + of this object is the same event as identified by the + same value of the eventIndex object. If there is no + corresponding entry in the eventTable, then no + association exists. In fact, if no event is intended + for this channel, channelTurnOnEventIndex must be + set to zero, a non-existent event index. + + This object may not be modified if the associated + channelStatus object is equal to valid(1)." + ::= { channelEntry 5 } + +channelTurnOffEventIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object identifies the event + that is configured to turn the associated + channelDataControl from on to off when the event is + generated. The event identified by a particular value + of this object is the same event as identified by the + same value of the eventIndex object. If there is no + corresponding entry in the eventTable, then no + association exists. In fact, if no event is intended + for this channel, channelTurnOffEventIndex must be + set to zero, a non-existent event index. + + This object may not be modified if the associated + channelStatus object is equal to valid(1)." + ::= { channelEntry 6 } + +channelEventIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object identifies the event + that is configured to be generated when the + associated channelDataControl is on and a packet + is matched. The event identified by a particular value + of this object is the same event as identified by the + same value of the eventIndex object. If there is no + corresponding entry in the eventTable, then no + association exists. In fact, if no event is intended + for this channel, channelEventIndex must be + set to zero, a non-existent event index. + + This object may not be modified if the associated + channelStatus object is equal to valid(1)." + ::= { channelEntry 7 } + +channelEventStatus OBJECT-TYPE + SYNTAX INTEGER { + eventReady(1), + eventFired(2), + eventAlwaysReady(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The event status of this channel. + + If this channel is configured to generate events + when packets are matched, a means of controlling + the flow of those events is often needed. When + this object is equal to eventReady(1), a single + event may be generated, after which this object + will be set by the probe to eventFired(2). While + in the eventFired(2) state, no events will be + generated until the object is modified to + eventReady(1) (or eventAlwaysReady(3)). The + management station can thus easily respond to a + notification of an event by re-enabling this object. + + If the management station wishes to disable this + flow control and allow events to be generated + at will, this object may be set to + eventAlwaysReady(3). Disabling the flow control + is discouraged as it can result in high network + traffic or other performance problems." + DEFVAL { eventReady } + ::= { channelEntry 8 } + +channelMatches OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times this channel has matched a packet. + Note that this object is updated even when + channelDataControl is set to off." + ::= { channelEntry 9 } + +channelDescription OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..127)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A comment describing this channel." + ::= { channelEntry 10 } + +channelOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { channelEntry 11 } + +channelStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this channel entry." + ::= { channelEntry 12 } + +-- The Packet Capture Group + +-- Implementation of the Packet Capture group is optional. The Packet +-- Capture Group requires implementation of the Filter Group. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Packet Capture group allows packets to be captured +-- upon a filter match. The bufferControlTable controls +-- the captured packets output from a channel that is +-- associated with it. The captured packets are placed +-- in entries in the captureBufferTable. These entries are +-- associated with the bufferControlEntry on whose behalf they +-- were stored. + +bufferControlTable OBJECT-TYPE + SYNTAX SEQUENCE OF BufferControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of buffers control entries." + ::= { capture 1 } + +bufferControlEntry OBJECT-TYPE + SYNTAX BufferControlEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of parameters that control the collection of a stream + of packets that have matched filters. As an example, an + instance of the bufferControlCaptureSliceSize object might + be named bufferControlCaptureSliceSize.3" + INDEX { bufferControlIndex } + ::= { bufferControlTable 1 } + +BufferControlEntry ::= SEQUENCE { + bufferControlIndex Integer32, + bufferControlChannelIndex Integer32, + bufferControlFullStatus INTEGER, + bufferControlFullAction INTEGER, + bufferControlCaptureSliceSize Integer32, + bufferControlDownloadSliceSize Integer32, + bufferControlDownloadOffset Integer32, + bufferControlMaxOctetsRequested Integer32, + bufferControlMaxOctetsGranted Integer32, + bufferControlCapturedPackets Integer32, + bufferControlTurnOnTime TimeTicks, + bufferControlOwner OwnerString, + bufferControlStatus EntryStatus +} + +bufferControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry + in the bufferControl table. The value of this + index shall never be zero. Each such + entry defines one set of packets that is + captured and controlled by one or more filters." + ::= { bufferControlEntry 1 } + +bufferControlChannelIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "An index that identifies the channel that is the + source of packets for this bufferControl table. + The channel identified by a particular value of this + index is the same as identified by the same value of + the channelIndex object. + + This object may not be modified if the associated + bufferControlStatus object is equal to valid(1)." + ::= { bufferControlEntry 2 } + +bufferControlFullStatus OBJECT-TYPE + SYNTAX INTEGER { + + spaceAvailable(1), + full(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object shows whether the buffer has room to + accept new packets or if it is full. + + If the status is spaceAvailable(1), the buffer is + accepting new packets normally. If the status is + full(2) and the associated bufferControlFullAction + object is wrapWhenFull, the buffer is accepting new + packets by deleting enough of the oldest packets + to make room for new ones as they arrive. Otherwise, + if the status is full(2) and the + bufferControlFullAction object is lockWhenFull, + then the buffer has stopped collecting packets. + + When this object is set to full(2) the probe must + not later set it to spaceAvailable(1) except in the + case of a significant gain in resources such as + an increase of bufferControlOctetsGranted. In + particular, the wrap-mode action of deleting old + packets to make room for newly arrived packets + must not affect the value of this object." + ::= { bufferControlEntry 3 } + +bufferControlFullAction OBJECT-TYPE + SYNTAX INTEGER { + lockWhenFull(1), + wrapWhenFull(2) -- FIFO + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls the action of the buffer when it + reaches the full status. When in the lockWhenFull(1) + state and a packet is added to the buffer that + fills the buffer, the bufferControlFullStatus will + be set to full(2) and this buffer will stop capturing + packets." + ::= { bufferControlEntry 4 } + +bufferControlCaptureSliceSize OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of octets of each packet + that will be saved in this capture buffer. + For example, if a 1500 octet packet is received by + the probe and this object is set to 500, then only + 500 octets of the packet will be stored in the + associated capture buffer. If this variable is set + to 0, the capture buffer will save as many octets + as is possible. + + This object may not be modified if the associated + bufferControlStatus object is equal to valid(1)." + DEFVAL { 100 } + ::= { bufferControlEntry 5 } + +bufferControlDownloadSliceSize OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of octets of each packet + in this capture buffer that will be returned in + an SNMP retrieval of that packet. For example, + if 500 octets of a packet have been stored in the + associated capture buffer, the associated + bufferControlDownloadOffset is 0, and this + object is set to 100, then the captureBufferPacket + object that contains the packet will contain only + the first 100 octets of the packet. + + A prudent manager will take into account possible + interoperability or fragmentation problems that may + occur if the download slice size is set too large. + In particular, conformant SNMP implementations are not + required to accept messages whose length exceeds 484 + octets, although they are encouraged to support larger + datagrams whenever feasible." + DEFVAL { 100 } + ::= { bufferControlEntry 6 } + +bufferControlDownloadOffset OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The offset of the first octet of each packet + in this capture buffer that will be returned in + an SNMP retrieval of that packet. For example, + if 500 octets of a packet have been stored in the + associated capture buffer and this object is set to + 100, then the captureBufferPacket object that + contains the packet will contain bytes starting + 100 octets into the packet." + DEFVAL { 0 } + ::= { bufferControlEntry 7 } + +bufferControlMaxOctetsRequested OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The requested maximum number of octets to be + saved in this captureBuffer, including any + implementation-specific overhead. If this variable + is set to -1, the capture buffer will save as many + octets as is possible. + + When this object is created or modified, the probe + should set bufferControlMaxOctetsGranted as closely + to this object as is possible for the particular probe + implementation and available resources. However, if + the object has the special value of -1, the probe + must set bufferControlMaxOctetsGranted to -1." + DEFVAL { -1 } + ::= { bufferControlEntry 8 } + +bufferControlMaxOctetsGranted OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of octets that can be + saved in this captureBuffer, including overhead. + If this variable is -1, the capture buffer will save + as many octets as possible. + + When the bufferControlMaxOctetsRequested object is + created or modified, the probe should set this object + as closely to the requested value as is possible for the + particular probe implementation and available resources. + However, if the request object has the special value + + of -1, the probe must set this object to -1. + + The probe must not lower this value except as a result of + a modification to the associated + bufferControlMaxOctetsRequested object. + + When this maximum number of octets is reached + and a new packet is to be added to this + capture buffer and the corresponding + bufferControlFullAction is set to wrapWhenFull(2), + enough of the oldest packets associated with this + capture buffer shall be deleted by the agent so + that the new packet can be added. If the corresponding + bufferControlFullAction is set to lockWhenFull(1), + the new packet shall be discarded. In either case, + the probe must set bufferControlFullStatus to + full(2). + + When the value of this object changes to a value less + than the current value, entries are deleted from + the captureBufferTable associated with this + bufferControlEntry. Enough of the + oldest of these captureBufferEntries shall be + deleted by the agent so that the number of octets + used remains less than or equal to the new value of + this object. + + When the value of this object changes to a value greater + than the current value, the number of associated + captureBufferEntries may be allowed to grow." + ::= { bufferControlEntry 9 } + +bufferControlCapturedPackets OBJECT-TYPE + SYNTAX Integer32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets currently in this captureBuffer." + ::= { bufferControlEntry 10 } + +bufferControlTurnOnTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when this capture buffer was + first turned on." + ::= { bufferControlEntry 11 } + +bufferControlOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it." + ::= { bufferControlEntry 12 } + +bufferControlStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this buffer Control Entry." + ::= { bufferControlEntry 13 } + +captureBufferTable OBJECT-TYPE + SYNTAX SEQUENCE OF CaptureBufferEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of packets captured off of a channel." + ::= { capture 2 } + +captureBufferEntry OBJECT-TYPE + SYNTAX CaptureBufferEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A packet captured off of an attached network. As an + example, an instance of the captureBufferPacketData + object might be named captureBufferPacketData.3.1783" + INDEX { captureBufferControlIndex, captureBufferIndex } + ::= { captureBufferTable 1 } + +CaptureBufferEntry ::= SEQUENCE { + captureBufferControlIndex Integer32, + captureBufferIndex Integer32, + captureBufferPacketID Integer32, + captureBufferPacketData OCTET STRING, + captureBufferPacketLength Integer32, + captureBufferPacketTime Integer32, + captureBufferPacketStatus Integer32 +} + +captureBufferControlIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the bufferControlEntry with which + this packet is associated." + ::= { captureBufferEntry 1 } + +captureBufferIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry + in the captureBuffer table associated with a + particular bufferControlEntry. This index will + start at 1 and increase by one for each new packet + added with the same captureBufferControlIndex. + + Should this value reach 2147483647, the next packet + added with the same captureBufferControlIndex shall + cause this value to wrap around to 1." + ::= { captureBufferEntry 2 } + +captureBufferPacketID OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that describes the order of packets + that are received on a particular interface. + The packetID of a packet captured on an + interface is defined to be greater than the + packetID's of all packets captured previously on + the same interface. As the captureBufferPacketID + object has a maximum positive value of 2^31 - 1, + any captureBufferPacketID object shall have the + value of the associated packet's packetID mod 2^31." + ::= { captureBufferEntry 3 } + +captureBufferPacketData OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The data inside the packet, starting at the beginning + of the packet plus any offset specified in the + + associated bufferControlDownloadOffset, including any + link level headers. The length of the data in this object + is the minimum of the length of the captured packet minus + the offset, the length of the associated + bufferControlCaptureSliceSize minus the offset, and the + associated bufferControlDownloadSliceSize. If this minimum + is less than zero, this object shall have a length of zero." + ::= { captureBufferEntry 4 } + +captureBufferPacketLength OBJECT-TYPE + SYNTAX Integer32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The actual length (off the wire) of the packet stored + in this entry, including FCS octets." + ::= { captureBufferEntry 5 } + +captureBufferPacketTime OBJECT-TYPE + SYNTAX Integer32 + UNITS "Milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of milliseconds that had passed since + this capture buffer was first turned on when this + packet was captured." + ::= { captureBufferEntry 6 } + +captureBufferPacketStatus OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A value which indicates the error status of this packet. + + The value of this object is defined in the same way as + filterPktStatus. The value is a sum. This sum + initially takes the value zero. Then, for each + error, E, that has been discovered in this packet, + 2 raised to a value representing E is added to the sum. + + The errors defined for a packet captured off of an + Ethernet interface are as follows: + + bit # Error + 0 Packet is longer than 1518 octets + + 1 Packet is shorter than 64 octets + 2 Packet experienced a CRC or Alignment error + 3 First packet in this capture buffer after + it was detected that some packets were + not processed correctly. + 4 Packet's order in buffer is only approximate + (May only be set for packets sent from + the probe) + + For example, an Ethernet fragment would have a + value of 6 (2^1 + 2^2). + + As this MIB is expanded to new media types, this object + will have other media-specific errors defined." + ::= { captureBufferEntry 7 } + +-- The Event Group + +-- Implementation of the Event group is optional. +-- Consult the MODULE-COMPLIANCE macro for the authoritative +-- conformance information for this MIB. +-- +-- The Event group controls the generation and notification +-- of events from this device. Each entry in the eventTable +-- describes the parameters of the event that can be triggered. +-- Each event entry is fired by an associated condition located +-- elsewhere in the MIB. An event entry may also be associated +-- with a function elsewhere in the MIB that will be executed +-- when the event is generated. For example, a channel may +-- be turned on or off by the firing of an event. +-- +-- Each eventEntry may optionally specify that a log entry +-- be created on its behalf whenever the event occurs. +-- Each entry may also specify that notification should +-- occur by way of SNMP trap messages. In this case, the +-- community for the trap message is given in the associated +-- eventCommunity object. The enterprise and specific trap +-- fields of the trap are determined by the condition that +-- triggered the event. Two traps are defined: risingAlarm and +-- fallingAlarm. If the eventTable is triggered by a condition +-- specified elsewhere, the enterprise and specific trap fields +-- must be specified for traps generated for that condition. + +eventTable OBJECT-TYPE + SYNTAX SEQUENCE OF EventEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of events to be generated." + ::= { event 1 } + +eventEntry OBJECT-TYPE + SYNTAX EventEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of parameters that describe an event to be generated + when certain conditions are met. As an example, an instance + of the eventLastTimeSent object might be named + eventLastTimeSent.6" + INDEX { eventIndex } + ::= { eventTable 1 } + +EventEntry ::= SEQUENCE { + eventIndex Integer32, + eventDescription DisplayString, + eventType INTEGER, + eventCommunity OCTET STRING, + eventLastTimeSent TimeTicks, + eventOwner OwnerString, + eventStatus EntryStatus +} + +eventIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + event table. Each such entry defines one event that + is to be generated when the appropriate conditions + occur." + ::= { eventEntry 1 } + +eventDescription OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..127)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A comment describing this event entry." + ::= { eventEntry 2 } + +eventType OBJECT-TYPE + SYNTAX INTEGER { + none(1), + log(2), + snmptrap(3), -- send an SNMP trap + logandtrap(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of notification that the probe will make + about this event. In the case of log, an entry is + made in the log table for each event. In the case of + snmp-trap, an SNMP trap is sent to one or more + management stations." + ::= { eventEntry 3 } + +eventCommunity OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..127)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "If an SNMP trap is to be sent, it will be sent to + the SNMP community specified by this octet string." + ::= { eventEntry 4 } + +eventLastTimeSent OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this event + entry last generated an event. If this entry has + not generated any events, this value will be + zero." + ::= { eventEntry 5 } + +eventOwner OBJECT-TYPE + SYNTAX OwnerString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The entity that configured this entry and is therefore + using the resources assigned to it. + + If this object contains a string starting with 'monitor' + and has associated entries in the log table, all connected + management stations should retrieve those log entries, + as they may have significance to all management stations + connected to this device" + ::= { eventEntry 6 } + +eventStatus OBJECT-TYPE + SYNTAX EntryStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this event entry. + + If this object is not equal to valid(1), all associated + log entries shall be deleted by the agent." + ::= { eventEntry 7 } + +-- +logTable OBJECT-TYPE + SYNTAX SEQUENCE OF LogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of events that have been logged." + ::= { event 2 } + +logEntry OBJECT-TYPE + SYNTAX LogEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of data describing an event that has been + logged. For example, an instance of the logDescription + object might be named logDescription.6.47" + INDEX { logEventIndex, logIndex } + ::= { logTable 1 } + +LogEntry ::= SEQUENCE { + logEventIndex Integer32, + logIndex Integer32, + logTime TimeTicks, + logDescription DisplayString +} + +logEventIndex OBJECT-TYPE + SYNTAX Integer32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The event entry that generated this log + entry. The log identified by a particular + value of this index is associated with the same + eventEntry as identified by the same value + of eventIndex." + ::= { logEntry 1 } + +logIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry + in the log table amongst those generated by the + same eventEntries. These indexes are + assigned beginning with 1 and increase by one + with each new log entry. The association + between values of logIndex and logEntries + is fixed for the lifetime of each logEntry. + The agent may choose to delete the oldest + instances of logEntry as required because of + lack of memory. It is an implementation-specific + matter as to when this deletion may occur." + ::= { logEntry 2 } + +logTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime when this log entry was created." + ::= { logEntry 3 } + +logDescription OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An implementation dependent description of the + event that activated this log entry." + ::= { logEntry 4 } + +-- Remote Network Monitoring Traps + +rmonEventsV2 OBJECT-IDENTITY + STATUS current + DESCRIPTION "Definition point for RMON notifications." + ::= { rmon 0 } + +risingAlarm NOTIFICATION-TYPE + OBJECTS { alarmIndex, alarmVariable, alarmSampleType, + alarmValue, alarmRisingThreshold } + STATUS current + DESCRIPTION + "The SNMP trap that is generated when an alarm + entry crosses its rising threshold and generates + an event that is configured for sending SNMP + traps." + ::= { rmonEventsV2 1 } + +fallingAlarm NOTIFICATION-TYPE + OBJECTS { alarmIndex, alarmVariable, alarmSampleType, + alarmValue, alarmFallingThreshold } + STATUS current + DESCRIPTION + "The SNMP trap that is generated when an alarm + entry crosses its falling threshold and generates + an event that is configured for sending SNMP + traps." + ::= { rmonEventsV2 2 } + +-- Conformance information + +rmonCompliances OBJECT IDENTIFIER ::= { rmonConformance 9 } +rmonGroups OBJECT IDENTIFIER ::= { rmonConformance 10 } + +-- Compliance Statements +rmonCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The requirements for conformance to the RMON MIB. At least + one of the groups in this module must be implemented to + conform to the RMON MIB. Implementations of this MIB + must also implement the system group of MIB-II [16] and the + IF-MIB [17]." + MODULE -- this module + + GROUP rmonEtherStatsGroup + DESCRIPTION + "The RMON Ethernet Statistics Group is optional." + + GROUP rmonHistoryControlGroup + DESCRIPTION + "The RMON History Control Group is optional." + + GROUP rmonEthernetHistoryGroup + DESCRIPTION + "The RMON Ethernet History Group is optional." + + GROUP rmonAlarmGroup + DESCRIPTION + "The RMON Alarm Group is optional." + + GROUP rmonHostGroup + DESCRIPTION + "The RMON Host Group is mandatory when the + rmonHostTopNGroup is implemented." + + GROUP rmonHostTopNGroup + DESCRIPTION + "The RMON Host Top N Group is optional." + + GROUP rmonMatrixGroup + DESCRIPTION + "The RMON Matrix Group is optional." + + GROUP rmonFilterGroup + DESCRIPTION + "The RMON Filter Group is mandatory when the + rmonPacketCaptureGroup is implemented." + + GROUP rmonPacketCaptureGroup + DESCRIPTION + "The RMON Packet Capture Group is optional." + + GROUP rmonEventGroup + DESCRIPTION + "The RMON Event Group is mandatory when the + rmonAlarmGroup is implemented." + ::= { rmonCompliances 1 } + + rmonEtherStatsGroup OBJECT-GROUP + OBJECTS { + etherStatsIndex, etherStatsDataSource, + etherStatsDropEvents, etherStatsOctets, etherStatsPkts, + etherStatsBroadcastPkts, etherStatsMulticastPkts, + etherStatsCRCAlignErrors, etherStatsUndersizePkts, + etherStatsOversizePkts, etherStatsFragments, + etherStatsJabbers, etherStatsCollisions, + etherStatsPkts64Octets, etherStatsPkts65to127Octets, + etherStatsPkts128to255Octets, + etherStatsPkts256to511Octets, + etherStatsPkts512to1023Octets, + etherStatsPkts1024to1518Octets, + etherStatsOwner, etherStatsStatus + } + STATUS current + DESCRIPTION + "The RMON Ethernet Statistics Group." + ::= { rmonGroups 1 } + + rmonHistoryControlGroup OBJECT-GROUP + OBJECTS { + historyControlIndex, historyControlDataSource, + historyControlBucketsRequested, + historyControlBucketsGranted, historyControlInterval, + historyControlOwner, historyControlStatus + } + STATUS current + DESCRIPTION + "The RMON History Control Group." + ::= { rmonGroups 2 } + + rmonEthernetHistoryGroup OBJECT-GROUP + OBJECTS { + etherHistoryIndex, etherHistorySampleIndex, + etherHistoryIntervalStart, etherHistoryDropEvents, + etherHistoryOctets, etherHistoryPkts, + etherHistoryBroadcastPkts, etherHistoryMulticastPkts, + etherHistoryCRCAlignErrors, etherHistoryUndersizePkts, + etherHistoryOversizePkts, etherHistoryFragments, + etherHistoryJabbers, etherHistoryCollisions, + etherHistoryUtilization + } + STATUS current + DESCRIPTION + "The RMON Ethernet History Group." + ::= { rmonGroups 3 } + + rmonAlarmGroup OBJECT-GROUP + OBJECTS { + alarmIndex, alarmInterval, alarmVariable, + alarmSampleType, alarmValue, alarmStartupAlarm, + alarmRisingThreshold, alarmFallingThreshold, + alarmRisingEventIndex, alarmFallingEventIndex, + alarmOwner, alarmStatus + } + STATUS current + DESCRIPTION + "The RMON Alarm Group." + ::= { rmonGroups 4 } + + rmonHostGroup OBJECT-GROUP + OBJECTS { + hostControlIndex, hostControlDataSource, + hostControlTableSize, hostControlLastDeleteTime, + hostControlOwner, hostControlStatus, + hostAddress, hostCreationOrder, hostIndex, + hostInPkts, hostOutPkts, hostInOctets, + hostOutOctets, hostOutErrors, hostOutBroadcastPkts, + hostOutMulticastPkts, hostTimeAddress, + hostTimeCreationOrder, hostTimeIndex, + hostTimeInPkts, hostTimeOutPkts, hostTimeInOctets, + hostTimeOutOctets, hostTimeOutErrors, + hostTimeOutBroadcastPkts, hostTimeOutMulticastPkts + } + STATUS current + DESCRIPTION + "The RMON Host Group." + ::= { rmonGroups 5 } + + rmonHostTopNGroup OBJECT-GROUP + OBJECTS { + hostTopNControlIndex, hostTopNHostIndex, + hostTopNRateBase, hostTopNTimeRemaining, + hostTopNDuration, hostTopNRequestedSize, + hostTopNGrantedSize, hostTopNStartTime, + hostTopNOwner, hostTopNStatus, + hostTopNReport, hostTopNIndex, + hostTopNAddress, hostTopNRate + } + STATUS current + DESCRIPTION + "The RMON Host Top 'N' Group." + ::= { rmonGroups 6 } + + rmonMatrixGroup OBJECT-GROUP + OBJECTS { + matrixControlIndex, matrixControlDataSource, + matrixControlTableSize, matrixControlLastDeleteTime, + matrixControlOwner, matrixControlStatus, + matrixSDSourceAddress, matrixSDDestAddress, + matrixSDIndex, matrixSDPkts, + matrixSDOctets, matrixSDErrors, + matrixDSSourceAddress, matrixDSDestAddress, + matrixDSIndex, matrixDSPkts, + matrixDSOctets, matrixDSErrors + } + STATUS current + DESCRIPTION + "The RMON Matrix Group." + ::= { rmonGroups 7 } + + rmonFilterGroup OBJECT-GROUP + OBJECTS { + + filterIndex, filterChannelIndex, filterPktDataOffset, + filterPktData, filterPktDataMask, + filterPktDataNotMask, filterPktStatus, + filterPktStatusMask, filterPktStatusNotMask, + filterOwner, filterStatus, + channelIndex, channelIfIndex, channelAcceptType, + channelDataControl, channelTurnOnEventIndex, + channelTurnOffEventIndex, channelEventIndex, + channelEventStatus, channelMatches, + channelDescription, channelOwner, channelStatus + } + STATUS current + DESCRIPTION + "The RMON Filter Group." + ::= { rmonGroups 8 } + + rmonPacketCaptureGroup OBJECT-GROUP + OBJECTS { + bufferControlIndex, bufferControlChannelIndex, + bufferControlFullStatus, bufferControlFullAction, + bufferControlCaptureSliceSize, + bufferControlDownloadSliceSize, + bufferControlDownloadOffset, + bufferControlMaxOctetsRequested, + bufferControlMaxOctetsGranted, + bufferControlCapturedPackets, + bufferControlTurnOnTime, + bufferControlOwner, bufferControlStatus, + captureBufferControlIndex, captureBufferIndex, + captureBufferPacketID, captureBufferPacketData, + captureBufferPacketLength, captureBufferPacketTime, + captureBufferPacketStatus + } + STATUS current + DESCRIPTION + "The RMON Packet Capture Group." + ::= { rmonGroups 9 } + + rmonEventGroup OBJECT-GROUP + OBJECTS { + eventIndex, eventDescription, eventType, + eventCommunity, eventLastTimeSent, + eventOwner, eventStatus, + logEventIndex, logIndex, logTime, + logDescription + } + STATUS current + DESCRIPTION + "The RMON Event Group." + ::= { rmonGroups 10 } + + rmonNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { risingAlarm, fallingAlarm } + STATUS current + DESCRIPTION + "The RMON Notification Group." + ::= { rmonGroups 11 } +END diff --git a/data/mibs/SCTP-MIB.txt b/data/mibs/SCTP-MIB.txt new file mode 100644 index 000000000..9d809d282 --- /dev/null +++ b/data/mibs/SCTP-MIB.txt @@ -0,0 +1,1342 @@ +SCTP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Gauge32, + Counter32, Counter64, mib-2 + FROM SNMPv2-SMI -- [RFC2578] + TimeStamp, TruthValue + FROM SNMPv2-TC -- [RFC2579] + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF -- [RFC2580] + InetAddressType, InetAddress, InetPortNumber + FROM INET-ADDRESS-MIB; -- [RFC3291] + +sctpMIB MODULE-IDENTITY + LAST-UPDATED "200409020000Z" -- 2nd September 2004 + ORGANIZATION "IETF SIGTRAN Working Group" + CONTACT-INFO + " + WG EMail: sigtran@ietf.org + + Web Page: + http://www.ietf.org/html.charters/sigtran-charter.html + + Chair: Lyndon Ong + Ciena Corporation + 0480 Ridgeview Drive + Cupertino, CA 95014 + USA + Tel: + Email: lyong@ciena.com + + Editors: Maria-Carmen Belinchon + R&D Department + Ericsson Espana S. A. + Via de los Poblados, 13 + 28033 Madrid + Spain + Tel: +34 91 339 3535 + Email: Maria.C.Belinchon@ericsson.com + + Jose-Javier Pastor-Balbas + R&D Department + Ericsson Espana S. A. + Via de los Poblados, 13 + 28033 Madrid + Spain + Tel: +34 91 339 1397 + Email: J.Javier.Pastor@ericsson.com + " + DESCRIPTION + "The MIB module for managing SCTP implementations. + + Copyright (C) The Internet Society (2004). This version of + this MIB module is part of RFC 3873; see the RFC itself for + full legal notices. " + + REVISION "200409020000Z" -- 2nd September 2004 + DESCRIPTION " Initial version, published as RFC 3873" + ::= { mib-2 104 } + +-- the SCTP base variables group + +sctpObjects OBJECT IDENTIFIER ::= { sctpMIB 1 } + +sctpStats OBJECT IDENTIFIER ::= { sctpObjects 1 } +sctpParams OBJECT IDENTIFIER ::= { sctpObjects 2 } + +-- STATISTICS +-- ********** + +-- STATE-RELATED STATISTICS + +sctpCurrEstab OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of associations for which the current state is + either ESTABLISHED, SHUTDOWN-RECEIVED or SHUTDOWN-PENDING." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpStats 1 } + +sctpActiveEstabs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that associations have made a direct + transition to the ESTABLISHED state from the COOKIE-ECHOED + state: COOKIE-ECHOED -> ESTABLISHED. The upper layer initiated + the association attempt." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpStats 2 } + +sctpPassiveEstabs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that associations have made a direct + transition to the ESTABLISHED state from the CLOSED state: + CLOSED -> ESTABLISHED. The remote endpoint initiated the + association attempt." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpStats 3 } + +sctpAborteds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that associations have made a direct + transition to the CLOSED state from any state using the + primitive 'ABORT': AnyState --Abort--> CLOSED. Ungraceful + termination of the association." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpStats 4 } + +sctpShutdowns OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that associations have made a direct + transition to the CLOSED state from either the SHUTDOWN-SENT + state or the SHUTDOWN-ACK-SENT state. Graceful termination of + the association." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpStats 5 } + +-- OTHER LAYER STATISTICS + +sctpOutOfBlues OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of out of the blue packets received by the host. + An out of the blue packet is an SCTP packet correctly formed, + including the proper checksum, but for which the receiver was + unable to identify an appropriate association." + REFERENCE + "Section 8.4 in RFC2960 deals with the Out-Of-The-Blue + (OOTB) packet definition and procedures." + ::= { sctpStats 6 } + +sctpChecksumErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP packets received with an invalid + checksum." + REFERENCE + "The checksum is located at the end of the SCTP packet as per + Section 3.1 in RFC2960. RFC3309 updates SCTP to use a 32 bit + CRC checksum." +::= { sctpStats 7 } + +sctpOutCtrlChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP control chunks sent (retransmissions are + not included). Control chunks are those chunks different from + DATA." + REFERENCE + "Sections 1.3.5 and 1.4 in RFC2960 refer to control chunk as + those chunks different from those that contain user + information, i.e., DATA chunks." + ::= { sctpStats 8 } + +sctpOutOrderChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP ordered data chunks sent (retransmissions + are not included)." + REFERENCE + "Section 3.3.1 in RFC2960 defines the ordered data chunk." + ::= { sctpStats 9 } + +sctpOutUnorderChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP unordered chunks (data chunks in which the + U bit is set to 1) sent (retransmissions are not included)." + REFERENCE + "Section 3.3.1 in RFC2960 defines the unordered data chunk." + ::= { sctpStats 10 } + +sctpInCtrlChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP control chunks received (no duplicate + chunks included)." + REFERENCE + "Sections 1.3.5 and 1.4 in RFC2960 refer to control chunk as + those chunks different from those that contain user + information, i.e., DATA chunks." + ::= { sctpStats 11 } + +sctpInOrderChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP ordered data chunks received (no duplicate + chunks included)." + REFERENCE + "Section 3.3.1 in RFC2960 defines the ordered data chunk." + ::= { sctpStats 12 } + +sctpInUnorderChunks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP unordered chunks (data chunks in which the + U bit is set to 1) received (no duplicate chunks included)." + REFERENCE + "Section 3.3.1 in RFC2960 defines the unordered data chunk." + ::= { sctpStats 13 } + +sctpFragUsrMsgs OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of user messages that have to be fragmented + because of the MTU." + ::= { sctpStats 14 } + +sctpReasmUsrMsgs OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of user messages reassembled, after conversion + into DATA chunks." + REFERENCE + "Section 6.9 in RFC2960 includes a description of the + reassembly process." + ::= { sctpStats 15 } + +sctpOutSCTPPacks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP packets sent. Retransmitted DATA chunks + are included." + ::= { sctpStats 16 } + +sctpInSCTPPacks OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of SCTP packets received. Duplicates are + included." + ::= { sctpStats 17 } + +sctpDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + any one or more of this general statistics counters suffered a + discontinuity. The relevant counters are the specific + instances associated with this interface of any Counter32 or + Counter64 object contained in the SCTP layer statistics + (defined below sctpStats branch). If no such discontinuities + have occurred since the last re-initialization of the local + management subsystem, then this object contains a zero value." + REFERENCE + "The inclusion of this object is recommended by RFC2578." + ::= { sctpStats 18 } + +-- PROTOCOL GENERAL VARIABLES +-- ************************** + +sctpRtoAlgorithm OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- Other new one. Future use + vanj(2) -- Van Jacobson's algorithm + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The algorithm used to determine the timeout value (T3-rtx) + used for re-transmitting unacknowledged chunks." + REFERENCE + "Section 6.3.1 and 6.3.2 in RFC2960 cover the RTO calculation + and retransmission timer rules." + DEFVAL {vanj} -- vanj(2) + ::= { sctpParams 1 } + +sctpRtoMin OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum value permitted by a SCTP implementation for the + retransmission timeout value, measured in milliseconds. More + refined semantics for objects of this type depend upon the + algorithm used to determine the retransmission timeout value. + + A retransmission time value of zero means immediate + retransmission. + + The value of this object has to be lower than or equal to + stcpRtoMax's value." + DEFVAL {1000} -- milliseconds + ::= { sctpParams 2 } + +sctpRtoMax OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum value permitted by a SCTP implementation for the + retransmission timeout value, measured in milliseconds. More + refined semantics for objects of this type depend upon the + algorithm used to determine the retransmission timeout value. + + A retransmission time value of zero means immediate re- + transmission. + + The value of this object has to be greater than or equal to + stcpRtoMin's value." + DEFVAL {60000} -- milliseconds + ::= { sctpParams 3 } + +sctpRtoInitial OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The initial value for the retransmission timer. + + A retransmission time value of zero means immediate re- + transmission." + DEFVAL {3000} -- milliseconds + ::= { sctpParams 4 } + +sctpMaxAssocs OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The limit on the total number of associations the entity can + support. In entities where the maximum number of associations + is dynamic, this object should contain the value -1." + ::= { sctpParams 5 } + +sctpValCookieLife OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Valid cookie life in the 4-way start-up handshake procedure." + REFERENCE + "Section 5.1.3 in RFC2960 explains the cookie generation + process. Recommended value is per section 14 in RFC2960." + DEFVAL {60000} -- milliseconds + ::= { sctpParams 6 } + +sctpMaxInitRetr OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of retransmissions at the start-up phase + (INIT and COOKIE ECHO chunks). " + REFERENCE + "Section 5.1.4, 5.1.6 in RFC2960 refers to Max.Init.Retransmit + parameter. Recommended value is per section 14 in RFC2960." + DEFVAL {8} -- number of attempts + ::= { sctpParams 7 } + +-- TABLES +-- ****** + +-- the SCTP Association TABLE + +-- The SCTP association table contains information about each +-- association in which the local endpoint is involved. + +sctpAssocTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpAssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing SCTP association-specific information." + ::= { sctpObjects 3 } + +sctpAssocEntry OBJECT-TYPE + SYNTAX SctpAssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "General common variables and statistics for the whole + association." + INDEX { sctpAssocId } + ::= { sctpAssocTable 1 } + +SctpAssocEntry ::= SEQUENCE { + sctpAssocId Unsigned32, + sctpAssocRemHostName OCTET STRING, + sctpAssocLocalPort InetPortNumber, + sctpAssocRemPort InetPortNumber, + sctpAssocRemPrimAddrType InetAddressType, + sctpAssocRemPrimAddr InetAddress, + sctpAssocHeartBeatInterval Unsigned32, + sctpAssocState INTEGER, + sctpAssocInStreams Unsigned32, + sctpAssocOutStreams Unsigned32, + sctpAssocMaxRetr Unsigned32, + sctpAssocPrimProcess Unsigned32, + sctpAssocT1expireds Counter32, -- Statistic + sctpAssocT2expireds Counter32, -- Statistic + sctpAssocRtxChunks Counter32, -- Statistic + sctpAssocStartTime TimeStamp, + sctpAssocDiscontinuityTime TimeStamp + } + +sctpAssocId OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Association Identification. Value identifying the + association. " + ::= { sctpAssocEntry 1 } + +sctpAssocRemHostName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The peer's DNS name. This object needs to have the same + format as the encoding in the DNS protocol. This implies that + the domain name can be up to 255 octets long, each octet being + 0<=x<=255 as value with US-ASCII A-Z having a case insensitive + matching. + + If no DNS domain name was received from the peer at init time + (embedded in the INIT or INIT-ACK chunk), this object is + meaningless. In such cases the object MUST contain a zero- + length string value. Otherwise, it contains the remote host + name received at init time." + ::= { sctpAssocEntry 2 } + +sctpAssocLocalPort OBJECT-TYPE + SYNTAX InetPortNumber (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local SCTP port number used for this association." + ::= { sctpAssocEntry 3 } + +sctpAssocRemPort OBJECT-TYPE + SYNTAX InetPortNumber (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote SCTP port number used for this association." + ::= { sctpAssocEntry 4 } + +sctpAssocRemPrimAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The internet type of primary remote IP address. " + ::= { sctpAssocEntry 5 } + +sctpAssocRemPrimAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The primary remote IP address. The type of this address is + determined by the value of sctpAssocRemPrimAddrType. + + The client side will know this value after INIT_ACK message + reception, the server side will know this value when sending + INIT_ACK message. However, values will be filled in at + established(4) state." + ::= { sctpAssocEntry 6 } + +sctpAssocHeartBeatInterval OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current heartbeat interval.. + + Zero value means no HeartBeat, even when the concerned + sctpAssocRemAddrHBFlag object is true." + DEFVAL {30000} -- milliseconds + ::= { sctpAssocEntry 7 } + +sctpAssocState OBJECT-TYPE + SYNTAX INTEGER { + closed(1), + cookieWait(2), + cookieEchoed(3), + established(4), + shutdownPending(5), + shutdownSent(6), + shutdownReceived(7), + shutdownAckSent(8), + deleteTCB(9) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The state of this SCTP association. + + As in TCP, deleteTCB(9) is the only value that may be set by a + management station. If any other value is received, then the + agent must return a wrongValue error. + + If a management station sets this object to the value + deleteTCB(9), then this has the effect of deleting the TCB (as + defined in SCTP) of the corresponding association on the + managed node, resulting in immediate termination of the + association. + + As an implementation-specific option, an ABORT chunk may be + sent from the managed node to the other SCTP endpoint as a + result of setting the deleteTCB(9) value. The ABORT chunk + implies an ungraceful association shutdown." + REFERENCE + "Section 4 in RFC2960 covers the SCTP Association state + diagram." + ::= { sctpAssocEntry 8 } + +sctpAssocInStreams OBJECT-TYPE + SYNTAX Unsigned32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Inbound Streams according to the negotiation at association + start up." + REFERENCE + "Section 1.3 in RFC2960 includes a definition of stream. + Section 5.1.1 in RFC2960 covers the streams negotiation + process." + ::= { sctpAssocEntry 9 } + +sctpAssocOutStreams OBJECT-TYPE + SYNTAX Unsigned32 (1..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Outbound Streams according to the negotiation at association + start up. " + REFERENCE + "Section 1.3 in RFC2960 includes a definition of stream. + Section 5.1.1 in RFC2960 covers the streams negotiation + process." + ::= { sctpAssocEntry 10 } + +sctpAssocMaxRetr OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of data retransmissions in the association + context. This value is specific for each association and the + upper layer can change it by calling the appropriate + primitives. This value has to be smaller than the addition of + all the maximum number for all the paths + (sctpAssocRemAddrMaxPathRtx). + + A value of zero value means no retransmissions." + DEFVAL {10} -- number of attempts + ::= { sctpAssocEntry 11 } + +sctpAssocPrimProcess OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object identifies the system level process which holds + primary responsibility for the SCTP association. + Wherever possible, this should be the system's native unique + identification number. The special value 0 can be used to + indicate that no primary process is known. + + Note that the value of this object can be used as a pointer + into the swRunTable of the HOST-RESOURCES-MIB(if the value is + smaller than 2147483647) or into the sysApplElmtRunTable of + the SYSAPPL-MIB." + ::= { sctpAssocEntry 12 } + +-- Association Statistics + +sctpAssocT1expireds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The T1 timer determines how long to wait for an + acknowledgement after sending an INIT or COOKIE-ECHO chunk. + This object reflects the number of times the T1 timer expires + without having received the acknowledgement. + + Discontinuities in the value of this counter can occur at re- + initialization of the management system, and at other times as + indicated by the value of sctpAssocDiscontinuityTime." + REFERENCE + "Section 5 in RFC2960." + ::= { sctpAssocEntry 13 } + +sctpAssocT2expireds OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The T2 timer determines how long to wait for an + acknowledgement after sending a SHUTDOWN or SHUTDOWN-ACK + chunk. This object reflects the number of times that T2- timer + expired. + + Discontinuities in the value of this counter can occur at re- + initialization of the management system, and at other times as + indicated by the value of sctpAssocDiscontinuityTime." +REFERENCE + "Section 9.2 in RFC2960." + ::= { sctpAssocEntry 14 } + +sctpAssocRtxChunks OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When T3-rtx expires, the DATA chunks that triggered the T3 + timer will be re-sent according with the retransmissions + rules. Every DATA chunk that was included in the SCTP packet + that triggered the T3-rtx timer must be added to the value of + this counter. + + Discontinuities in the value of this counter can occur at re- + initialization of the management system, and at other times as + indicated by the value of sctpAssocDiscontinuityTime." + REFERENCE + "Section 6 in RFC2960 covers the retransmission process and + rules." + ::= { sctpAssocEntry 15 } + +sctpAssocStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that the association + represented by this row enters the ESTABLISHED state, i.e., + the sctpAssocState object is set to established(4). The + value of this object will be zero: + - before the association enters the established(4) + state, or + + - if the established(4) state was entered prior to + the last re-initialization of the local network management + subsystem." + ::= { sctpAssocEntry 16 } + +sctpAssocDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at which + any one or more of this SCTP association counters suffered a + discontinuity. The relevant counters are the specific + instances associated with this interface of any Counter32 or + Counter64 object contained in the sctpAssocTable or + sctpLocalAddrTable or sctpRemAddrTable. If no such + discontinuities have occurred since the last re-initialization + of the local management subsystem, then this object contains a + zero value. " + REFERENCE + "The inclusion of this object is recommended by RFC2578." + ::= { sctpAssocEntry 17 } + +-- Expanded tables: Including Multi-home feature + +-- Local Address TABLE +-- ******************* + +sctpAssocLocalAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpAssocLocalAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Expanded table of sctpAssocTable based on the AssocId index. + This table shows data related to each local IP address which + is used by this association." + ::= { sctpObjects 4 } + +sctpAssocLocalAddrEntry OBJECT-TYPE + SYNTAX SctpAssocLocalAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Local information about the available addresses. There will + be an entry for every local IP address defined for this + + association. + Implementors need to be aware that if the size of + sctpAssocLocalAddr exceeds 114 octets then OIDs of column + instances in this table will have more than 128 sub- + identifiers and cannot be accessed using SNMPv1, SNMPv2c, or + SNMPv3." + INDEX { sctpAssocId, -- shared index + sctpAssocLocalAddrType, + sctpAssocLocalAddr } + ::= { sctpAssocLocalAddrTable 1 } + +SctpAssocLocalAddrEntry ::= SEQUENCE { + sctpAssocLocalAddrType InetAddressType, + sctpAssocLocalAddr InetAddress, + sctpAssocLocalAddrStartTime TimeStamp + } + +sctpAssocLocalAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Internet type of local IP address used for this association." + ::= { sctpAssocLocalAddrEntry 1 } + +sctpAssocLocalAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of a local IP address available for this + association. The type of this address is determined by the + value of sctpAssocLocalAddrType." + ::= { sctpAssocLocalAddrEntry 2 } + +sctpAssocLocalAddrStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that this row was + created." + ::= { sctpAssocLocalAddrEntry 3 } + +-- Remote Addresses TABLE +-- ********************** + +sctpAssocRemAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpAssocRemAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Expanded table of sctpAssocTable based on the AssocId index. + This table shows data related to each remote peer IP address + which is used by this association." + ::= { sctpObjects 5 } + +sctpAssocRemAddrEntry OBJECT-TYPE + SYNTAX SctpAssocRemAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about the most important variables for every + remote IP address. There will be an entry for every remote IP + address defined for this association. + + Implementors need to be aware that if the size of + sctpAssocRemAddr exceeds 114 octets then OIDs of column + instances in this table will have more than 128 sub- + identifiers and cannot be accessed using SNMPv1, SNMPv2c, or + SNMPv3." + INDEX { sctpAssocId, -- shared index + sctpAssocRemAddrType, + sctpAssocRemAddr } + ::= { sctpAssocRemAddrTable 1 } + +SctpAssocRemAddrEntry ::= SEQUENCE { + sctpAssocRemAddrType InetAddressType, + sctpAssocRemAddr InetAddress, + sctpAssocRemAddrActive TruthValue, + sctpAssocRemAddrHBActive TruthValue, + sctpAssocRemAddrRTO Unsigned32, + sctpAssocRemAddrMaxPathRtx Unsigned32, + sctpAssocRemAddrRtx Counter32, -- Statistic + sctpAssocRemAddrStartTime TimeStamp + } + +sctpAssocRemAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Internet type of a remote IP address available for this + association." + ::= { sctpAssocRemAddrEntry 1 } + +sctpAssocRemAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of a remote IP address available for this + association. The type of this address is determined by the + value of sctpAssocLocalAddrType." + ::= { sctpAssocRemAddrEntry 2 } + +sctpAssocRemAddrActive OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object gives information about the reachability of this + specific remote IP address. + + When the object is set to 'true' (1), the remote IP address is + understood as Active. Active means that the threshold of no + answers received from this IP address has not been reached. + + When the object is set to 'false' (2), the remote IP address + is understood as Inactive. Inactive means that either no + heartbeat or any other message was received from this address, + reaching the threshold defined by the protocol." + REFERENCE + "The remote transport states are defined as Active and + Inactive in the SCTP, RFC2960." + ::= { sctpAssocRemAddrEntry 3 } + +sctpAssocRemAddrHBActive OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates whether the optional Heartbeat check + associated to one destination transport address is activated + or not (value equal to true or false, respectively). " + ::= { sctpAssocRemAddrEntry 4 } + +sctpAssocRemAddrRTO OBJECT-TYPE -- T3-rtx- Timer + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current Retransmission Timeout. T3-rtx timer as defined + in the protocol SCTP." + REFERENCE + "Section 6.3 in RFC2960 deals with the Retransmission Timer + Management." + ::= { sctpAssocRemAddrEntry 5 } + +sctpAssocRemAddrMaxPathRtx OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Maximum number of DATA chunks retransmissions allowed to a + remote IP address before it is considered inactive, as defined + in RFC2960." + REFERENCE + "Section 8.2, 8.3 and 14 in RFC2960." + DEFVAL {5} -- number of attempts + ::= { sctpAssocRemAddrEntry 6 } + +-- Remote Address Statistic + +sctpAssocRemAddrRtx OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of DATA chunks retransmissions to this specific IP + address. When T3-rtx expires, the DATA chunk that triggered + the T3 timer will be re-sent according to the retransmissions + rules. Every DATA chunk that is included in a SCTP packet and + was transmitted to this specific IP address before, will be + included in this counter. + + Discontinuities in the value of this counter can occur at re- + initialization of the management system, and at other times as + indicated by the value of sctpAssocDiscontinuityTime." + ::= { sctpAssocRemAddrEntry 7 } + +sctpAssocRemAddrStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that this row was + created." + ::= { sctpAssocRemAddrEntry 8 } + +-- ASSOCIATION INVERSE TABLE +-- ************************* + +-- BY LOCAL PORT + +sctpLookupLocalPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpLookupLocalPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "With the use of this table, a list of associations which are + + using the specified local port can be retrieved." + ::= { sctpObjects 6 } + +sctpLookupLocalPortEntry OBJECT-TYPE + SYNTAX SctpLookupLocalPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is indexed by local port and association ID. + Specifying a local port, we would get a list of the + associations whose local port is the one specified." + INDEX { sctpAssocLocalPort, + sctpAssocId } + ::= { sctpLookupLocalPortTable 1 } + +SctpLookupLocalPortEntry::= SEQUENCE { + sctpLookupLocalPortStartTime TimeStamp + } + +sctpLookupLocalPortStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that this row was created. + + As the table will be created after the sctpAssocTable + creation, this value could be equal to the sctpAssocStartTime + object from the main table." + ::= { sctpLookupLocalPortEntry 1 } + +-- BY REMOTE PORT + +sctpLookupRemPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpLookupRemPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "With the use of this table, a list of associations which are + using the specified remote port can be got" + ::= { sctpObjects 7 } + +sctpLookupRemPortEntry OBJECT-TYPE + SYNTAX SctpLookupRemPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is indexed by remote port and association ID. + Specifying a remote port we would get a list of the + associations whose local port is the one specified " + INDEX { sctpAssocRemPort, + sctpAssocId } + ::= { sctpLookupRemPortTable 1 } + +SctpLookupRemPortEntry::= SEQUENCE { + sctpLookupRemPortStartTime TimeStamp + } + +sctpLookupRemPortStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that this row was created. + + As the table will be created after the sctpAssocTable + creation, this value could be equal to the sctpAssocStartTime + object from the main table." + ::= { sctpLookupRemPortEntry 1 } + +-- BY REMOTE HOST NAME + +sctpLookupRemHostNameTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpLookupRemHostNameEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "With the use of this table, a list of associations with that + particular host can be retrieved." + ::= { sctpObjects 8 } + +sctpLookupRemHostNameEntry OBJECT-TYPE + SYNTAX SctpLookupRemHostNameEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is indexed by remote host name and association ID. + Specifying a host name we would get a list of the associations + specifying that host name as the remote one. + + Implementors need to be aware that if the size of + sctpAssocRemHostName exceeds 115 octets then OIDs of column + instances in this table will have more than 128 sub- + identifiers and cannot be accessed using SNMPv1, SNMPv2c, or + SNMPv3." + INDEX { sctpAssocRemHostName, + sctpAssocId } + ::= { sctpLookupRemHostNameTable 1 } + +SctpLookupRemHostNameEntry::= SEQUENCE { + sctpLookupRemHostNameStartTime TimeStamp + } + +sctpLookupRemHostNameStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time that this row was created. + + As the table will be created after the sctpAssocTable + creation, this value could be equal to the sctpAssocStartTime + object from the main table." + ::= { sctpLookupRemHostNameEntry 1 } + +-- BY REMOTE PRIMARY IP ADDRESS + +sctpLookupRemPrimIPAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpLookupRemPrimIPAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "With the use of this table, a list of associations that have + the specified IP address as primary within the remote set of + active addresses can be retrieved." + ::= { sctpObjects 9 } + +sctpLookupRemPrimIPAddrEntry OBJECT-TYPE + SYNTAX SctpLookupRemPrimIPAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is indexed by primary address and association ID. + Specifying a primary address, we would get a list of the + associations that have the specified remote IP address marked + as primary. + Implementors need to be aware that if the size of + sctpAssocRemPrimAddr exceeds 114 octets then OIDs of column + instances in this table will have more than 128 sub- + identifiers and cannot be accessed using SNMPv1, SNMPv2c, or + SNMPv3." + INDEX { sctpAssocRemPrimAddrType, + sctpAssocRemPrimAddr, + sctpAssocId } + ::= { sctpLookupRemPrimIPAddrTable 1 } + +SctpLookupRemPrimIPAddrEntry::= SEQUENCE { + sctpLookupRemPrimIPAddrStartTime TimeStamp + } + +sctpLookupRemPrimIPAddrStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of SysUpTime at the time that this row was created. + + As the table will be created after the sctpAssocTable + creation, this value could be equal to the sctpAssocStartTime + object from the main table." + ::= { sctpLookupRemPrimIPAddrEntry 1 } + +-- BY REMOTE IP ADDRESS + +sctpLookupRemIPAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF SctpLookupRemIPAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "With the use of this table, a list of associations that have + the specified IP address as one of the remote ones can be + retrieved. " + ::= { sctpObjects 10 } + +sctpLookupRemIPAddrEntry OBJECT-TYPE + SYNTAX SctpLookupRemIPAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is indexed by a remote IP address and association + ID. Specifying an IP address we would get a list of the + associations that have the specified IP address included + within the set of remote IP addresses." + INDEX { sctpAssocRemAddrType, + sctpAssocRemAddr, + sctpAssocId } + ::= { sctpLookupRemIPAddrTable 1 } + +SctpLookupRemIPAddrEntry::= SEQUENCE { + + sctpLookupRemIPAddrStartTime TimeStamp + } + +sctpLookupRemIPAddrStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of SysUpTime at the time that this row was created. + + As the table will be created after the sctpAssocTable + creation, this value could be equal to the sctpAssocStartTime + object from the main table." + ::= { sctpLookupRemIPAddrEntry 1 } + +-- 4.1 Conformance Information + +sctpMibConformance OBJECT IDENTIFIER ::= { sctpMIB 2 } +sctpMibCompliances OBJECT IDENTIFIER ::= { sctpMibConformance 1 } +sctpMibGroups OBJECT IDENTIFIER ::= { sctpMibConformance 2 } + +-- 4.1.1 Units of conformance + +-- +-- MODULE GROUPS +-- + +sctpLayerParamsGroup OBJECT-GROUP + OBJECTS { sctpRtoAlgorithm, + sctpRtoMin, + sctpRtoMax, + sctpRtoInitial, + sctpMaxAssocs, + sctpValCookieLife, + sctpMaxInitRetr + } + STATUS current + DESCRIPTION + "Common parameters for the SCTP layer, i.e., for all the + associations. They can usually be referred to as configuration + parameters." + ::= { sctpMibGroups 1 } + +sctpStatsGroup OBJECT-GROUP + OBJECTS { sctpCurrEstab, + sctpActiveEstabs, + sctpPassiveEstabs, + sctpAborteds, + sctpShutdowns, + sctpOutOfBlues, + sctpChecksumErrors, + sctpOutCtrlChunks, + sctpOutOrderChunks, + sctpOutUnorderChunks, + sctpInCtrlChunks, + sctpInOrderChunks, + sctpInUnorderChunks, + sctpFragUsrMsgs, + sctpReasmUsrMsgs, + sctpOutSCTPPacks, + sctpInSCTPPacks, + sctpDiscontinuityTime, + sctpAssocT1expireds, + sctpAssocT2expireds, + sctpAssocRtxChunks, + sctpAssocRemAddrRtx + } + STATUS current + DESCRIPTION + "Statistics group. It includes the objects to collect state + changes in the SCTP protocol local layer and flow control + statistics." + ::= { sctpMibGroups 2 } + +sctpPerAssocParamsGroup OBJECT-GROUP + OBJECTS { sctpAssocRemHostName, + sctpAssocLocalPort, + sctpAssocRemPort, + sctpAssocRemPrimAddrType, + sctpAssocRemPrimAddr, + sctpAssocHeartBeatInterval, + sctpAssocState, + sctpAssocInStreams, + sctpAssocOutStreams, + sctpAssocMaxRetr, + sctpAssocPrimProcess, + sctpAssocStartTime, + sctpAssocDiscontinuityTime, + sctpAssocLocalAddrStartTime, + sctpAssocRemAddrActive, + sctpAssocRemAddrHBActive, + sctpAssocRemAddrRTO, + sctpAssocRemAddrMaxPathRtx, + sctpAssocRemAddrStartTime + } + STATUS current + DESCRIPTION + "The SCTP group of objects to manage per-association + parameters. These variables include all the SCTP basic + features." + ::= { sctpMibGroups 3 } + +sctpPerAssocStatsGroup OBJECT-GROUP + OBJECTS + { sctpAssocT1expireds, + sctpAssocT2expireds, + sctpAssocRtxChunks, + sctpAssocRemAddrRtx + } + STATUS current + DESCRIPTION + "Per Association Statistics group. It includes the objects to + collect flow control statistics per association." + ::= { sctpMibGroups 4 } + +sctpInverseGroup OBJECT-GROUP + OBJECTS { sctpLookupLocalPortStartTime, + sctpLookupRemPortStartTime, + sctpLookupRemHostNameStartTime, + sctpLookupRemPrimIPAddrStartTime, + sctpLookupRemIPAddrStartTime + } + STATUS current + DESCRIPTION + "Objects used in the inverse lookup tables." + ::= { sctpMibGroups 5 } + +-- 4.1.2 Compliance Statements + +-- +-- MODULE COMPLIANCES +-- + +sctpMibCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which implement + this SCTP MIB Module. + + There are a number of INDEX objects that cannot be represented + in the form of OBJECT clauses in SMIv2, but for which we have + the following compliance requirements, expressed in OBJECT + clause form in this description clause: + +-- OBJECT sctpAssocLocalAddrType +-- SYNTAX InetAddressType {ipv4(1), ipv6(2)} +-- DESCRIPTION +-- It is only required to have IPv4 and IPv6 addresses without +-- zone indices. +-- The address with zone indices is required if an +-- implementation can connect multiple zones. +-- +-- OBJECT sctpAssocLocalAddr +-- SYNTAX InetAddress (SIZE(4|16)) +-- DESCRIPTION +-- An implementation is only required to support globally +-- unique IPv4 and IPv6 addresses. +-- +-- OBJECT sctpAssocRemAddrType +-- SYNTAX InetAddressType {ipv4(1), ipv6(2)} +-- DESCRIPTION +-- It is only required to have IPv4 and IPv6 addresses without +-- zone indices. +-- The address with zone indices is required if an +-- implementation can connect multiple zones. +-- +-- OBJECT sctpAssocRemAddr +-- SYNTAX InetAddress (SIZE(4|16)) +-- DESCRIPTION +-- An implementation is only required to support globally +-- unique IPv4 and IPv6 addresses. +-- + " -- closes DESCRIPTION clause of MODULE-COMPLIANCE + + MODULE -- this module + + MANDATORY-GROUPS { sctpLayerParamsGroup, + sctpPerAssocParamsGroup, + sctpStatsGroup, + sctpPerAssocStatsGroup + } + + OBJECT sctpAssocRemPrimAddrType + SYNTAX InetAddressType { ipv4(1), + ipv6(2) + } + DESCRIPTION + "It is only required to have IPv4 and IPv6 addresses + without zone indices. + + The address with zone indices is required if an + implementation can connect multiple zones." + + OBJECT sctpAssocRemPrimAddr + SYNTAX InetAddress (SIZE(4|16)) + DESCRIPTION + "An implementation is only required to support globally + unique IPv4 and globally unique IPv6 addresses." + + OBJECT sctpAssocState + WRITE-SYNTAX INTEGER { deleteTCB(9) } + MIN-ACCESS read-only + DESCRIPTION + "Only the deleteTCB(9) value MAY be set by a management + station at most. A read-only option is also considered to + be compliant with this MIB module description." + + GROUP sctpInverseGroup + DESCRIPTION + "Objects used in inverse lookup tables. This should be + implemented, at the discretion of the implementers, for + easier lookups in the association tables" + ::= { sctpMibCompliances 1 } + +END diff --git a/data/mibs/SMUX-MIB.txt b/data/mibs/SMUX-MIB.txt new file mode 100644 index 000000000..1fe34552f --- /dev/null +++ b/data/mibs/SMUX-MIB.txt @@ -0,0 +1,160 @@ +SMUX-MIB DEFINITIONS ::= BEGIN + +IMPORTS + enterprises + FROM RFC1155-SMI + DisplayString + FROM SNMPv2-TC + OBJECT-TYPE + FROM RFC-1212; + +unix OBJECT IDENTIFIER ::= { enterprises 4 } + +smux OBJECT IDENTIFIER ::= { unix 4 } + +smuxPeerTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmuxPeerEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The SMUX peer table." + ::= { smux 1 } + +smuxPeerEntry OBJECT-TYPE + SYNTAX SmuxPeerEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "An entry in the SMUX peer table." + INDEX { smuxPindex } + ::= { smuxPeerTable 1} + +SmuxPeerEntry ::= + SEQUENCE { + smuxPindex + INTEGER, + smuxPidentity + OBJECT IDENTIFIER, + smuxPdescription + DisplayString, + smuxPstatus + INTEGER + } + +smuxPindex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "An index which uniquely identifies a SMUX peer." + ::= { smuxPeerEntry 1 } + +smuxPidentity OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The authoritative designation for a SMUX peer." + ::= { smuxPeerEntry 2 } + +smuxPdescription OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "A human-readable description of a SMUX peer." + ::= { smuxPeerEntry 3 } + +smuxPstatus OBJECT-TYPE + SYNTAX INTEGER { valid(1), invalid(2), connecting(3) } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The type of SMUX peer. + + Setting this object to the value invalid(2) has + the effect of invaliding the corresponding entry + in the smuxPeerTable. It is an implementation- + specific matter as to whether the agent removes an + invalidated entry from the table. Accordingly, + management stations must be prepared to receive + tabular information from agents that correspond to + entries not currently in use. Proper + interpretation of such entries requires + examination of the relative smuxPstatus object." + ::= { smuxPeerEntry 4 } + +smuxTreeTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmuxTreeEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "The SMUX tree table." + ::= { smux 2 } + +smuxTreeEntry OBJECT-TYPE + SYNTAX SmuxTreeEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "An entry in the SMUX tree table." + INDEX { smuxTsubtree, smuxTpriority } + ::= { smuxTreeTable 1} + +SmuxTreeEntry ::= + SEQUENCE { + smuxTsubtree + OBJECT IDENTIFIER, + smuxTpriority + INTEGER, + smuxTindex + INTEGER, + smuxTstatus + INTEGER + } + +smuxTsubtree OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The MIB subtree being exported by a SMUX peer." + ::= { smuxTreeEntry 1 } + +smuxTpriority OBJECT-TYPE + SYNTAX INTEGER (0..'07fffffff'h) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The SMUX peer's priority when exporting the MIB + subtree." + ::= { smuxTreeEntry 2 } + +smuxTindex OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The SMUX peer's identity." + ::= { smuxTreeEntry 3 } + +smuxTstatus OBJECT-TYPE + SYNTAX INTEGER { valid(1), invalid(2) } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The type of SMUX tree. + + Setting this object to the value invalid(2) has + the effect of invaliding the corresponding entry + in the smuxTreeTable. It is an implementation- + specific matter as to whether the agent removes an + invalidated entry from the table. Accordingly, + management stations must be prepared to receive + tabular information from agents that correspond to + entries not currently in use. Proper + interpretation of such entries requires + examination of the relative smuxTstatus object." + ::= { smuxTreeEntry 4 } + +END diff --git a/data/mibs/SNMP-COMMUNITY-MIB.txt b/data/mibs/SNMP-COMMUNITY-MIB.txt new file mode 100644 index 000000000..bc3d4d278 --- /dev/null +++ b/data/mibs/SNMP-COMMUNITY-MIB.txt @@ -0,0 +1,429 @@ +SNMP-COMMUNITY-MIB DEFINITIONS ::= BEGIN + +IMPORTS + IpAddress, + MODULE-IDENTITY, + OBJECT-TYPE, + Integer32, + snmpModules + FROM SNMPv2-SMI + RowStatus, + StorageType + FROM SNMPv2-TC + SnmpAdminString, + SnmpEngineID + FROM SNMP-FRAMEWORK-MIB + SnmpTagValue, + snmpTargetAddrEntry + FROM SNMP-TARGET-MIB + MODULE-COMPLIANCE, + OBJECT-GROUP + FROM SNMPv2-CONF; + +snmpCommunityMIB MODULE-IDENTITY + LAST-UPDATED "200003060000Z" -- 6 Mar 2000, midnight + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In msg body: subscribe snmpv3 + + Chair: Russ Mundy + TIS Labs at Network Associates + Postal: 3060 Washington Rd + Glenwood MD 21738 + USA + Email: mundy@tislabs.com + Phone: +1-301-854-6889 + + Co-editor: Rob Frye + CoSine Communications + Postal: 1200 Bridge Parkway + Redwood City, CA 94065 + USA + E-mail: rfrye@cosinecom.com + Phone: +1 703 725 1130 + + Co-editor: David B. Levi + Nortel Networks + Postal: 3505 Kesterwood Drive + Knoxville, TN 37918 + E-mail: dlevi@nortelnetworks.com + Phone: +1 423 686 0432 + + Co-editor: Shawn A. Routhier + Integrated Systems Inc. + Postal: 333 North Ave 4th Floor + Wakefield, MA 01880 + E-mail: sar@epilogue.com + Phone: +1 781 245 0804 + + Co-editor: Bert Wijnen + Lucent Technologies + Postal: Schagen 33 + 3461 GL Linschoten + Netherlands + Email: bwijnen@lucent.com + Phone: +31-348-407-775 + " + DESCRIPTION + "This MIB module defines objects to help support coexistence + between SNMPv1, SNMPv2c, and SNMPv3." + REVISION "200003060000Z" -- 6 Mar 2000 + DESCRIPTION "This version published as RFC 2576." + REVISION "199905130000Z" -- 13 May 1999 + DESCRIPTION "The Initial Revision" + ::= { snmpModules 18 } + +-- Administrative assignments **************************************** + +snmpCommunityMIBObjects OBJECT IDENTIFIER ::= { snmpCommunityMIB 1 } +snmpCommunityMIBConformance OBJECT IDENTIFIER ::= { snmpCommunityMIB 2 } + +-- +-- The snmpCommunityTable contains a database of community strings. +-- This table provides mappings between community strings, and the + +-- parameters required for View-based Access Control. +-- + +snmpCommunityTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpCommunityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of community strings configured in the SNMP + engine's Local Configuration Datastore (LCD)." + ::= { snmpCommunityMIBObjects 1 } + +snmpCommunityEntry OBJECT-TYPE + SYNTAX SnmpCommunityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a particular community string." + INDEX { IMPLIED snmpCommunityIndex } + ::= { snmpCommunityTable 1 } + +SnmpCommunityEntry ::= SEQUENCE { + snmpCommunityIndex SnmpAdminString, + snmpCommunityName OCTET STRING, + snmpCommunitySecurityName SnmpAdminString, + snmpCommunityContextEngineID SnmpEngineID, + snmpCommunityContextName SnmpAdminString, + snmpCommunityTransportTag SnmpTagValue, + snmpCommunityStorageType StorageType, + snmpCommunityStatus RowStatus +} + +snmpCommunityIndex OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The unique index value of a row in this table." + ::= { snmpCommunityEntry 1 } + +snmpCommunityName OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The community string for which a row in this table + represents a configuration." + ::= { snmpCommunityEntry 2 } + +snmpCommunitySecurityName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A human readable string representing the corresponding + value of snmpCommunityName in a Security Model + independent format." + ::= { snmpCommunityEntry 3 } + +snmpCommunityContextEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The contextEngineID indicating the location of the + context in which management information is accessed + when using the community string specified by the + corresponding instance of snmpCommunityName. + + The default value is the snmpEngineID of the entity in + which this object is instantiated." + ::= { snmpCommunityEntry 4 } + +snmpCommunityContextName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The context in which management information is accessed + when using the community string specified by the corresponding + instance of snmpCommunityName." + DEFVAL { ''H } -- the empty string + ::= { snmpCommunityEntry 5 } + +snmpCommunityTransportTag OBJECT-TYPE + SYNTAX SnmpTagValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies a set of transport endpoints + from which a command responder application will accept + management requests. If a management request containing + this community is received on a transport endpoint other + than the transport endpoints identified by this object, + the request is deemed unauthentic. + + The transports identified by this object are specified + + in the snmpTargetAddrTable. Entries in that table + whose snmpTargetAddrTagList contains this tag value + are identified. + + If the value of this object has zero-length, transport + endpoints are not checked when authenticating messages + containing this community string." + DEFVAL { ''H } -- the empty string + ::= { snmpCommunityEntry 6 } + +snmpCommunityStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row in the + snmpCommunityTable. Conceptual rows having the value + 'permanent' need not allow write-access to any + columnar object in the row." + ::= { snmpCommunityEntry 7 } + +snmpCommunityStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row in the snmpCommunityTable. + + An entry in this table is not qualified for activation + until instances of all corresponding columns have been + initialized, either through default values, or through + Set operations. The snmpCommunityName and + snmpCommunitySecurityName objects must be explicitly set. + + There is no restriction on setting columns in this table + when the value of snmpCommunityStatus is active(1)." + ::= { snmpCommunityEntry 8 } + +-- +-- The snmpTargetAddrExtTable +-- + +snmpTargetAddrExtTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpTargetAddrExtEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of mask and mms values associated with the + + snmpTargetAddrTable. + + The snmpTargetAddrExtTable augments the + snmpTargetAddrTable with a transport address mask value + and a maximum message size value. The transport address + mask allows entries in the snmpTargetAddrTable to define + a set of addresses instead of just a single address. + The maximum message size value allows the maximum + message size of another SNMP entity to be configured for + use in SNMPv1 (and SNMPv2c) transactions, where the + message format does not specify a maximum message size." + ::= { snmpCommunityMIBObjects 2 } + +snmpTargetAddrExtEntry OBJECT-TYPE + SYNTAX SnmpTargetAddrExtEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a particular mask and mms value." + AUGMENTS { snmpTargetAddrEntry } + ::= { snmpTargetAddrExtTable 1 } + +SnmpTargetAddrExtEntry ::= SEQUENCE { + snmpTargetAddrTMask OCTET STRING, + snmpTargetAddrMMS Integer32 +} + +snmpTargetAddrTMask OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..255)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The mask value associated with an entry in the + snmpTargetAddrTable. The value of this object must + have the same length as the corresponding instance of + snmpTargetAddrTAddress, or must have length 0. An + attempt to set it to any other value will result in + an inconsistentValue error. + + The value of this object allows an entry in the + snmpTargetAddrTable to specify multiple addresses. + The mask value is used to select which bits of + a transport address must match bits of the corresponding + instance of snmpTargetAddrTAddress, in order for the + transport address to match a particular entry in the + snmpTargetAddrTable. Bits which are 1 in the mask + value indicate bits in the transport address which + must match bits in the snmpTargetAddrTAddress value. + + Bits which are 0 in the mask indicate bits in the + transport address which need not match. If the + length of the mask is 0, the mask should be treated + as if all its bits were 1 and its length were equal + to the length of the corresponding value of + snmpTargetAddrTable. + + This object may not be modified while the value of the + corresponding instance of snmpTargetAddrRowStatus is + active(1). An attempt to set this object in this case + will result in an inconsistentValue error." + DEFVAL { ''H } + ::= { snmpTargetAddrExtEntry 1 } + +snmpTargetAddrMMS OBJECT-TYPE + SYNTAX Integer32 (0|484..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum message size value associated with an entry + in the snmpTargetAddrTable." + DEFVAL { 484 } + ::= { snmpTargetAddrExtEntry 2 } + +-- +-- The snmpTrapAddress and snmpTrapCommunity objects are included +-- in notifications that are forwarded by a proxy, which were +-- originally received as SNMPv1 Trap messages. +-- + +snmpTrapAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The value of the agent-addr field of a Trap PDU which + is forwarded by a proxy forwarder application using + an SNMP version other than SNMPv1. The value of this + object SHOULD contain the value of the agent-addr field + from the original Trap PDU as generated by an SNMPv1 + agent." + ::= { snmpCommunityMIBObjects 3 } + +snmpTrapCommunity OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The value of the community string field of an SNMPv1 + message containing a Trap PDU which is forwarded by a + a proxy forwarder application using an SNMP version + other than SNMPv1. The value of this object SHOULD + contain the value of the community string field from + the original SNMPv1 message containing a Trap PDU as + generated by an SNMPv1 agent." + ::= { snmpCommunityMIBObjects 4 } + +-- Conformance Information ******************************************* + +snmpCommunityMIBCompliances OBJECT IDENTIFIER + ::= { snmpCommunityMIBConformance 1 } +snmpCommunityMIBGroups OBJECT IDENTIFIER + ::= { snmpCommunityMIBConformance 2 } + +-- Compliance statements + +snmpCommunityMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP engines which + implement the SNMP-COMMUNITY-MIB." + + MODULE -- this module + MANDATORY-GROUPS { snmpCommunityGroup } + + OBJECT snmpCommunityName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunitySecurityName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunityContextEngineID + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunityContextName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunityTransportTag + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunityStorageType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT snmpCommunityStatus + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + ::= { snmpCommunityMIBCompliances 1 } + +snmpProxyTrapForwardCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP engines which + contain a proxy forwarding application which is + capable of forwarding SNMPv1 traps using SNMPv2c + or SNMPv3." + MODULE -- this module + MANDATORY-GROUPS { snmpProxyTrapForwardGroup } + ::= { snmpCommunityMIBCompliances 2 } + +snmpCommunityGroup OBJECT-GROUP + OBJECTS { + snmpCommunityName, + snmpCommunitySecurityName, + snmpCommunityContextEngineID, + snmpCommunityContextName, + snmpCommunityTransportTag, + snmpCommunityStorageType, + snmpCommunityStatus, + snmpTargetAddrTMask, + snmpTargetAddrMMS + } + STATUS current + DESCRIPTION + "A collection of objects providing for configuration + of community strings for SNMPv1 (and SNMPv2c) usage." + ::= { snmpCommunityMIBGroups 1 } + +snmpProxyTrapForwardGroup OBJECT-GROUP + OBJECTS { + snmpTrapAddress, + snmpTrapCommunity + } + STATUS current + DESCRIPTION + "Objects which are used by proxy forwarding applications + when translating traps between SNMP versions. These are + used to preserve SNMPv1-specific information when + + translating to SNMPv2c or SNMPv3." + ::= { snmpCommunityMIBGroups 3 } + +END diff --git a/data/mibs/SNMP-FRAMEWORK-MIB.txt b/data/mibs/SNMP-FRAMEWORK-MIB.txt new file mode 100644 index 000000000..aa273c285 --- /dev/null +++ b/data/mibs/SNMP-FRAMEWORK-MIB.txt @@ -0,0 +1,526 @@ +SNMP-FRAMEWORK-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + OBJECT-IDENTITY, + snmpModules FROM SNMPv2-SMI + TEXTUAL-CONVENTION FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; + +snmpFrameworkMIB MODULE-IDENTITY + LAST-UPDATED "200210140000Z" + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-EMail: snmpv3@lists.tislabs.com + Subscribe: snmpv3-request@lists.tislabs.com + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + phone: +1 301-947-7107 + + Co-Chair & + Co-editor: David Harrington + Enterasys Networks + postal: 35 Industrial Way + P. O. Box 5005 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + phone: +1 603-337-2614 + + Co-editor: Randy Presuhn + BMC Software, Inc. + postal: 2141 North First Street + San Jose, California 95131 + USA + EMail: randy_presuhn@bmc.com + phone: +1 408-546-1006 + + Co-editor: Bert Wijnen + Lucent Technologies + postal: Schagen 33 + 3461 GL Linschoten + Netherlands + + EMail: bwijnen@lucent.com + phone: +31 348-680-485 + " + DESCRIPTION "The SNMP Management Architecture MIB + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3411; + see the RFC itself for full legal notices. + " + + REVISION "200210140000Z" -- 14 October 2002 + DESCRIPTION "Changes in this revision: + - Updated various administrative information. + - Corrected some typos. + - Corrected typo in description of SnmpEngineID + that led to range overlap for 127. + - Changed '255a' to '255t' in definition of + SnmpAdminString to align with current SMI. + - Reworded 'reserved' for value zero in + DESCRIPTION of SnmpSecurityModel. + - The algorithm for allocating security models + should give 256 per enterprise block, rather + than 255. + - The example engine ID of 'abcd' is not + legal. Replaced with '800002b804616263'H based + on example enterprise 696, string 'abc'. + - Added clarification that engineID should + persist across re-initializations. + This revision published as RFC 3411. + " + REVISION "199901190000Z" -- 19 January 1999 + DESCRIPTION "Updated editors' addresses, fixed typos. + Published as RFC 2571. + " + REVISION "199711200000Z" -- 20 November 1997 + DESCRIPTION "The initial version, published in RFC 2271. + " + ::= { snmpModules 10 } + + -- Textual Conventions used in the SNMP Management Architecture *** + +SnmpEngineID ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An SNMP engine's administratively-unique identifier. + Objects of this type are for identification, not for + addressing, even though it is possible that an + address may have been used in the generation of + a specific value. + + The value for this object may not be all zeros or + all 'ff'H or the empty (zero length) string. + + The initial value for this object may be configured + via an operator console entry or via an algorithmic + function. In the latter case, the following + example algorithm is recommended. + + In cases where there are multiple engines on the + same system, the use of this algorithm is NOT + appropriate, as it would result in all of those + engines ending up with the same ID value. + + 1) The very first bit is used to indicate how the + rest of the data is composed. + + 0 - as defined by enterprise using former methods + that existed before SNMPv3. See item 2 below. + + 1 - as defined by this architecture, see item 3 + below. + + Note that this allows existing uses of the + engineID (also known as AgentID [RFC1910]) to + co-exist with any new uses. + + 2) The snmpEngineID has a length of 12 octets. + + The first four octets are set to the binary + equivalent of the agent's SNMP management + private enterprise number as assigned by the + Internet Assigned Numbers Authority (IANA). + For example, if Acme Networks has been assigned + { enterprises 696 }, the first four octets would + be assigned '000002b8'H. + + The remaining eight octets are determined via + one or more enterprise-specific methods. Such + methods must be designed so as to maximize the + possibility that the value of this object will + be unique in the agent's administrative domain. + For example, it may be the IP address of the SNMP + entity, or the MAC address of one of the + interfaces, with each address suitably padded + with random octets. If multiple methods are + defined, then it is recommended that the first + octet indicate the method being used and the + remaining octets be a function of the method. + + 3) The length of the octet string varies. + + The first four octets are set to the binary + equivalent of the agent's SNMP management + private enterprise number as assigned by the + Internet Assigned Numbers Authority (IANA). + For example, if Acme Networks has been assigned + { enterprises 696 }, the first four octets would + be assigned '000002b8'H. + + The very first bit is set to 1. For example, the + above value for Acme Networks now changes to be + '800002b8'H. + + The fifth octet indicates how the rest (6th and + following octets) are formatted. The values for + the fifth octet are: + + 0 - reserved, unused. + + 1 - IPv4 address (4 octets) + lowest non-special IP address + + 2 - IPv6 address (16 octets) + lowest non-special IP address + + 3 - MAC address (6 octets) + lowest IEEE MAC address, canonical + order + + 4 - Text, administratively assigned + Maximum remaining length 27 + + 5 - Octets, administratively assigned + Maximum remaining length 27 + + 6-127 - reserved, unused + + 128-255 - as defined by the enterprise + Maximum remaining length 27 + " + SYNTAX OCTET STRING (SIZE(5..32)) + +SnmpSecurityModel ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An identifier that uniquely identifies a + Security Model of the Security Subsystem within + this SNMP Management Architecture. + + The values for securityModel are allocated as + follows: + + - The zero value does not identify any particular + security model. + + - Values between 1 and 255, inclusive, are reserved + for standards-track Security Models and are + managed by the Internet Assigned Numbers Authority + (IANA). + - Values greater than 255 are allocated to + enterprise-specific Security Models. An + enterprise-specific securityModel value is defined + to be: + + enterpriseID * 256 + security model within + enterprise + + For example, the fourth Security Model defined by + the enterprise whose enterpriseID is 1 would be + 259. + + This scheme for allocation of securityModel + values allows for a maximum of 255 standards- + based Security Models, and for a maximum of + 256 Security Models per enterprise. + + It is believed that the assignment of new + securityModel values will be rare in practice + because the larger the number of simultaneously + utilized Security Models, the larger the + chance that interoperability will suffer. + Consequently, it is believed that such a range + will be sufficient. In the unlikely event that + the standards committee finds this number to be + insufficient over time, an enterprise number + can be allocated to obtain an additional 256 + possible values. + + Note that the most significant bit must be zero; + hence, there are 23 bits allocated for various + organizations to design and define non-standard + + securityModels. This limits the ability to + define new proprietary implementations of Security + Models to the first 8,388,608 enterprises. + + It is worthwhile to note that, in its encoded + form, the securityModel value will normally + require only a single byte since, in practice, + the leftmost bits will be zero for most messages + and sign extension is suppressed by the encoding + rules. + + As of this writing, there are several values + of securityModel defined for use with SNMP or + reserved for use with supporting MIB objects. + They are as follows: + + 0 reserved for 'any' + 1 reserved for SNMPv1 + 2 reserved for SNMPv2c + 3 User-Based Security Model (USM) + " + SYNTAX INTEGER(0 .. 2147483647) + +SnmpMessageProcessingModel ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "An identifier that uniquely identifies a Message + Processing Model of the Message Processing + Subsystem within this SNMP Management Architecture. + + The values for messageProcessingModel are + allocated as follows: + + - Values between 0 and 255, inclusive, are + reserved for standards-track Message Processing + Models and are managed by the Internet Assigned + Numbers Authority (IANA). + + - Values greater than 255 are allocated to + enterprise-specific Message Processing Models. + An enterprise messageProcessingModel value is + defined to be: + + enterpriseID * 256 + + messageProcessingModel within enterprise + + For example, the fourth Message Processing Model + defined by the enterprise whose enterpriseID + + is 1 would be 259. + + This scheme for allocating messageProcessingModel + values allows for a maximum of 255 standards- + based Message Processing Models, and for a + maximum of 256 Message Processing Models per + enterprise. + + It is believed that the assignment of new + messageProcessingModel values will be rare + in practice because the larger the number of + simultaneously utilized Message Processing Models, + the larger the chance that interoperability + will suffer. It is believed that such a range + will be sufficient. In the unlikely event that + the standards committee finds this number to be + insufficient over time, an enterprise number + can be allocated to obtain an additional 256 + possible values. + + Note that the most significant bit must be zero; + hence, there are 23 bits allocated for various + organizations to design and define non-standard + messageProcessingModels. This limits the ability + to define new proprietary implementations of + Message Processing Models to the first 8,388,608 + enterprises. + + It is worthwhile to note that, in its encoded + form, the messageProcessingModel value will + normally require only a single byte since, in + practice, the leftmost bits will be zero for + most messages and sign extension is suppressed + by the encoding rules. + + As of this writing, there are several values of + messageProcessingModel defined for use with SNMP. + They are as follows: + + 0 reserved for SNMPv1 + 1 reserved for SNMPv2c + 2 reserved for SNMPv2u and SNMPv2* + 3 reserved for SNMPv3 + " + SYNTAX INTEGER(0 .. 2147483647) + +SnmpSecurityLevel ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "A Level of Security at which SNMP messages can be + sent or with which operations are being processed; + in particular, one of: + + noAuthNoPriv - without authentication and + without privacy, + authNoPriv - with authentication but + without privacy, + authPriv - with authentication and + with privacy. + + These three values are ordered such that + noAuthNoPriv is less than authNoPriv and + authNoPriv is less than authPriv. + " + SYNTAX INTEGER { noAuthNoPriv(1), + authNoPriv(2), + authPriv(3) + } + +SnmpAdminString ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255t" + STATUS current + DESCRIPTION "An octet string containing administrative + information, preferably in human-readable form. + + To facilitate internationalization, this + information is represented using the ISO/IEC + IS 10646-1 character set, encoded as an octet + string using the UTF-8 transformation format + described in [RFC2279]. + + Since additional code points are added by + amendments to the 10646 standard from time + to time, implementations must be prepared to + encounter any code point from 0x00000000 to + 0x7fffffff. Byte sequences that do not + correspond to the valid UTF-8 encoding of a + code point or are outside this range are + prohibited. + + The use of control codes should be avoided. + + When it is necessary to represent a newline, + the control code sequence CR LF should be used. + + The use of leading or trailing white space should + be avoided. + + For code points not directly supported by user + interface hardware or software, an alternative + means of entry and display, such as hexadecimal, + may be provided. + + For information encoded in 7-bit US-ASCII, + the UTF-8 encoding is identical to the + US-ASCII encoding. + + UTF-8 may require multiple bytes to represent a + single character / code point; thus the length + of this object in octets may be different from + the number of characters encoded. Similarly, + size constraints refer to the number of encoded + octets, not the number of characters represented + by an encoding. + + Note that when this TC is used for an object that + is used or envisioned to be used as an index, then + a SIZE restriction MUST be specified so that the + number of sub-identifiers for any object instance + does not exceed the limit of 128, as defined by + [RFC3416]. + + Note that the size of an SnmpAdminString object is + measured in octets, not characters. + " + SYNTAX OCTET STRING (SIZE (0..255)) + +-- Administrative assignments *************************************** + +snmpFrameworkAdmin + OBJECT IDENTIFIER ::= { snmpFrameworkMIB 1 } +snmpFrameworkMIBObjects + OBJECT IDENTIFIER ::= { snmpFrameworkMIB 2 } +snmpFrameworkMIBConformance + OBJECT IDENTIFIER ::= { snmpFrameworkMIB 3 } + +-- the snmpEngine Group ******************************************** + +snmpEngine OBJECT IDENTIFIER ::= { snmpFrameworkMIBObjects 1 } + +snmpEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS read-only + STATUS current + DESCRIPTION "An SNMP engine's administratively-unique identifier. + + This information SHOULD be stored in non-volatile + storage so that it remains constant across + re-initializations of the SNMP engine. + " + ::= { snmpEngine 1 } + +snmpEngineBoots OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The number of times that the SNMP engine has + (re-)initialized itself since snmpEngineID + was last configured. + " + ::= { snmpEngine 2 } + +snmpEngineTime OBJECT-TYPE + SYNTAX INTEGER (0..2147483647) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The number of seconds since the value of + the snmpEngineBoots object last changed. + When incrementing this object's value would + cause it to exceed its maximum, + snmpEngineBoots is incremented as if a + re-initialization had occurred, and this + object's value consequently reverts to zero. + " + ::= { snmpEngine 3 } + +snmpEngineMaxMessageSize OBJECT-TYPE + SYNTAX INTEGER (484..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The maximum length in octets of an SNMP message + which this SNMP engine can send or receive and + process, determined as the minimum of the maximum + message size values supported among all of the + transports available to and supported by the engine. + " + ::= { snmpEngine 4 } + +-- Registration Points for Authentication and Privacy Protocols ** + +snmpAuthProtocols OBJECT-IDENTITY + STATUS current + DESCRIPTION "Registration point for standards-track + authentication protocols used in SNMP Management + Frameworks. + " + ::= { snmpFrameworkAdmin 1 } + +snmpPrivProtocols OBJECT-IDENTITY + STATUS current + DESCRIPTION "Registration point for standards-track privacy + protocols used in SNMP Management Frameworks. + " + ::= { snmpFrameworkAdmin 2 } + +-- Conformance information ****************************************** + +snmpFrameworkMIBCompliances + OBJECT IDENTIFIER ::= {snmpFrameworkMIBConformance 1} +snmpFrameworkMIBGroups + OBJECT IDENTIFIER ::= {snmpFrameworkMIBConformance 2} + +-- compliance statements + +snmpFrameworkMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for SNMP engines which + implement the SNMP Management Framework MIB. + " + MODULE -- this module + MANDATORY-GROUPS { snmpEngineGroup } + ::= { snmpFrameworkMIBCompliances 1 } + +-- units of conformance + +snmpEngineGroup OBJECT-GROUP + OBJECTS { + snmpEngineID, + snmpEngineBoots, + snmpEngineTime, + snmpEngineMaxMessageSize + } + STATUS current + DESCRIPTION "A collection of objects for identifying and + determining the configuration and current timeliness + + values of an SNMP engine. + " + ::= { snmpFrameworkMIBGroups 1 } + +END diff --git a/data/mibs/SNMP-MPD-MIB.txt b/data/mibs/SNMP-MPD-MIB.txt new file mode 100644 index 000000000..d4c605b1c --- /dev/null +++ b/data/mibs/SNMP-MPD-MIB.txt @@ -0,0 +1,145 @@ +SNMP-MPD-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + MODULE-IDENTITY, OBJECT-TYPE, + snmpModules, Counter32 FROM SNMPv2-SMI; + +snmpMPDMIB MODULE-IDENTITY + LAST-UPDATED "200210140000Z" + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-EMail: snmpv3@lists.tislabs.com + Subscribe: snmpv3-request@lists.tislabs.com + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + + EMail: mundy@tislabs.com + phone: +1 301-947-7107 + + Co-Chair & + Co-editor: David Harrington + Enterasys Networks + postal: 35 Industrial Way + P. O. Box 5005 + Rochester NH 03866-5005 + USA + EMail: dbh@enterasys.com + phone: +1 603-337-2614 + + Co-editor: Jeffrey Case + SNMP Research, Inc. + postal: 3001 Kimberlin Heights Road + Knoxville, TN 37920-9716 + USA + EMail: case@snmp.com + phone: +1 423-573-1434 + + Co-editor: Randy Presuhn + BMC Software, Inc. + postal: 2141 North First Street + San Jose, CA 95131 + USA + EMail: randy_presuhn@bmc.com + phone: +1 408-546-1006 + + Co-editor: Bert Wijnen + Lucent Technologies + postal: Schagen 33 + 3461 GL Linschoten + Netherlands + EMail: bwijnen@lucent.com + phone: +31 348-680-485 + " + DESCRIPTION "The MIB for Message Processing and Dispatching + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3412; + see the RFC itself for full legal notices. + " + REVISION "200210140000Z" -- 14 October 2002 + DESCRIPTION "Updated addresses, published as RFC 3412." + REVISION "199905041636Z" -- 4 May 1999 + DESCRIPTION "Updated addresses, published as RFC 2572." + + REVISION "199709300000Z" -- 30 September 1997 + DESCRIPTION "Original version, published as RFC 2272." + ::= { snmpModules 11 } + +-- Administrative assignments *************************************** + +snmpMPDAdmin OBJECT IDENTIFIER ::= { snmpMPDMIB 1 } +snmpMPDMIBObjects OBJECT IDENTIFIER ::= { snmpMPDMIB 2 } +snmpMPDMIBConformance OBJECT IDENTIFIER ::= { snmpMPDMIB 3 } + +-- Statistics for SNMP Messages ************************************* + +snmpMPDStats OBJECT IDENTIFIER ::= { snmpMPDMIBObjects 1 } + +snmpUnknownSecurityModels OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they referenced a + securityModel that was not known to or supported by + the SNMP engine. + " + ::= { snmpMPDStats 1 } + +snmpInvalidMsgs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because there were invalid + or inconsistent components in the SNMP message. + " + ::= { snmpMPDStats 2 } + +snmpUnknownPDUHandlers OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because the PDU contained + in the packet could not be passed to an application + responsible for handling the pduType, e.g. no SNMP + application had registered for the proper + combination of the contextEngineID and the pduType. + " + ::= { snmpMPDStats 3 } + +-- Conformance information ****************************************** + +snmpMPDMIBCompliances OBJECT IDENTIFIER ::= {snmpMPDMIBConformance 1} +snmpMPDMIBGroups OBJECT IDENTIFIER ::= {snmpMPDMIBConformance 2} + +-- Compliance statements + +snmpMPDCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for SNMP entities which + implement the SNMP-MPD-MIB. + " + MODULE -- this module + MANDATORY-GROUPS { snmpMPDGroup } + ::= { snmpMPDMIBCompliances 1 } + +snmpMPDGroup OBJECT-GROUP + OBJECTS { + snmpUnknownSecurityModels, + snmpInvalidMsgs, + snmpUnknownPDUHandlers + } + STATUS current + DESCRIPTION "A collection of objects providing for remote + monitoring of the SNMP Message Processing and + Dispatching process. + " + ::= { snmpMPDMIBGroups 1 } + +END diff --git a/data/mibs/SNMP-NOTIFICATION-MIB.txt b/data/mibs/SNMP-NOTIFICATION-MIB.txt new file mode 100644 index 000000000..0ef06b648 --- /dev/null +++ b/data/mibs/SNMP-NOTIFICATION-MIB.txt @@ -0,0 +1,589 @@ +SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + snmpModules + FROM SNMPv2-SMI + + RowStatus, + StorageType + FROM SNMPv2-TC + + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + + SnmpTagValue, + snmpTargetParamsName + FROM SNMP-TARGET-MIB + + MODULE-COMPLIANCE, + OBJECT-GROUP + FROM SNMPv2-CONF; + +snmpNotificationMIB MODULE-IDENTITY + LAST-UPDATED "200210140000Z" + ORGANIZATION "IETF SNMPv3 Working Group" + CONTACT-INFO + "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In message body: subscribe snmpv3 + + Co-Chair: Russ Mundy + Network Associates Laboratories + Postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + Phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor: David B. Levi + Nortel Networks + Postal: 3505 Kesterwood Drive + Knoxville, Tennessee 37918 + EMail: dlevi@nortelnetworks.com + Phone: +1 865 686 0432 + + Co-editor: Paul Meyer + Secure Computing Corporation + Postal: 2675 Long Lake Road + Roseville, Minnesota 55113 + EMail: paul_meyer@securecomputing.com + Phone: +1 651 628 1592 + + Co-editor: Bob Stewart + Retired" + DESCRIPTION + "This MIB module defines MIB objects which provide + mechanisms to remotely configure the parameters + used by an SNMP entity for the generation of + notifications. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3413; + see the RFC itself for full legal notices. + " + REVISION "200210140000Z" -- 14 October 2002 + DESCRIPTION "Clarifications, published as + RFC 3413." + REVISION "199808040000Z" -- 4 August 1998 + DESCRIPTION "Clarifications, published as + RFC 2573." + REVISION "199707140000Z" -- 14 July 1997 + DESCRIPTION "The initial revision, published as RFC2273." + ::= { snmpModules 13 } + +snmpNotifyObjects OBJECT IDENTIFIER ::= + { snmpNotificationMIB 1 } +snmpNotifyConformance OBJECT IDENTIFIER ::= + { snmpNotificationMIB 3 } + +-- +-- +-- The snmpNotifyObjects group +-- +-- + +snmpNotifyTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpNotifyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is used to select management targets which should + receive notifications, as well as the type of notification + which should be sent to each selected management target." + ::= { snmpNotifyObjects 1 } + +snmpNotifyEntry OBJECT-TYPE + SYNTAX SnmpNotifyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in this table selects a set of management targets + which should receive notifications, as well as the type of + + notification which should be sent to each selected + management target. + + Entries in the snmpNotifyTable are created and + deleted using the snmpNotifyRowStatus object." + INDEX { IMPLIED snmpNotifyName } + ::= { snmpNotifyTable 1 } + +SnmpNotifyEntry ::= SEQUENCE { + snmpNotifyName SnmpAdminString, + snmpNotifyTag SnmpTagValue, + snmpNotifyType INTEGER, + snmpNotifyStorageType StorageType, + snmpNotifyRowStatus RowStatus +} + +snmpNotifyName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this snmpNotifyEntry." + ::= { snmpNotifyEntry 1 } + +snmpNotifyTag OBJECT-TYPE + SYNTAX SnmpTagValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object contains a single tag value which is used + to select entries in the snmpTargetAddrTable. Any entry + in the snmpTargetAddrTable which contains a tag value + which is equal to the value of an instance of this + object is selected. If this object contains a value + of zero length, no entries are selected." + DEFVAL { "" } + ::= { snmpNotifyEntry 2 } + +snmpNotifyType OBJECT-TYPE + SYNTAX INTEGER { + trap(1), + inform(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object determines the type of notification to + + be generated for entries in the snmpTargetAddrTable + selected by the corresponding instance of + snmpNotifyTag. This value is only used when + generating notifications, and is ignored when + using the snmpTargetAddrTable for other purposes. + + If the value of this object is trap(1), then any + messages generated for selected rows will contain + Unconfirmed-Class PDUs. + + If the value of this object is inform(2), then any + messages generated for selected rows will contain + Confirmed-Class PDUs. + + Note that if an SNMP entity only supports + generation of Unconfirmed-Class PDUs (and not + Confirmed-Class PDUs), then this object may be + read-only." + DEFVAL { trap } + ::= { snmpNotifyEntry 3 } + +snmpNotifyStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpNotifyEntry 4 } + +snmpNotifyRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + set this object to either createAndGo(4) or + createAndWait(5)." + ::= { snmpNotifyEntry 5 } + +snmpNotifyFilterProfileTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is used to associate a notification filter + profile with a particular set of target parameters." + ::= { snmpNotifyObjects 2 } + +snmpNotifyFilterProfileEntry OBJECT-TYPE + SYNTAX SnmpNotifyFilterProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in this table indicates the name of the filter + profile to be used when generating notifications using + the corresponding entry in the snmpTargetParamsTable. + + Entries in the snmpNotifyFilterProfileTable are created + and deleted using the snmpNotifyFilterProfileRowStatus + object." + INDEX { IMPLIED snmpTargetParamsName } + ::= { snmpNotifyFilterProfileTable 1 } + +SnmpNotifyFilterProfileEntry ::= SEQUENCE { + snmpNotifyFilterProfileName SnmpAdminString, + snmpNotifyFilterProfileStorType StorageType, + snmpNotifyFilterProfileRowStatus RowStatus +} + +snmpNotifyFilterProfileName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The name of the filter profile to be used when generating + notifications using the corresponding entry in the + snmpTargetAddrTable." + ::= { snmpNotifyFilterProfileEntry 1 } + +snmpNotifyFilterProfileStorType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpNotifyFilterProfileEntry 2 } + +snmpNotifyFilterProfileRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + set this object to either createAndGo(4) or + createAndWait(5). + + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the + snmpNotifyFilterProfileRowStatus column is 'notReady'. + + In particular, a newly created row cannot be made + active until the corresponding instance of + snmpNotifyFilterProfileName has been set." + ::= { snmpNotifyFilterProfileEntry 3 } + +snmpNotifyFilterTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpNotifyFilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of filter profiles. Filter profiles are used + to determine whether particular management targets should + receive particular notifications. + + When a notification is generated, it must be compared + with the filters associated with each management target + which is configured to receive notifications, in order to + determine whether it may be sent to each such management + target. + + A more complete discussion of notification filtering + can be found in section 6. of [SNMP-APPL]." + ::= { snmpNotifyObjects 3 } + +snmpNotifyFilterEntry OBJECT-TYPE + SYNTAX SnmpNotifyFilterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An element of a filter profile. + + Entries in the snmpNotifyFilterTable are created and + deleted using the snmpNotifyFilterRowStatus object." + INDEX { snmpNotifyFilterProfileName, + IMPLIED snmpNotifyFilterSubtree } + ::= { snmpNotifyFilterTable 1 } + +SnmpNotifyFilterEntry ::= SEQUENCE { + snmpNotifyFilterSubtree OBJECT IDENTIFIER, + snmpNotifyFilterMask OCTET STRING, + snmpNotifyFilterType INTEGER, + snmpNotifyFilterStorageType StorageType, + snmpNotifyFilterRowStatus RowStatus +} + +snmpNotifyFilterSubtree OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The MIB subtree which, when combined with the corresponding + instance of snmpNotifyFilterMask, defines a family of + subtrees which are included in or excluded from the + filter profile." + ::= { snmpNotifyFilterEntry 1 } + +snmpNotifyFilterMask OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The bit mask which, in combination with the corresponding + instance of snmpNotifyFilterSubtree, defines a family of + subtrees which are included in or excluded from the + filter profile. + + Each bit of this bit mask corresponds to a + sub-identifier of snmpNotifyFilterSubtree, with the + most significant bit of the i-th octet of this octet + string value (extended if necessary, see below) + corresponding to the (8*i - 7)-th sub-identifier, and + the least significant bit of the i-th octet of this + octet string corresponding to the (8*i)-th + sub-identifier, where i is in the range 1 through 16. + + Each bit of this bit mask specifies whether or not + the corresponding sub-identifiers must match when + determining if an OBJECT IDENTIFIER matches this + family of filter subtrees; a '1' indicates that an + exact match must occur; a '0' indicates 'wild card', + i.e., any sub-identifier value matches. + + Thus, the OBJECT IDENTIFIER X of an object instance + is contained in a family of filter subtrees if, for + each sub-identifier of the value of + snmpNotifyFilterSubtree, either: + + the i-th bit of snmpNotifyFilterMask is 0, or + + the i-th sub-identifier of X is equal to the i-th + sub-identifier of the value of + snmpNotifyFilterSubtree. + + If the value of this bit mask is M bits long and + there are more than M sub-identifiers in the + corresponding instance of snmpNotifyFilterSubtree, + then the bit mask is extended with 1's to be the + required length. + + Note that when the value of this object is the + zero-length string, this extension rule results in + a mask of all-1's being used (i.e., no 'wild card'), + and the family of filter subtrees is the one + subtree uniquely identified by the corresponding + instance of snmpNotifyFilterSubtree." + DEFVAL { ''H } + ::= { snmpNotifyFilterEntry 2 } + +snmpNotifyFilterType OBJECT-TYPE + SYNTAX INTEGER { + included(1), + excluded(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates whether the family of filter subtrees + defined by this entry are included in or excluded from a + filter. A more detailed discussion of the use of this + object can be found in section 6. of [SNMP-APPL]." + DEFVAL { included } + ::= { snmpNotifyFilterEntry 3 } + +snmpNotifyFilterStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpNotifyFilterEntry 4 } + +snmpNotifyFilterRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + set this object to either createAndGo(4) or + createAndWait(5)." + ::= { snmpNotifyFilterEntry 5 } + +-- +-- +-- Conformance information +-- +-- + +snmpNotifyCompliances OBJECT IDENTIFIER ::= + { snmpNotifyConformance 1 } +snmpNotifyGroups OBJECT IDENTIFIER ::= + { snmpNotifyConformance 2 } + +-- +-- +-- Compliance statements +-- +-- + +snmpNotifyBasicCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for minimal SNMP entities which + implement only SNMP Unconfirmed-Class notifications and + read-create operations on only the snmpTargetAddrTable." + MODULE SNMP-TARGET-MIB + MANDATORY-GROUPS { snmpTargetBasicGroup } + + OBJECT snmpTargetParamsMPModel + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required." + + OBJECT snmpTargetParamsSecurityModel + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required." + + OBJECT snmpTargetParamsSecurityName + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required." + + OBJECT snmpTargetParamsSecurityLevel + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required." + + OBJECT snmpTargetParamsStorageType + SYNTAX INTEGER { + readOnly(5) + } + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required. + Support of the values other(1), volatile(2), + nonVolatile(3), and permanent(4) is not required." + + OBJECT snmpTargetParamsRowStatus + SYNTAX INTEGER { + active(1) + } + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access to the + snmpTargetParamsTable is not required. + Support of the values notInService(2), notReady(3), + createAndGo(4), createAndWait(5), and destroy(6) is + not required." + + MODULE -- This Module + MANDATORY-GROUPS { snmpNotifyGroup } + + OBJECT snmpNotifyTag + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required." + + OBJECT snmpNotifyType + SYNTAX INTEGER { + trap(1) + } + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required. + Support of the value notify(2) is not required." + + OBJECT snmpNotifyStorageType + SYNTAX INTEGER { + readOnly(5) + } + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access is not required. + Support of the values other(1), volatile(2), + nonVolatile(3), and permanent(4) is not required." + + OBJECT snmpNotifyRowStatus + SYNTAX INTEGER { + active(1) + } + MIN-ACCESS read-only + DESCRIPTION + "Create/delete/modify access to the + snmpNotifyTable is not required. + Support of the values notInService(2), notReady(3), + createAndGo(4), createAndWait(5), and destroy(6) is + not required." + ::= { snmpNotifyCompliances 1 } + +snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which implement + SNMP Unconfirmed-Class notifications with filtering, and + read-create operations on all related tables." + MODULE SNMP-TARGET-MIB + MANDATORY-GROUPS { snmpTargetBasicGroup } + MODULE -- This Module + MANDATORY-GROUPS { snmpNotifyGroup, + snmpNotifyFilterGroup } + ::= { snmpNotifyCompliances 2 } + +snmpNotifyFullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which either + implement only SNMP Confirmed-Class notifications, or both + SNMP Unconfirmed-Class and Confirmed-Class notifications, + plus filtering and read-create operations on all related + tables." + MODULE SNMP-TARGET-MIB + MANDATORY-GROUPS { snmpTargetBasicGroup, + snmpTargetResponseGroup } + MODULE -- This Module + MANDATORY-GROUPS { snmpNotifyGroup, + snmpNotifyFilterGroup } + ::= { snmpNotifyCompliances 3 } + +snmpNotifyGroup OBJECT-GROUP + OBJECTS { + snmpNotifyTag, + snmpNotifyType, + snmpNotifyStorageType, + snmpNotifyRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects for selecting which management + targets are used for generating notifications, and the + type of notification to be generated for each selected + management target." + ::= { snmpNotifyGroups 1 } + +snmpNotifyFilterGroup OBJECT-GROUP + OBJECTS { + snmpNotifyFilterProfileName, + snmpNotifyFilterProfileStorType, + snmpNotifyFilterProfileRowStatus, + snmpNotifyFilterMask, + snmpNotifyFilterType, + snmpNotifyFilterStorageType, + snmpNotifyFilterRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing remote configuration + of notification filters." + ::= { snmpNotifyGroups 2 } + +END diff --git a/data/mibs/SNMP-PROXY-MIB.txt b/data/mibs/SNMP-PROXY-MIB.txt new file mode 100644 index 000000000..4a72e8603 --- /dev/null +++ b/data/mibs/SNMP-PROXY-MIB.txt @@ -0,0 +1,294 @@ +SNMP-PROXY-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + snmpModules + FROM SNMPv2-SMI + + RowStatus, + StorageType + FROM SNMPv2-TC + + SnmpEngineID, + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + + SnmpTagValue + FROM SNMP-TARGET-MIB + + MODULE-COMPLIANCE, + OBJECT-GROUP + FROM SNMPv2-CONF; + +snmpProxyMIB MODULE-IDENTITY + LAST-UPDATED "200210140000Z" + ORGANIZATION "IETF SNMPv3 Working Group" + CONTACT-INFO + "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In message body: subscribe snmpv3 + + Co-Chair: Russ Mundy + Network Associates Laboratories + Postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + Phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor: David B. Levi + Nortel Networks + Postal: 3505 Kesterwood Drive + Knoxville, Tennessee 37918 + EMail: dlevi@nortelnetworks.com + Phone: +1 865 686 0432 + + Co-editor: Paul Meyer + Secure Computing Corporation + Postal: 2675 Long Lake Road + Roseville, Minnesota 55113 + EMail: paul_meyer@securecomputing.com + Phone: +1 651 628 1592 + + Co-editor: Bob Stewart + Retired" + DESCRIPTION + "This MIB module defines MIB objects which provide + mechanisms to remotely configure the parameters + used by a proxy forwarding application. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3413; + see the RFC itself for full legal notices. + " + REVISION "200210140000Z" -- 14 October 2002 + DESCRIPTION "Clarifications, published as + RFC 3413." + REVISION "199808040000Z" -- 4 August 1998 + DESCRIPTION "Clarifications, published as + RFC 2573." + REVISION "199707140000Z" -- 14 July 1997 + DESCRIPTION "The initial revision, published as RFC2273." + ::= { snmpModules 14 } + +snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } +snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } + +-- + +-- +-- The snmpProxyObjects group +-- +-- + +snmpProxyTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpProxyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of translation parameters used by proxy forwarder + applications for forwarding SNMP messages." + ::= { snmpProxyObjects 2 } + +snmpProxyEntry OBJECT-TYPE + SYNTAX SnmpProxyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of translation parameters used by a proxy forwarder + application for forwarding SNMP messages. + + Entries in the snmpProxyTable are created and deleted + using the snmpProxyRowStatus object." + INDEX { IMPLIED snmpProxyName } + ::= { snmpProxyTable 1 } + +SnmpProxyEntry ::= SEQUENCE { + snmpProxyName SnmpAdminString, + snmpProxyType INTEGER, + snmpProxyContextEngineID SnmpEngineID, + snmpProxyContextName SnmpAdminString, + snmpProxyTargetParamsIn SnmpAdminString, + snmpProxySingleTargetOut SnmpAdminString, + snmpProxyMultipleTargetOut SnmpTagValue, + snmpProxyStorageType StorageType, + snmpProxyRowStatus RowStatus +} + +snmpProxyName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this snmpProxyEntry." + ::= { snmpProxyEntry 1 } + +snmpProxyType OBJECT-TYPE + SYNTAX INTEGER { + read(1), + write(2), + trap(3), + inform(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The type of message that may be forwarded using + the translation parameters defined by this entry." + ::= { snmpProxyEntry 2 } + +snmpProxyContextEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The contextEngineID contained in messages that + may be forwarded using the translation parameters + defined by this entry." + ::= { snmpProxyEntry 3 } + +snmpProxyContextName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The contextName contained in messages that may be + forwarded using the translation parameters defined + by this entry. + + This object is optional, and if not supported, the + contextName contained in a message is ignored when + selecting an entry in the snmpProxyTable." + ::= { snmpProxyEntry 4 } + +snmpProxyTargetParamsIn OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object selects an entry in the snmpTargetParamsTable. + The selected entry is used to determine which row of the + snmpProxyTable to use for forwarding received messages." + ::= { snmpProxyEntry 5 } + +snmpProxySingleTargetOut OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object selects a management target defined in the + snmpTargetAddrTable (in the SNMP-TARGET-MIB). The + selected target is defined by an entry in the + snmpTargetAddrTable whose index value (snmpTargetAddrName) + is equal to this object. + + This object is only used when selection of a single + target is required (i.e. when forwarding an incoming + read or write request)." + ::= { snmpProxyEntry 6 } + +snmpProxyMultipleTargetOut OBJECT-TYPE + SYNTAX SnmpTagValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object selects a set of management targets defined + in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). + + This object is only used when selection of multiple + targets is required (i.e. when forwarding an incoming + notification)." + ::= { snmpProxyEntry 7 } + +snmpProxyStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type of this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpProxyEntry 8 } + +snmpProxyRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + + set this object to either createAndGo(4) or + createAndWait(5). + + The following objects may not be modified while the + value of this object is active(1): + - snmpProxyType + - snmpProxyContextEngineID + - snmpProxyContextName + - snmpProxyTargetParamsIn + - snmpProxySingleTargetOut + - snmpProxyMultipleTargetOut" + ::= { snmpProxyEntry 9 } + +-- +-- +-- Conformance information +-- +-- + +snmpProxyCompliances OBJECT IDENTIFIER ::= + { snmpProxyConformance 1 } +snmpProxyGroups OBJECT IDENTIFIER ::= + { snmpProxyConformance 2 } + +-- +-- +-- Compliance statements +-- +-- + +snmpProxyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which include + a proxy forwarding application." + MODULE SNMP-TARGET-MIB + MANDATORY-GROUPS { snmpTargetBasicGroup, + snmpTargetResponseGroup } + MODULE -- This Module + MANDATORY-GROUPS { snmpProxyGroup } + ::= { snmpProxyCompliances 1 } + +snmpProxyGroup OBJECT-GROUP + OBJECTS { + snmpProxyType, + snmpProxyContextEngineID, + snmpProxyContextName, + snmpProxyTargetParamsIn, + snmpProxySingleTargetOut, + snmpProxyMultipleTargetOut, + snmpProxyStorageType, + snmpProxyRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing remote configuration of + management target translation parameters for use by + proxy forwarder applications." + ::= { snmpProxyGroups 3 } + +END diff --git a/data/mibs/SNMP-TARGET-MIB.txt b/data/mibs/SNMP-TARGET-MIB.txt new file mode 100644 index 000000000..654afdd69 --- /dev/null +++ b/data/mibs/SNMP-TARGET-MIB.txt @@ -0,0 +1,660 @@ +SNMP-TARGET-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + snmpModules, + Counter32, + Integer32 + FROM SNMPv2-SMI + + TEXTUAL-CONVENTION, + TDomain, + TAddress, + TimeInterval, + RowStatus, + StorageType, + TestAndIncr + FROM SNMPv2-TC + + SnmpSecurityModel, + SnmpMessageProcessingModel, + SnmpSecurityLevel, + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + + MODULE-COMPLIANCE, + OBJECT-GROUP + FROM SNMPv2-CONF; + +snmpTargetMIB MODULE-IDENTITY + LAST-UPDATED "200210140000Z" + ORGANIZATION "IETF SNMPv3 Working Group" + CONTACT-INFO + "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In message body: subscribe snmpv3 + + Co-Chair: Russ Mundy + Network Associates Laboratories + Postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + Phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor: David B. Levi + Nortel Networks + Postal: 3505 Kesterwood Drive + Knoxville, Tennessee 37918 + EMail: dlevi@nortelnetworks.com + Phone: +1 865 686 0432 + + Co-editor: Paul Meyer + Secure Computing Corporation + Postal: 2675 Long Lake Road + + Roseville, Minnesota 55113 + EMail: paul_meyer@securecomputing.com + Phone: +1 651 628 1592 + + Co-editor: Bob Stewart + Retired" + DESCRIPTION + "This MIB module defines MIB objects which provide + mechanisms to remotely configure the parameters used + by an SNMP entity for the generation of SNMP messages. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3413; + see the RFC itself for full legal notices. + " + REVISION "200210140000Z" -- 14 October 2002 + DESCRIPTION "Fixed DISPLAY-HINTS for UTF-8 strings, fixed hex + value of LF characters, clarified meaning of zero + length tag values, improved tag list examples. + Published as RFC 3413." + REVISION "199808040000Z" -- 4 August 1998 + DESCRIPTION "Clarifications, published as + RFC 2573." + REVISION "199707140000Z" -- 14 July 1997 + DESCRIPTION "The initial revision, published as RFC2273." + ::= { snmpModules 12 } + +snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } +snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } + +SnmpTagValue ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255t" + STATUS current + DESCRIPTION + "An octet string containing a tag value. + Tag values are preferably in human-readable form. + + To facilitate internationalization, this information + is represented using the ISO/IEC IS 10646-1 character + set, encoded as an octet string using the UTF-8 + character encoding scheme described in RFC 2279. + + Since additional code points are added by amendments + to the 10646 standard from time to time, + implementations must be prepared to encounter any code + point from 0x00000000 to 0x7fffffff. + + The use of control codes should be avoided, and certain + + control codes are not allowed as described below. + + For code points not directly supported by user + interface hardware or software, an alternative means + of entry and display, such as hexadecimal, may be + provided. + + For information encoded in 7-bit US-ASCII, the UTF-8 + representation is identical to the US-ASCII encoding. + + Note that when this TC is used for an object that + is used or envisioned to be used as an index, then a + SIZE restriction must be specified so that the number + of sub-identifiers for any object instance does not + exceed the limit of 128, as defined by [RFC1905]. + + An object of this type contains a single tag value + which is used to select a set of entries in a table. + + A tag value is an arbitrary string of octets, but + may not contain a delimiter character. Delimiter + characters are defined to be one of the following: + + - An ASCII space character (0x20). + + - An ASCII TAB character (0x09). + + - An ASCII carriage return (CR) character (0x0D). + + - An ASCII line feed (LF) character (0x0A). + + Delimiter characters are used to separate tag values + in a tag list. An object of this type may only + contain a single tag value, and so delimiter + characters are not allowed in a value of this type. + + Note that a tag value of 0 length means that no tag is + defined. In other words, a tag value of 0 length would + never match anything in a tag list, and would never + select any table entries. + + Some examples of valid tag values are: + + - 'acme' + + - 'router' + + - 'host' + + The use of a tag value to select table entries is + application and MIB specific." + SYNTAX OCTET STRING (SIZE (0..255)) + +SnmpTagList ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255t" + STATUS current + DESCRIPTION + "An octet string containing a list of tag values. + Tag values are preferably in human-readable form. + + To facilitate internationalization, this information + is represented using the ISO/IEC IS 10646-1 character + set, encoded as an octet string using the UTF-8 + character encoding scheme described in RFC 2279. + + Since additional code points are added by amendments + to the 10646 standard from time to time, + implementations must be prepared to encounter any code + point from 0x00000000 to 0x7fffffff. + + The use of control codes should be avoided, except as + described below. + + For code points not directly supported by user + interface hardware or software, an alternative means + of entry and display, such as hexadecimal, may be + provided. + + For information encoded in 7-bit US-ASCII, the UTF-8 + representation is identical to the US-ASCII encoding. + + An object of this type contains a list of tag values + which are used to select a set of entries in a table. + + A tag value is an arbitrary string of octets, but + may not contain a delimiter character. Delimiter + characters are defined to be one of the following: + + - An ASCII space character (0x20). + + - An ASCII TAB character (0x09). + + - An ASCII carriage return (CR) character (0x0D). + + - An ASCII line feed (LF) character (0x0A). + + Delimiter characters are used to separate tag values + + in a tag list. Only a single delimiter character may + occur between two tag values. A tag value may not + have a zero length. These constraints imply certain + restrictions on the contents of this object: + + - There cannot be a leading or trailing delimiter + character. + + - There cannot be multiple adjacent delimiter + characters. + + Some examples of valid tag lists are: + + - '' -- an empty list + + - 'acme' -- list of one tag + + - 'host router bridge' -- list of several tags + + Note that although a tag value may not have a length of + zero, an empty string is still valid. This indicates + an empty list (i.e. there are no tag values in the list). + + The use of the tag list to select table entries is + application and MIB specific. Typically, an application + will provide one or more tag values, and any entry + which contains some combination of these tag values + will be selected." + SYNTAX OCTET STRING (SIZE (0..255)) + +-- +-- +-- The snmpTargetObjects group +-- +-- + +snmpTargetSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to facilitate modification of table + entries in the SNMP-TARGET-MIB module by multiple + managers. In particular, it is useful when modifying + the value of the snmpTargetAddrTagList object. + + The procedure for modifying the snmpTargetAddrTagList + object is as follows: + + 1. Retrieve the value of snmpTargetSpinLock and + of snmpTargetAddrTagList. + + 2. Generate a new value for snmpTargetAddrTagList. + + 3. Set the value of snmpTargetSpinLock to the + retrieved value, and the value of + snmpTargetAddrTagList to the new value. If + the set fails for the snmpTargetSpinLock + object, go back to step 1." + ::= { snmpTargetObjects 1 } + +snmpTargetAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpTargetAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of transport addresses to be used in the generation + of SNMP messages." + ::= { snmpTargetObjects 2 } + +snmpTargetAddrEntry OBJECT-TYPE + SYNTAX SnmpTargetAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A transport address to be used in the generation + of SNMP operations. + + Entries in the snmpTargetAddrTable are created and + deleted using the snmpTargetAddrRowStatus object." + INDEX { IMPLIED snmpTargetAddrName } + ::= { snmpTargetAddrTable 1 } + +SnmpTargetAddrEntry ::= SEQUENCE { + snmpTargetAddrName SnmpAdminString, + snmpTargetAddrTDomain TDomain, + snmpTargetAddrTAddress TAddress, + snmpTargetAddrTimeout TimeInterval, + snmpTargetAddrRetryCount Integer32, + snmpTargetAddrTagList SnmpTagList, + snmpTargetAddrParams SnmpAdminString, + snmpTargetAddrStorageType StorageType, + snmpTargetAddrRowStatus RowStatus +} + +snmpTargetAddrName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this snmpTargetAddrEntry." + ::= { snmpTargetAddrEntry 1 } + +snmpTargetAddrTDomain OBJECT-TYPE + SYNTAX TDomain + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates the transport type of the address + contained in the snmpTargetAddrTAddress object." + ::= { snmpTargetAddrEntry 2 } + +snmpTargetAddrTAddress OBJECT-TYPE + SYNTAX TAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object contains a transport address. The format of + this address depends on the value of the + snmpTargetAddrTDomain object." + ::= { snmpTargetAddrEntry 3 } + +snmpTargetAddrTimeout OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object should reflect the expected maximum round + trip time for communicating with the transport address + defined by this row. When a message is sent to this + address, and a response (if one is expected) is not + received within this time period, an implementation + may assume that the response will not be delivered. + + Note that the time interval that an application waits + for a response may actually be derived from the value + of this object. The method for deriving the actual time + interval is implementation dependent. One such method + is to derive the expected round trip time based on a + particular retransmission algorithm and on the number + of timeouts which have occurred. The type of message may + also be considered when deriving expected round trip + times for retransmissions. For example, if a message is + being sent with a securityLevel that indicates both + + authentication and privacy, the derived value may be + increased to compensate for extra processing time spent + during authentication and encryption processing." + DEFVAL { 1500 } + ::= { snmpTargetAddrEntry 4 } + +snmpTargetAddrRetryCount OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies a default number of retries to be + attempted when a response is not received for a generated + message. An application may provide its own retry count, + in which case the value of this object is ignored." + DEFVAL { 3 } + ::= { snmpTargetAddrEntry 5 } + +snmpTargetAddrTagList OBJECT-TYPE + SYNTAX SnmpTagList + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object contains a list of tag values which are + used to select target addresses for a particular + operation." + DEFVAL { "" } + ::= { snmpTargetAddrEntry 6 } + +snmpTargetAddrParams OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object identifies an entry in the + snmpTargetParamsTable. The identified entry + contains SNMP parameters to be used when generating + messages to be sent to this transport address." + ::= { snmpTargetAddrEntry 7 } + +snmpTargetAddrStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpTargetAddrEntry 8 } + +snmpTargetAddrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + set this object to either createAndGo(4) or + createAndWait(5). + + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the snmpTargetAddrRowStatus + column is 'notReady'. + + In particular, a newly created row cannot be made + active until the corresponding instances of + snmpTargetAddrTDomain, snmpTargetAddrTAddress, and + snmpTargetAddrParams have all been set. + + The following objects may not be modified while the + value of this object is active(1): + - snmpTargetAddrTDomain + - snmpTargetAddrTAddress + An attempt to set these objects while the value of + snmpTargetAddrRowStatus is active(1) will result in + an inconsistentValue error." + ::= { snmpTargetAddrEntry 9 } + +snmpTargetParamsTable OBJECT-TYPE + SYNTAX SEQUENCE OF SnmpTargetParamsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of SNMP target information to be used + in the generation of SNMP messages." + ::= { snmpTargetObjects 3 } + +snmpTargetParamsEntry OBJECT-TYPE + SYNTAX SnmpTargetParamsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A set of SNMP target information. + + Entries in the snmpTargetParamsTable are created and + deleted using the snmpTargetParamsRowStatus object." + INDEX { IMPLIED snmpTargetParamsName } + ::= { snmpTargetParamsTable 1 } + +SnmpTargetParamsEntry ::= SEQUENCE { + snmpTargetParamsName SnmpAdminString, + snmpTargetParamsMPModel SnmpMessageProcessingModel, + snmpTargetParamsSecurityModel SnmpSecurityModel, + snmpTargetParamsSecurityName SnmpAdminString, + snmpTargetParamsSecurityLevel SnmpSecurityLevel, + snmpTargetParamsStorageType StorageType, + snmpTargetParamsRowStatus RowStatus +} + +snmpTargetParamsName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this snmpTargetParamsEntry." + ::= { snmpTargetParamsEntry 1 } + +snmpTargetParamsMPModel OBJECT-TYPE + SYNTAX SnmpMessageProcessingModel + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Message Processing Model to be used when generating + SNMP messages using this entry." + ::= { snmpTargetParamsEntry 2 } + +snmpTargetParamsSecurityModel OBJECT-TYPE + SYNTAX SnmpSecurityModel (1..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Security Model to be used when generating SNMP + messages using this entry. An implementation may + choose to return an inconsistentValue error if an + attempt is made to set this variable to a value + for a security model which the implementation does + not support." + ::= { snmpTargetParamsEntry 3 } + +snmpTargetParamsSecurityName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The securityName which identifies the Principal on + whose behalf SNMP messages will be generated using + this entry." + ::= { snmpTargetParamsEntry 4 } + +snmpTargetParamsSecurityLevel OBJECT-TYPE + SYNTAX SnmpSecurityLevel + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Level of Security to be used when generating + SNMP messages using this entry." + ::= { snmpTargetParamsEntry 5 } + +snmpTargetParamsStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row." + DEFVAL { nonVolatile } + ::= { snmpTargetParamsEntry 6 } + +snmpTargetParamsRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this conceptual row. + + To create a row in this table, a manager must + set this object to either createAndGo(4) or + createAndWait(5). + + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the snmpTargetParamsRowStatus + column is 'notReady'. + + In particular, a newly created row cannot be made + active until the corresponding + snmpTargetParamsMPModel, + snmpTargetParamsSecurityModel, + snmpTargetParamsSecurityName, + and snmpTargetParamsSecurityLevel have all been set. + + The following objects may not be modified while the + value of this object is active(1): + - snmpTargetParamsMPModel + - snmpTargetParamsSecurityModel + - snmpTargetParamsSecurityName + - snmpTargetParamsSecurityLevel + An attempt to set these objects while the value of + snmpTargetParamsRowStatus is active(1) will result in + an inconsistentValue error." + ::= { snmpTargetParamsEntry 7 } + +snmpUnavailableContexts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by the SNMP + engine which were dropped because the context + contained in the message was unavailable." + ::= { snmpTargetObjects 4 } + +snmpUnknownContexts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by the SNMP + engine which were dropped because the context + contained in the message was unknown." + ::= { snmpTargetObjects 5 } + +-- +-- +-- Conformance information +-- +-- + +snmpTargetCompliances OBJECT IDENTIFIER ::= + { snmpTargetConformance 1 } +snmpTargetGroups OBJECT IDENTIFIER ::= + { snmpTargetConformance 2 } + +-- +-- +-- Compliance statements + +-- +-- + +snmpTargetCommandResponderCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which include + a command responder application." + MODULE -- This Module + MANDATORY-GROUPS { snmpTargetCommandResponderGroup } + ::= { snmpTargetCompliances 1 } + +snmpTargetBasicGroup OBJECT-GROUP + OBJECTS { + snmpTargetSpinLock, + snmpTargetAddrTDomain, + snmpTargetAddrTAddress, + snmpTargetAddrTagList, + snmpTargetAddrParams, + snmpTargetAddrStorageType, + snmpTargetAddrRowStatus, + snmpTargetParamsMPModel, + snmpTargetParamsSecurityModel, + snmpTargetParamsSecurityName, + snmpTargetParamsSecurityLevel, + snmpTargetParamsStorageType, + snmpTargetParamsRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing basic remote + configuration of management targets." + ::= { snmpTargetGroups 1 } + +snmpTargetResponseGroup OBJECT-GROUP + OBJECTS { + snmpTargetAddrTimeout, + snmpTargetAddrRetryCount + } + STATUS current + DESCRIPTION + "A collection of objects providing remote configuration + of management targets for applications which generate + SNMP messages for which a response message would be + expected." + ::= { snmpTargetGroups 2 } + +snmpTargetCommandResponderGroup OBJECT-GROUP + + OBJECTS { + snmpUnavailableContexts, + snmpUnknownContexts + } + STATUS current + DESCRIPTION + "A collection of objects required for command responder + applications, used for counting error conditions." + ::= { snmpTargetGroups 3 } + +END diff --git a/data/mibs/SNMP-USER-BASED-SM-MIB.txt b/data/mibs/SNMP-USER-BASED-SM-MIB.txt new file mode 100644 index 000000000..3b714030c --- /dev/null +++ b/data/mibs/SNMP-USER-BASED-SM-MIB.txt @@ -0,0 +1,912 @@ +SNMP-USER-BASED-SM-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + OBJECT-IDENTITY, + snmpModules, Counter32 FROM SNMPv2-SMI + TEXTUAL-CONVENTION, TestAndIncr, + RowStatus, RowPointer, + StorageType, AutonomousType FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + SnmpAdminString, SnmpEngineID, + snmpAuthProtocols, snmpPrivProtocols FROM SNMP-FRAMEWORK-MIB; + +snmpUsmMIB MODULE-IDENTITY + LAST-UPDATED "200210160000Z" -- 16 Oct 2002, midnight + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In msg body: subscribe snmpv3 + + Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + email: mundy@tislabs.com + + phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor Uri Blumenthal + Lucent Technologies + postal: 67 Whippany Rd. + Whippany, NJ 07981 + USA + email: uri@lucent.com + phone: +1-973-386-2163 + + Co-editor: Bert Wijnen + Lucent Technologies + postal: Schagen 33 + 3461 GL Linschoten + Netherlands + email: bwijnen@lucent.com + phone: +31-348-480-685 + " + DESCRIPTION "The management information definitions for the + SNMP User-based Security Model. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3414; + see the RFC itself for full legal notices. + " +-- Revision history + + REVISION "200210160000Z" -- 16 Oct 2002, midnight + DESCRIPTION "Changes in this revision: + - Updated references and contact info. + - Clarification to usmUserCloneFrom DESCRIPTION + clause + - Fixed 'command responder' into 'command generator' + in last para of DESCRIPTION clause of + usmUserTable. + This revision published as RFC3414. + " + REVISION "199901200000Z" -- 20 Jan 1999, midnight + DESCRIPTION "Clarifications, published as RFC2574" + + REVISION "199711200000Z" -- 20 Nov 1997, midnight + DESCRIPTION "Initial version, published as RFC2274" + ::= { snmpModules 15 } + +-- Administrative assignments **************************************** + +usmMIBObjects OBJECT IDENTIFIER ::= { snmpUsmMIB 1 } +usmMIBConformance OBJECT IDENTIFIER ::= { snmpUsmMIB 2 } + +-- Identification of Authentication and Privacy Protocols ************ + +usmNoAuthProtocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "No Authentication Protocol." + ::= { snmpAuthProtocols 1 } + +usmHMACMD5AuthProtocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "The HMAC-MD5-96 Digest Authentication Protocol." + REFERENCE "- H. Krawczyk, M. Bellare, R. Canetti HMAC: + Keyed-Hashing for Message Authentication, + RFC2104, Feb 1997. + - Rivest, R., Message Digest Algorithm MD5, RFC1321. + " + ::= { snmpAuthProtocols 2 } + +usmHMACSHAAuthProtocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "The HMAC-SHA-96 Digest Authentication Protocol." + REFERENCE "- H. Krawczyk, M. Bellare, R. Canetti, HMAC: + Keyed-Hashing for Message Authentication, + RFC2104, Feb 1997. + - Secure Hash Algorithm. NIST FIPS 180-1. + " + ::= { snmpAuthProtocols 3 } + +usmNoPrivProtocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "No Privacy Protocol." + ::= { snmpPrivProtocols 1 } + +usmDESPrivProtocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "The CBC-DES Symmetric Encryption Protocol." + REFERENCE "- Data Encryption Standard, National Institute of + Standards and Technology. Federal Information + Processing Standard (FIPS) Publication 46-1. + + Supersedes FIPS Publication 46, + (January, 1977; reaffirmed January, 1988). + + - Data Encryption Algorithm, American National + Standards Institute. ANSI X3.92-1981, + (December, 1980). + + - DES Modes of Operation, National Institute of + Standards and Technology. Federal Information + Processing Standard (FIPS) Publication 81, + (December, 1980). + + - Data Encryption Algorithm - Modes of Operation, + American National Standards Institute. + ANSI X3.106-1983, (May 1983). + " + ::= { snmpPrivProtocols 2 } + +-- Textual Conventions *********************************************** + +KeyChange ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Every definition of an object with this syntax must identify + a protocol P, a secret key K, and a hash algorithm H + that produces output of L octets. + + The object's value is a manager-generated, partially-random + value which, when modified, causes the value of the secret + key K, to be modified via a one-way function. + + The value of an instance of this object is the concatenation + of two components: first a 'random' component and then a + 'delta' component. + + The lengths of the random and delta components + are given by the corresponding value of the protocol P; + if P requires K to be a fixed length, the length of both the + random and delta components is that fixed length; if P + allows the length of K to be variable up to a particular + maximum length, the length of the random component is that + maximum length and the length of the delta component is any + length less than or equal to that maximum length. + For example, usmHMACMD5AuthProtocol requires K to be a fixed + length of 16 octets and L - of 16 octets. + usmHMACSHAAuthProtocol requires K to be a fixed length of + 20 octets and L - of 20 octets. Other protocols may define + other sizes, as deemed appropriate. + + When a requester wants to change the old key K to a new + key keyNew on a remote entity, the 'random' component is + obtained from either a true random generator, or from a + pseudorandom generator, and the 'delta' component is + computed as follows: + + - a temporary variable is initialized to the existing value + of K; + - if the length of the keyNew is greater than L octets, + then: + - the random component is appended to the value of the + temporary variable, and the result is input to the + the hash algorithm H to produce a digest value, and + the temporary variable is set to this digest value; + - the value of the temporary variable is XOR-ed with + the first (next) L-octets (16 octets in case of MD5) + of the keyNew to produce the first (next) L-octets + (16 octets in case of MD5) of the 'delta' component. + - the above two steps are repeated until the unused + portion of the keyNew component is L octets or less, + - the random component is appended to the value of the + temporary variable, and the result is input to the + hash algorithm H to produce a digest value; + - this digest value, truncated if necessary to be the same + length as the unused portion of the keyNew, is XOR-ed + with the unused portion of the keyNew to produce the + (final portion of the) 'delta' component. + + For example, using MD5 as the hash algorithm H: + + iterations = (lenOfDelta - 1)/16; /* integer division */ + temp = keyOld; + for (i = 0; i < iterations; i++) { + temp = MD5 (temp || random); + delta[i*16 .. (i*16)+15] = + temp XOR keyNew[i*16 .. (i*16)+15]; + } + temp = MD5 (temp || random); + delta[i*16 .. lenOfDelta-1] = + temp XOR keyNew[i*16 .. lenOfDelta-1]; + + The 'random' and 'delta' components are then concatenated as + described above, and the resulting octet string is sent to + the recipient as the new value of an instance of this object. + + At the receiver side, when an instance of this object is set + to a new value, then a new value of K is computed as follows: + + - a temporary variable is initialized to the existing value + of K; + - if the length of the delta component is greater than L + octets, then: + - the random component is appended to the value of the + temporary variable, and the result is input to the + hash algorithm H to produce a digest value, and the + temporary variable is set to this digest value; + - the value of the temporary variable is XOR-ed with + the first (next) L-octets (16 octets in case of MD5) + of the delta component to produce the first (next) + L-octets (16 octets in case of MD5) of the new value + of K. + - the above two steps are repeated until the unused + portion of the delta component is L octets or less, + - the random component is appended to the value of the + temporary variable, and the result is input to the + hash algorithm H to produce a digest value; + - this digest value, truncated if necessary to be the same + length as the unused portion of the delta component, is + XOR-ed with the unused portion of the delta component to + produce the (final portion of the) new value of K. + + For example, using MD5 as the hash algorithm H: + + iterations = (lenOfDelta - 1)/16; /* integer division */ + temp = keyOld; + for (i = 0; i < iterations; i++) { + temp = MD5 (temp || random); + keyNew[i*16 .. (i*16)+15] = + temp XOR delta[i*16 .. (i*16)+15]; + } + temp = MD5 (temp || random); + keyNew[i*16 .. lenOfDelta-1] = + temp XOR delta[i*16 .. lenOfDelta-1]; + + The value of an object with this syntax, whenever it is + retrieved by the management protocol, is always the zero + length string. + + Note that the keyOld and keyNew are the localized keys. + + Note that it is probably wise that when an SNMP entity sends + a SetRequest to change a key, that it keeps a copy of the old + key until it has confirmed that the key change actually + succeeded. + " + SYNTAX OCTET STRING + +-- Statistics for the User-based Security Model ********************** + +usmStats OBJECT IDENTIFIER ::= { usmMIBObjects 1 } + +usmStatsUnsupportedSecLevels OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they requested a + securityLevel that was unknown to the SNMP engine + or otherwise unavailable. + " + ::= { usmStats 1 } + +usmStatsNotInTimeWindows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they appeared + outside of the authoritative SNMP engine's window. + " + ::= { usmStats 2 } + +usmStatsUnknownUserNames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they referenced a + user that was not known to the SNMP engine. + " + ::= { usmStats 3 } + +usmStatsUnknownEngineIDs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they referenced an + snmpEngineID that was not known to the SNMP engine. + " + ::= { usmStats 4 } + +usmStatsWrongDigests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they didn't + contain the expected digest value. + " + ::= { usmStats 5 } + +usmStatsDecryptionErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The total number of packets received by the SNMP + engine which were dropped because they could not be + decrypted. + " + ::= { usmStats 6 } + +-- The usmUser Group ************************************************ + +usmUser OBJECT IDENTIFIER ::= { usmMIBObjects 2 } + +usmUserSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION "An advisory lock used to allow several cooperating + Command Generator Applications to coordinate their + use of facilities to alter secrets in the + usmUserTable. + " + ::= { usmUser 1 } + +-- The table of valid users for the User-based Security Model ******** + +usmUserTable OBJECT-TYPE + SYNTAX SEQUENCE OF UsmUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table of users configured in the SNMP engine's + Local Configuration Datastore (LCD). + + To create a new user (i.e., to instantiate a new + conceptual row in this table), it is recommended to + follow this procedure: + + 1) GET(usmUserSpinLock.0) and save in sValue. + + 2) SET(usmUserSpinLock.0=sValue, + usmUserCloneFrom=templateUser, + usmUserStatus=createAndWait) + You should use a template user to clone from + which has the proper auth/priv protocol defined. + + If the new user is to use privacy: + + 3) generate the keyChange value based on the secret + privKey of the clone-from user and the secret key + to be used for the new user. Let us call this + pkcValue. + 4) GET(usmUserSpinLock.0) and save in sValue. + 5) SET(usmUserSpinLock.0=sValue, + usmUserPrivKeyChange=pkcValue + usmUserPublic=randomValue1) + 6) GET(usmUserPulic) and check it has randomValue1. + If not, repeat steps 4-6. + + If the new user will never use privacy: + + 7) SET(usmUserPrivProtocol=usmNoPrivProtocol) + + If the new user is to use authentication: + + 8) generate the keyChange value based on the secret + authKey of the clone-from user and the secret key + to be used for the new user. Let us call this + akcValue. + 9) GET(usmUserSpinLock.0) and save in sValue. + 10) SET(usmUserSpinLock.0=sValue, + usmUserAuthKeyChange=akcValue + usmUserPublic=randomValue2) + 11) GET(usmUserPulic) and check it has randomValue2. + If not, repeat steps 9-11. + + If the new user will never use authentication: + + 12) SET(usmUserAuthProtocol=usmNoAuthProtocol) + + Finally, activate the new user: + + 13) SET(usmUserStatus=active) + + The new user should now be available and ready to be + used for SNMPv3 communication. Note however that access + to MIB data must be provided via configuration of the + SNMP-VIEW-BASED-ACM-MIB. + + The use of usmUserSpinlock is to avoid conflicts with + another SNMP command generator application which may + also be acting on the usmUserTable. + " + ::= { usmUser 2 } + +usmUserEntry OBJECT-TYPE + SYNTAX UsmUserEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A user configured in the SNMP engine's Local + Configuration Datastore (LCD) for the User-based + Security Model. + " + INDEX { usmUserEngineID, + usmUserName + } + ::= { usmUserTable 1 } + +UsmUserEntry ::= SEQUENCE + { + usmUserEngineID SnmpEngineID, + usmUserName SnmpAdminString, + usmUserSecurityName SnmpAdminString, + usmUserCloneFrom RowPointer, + usmUserAuthProtocol AutonomousType, + usmUserAuthKeyChange KeyChange, + usmUserOwnAuthKeyChange KeyChange, + usmUserPrivProtocol AutonomousType, + usmUserPrivKeyChange KeyChange, + usmUserOwnPrivKeyChange KeyChange, + usmUserPublic OCTET STRING, + usmUserStorageType StorageType, + usmUserStatus RowStatus + } + +usmUserEngineID OBJECT-TYPE + SYNTAX SnmpEngineID + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An SNMP engine's administratively-unique identifier. + + In a simple agent, this value is always that agent's + own snmpEngineID value. + + The value can also take the value of the snmpEngineID + of a remote SNMP engine with which this user can + communicate. + " + ::= { usmUserEntry 1 } + +usmUserName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "A human readable string representing the name of + the user. + + This is the (User-based Security) Model dependent + security ID. + " + ::= { usmUserEntry 2 } + +usmUserSecurityName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A human readable string representing the user in + Security Model independent format. + + The default transformation of the User-based Security + Model dependent security ID to the securityName and + vice versa is the identity function so that the + securityName is the same as the userName. + " + ::= { usmUserEntry 3 } + +usmUserCloneFrom OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-create + STATUS current + DESCRIPTION "A pointer to another conceptual row in this + usmUserTable. The user in this other conceptual + row is called the clone-from user. + + When a new user is created (i.e., a new conceptual + row is instantiated in this table), the privacy and + authentication parameters of the new user must be + cloned from its clone-from user. These parameters are: + - authentication protocol (usmUserAuthProtocol) + - privacy protocol (usmUserPrivProtocol) + They will be copied regardless of what the current + value is. + + Cloning also causes the initial values of the secret + authentication key (authKey) and the secret encryption + + key (privKey) of the new user to be set to the same + values as the corresponding secrets of the clone-from + user to allow the KeyChange process to occur as + required during user creation. + + The first time an instance of this object is set by + a management operation (either at or after its + instantiation), the cloning process is invoked. + Subsequent writes are successful but invoke no + action to be taken by the receiver. + The cloning process fails with an 'inconsistentName' + error if the conceptual row representing the + clone-from user does not exist or is not in an active + state when the cloning process is invoked. + + When this object is read, the ZeroDotZero OID + is returned. + " + ::= { usmUserEntry 4 } + +usmUserAuthProtocol OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "An indication of whether messages sent on behalf of + this user to/from the SNMP engine identified by + usmUserEngineID, can be authenticated, and if so, + the type of authentication protocol which is used. + + An instance of this object is created concurrently + with the creation of any other object instance for + the same user (i.e., as part of the processing of + the set operation which creates the first object + instance in the same conceptual row). + + If an initial set operation (i.e. at row creation time) + tries to set a value for an unknown or unsupported + protocol, then a 'wrongValue' error must be returned. + + The value will be overwritten/set when a set operation + is performed on the corresponding instance of + usmUserCloneFrom. + + Once instantiated, the value of such an instance of + this object can only be changed via a set operation to + the value of the usmNoAuthProtocol. + + If a set operation tries to change the value of an + + existing instance of this object to any value other + than usmNoAuthProtocol, then an 'inconsistentValue' + error must be returned. + + If a set operation tries to set the value to the + usmNoAuthProtocol while the usmUserPrivProtocol value + in the same row is not equal to usmNoPrivProtocol, + then an 'inconsistentValue' error must be returned. + That means that an SNMP command generator application + must first ensure that the usmUserPrivProtocol is set + to the usmNoPrivProtocol value before it can set + the usmUserAuthProtocol value to usmNoAuthProtocol. + " + DEFVAL { usmNoAuthProtocol } + ::= { usmUserEntry 5 } + +usmUserAuthKeyChange OBJECT-TYPE + SYNTAX KeyChange -- typically (SIZE (0 | 32)) for HMACMD5 + -- typically (SIZE (0 | 40)) for HMACSHA + MAX-ACCESS read-create + STATUS current + DESCRIPTION "An object, which when modified, causes the secret + authentication key used for messages sent on behalf + of this user to/from the SNMP engine identified by + usmUserEngineID, to be modified via a one-way + function. + + The associated protocol is the usmUserAuthProtocol. + The associated secret key is the user's secret + authentication key (authKey). The associated hash + algorithm is the algorithm used by the user's + usmUserAuthProtocol. + + When creating a new user, it is an 'inconsistentName' + error for a set operation to refer to this object + unless it is previously or concurrently initialized + through a set operation on the corresponding instance + of usmUserCloneFrom. + + When the value of the corresponding usmUserAuthProtocol + is usmNoAuthProtocol, then a set is successful, but + effectively is a no-op. + + When this object is read, the zero-length (empty) + string is returned. + + The recommended way to do a key change is as follows: + + 1) GET(usmUserSpinLock.0) and save in sValue. + 2) generate the keyChange value based on the old + (existing) secret key and the new secret key, + let us call this kcValue. + + If you do the key change on behalf of another user: + + 3) SET(usmUserSpinLock.0=sValue, + usmUserAuthKeyChange=kcValue + usmUserPublic=randomValue) + + If you do the key change for yourself: + + 4) SET(usmUserSpinLock.0=sValue, + usmUserOwnAuthKeyChange=kcValue + usmUserPublic=randomValue) + + If you get a response with error-status of noError, + then the SET succeeded and the new key is active. + If you do not get a response, then you can issue a + GET(usmUserPublic) and check if the value is equal + to the randomValue you did send in the SET. If so, then + the key change succeeded and the new key is active + (probably the response got lost). If not, then the SET + request probably never reached the target and so you + can start over with the procedure above. + " + DEFVAL { ''H } -- the empty string + ::= { usmUserEntry 6 } + +usmUserOwnAuthKeyChange OBJECT-TYPE + SYNTAX KeyChange -- typically (SIZE (0 | 32)) for HMACMD5 + -- typically (SIZE (0 | 40)) for HMACSHA + MAX-ACCESS read-create + STATUS current + DESCRIPTION "Behaves exactly as usmUserAuthKeyChange, with one + notable difference: in order for the set operation + to succeed, the usmUserName of the operation + requester must match the usmUserName that + indexes the row which is targeted by this + operation. + In addition, the USM security model must be + used for this operation. + + The idea here is that access to this column can be + public, since it will only allow a user to change + his own secret authentication key (authKey). + Note that this can only be done once the row is active. + + When a set is received and the usmUserName of the + requester is not the same as the umsUserName that + indexes the row which is targeted by this operation, + then a 'noAccess' error must be returned. + + When a set is received and the security model in use + is not USM, then a 'noAccess' error must be returned. + " + DEFVAL { ''H } -- the empty string + ::= { usmUserEntry 7 } + +usmUserPrivProtocol OBJECT-TYPE + SYNTAX AutonomousType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "An indication of whether messages sent on behalf of + this user to/from the SNMP engine identified by + usmUserEngineID, can be protected from disclosure, + and if so, the type of privacy protocol which is used. + + An instance of this object is created concurrently + with the creation of any other object instance for + the same user (i.e., as part of the processing of + the set operation which creates the first object + instance in the same conceptual row). + + If an initial set operation (i.e. at row creation time) + tries to set a value for an unknown or unsupported + protocol, then a 'wrongValue' error must be returned. + + The value will be overwritten/set when a set operation + is performed on the corresponding instance of + usmUserCloneFrom. + + Once instantiated, the value of such an instance of + this object can only be changed via a set operation to + the value of the usmNoPrivProtocol. + + If a set operation tries to change the value of an + existing instance of this object to any value other + than usmNoPrivProtocol, then an 'inconsistentValue' + error must be returned. + + Note that if any privacy protocol is used, then you + must also use an authentication protocol. In other + words, if usmUserPrivProtocol is set to anything else + than usmNoPrivProtocol, then the corresponding instance + of usmUserAuthProtocol cannot have a value of + + usmNoAuthProtocol. If it does, then an + 'inconsistentValue' error must be returned. + " + DEFVAL { usmNoPrivProtocol } + ::= { usmUserEntry 8 } + +usmUserPrivKeyChange OBJECT-TYPE + SYNTAX KeyChange -- typically (SIZE (0 | 32)) for DES + MAX-ACCESS read-create + STATUS current + DESCRIPTION "An object, which when modified, causes the secret + encryption key used for messages sent on behalf + of this user to/from the SNMP engine identified by + usmUserEngineID, to be modified via a one-way + function. + + The associated protocol is the usmUserPrivProtocol. + The associated secret key is the user's secret + privacy key (privKey). The associated hash + algorithm is the algorithm used by the user's + usmUserAuthProtocol. + + When creating a new user, it is an 'inconsistentName' + error for a set operation to refer to this object + unless it is previously or concurrently initialized + through a set operation on the corresponding instance + of usmUserCloneFrom. + + When the value of the corresponding usmUserPrivProtocol + is usmNoPrivProtocol, then a set is successful, but + effectively is a no-op. + + When this object is read, the zero-length (empty) + string is returned. + See the description clause of usmUserAuthKeyChange for + a recommended procedure to do a key change. + " + DEFVAL { ''H } -- the empty string + ::= { usmUserEntry 9 } + +usmUserOwnPrivKeyChange OBJECT-TYPE + SYNTAX KeyChange -- typically (SIZE (0 | 32)) for DES + MAX-ACCESS read-create + STATUS current + DESCRIPTION "Behaves exactly as usmUserPrivKeyChange, with one + notable difference: in order for the Set operation + to succeed, the usmUserName of the operation + requester must match the usmUserName that indexes + + the row which is targeted by this operation. + In addition, the USM security model must be + used for this operation. + + The idea here is that access to this column can be + public, since it will only allow a user to change + his own secret privacy key (privKey). + Note that this can only be done once the row is active. + + When a set is received and the usmUserName of the + requester is not the same as the umsUserName that + indexes the row which is targeted by this operation, + then a 'noAccess' error must be returned. + + When a set is received and the security model in use + is not USM, then a 'noAccess' error must be returned. + " + DEFVAL { ''H } -- the empty string + ::= { usmUserEntry 10 } + +usmUserPublic OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "A publicly-readable value which can be written as part + of the procedure for changing a user's secret + authentication and/or privacy key, and later read to + determine whether the change of the secret was + effected. + " + DEFVAL { ''H } -- the empty string + ::= { usmUserEntry 11 } + +usmUserStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + + Conceptual rows having the value 'permanent' must + allow write-access at a minimum to: + + - usmUserAuthKeyChange, usmUserOwnAuthKeyChange + and usmUserPublic for a user who employs + authentication, and + - usmUserPrivKeyChange, usmUserOwnPrivKeyChange + and usmUserPublic for a user who employs + privacy. + + Note that any user who employs authentication or + privacy must allow its secret(s) to be updated and + thus cannot be 'readOnly'. + + If an initial set operation tries to set the value to + 'readOnly' for a user who employs authentication or + privacy, then an 'inconsistentValue' error must be + returned. Note that if the value has been previously + set (implicit or explicit) to any value, then the rules + as defined in the StorageType Textual Convention apply. + + It is an implementation issue to decide if a SET for + a readOnly or permanent row is accepted at all. In some + contexts this may make sense, in others it may not. If + a SET for a readOnly or permanent row is not accepted + at all, then a 'wrongValue' error must be returned. + " + DEFVAL { nonVolatile } + ::= { usmUserEntry 12 } + +usmUserStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the usmUserStatus column + is 'notReady'. + + In particular, a newly created row for a user who + employs authentication, cannot be made active until the + corresponding usmUserCloneFrom and usmUserAuthKeyChange + have been set. + + Further, a newly created row for a user who also + employs privacy, cannot be made active until the + usmUserPrivKeyChange has been set. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified, + except for usmUserOwnAuthKeyChange and + usmUserOwnPrivKeyChange. For these 2 objects, the + + value of usmUserStatus MUST be active. + " + ::= { usmUserEntry 13 } + +-- Conformance Information ******************************************* + +usmMIBCompliances OBJECT IDENTIFIER ::= { usmMIBConformance 1 } +usmMIBGroups OBJECT IDENTIFIER ::= { usmMIBConformance 2 } + +-- Compliance statements + +usmMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for SNMP engines which + implement the SNMP-USER-BASED-SM-MIB. + " + + MODULE -- this module + MANDATORY-GROUPS { usmMIBBasicGroup } + + OBJECT usmUserAuthProtocol + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT usmUserPrivProtocol + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + ::= { usmMIBCompliances 1 } + +-- Units of compliance +usmMIBBasicGroup OBJECT-GROUP + OBJECTS { + usmStatsUnsupportedSecLevels, + usmStatsNotInTimeWindows, + usmStatsUnknownUserNames, + usmStatsUnknownEngineIDs, + usmStatsWrongDigests, + usmStatsDecryptionErrors, + usmUserSpinLock, + usmUserSecurityName, + usmUserCloneFrom, + usmUserAuthProtocol, + usmUserAuthKeyChange, + usmUserOwnAuthKeyChange, + usmUserPrivProtocol, + usmUserPrivKeyChange, + usmUserOwnPrivKeyChange, + usmUserPublic, + usmUserStorageType, + usmUserStatus + } + STATUS current + DESCRIPTION "A collection of objects providing for configuration + of an SNMP engine which implements the SNMP + User-based Security Model. + " + ::= { usmMIBGroups 1 } + +END diff --git a/data/mibs/SNMP-USM-AES-MIB.txt b/data/mibs/SNMP-USM-AES-MIB.txt new file mode 100644 index 000000000..4c1730219 --- /dev/null +++ b/data/mibs/SNMP-USM-AES-MIB.txt @@ -0,0 +1,62 @@ +SNMP-USM-AES-MIB DEFINITIONS ::= BEGIN + IMPORTS + MODULE-IDENTITY, OBJECT-IDENTITY, + snmpModules FROM SNMPv2-SMI -- [RFC2578] + snmpPrivProtocols FROM SNMP-FRAMEWORK-MIB; -- [RFC3411] + +snmpUsmAesMIB MODULE-IDENTITY + LAST-UPDATED "200406140000Z" + ORGANIZATION "IETF" + CONTACT-INFO "Uri Blumenthal + Lucent Technologies / Bell Labs + 67 Whippany Rd. + 14D-318 + Whippany, NJ 07981, USA + 973-386-2163 + uri@bell-labs.com + + Fabio Maino + Andiamo Systems, Inc. + 375 East Tasman Drive + San Jose, CA 95134, USA + 408-853-7530 + fmaino@andiamo.com + + Keith McCloghrie + Cisco Systems, Inc. + 170 West Tasman Drive + San Jose, CA 95134-1706, USA + + 408-526-5260 + kzm@cisco.com" + DESCRIPTION "Definitions of Object Identities needed for + the use of AES by SNMP's User-based Security + Model. + + Copyright (C) The Internet Society (2004). + + This version of this MIB module is part of RFC 3826; + see the RFC itself for full legal notices. + Supplementary information may be available on + http://www.ietf.org/copyrights/ianamib.html." + + REVISION "200406140000Z" + DESCRIPTION "Initial version, published as RFC3826" + ::= { snmpModules 20 } + +usmAesCfb128Protocol OBJECT-IDENTITY + STATUS current + DESCRIPTION "The CFB128-AES-128 Privacy Protocol." + REFERENCE "- Specification for the ADVANCED ENCRYPTION + STANDARD. Federal Information Processing + Standard (FIPS) Publication 197. + (November 2001). + + - Dworkin, M., NIST Recommendation for Block + Cipher Modes of Operation, Methods and + Techniques. NIST Special Publication 800-38A + (December 2001). + " + ::= { snmpPrivProtocols 4 } + +END diff --git a/data/mibs/SNMP-USM-DH-OBJECTS-MIB.txt b/data/mibs/SNMP-USM-DH-OBJECTS-MIB.txt new file mode 100644 index 000000000..7377425c0 --- /dev/null +++ b/data/mibs/SNMP-USM-DH-OBJECTS-MIB.txt @@ -0,0 +1,532 @@ +SNMP-USM-DH-OBJECTS-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + -- OBJECT-IDENTITY, + experimental, Integer32 + FROM SNMPv2-SMI + TEXTUAL-CONVENTION + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + usmUserEntry + FROM SNMP-USER-BASED-SM-MIB + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + +snmpUsmDHObjectsMIB MODULE-IDENTITY + LAST-UPDATED "200003060000Z" -- 6 March 2000, Midnight + ORGANIZATION "Excite@Home" + CONTACT-INFO "Author: Mike StJohns + Postal: Excite@Home + 450 Broadway + Redwood City, CA 94063 + Email: stjohns@corp.home.net + Phone: +1-650-556-5368" + DESCRIPTION + "The management information definitions for providing forward + secrecy for key changes for the usmUserTable, and for providing a + method for 'kickstarting' access to the agent via a Diffie-Helman + key agreement." + + REVISION "200003060000Z" + DESCRIPTION + "Initial version published as RFC 2786." + ::= { experimental 101 } -- IANA DHKEY-CHANGE 101 + +-- Administrative assignments + +usmDHKeyObjects OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 1 } +usmDHKeyConformance OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 2 } + +-- Textual conventions + +DHKeyChange ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Upon initialization, or upon creation of a row containing an + object of this type, and after any successful SET of this value, a + GET of this value returns 'y' where y = g^xa MOD p, and where g is + the base from usmDHParameters, p is the prime from + usmDHParameters, and xa is a new random integer selected by the + agent in the interval 2^(l-1) <= xa < 2^l < p-1. 'l' is the + optional privateValueLength from usmDHParameters in bits. If 'l' + is omitted, then xa (and xr below) is selected in the interval 0 + <= xa < p-1. y is expressed as an OCTET STRING 'PV' of length 'k' + which satisfies + + k + y = SUM 2^(8(k-i)) PV'i + i=1 + + where PV1,...,PVk are the octets of PV from first to last, and + where PV1 <> 0. + + A successful SET consists of the value 'y' expressed as an OCTET + STRING as above concatenated with the value 'z'(expressed as an + OCTET STRING in the same manner as y) where z = g^xr MOD p, where + g, p and l are as above, and where xr is a new random integer + selected by the manager in the interval 2^(l-1) <= xr < 2^l < + p-1. A SET to an object of this type will fail with the error + wrongValue if the current 'y' does not match the 'y' portion of + the value of the varbind for the object. (E.g. GET yout, SET + concat(yin, z), yout <> yin). + + Note that the private values xa and xr are never transmitted from + manager to device or vice versa, only the values y and z. + Obviously, these values must be retained until a successful SET on + the associated object. + + The shared secret 'sk' is calculated at the agent as sk = z^xa MOD + p, and at the manager as sk = y^xr MOD p. + + Each object definition of this type MUST describe how to map from + the shared secret 'sk' to the operational key value used by the + protocols and operations related to the object. In general, if n + bits of key are required, the author suggests using the n + right-most bits of the shared secret as the operational key value." + REFERENCE + "-- Diffie-Hellman Key-Agreement Standard, PKCS #3; + RSA Laboratories, November 1993" + SYNTAX OCTET STRING + +-- Diffie Hellman public values + +usmDHPublicObjects OBJECT IDENTIFIER ::= { usmDHKeyObjects 1 } + +usmDHParameters OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The public Diffie-Hellman parameters for doing a Diffie-Hellman + key agreement for this device. This is encoded as an ASN.1 + DHParameter per PKCS #3, section 9. E.g. + + DHParameter ::= SEQUENCE { + prime INTEGER, -- p + base INTEGER, -- g + privateValueLength INTEGER OPTIONAL } + + Implementors are encouraged to use either the values from + Oakley Group 1 or the values of from Oakley Group 2 as specified + in RFC-2409, The Internet Key Exchange, Section 6.1, 6.2 as the + default for this object. Other values may be used, but the + security properties of those values MUST be well understood and + MUST meet the requirements of PKCS #3 for the selection of + Diffie-Hellman primes. + + In addition, any time usmDHParameters changes, all values of + type DHKeyChange will change and new random numbers MUST be + generated by the agent for each DHKeyChange object." + REFERENCE + "-- Diffie-Hellman Key-Agreement Standard, PKCS #3, + RSA Laboratories, November 1993 + -- The Internet Key Exchange, RFC 2409, November 1998, + Sec 6.1, 6.2" + ::= { usmDHPublicObjects 1 } + +usmDHUserKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF UsmDHUserKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table augments and extends the usmUserTable and provides + 4 objects which exactly mirror the objects in that table with the + textual convention of 'KeyChange'. This extension allows key + changes to be done in a manner where the knowledge of the current + secret plus knowledge of the key change data exchanges (e.g. via + wiretapping) will not reveal the new key." + ::= { usmDHPublicObjects 2 } + +usmDHUserKeyEntry OBJECT-TYPE + SYNTAX UsmDHUserKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A row of DHKeyChange objects which augment or replace the + functionality of the KeyChange objects in the base table row." + AUGMENTS { usmUserEntry } + ::= {usmDHUserKeyTable 1 } + +UsmDHUserKeyEntry ::= SEQUENCE { + usmDHUserAuthKeyChange DHKeyChange, + usmDHUserOwnAuthKeyChange DHKeyChange, + usmDHUserPrivKeyChange DHKeyChange, + usmDHUserOwnPrivKeyChange DHKeyChange + } + +usmDHUserAuthKeyChange OBJECT-TYPE + SYNTAX DHKeyChange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object used to change any given user's Authentication Key + using a Diffie-Hellman key exchange. + + The right-most n bits of the shared secret 'sk', where 'n' is the + number of bits required for the protocol defined by + usmUserAuthProtocol, are installed as the operational + authentication key for this row after a successful SET." + ::= { usmDHUserKeyEntry 1 } + +usmDHUserOwnAuthKeyChange OBJECT-TYPE + SYNTAX DHKeyChange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object used to change the agents own Authentication Key + using a Diffie-Hellman key exchange. + + The right-most n bits of the shared secret 'sk', where 'n' is the + number of bits required for the protocol defined by + usmUserAuthProtocol, are installed as the operational + authentication key for this row after a successful SET." + ::= { usmDHUserKeyEntry 2 } + +usmDHUserPrivKeyChange OBJECT-TYPE + SYNTAX DHKeyChange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object used to change any given user's Privacy Key using + a Diffie-Hellman key exchange. + + The right-most n bits of the shared secret 'sk', where 'n' is the + number of bits required for the protocol defined by + usmUserPrivProtocol, are installed as the operational privacy key + for this row after a successful SET." + ::= { usmDHUserKeyEntry 3 } + +usmDHUserOwnPrivKeyChange OBJECT-TYPE + SYNTAX DHKeyChange + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The object used to change the agent's own Privacy Key using a + Diffie-Hellman key exchange. + + The right-most n bits of the shared secret 'sk', where 'n' is the + number of bits required for the protocol defined by + usmUserPrivProtocol, are installed as the operational privacy key + for this row after a successful SET." + ::= { usmDHUserKeyEntry 4 } + +usmDHKickstartGroup OBJECT IDENTIFIER ::= { usmDHKeyObjects 2 } + +usmDHKickstartTable OBJECT-TYPE + SYNTAX SEQUENCE OF UsmDHKickstartEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table of mappings between zero or more Diffie-Helman key + agreement values and entries in the usmUserTable. Entries in this + table are created by providing the associated device with a + Diffie-Helman public value and a usmUserName/usmUserSecurityName + pair during initialization. How these values are provided is + outside the scope of this MIB, but could be provided manually, or + through a configuration file. Valid public value/name pairs + result in the creation of a row in this table as well as the + creation of an associated row (with keys derived as indicated) in + the usmUserTable. The actual access the related usmSecurityName + has is dependent on the entries in the VACM tables. In general, + an implementor will specify one or more standard security names + and will provide entries in the VACM tables granting various + levels of access to those names. The actual content of the VACM + + table is beyond the scope of this MIB. + + Note: This table is expected to be readable without authentication + using the usmUserSecurityName 'dhKickstart'. See the conformance + statements for details." + ::= { usmDHKickstartGroup 1 } + +usmDHKickstartEntry OBJECT-TYPE + SYNTAX UsmDHKickstartEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the usmDHKickstartTable. The agent SHOULD either + delete this entry or mark it as inactive upon a successful SET of + any of the KeyChange-typed objects in the usmUserEntry or upon a + successful SET of any of the DHKeyChange-typed objects in the + usmDhKeyChangeEntry where the related usmSecurityName (e.g. row of + usmUserTable or row of ushDhKeyChangeTable) equals this entry's + usmDhKickstartSecurityName. In otherwords, once you've changed + one or more of the keys for a row in usmUserTable with a + particular security name, the row in this table with that same + security name is no longer useful or meaningful." + INDEX { usmDHKickstartIndex } + ::= {usmDHKickstartTable 1 } + +UsmDHKickstartEntry ::= SEQUENCE { + usmDHKickstartIndex Integer32, + usmDHKickstartMyPublic OCTET STRING, + usmDHKickstartMgrPublic OCTET STRING, + usmDHKickstartSecurityName SnmpAdminString + } + +usmDHKickstartIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Index value for this row." + ::= { usmDHKickstartEntry 1 } + +usmDHKickstartMyPublic OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The agent's Diffie-Hellman public value for this row. At + + initialization, the agent generates a random number and derives + its public value from that number. This public value is published + here. This public value 'y' equals g^r MOD p where g is the from + the set of Diffie-Hellman parameters, p is the prime from those + parameters, and r is a random integer selected by the agent in the + interval 2^(l-1) <= r < p-1 < 2^l. If l is unspecified, then r is + a random integer selected in the interval 0 <= r < p-1 + + The public value is expressed as an OCTET STRING 'PV' of length + 'k' which satisfies + + k + y = SUM 2^(8(k-i)) PV'i + i = 1 + + where PV1,...,PVk are the octets of PV from first to last, and + where PV1 != 0. + + The following DH parameters (Oakley group #2, RFC 2409, sec 6.1, + 6.2) are used for this object: + + g = 2 + p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 + 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD + EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 + E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED + EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 + FFFFFFFF FFFFFFFF + l=1024 + " + REFERENCE + "-- Diffie-Hellman Key-Agreement Standard, PKCS#3v1.4; + RSA Laboratories, November 1993 + -- The Internet Key Exchange, RFC2409; + Harkins, D., Carrel, D.; November 1998" + ::= { usmDHKickstartEntry 2 } + +usmDHKickstartMgrPublic OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The manager's Diffie-Hellman public value for this row. Note + that this value is not set via the SNMP agent, but may be set via + some out of band method, such as the device's configuration file. + + The manager calculates this value in the same manner and using the + same parameter set as the agent does. E.g. it selects a random + number 'r', calculates y = g^r mod p and provides 'y' as the + public number expressed as an OCTET STRING. See + usmDHKickstartMyPublic for details. + + When this object is set with a valid value during initialization, + a row is created in the usmUserTable with the following values: + + usmUserEngineID localEngineID + usmUserName [value of usmDHKickstartSecurityName] + usmUserSecurityName [value of usmDHKickstartSecurityName] + usmUserCloneFrom ZeroDotZero + usmUserAuthProtocol usmHMACMD5AuthProtocol + usmUserAuthKeyChange -- derived from set value + usmUserOwnAuthKeyChange -- derived from set value + usmUserPrivProtocol usmDESPrivProtocol + usmUserPrivKeyChange -- derived from set value + usmUserOwnPrivKeyChange -- derived from set value + usmUserPublic '' + usmUserStorageType permanent + usmUserStatus active + + A shared secret 'sk' is calculated at the agent as sk = + mgrPublic^r mod p where r is the agents random number and p is the + DH prime from the common parameters. The underlying privacy key + for this row is derived from sk by applying the key derivation + function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6, + and iterationCount of 500, a keyLength of 16 (for + usmDESPrivProtocol), and a prf (pseudo random function) of + 'id-hmacWithSHA1'. The underlying authentication key for this row + is derived from sk by applying the key derivation function PBKDF2 + with a salt of 0x98dfb5ac , an interation count of 500, a + keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of + 'id-hmacWithSHA1'. Note: The salts are the first two words in the + ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied + Cryptography' by Bruce Schnier - they could be any relatively + random string of bits. + + The manager can use its knowledge of its own random number and the + agent's public value to kickstart its access to the agent in a + secure manner. Note that the security of this approach is + directly related to the strength of the authorization security of + the out of band provisioning of the managers public value + (e.g. the configuration file), but is not dependent at all on the + strength of the confidentiality of the out of band provisioning + data." + REFERENCE + "-- Password-Based Cryptography Standard, PKCS#5v2.0; + RSA Laboratories, March 1999 + -- Applied Cryptography, 2nd Ed.; B. Schneier, + Counterpane Systems; John Wiley & Sons, 1996" + ::= { usmDHKickstartEntry 3 } + +usmDHKickstartSecurityName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The usmUserName and usmUserSecurityName in the usmUserTable + associated with this row. This is provided in the same manner and + at the same time as the usmDHKickstartMgrPublic value - + e.g. possibly manually, or via the device's configuration file." + ::= { usmDHKickstartEntry 4 } + +-- Conformance Information + +usmDHKeyMIBCompliances OBJECT IDENTIFIER ::= { usmDHKeyConformance 1 } +usmDHKeyMIBGroups OBJECT IDENTIFIER ::= { usmDHKeyConformance 2 } + +-- Compliance statements + +usmDHKeyMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for this module." + MODULE + GROUP usmDHKeyMIBBasicGroup + DESCRIPTION + "This group MAY be implemented by any agent which + implements the usmUserTable and which wishes to provide the + ability to change user and agent authentication and privacy + keys via Diffie-Hellman key exchanges." + + GROUP usmDHKeyParamGroup + DESCRIPTION + "This group MUST be implemented by any agent which + implements a MIB containing the DHKeyChange Textual + Convention defined in this module." + + GROUP usmDHKeyKickstartGroup + DESCRIPTION + "This group MAY be implemented by any agent which + implements the usmUserTable and which wishes the ability to + populate the USM table based on out-of-band provided DH + ignition values. + + Any agent implementing this group is expected to provide + preinstalled entries in the vacm tables as follows: + + In the usmUserTable: This entry allows access to the + system and dhKickstart groups + + usmUserEngineID localEngineID + usmUserName 'dhKickstart' + usmUserSecurityName 'dhKickstart' + usmUserCloneFrom ZeroDotZero + usmUserAuthProtocol none + usmUserAuthKeyChange '' + usmUserOwnAuthKeyChange '' + usmUserPrivProtocol none + usmUserPrivKeyChange '' + usmUserOwnPrivKeyChange '' + usmUserPublic '' + usmUserStorageType permanent + usmUserStatus active + + In the vacmSecurityToGroupTable: This maps the initial + user into the accessible objects. + + vacmSecurityModel 3 (USM) + vacmSecurityName 'dhKickstart' + vacmGroupName 'dhKickstart' + vacmSecurityToGroupStorageType permanent + vacmSecurityToGroupStatus active + + In the vacmAccessTable: Group name to view name translation. + + vacmGroupName 'dhKickstart' + vacmAccessContextPrefix '' + vacmAccessSecurityModel 3 (USM) + vacmAccessSecurityLevel noAuthNoPriv + vacmAccessContextMatch exact + vacmAccessReadViewName 'dhKickRestricted' + vacmAccessWriteViewName '' + vacmAccessNotifyViewName 'dhKickRestricted' + vacmAccessStorageType permanent + vacmAccessStatus active + + In the vacmViewTreeFamilyTable: Two entries to allow the + initial entry to access the system and kickstart groups. + + vacmViewTreeFamilyViewName 'dhKickRestricted' + vacmViewTreeFamilySubtree 1.3.6.1.2.1.1 (system) + vacmViewTreeFamilyMask '' + + vacmViewTreeFamilyType 1 + vacmViewTreeFamilyStorageType permanent + vacmViewTreeFamilyStatus active + + vacmViewTreeFamilyViewName 'dhKickRestricted' + vacmViewTreeFamilySubtree (usmDHKickstartTable OID) + vacmViewTreeFamilyMask '' + vacmViewTreeFamilyType 1 + vacmViewTreeFamilyStorageType permanent + vacmViewTreeFamilyStatus active + " + + OBJECT usmDHParameters + MIN-ACCESS read-only + DESCRIPTION + "It is compliant to implement this object as read-only for + any device." + ::= { usmDHKeyMIBCompliances 1 } + +-- Units of Compliance + +usmDHKeyMIBBasicGroup OBJECT-GROUP + OBJECTS { + usmDHUserAuthKeyChange, + usmDHUserOwnAuthKeyChange, + usmDHUserPrivKeyChange, + usmDHUserOwnPrivKeyChange + } + STATUS current + DESCRIPTION + "" + ::= { usmDHKeyMIBGroups 1 } + +usmDHKeyParamGroup OBJECT-GROUP + OBJECTS { + usmDHParameters + } + STATUS current + DESCRIPTION + "The mandatory object for all MIBs which use the DHKeyChange + textual convention." + ::= { usmDHKeyMIBGroups 2 } + +usmDHKeyKickstartGroup OBJECT-GROUP + OBJECTS { + usmDHKickstartMyPublic, + usmDHKickstartMgrPublic, + usmDHKickstartSecurityName + } + STATUS current + DESCRIPTION + "The objects used for kickstarting one or more SNMPv3 USM + associations via a configuration file or other out of band, + non-confidential access." + ::= { usmDHKeyMIBGroups 3 } + +END diff --git a/data/mibs/SNMP-VIEW-BASED-ACM-MIB.txt b/data/mibs/SNMP-VIEW-BASED-ACM-MIB.txt new file mode 100644 index 000000000..7244ad0af --- /dev/null +++ b/data/mibs/SNMP-VIEW-BASED-ACM-MIB.txt @@ -0,0 +1,830 @@ +SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + MODULE-IDENTITY, OBJECT-TYPE, + snmpModules FROM SNMPv2-SMI + TestAndIncr, + RowStatus, StorageType FROM SNMPv2-TC + SnmpAdminString, + SnmpSecurityLevel, + SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB; + +snmpVacmMIB MODULE-IDENTITY + LAST-UPDATED "200210160000Z" -- 16 Oct 2002, midnight + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In message body: subscribe snmpv3 + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + email: mundy@tislabs.com + phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor: Bert Wijnen + Lucent Technologies + postal: Schagen 33 + 3461 GL Linschoten + Netherlands + email: bwijnen@lucent.com + phone: +31-348-480-685 + + Co-editor: Randy Presuhn + BMC Software, Inc. + + postal: 2141 North First Street + San Jose, CA 95131 + USA + email: randy_presuhn@bmc.com + phone: +1 408-546-1006 + + Co-editor: Keith McCloghrie + Cisco Systems, Inc. + postal: 170 West Tasman Drive + San Jose, CA 95134-1706 + USA + email: kzm@cisco.com + phone: +1-408-526-5260 + " + DESCRIPTION "The management information definitions for the + View-based Access Control Model for SNMP. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3415; + see the RFC itself for full legal notices. + " +-- Revision history + + REVISION "200210160000Z" -- 16 Oct 2002, midnight + DESCRIPTION "Clarifications, published as RFC3415" + + REVISION "199901200000Z" -- 20 Jan 1999, midnight + DESCRIPTION "Clarifications, published as RFC2575" + + REVISION "199711200000Z" -- 20 Nov 1997, midnight + DESCRIPTION "Initial version, published as RFC2275" + ::= { snmpModules 16 } + +-- Administrative assignments **************************************** + +vacmMIBObjects OBJECT IDENTIFIER ::= { snmpVacmMIB 1 } +vacmMIBConformance OBJECT IDENTIFIER ::= { snmpVacmMIB 2 } + +-- Information about Local Contexts ********************************** + +vacmContextTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmContextEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table of locally available contexts. + + This table provides information to SNMP Command + + Generator applications so that they can properly + configure the vacmAccessTable to control access to + all contexts at the SNMP entity. + + This table may change dynamically if the SNMP entity + allows that contexts are added/deleted dynamically + (for instance when its configuration changes). Such + changes would happen only if the management + instrumentation at that SNMP entity recognizes more + (or fewer) contexts. + + The presence of entries in this table and of entries + in the vacmAccessTable are independent. That is, a + context identified by an entry in this table is not + necessarily referenced by any entries in the + vacmAccessTable; and the context(s) referenced by an + entry in the vacmAccessTable does not necessarily + currently exist and thus need not be identified by an + entry in this table. + + This table must be made accessible via the default + context so that Command Responder applications have + a standard way of retrieving the information. + + This table is read-only. It cannot be configured via + SNMP. + " + ::= { vacmMIBObjects 1 } + +vacmContextEntry OBJECT-TYPE + SYNTAX VacmContextEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Information about a particular context." + INDEX { + vacmContextName + } + ::= { vacmContextTable 1 } + +VacmContextEntry ::= SEQUENCE + { + vacmContextName SnmpAdminString + } + +vacmContextName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A human readable name identifying a particular + context at a particular SNMP entity. + + The empty contextName (zero length) represents the + default context. + " + ::= { vacmContextEntry 1 } + +-- Information about Groups ****************************************** + +vacmSecurityToGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmSecurityToGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "This table maps a combination of securityModel and + securityName into a groupName which is used to define + an access control policy for a group of principals. + " + ::= { vacmMIBObjects 2 } + +vacmSecurityToGroupEntry OBJECT-TYPE + SYNTAX VacmSecurityToGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An entry in this table maps the combination of a + securityModel and securityName into a groupName. + " + INDEX { + vacmSecurityModel, + vacmSecurityName + } + ::= { vacmSecurityToGroupTable 1 } + +VacmSecurityToGroupEntry ::= SEQUENCE + { + vacmSecurityModel SnmpSecurityModel, + vacmSecurityName SnmpAdminString, + vacmGroupName SnmpAdminString, + vacmSecurityToGroupStorageType StorageType, + vacmSecurityToGroupStatus RowStatus + } + +vacmSecurityModel OBJECT-TYPE + SYNTAX SnmpSecurityModel(1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The Security Model, by which the vacmSecurityName + referenced by this entry is provided. + + Note, this object may not take the 'any' (0) value. + " + ::= { vacmSecurityToGroupEntry 1 } + +vacmSecurityName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The securityName for the principal, represented in a + Security Model independent format, which is mapped by + this entry to a groupName. + " + ::= { vacmSecurityToGroupEntry 2 } + +vacmGroupName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The name of the group to which this entry (e.g., the + combination of securityModel and securityName) + belongs. + + This groupName is used as index into the + vacmAccessTable to select an access control policy. + However, a value in this table does not imply that an + instance with the value exists in table vacmAccesTable. + " + ::= { vacmSecurityToGroupEntry 3 } + +vacmSecurityToGroupStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmSecurityToGroupEntry 4 } + +vacmSecurityToGroupStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + Until instances of all corresponding columns are + appropriately configured, the value of the + + corresponding instance of the vacmSecurityToGroupStatus + column is 'notReady'. + + In particular, a newly created row cannot be made + active until a value has been set for vacmGroupName. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmSecurityToGroupEntry 5 } + +-- Information about Access Rights *********************************** + +vacmAccessTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmAccessEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table of access rights for groups. + + Each entry is indexed by a groupName, a contextPrefix, + a securityModel and a securityLevel. To determine + whether access is allowed, one entry from this table + needs to be selected and the proper viewName from that + entry must be used for access control checking. + + To select the proper entry, follow these steps: + + 1) the set of possible matches is formed by the + intersection of the following sets of entries: + + the set of entries with identical vacmGroupName + the union of these two sets: + - the set with identical vacmAccessContextPrefix + - the set of entries with vacmAccessContextMatch + value of 'prefix' and matching + vacmAccessContextPrefix + intersected with the union of these two sets: + - the set of entries with identical + vacmSecurityModel + - the set of entries with vacmSecurityModel + value of 'any' + intersected with the set of entries with + vacmAccessSecurityLevel value less than or equal + to the requested securityLevel + + 2) if this set has only one member, we're done + otherwise, it comes down to deciding how to weight + the preferences between ContextPrefixes, + SecurityModels, and SecurityLevels as follows: + a) if the subset of entries with securityModel + matching the securityModel in the message is + not empty, then discard the rest. + b) if the subset of entries with + vacmAccessContextPrefix matching the contextName + in the message is not empty, + then discard the rest + c) discard all entries with ContextPrefixes shorter + than the longest one remaining in the set + d) select the entry with the highest securityLevel + + Please note that for securityLevel noAuthNoPriv, all + groups are really equivalent since the assumption that + the securityName has been authenticated does not hold. + " + ::= { vacmMIBObjects 4 } + +vacmAccessEntry OBJECT-TYPE + SYNTAX VacmAccessEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An access right configured in the Local Configuration + Datastore (LCD) authorizing access to an SNMP context. + + Entries in this table can use an instance value for + object vacmGroupName even if no entry in table + vacmAccessSecurityToGroupTable has a corresponding + value for object vacmGroupName. + " + INDEX { vacmGroupName, + vacmAccessContextPrefix, + vacmAccessSecurityModel, + vacmAccessSecurityLevel + } + ::= { vacmAccessTable 1 } + +VacmAccessEntry ::= SEQUENCE + { + vacmAccessContextPrefix SnmpAdminString, + vacmAccessSecurityModel SnmpSecurityModel, + vacmAccessSecurityLevel SnmpSecurityLevel, + vacmAccessContextMatch INTEGER, + vacmAccessReadViewName SnmpAdminString, + vacmAccessWriteViewName SnmpAdminString, + vacmAccessNotifyViewName SnmpAdminString, + vacmAccessStorageType StorageType, + vacmAccessStatus RowStatus + } + +vacmAccessContextPrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "In order to gain the access rights allowed by this + conceptual row, a contextName must match exactly + (if the value of vacmAccessContextMatch is 'exact') + or partially (if the value of vacmAccessContextMatch + is 'prefix') to the value of the instance of this + object. + " + ::= { vacmAccessEntry 1 } + +vacmAccessSecurityModel OBJECT-TYPE + SYNTAX SnmpSecurityModel + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "In order to gain the access rights allowed by this + conceptual row, this securityModel must be in use. + " + ::= { vacmAccessEntry 2 } + +vacmAccessSecurityLevel OBJECT-TYPE + SYNTAX SnmpSecurityLevel + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The minimum level of security required in order to + gain the access rights allowed by this conceptual + row. A securityLevel of noAuthNoPriv is less than + authNoPriv which in turn is less than authPriv. + + If multiple entries are equally indexed except for + this vacmAccessSecurityLevel index, then the entry + which has the highest value for + vacmAccessSecurityLevel is selected. + " + ::= { vacmAccessEntry 3 } + +vacmAccessContextMatch OBJECT-TYPE + SYNTAX INTEGER + { exact (1), -- exact match of prefix and contextName + prefix (2) -- Only match to the prefix + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION "If the value of this object is exact(1), then all + rows where the contextName exactly matches + vacmAccessContextPrefix are selected. + + If the value of this object is prefix(2), then all + rows where the contextName whose starting octets + exactly match vacmAccessContextPrefix are selected. + This allows for a simple form of wildcarding. + " + DEFVAL { exact } + ::= { vacmAccessEntry 4 } + +vacmAccessReadViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes read access. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 5 } + +vacmAccessWriteViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes write access. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 6 } + +vacmAccessNotifyViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes access for notifications. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 7 } + +vacmAccessStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmAccessEntry 8 } + +vacmAccessStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmAccessEntry 9 } + +-- Information about MIB views *************************************** + +-- Support for instance-level granularity is optional. +-- +-- In some implementations, instance-level access control +-- granularity may come at a high performance cost. Managers +-- should avoid requesting such configurations unnecessarily. + +vacmMIBViews OBJECT IDENTIFIER ::= { vacmMIBObjects 5 } + +vacmViewSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION "An advisory lock used to allow cooperating SNMP + Command Generator applications to coordinate their + use of the Set operation in creating or modifying + views. + + When creating a new view or altering an existing + view, it is important to understand the potential + interactions with other uses of the view. The + vacmViewSpinLock should be retrieved. The name of + the view to be created should be determined to be + unique by the SNMP Command Generator application by + consulting the vacmViewTreeFamilyTable. Finally, + the named view may be created (Set), including the + advisory lock. + If another SNMP Command Generator application has + altered the views in the meantime, then the spin + lock's value will have changed, and so this creation + will fail because it will specify the wrong value for + the spin lock. + + Since this is an advisory lock, the use of this lock + is not enforced. + " + ::= { vacmMIBViews 1 } + +vacmViewTreeFamilyTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmViewTreeFamilyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Locally held information about families of subtrees + within MIB views. + + Each MIB view is defined by two sets of view subtrees: + - the included view subtrees, and + - the excluded view subtrees. + Every such view subtree, both the included and the + + excluded ones, is defined in this table. + + To determine if a particular object instance is in + a particular MIB view, compare the object instance's + OBJECT IDENTIFIER with each of the MIB view's active + entries in this table. If none match, then the + object instance is not in the MIB view. If one or + more match, then the object instance is included in, + or excluded from, the MIB view according to the + value of vacmViewTreeFamilyType in the entry whose + value of vacmViewTreeFamilySubtree has the most + sub-identifiers. If multiple entries match and have + the same number of sub-identifiers (when wildcarding + is specified with the value of vacmViewTreeFamilyMask), + then the lexicographically greatest instance of + vacmViewTreeFamilyType determines the inclusion or + exclusion. + + An object instance's OBJECT IDENTIFIER X matches an + active entry in this table when the number of + sub-identifiers in X is at least as many as in the + value of vacmViewTreeFamilySubtree for the entry, + and each sub-identifier in the value of + vacmViewTreeFamilySubtree matches its corresponding + sub-identifier in X. Two sub-identifiers match + either if the corresponding bit of the value of + vacmViewTreeFamilyMask for the entry is zero (the + 'wild card' value), or if they are equal. + + A 'family' of subtrees is the set of subtrees defined + by a particular combination of values of + vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask. + + In the case where no 'wild card' is defined in the + vacmViewTreeFamilyMask, the family of subtrees reduces + to a single subtree. + + When creating or changing MIB views, an SNMP Command + Generator application should utilize the + vacmViewSpinLock to try to avoid collisions. See + DESCRIPTION clause of vacmViewSpinLock. + + When creating MIB views, it is strongly advised that + first the 'excluded' vacmViewTreeFamilyEntries are + created and then the 'included' entries. + + When deleting MIB views, it is strongly advised that + first the 'included' vacmViewTreeFamilyEntries are + + deleted and then the 'excluded' entries. + + If a create for an entry for instance-level access + control is received and the implementation does not + support instance-level granularity, then an + inconsistentName error must be returned. + " + ::= { vacmMIBViews 2 } + +vacmViewTreeFamilyEntry OBJECT-TYPE + SYNTAX VacmViewTreeFamilyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Information on a particular family of view subtrees + included in or excluded from a particular SNMP + context's MIB view. + + Implementations must not restrict the number of + families of view subtrees for a given MIB view, + except as dictated by resource constraints on the + overall number of entries in the + vacmViewTreeFamilyTable. + + If no conceptual rows exist in this table for a given + MIB view (viewName), that view may be thought of as + consisting of the empty set of view subtrees. + " + INDEX { vacmViewTreeFamilyViewName, + vacmViewTreeFamilySubtree + } + ::= { vacmViewTreeFamilyTable 1 } + +VacmViewTreeFamilyEntry ::= SEQUENCE + { + vacmViewTreeFamilyViewName SnmpAdminString, + vacmViewTreeFamilySubtree OBJECT IDENTIFIER, + vacmViewTreeFamilyMask OCTET STRING, + vacmViewTreeFamilyType INTEGER, + vacmViewTreeFamilyStorageType StorageType, + vacmViewTreeFamilyStatus RowStatus + } + +vacmViewTreeFamilyViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The human readable name for a family of view subtrees. + " + ::= { vacmViewTreeFamilyEntry 1 } + +vacmViewTreeFamilySubtree OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The MIB subtree which when combined with the + corresponding instance of vacmViewTreeFamilyMask + defines a family of view subtrees. + " + ::= { vacmViewTreeFamilyEntry 2 } + +vacmViewTreeFamilyMask OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The bit mask which, in combination with the + corresponding instance of vacmViewTreeFamilySubtree, + defines a family of view subtrees. + + Each bit of this bit mask corresponds to a + sub-identifier of vacmViewTreeFamilySubtree, with the + most significant bit of the i-th octet of this octet + string value (extended if necessary, see below) + corresponding to the (8*i - 7)-th sub-identifier, and + the least significant bit of the i-th octet of this + octet string corresponding to the (8*i)-th + sub-identifier, where i is in the range 1 through 16. + + Each bit of this bit mask specifies whether or not + the corresponding sub-identifiers must match when + determining if an OBJECT IDENTIFIER is in this + family of view subtrees; a '1' indicates that an + exact match must occur; a '0' indicates 'wild card', + i.e., any sub-identifier value matches. + + Thus, the OBJECT IDENTIFIER X of an object instance + is contained in a family of view subtrees if, for + each sub-identifier of the value of + vacmViewTreeFamilySubtree, either: + + the i-th bit of vacmViewTreeFamilyMask is 0, or + + the i-th sub-identifier of X is equal to the i-th + sub-identifier of the value of + vacmViewTreeFamilySubtree. + + If the value of this bit mask is M bits long and + + there are more than M sub-identifiers in the + corresponding instance of vacmViewTreeFamilySubtree, + then the bit mask is extended with 1's to be the + required length. + + Note that when the value of this object is the + zero-length string, this extension rule results in + a mask of all-1's being used (i.e., no 'wild card'), + and the family of view subtrees is the one view + subtree uniquely identified by the corresponding + instance of vacmViewTreeFamilySubtree. + + Note that masks of length greater than zero length + do not need to be supported. In this case this + object is made read-only. + " + DEFVAL { ''H } + ::= { vacmViewTreeFamilyEntry 3 } + +vacmViewTreeFamilyType OBJECT-TYPE + SYNTAX INTEGER { included(1), excluded(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION "Indicates whether the corresponding instances of + vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask + define a family of view subtrees which is included in + or excluded from the MIB view. + " + DEFVAL { included } + ::= { vacmViewTreeFamilyEntry 4 } + +vacmViewTreeFamilyStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmViewTreeFamilyEntry 5 } + +vacmViewTreeFamilyStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmViewTreeFamilyEntry 6 } + +-- Conformance information ******************************************* + +vacmMIBCompliances OBJECT IDENTIFIER ::= { vacmMIBConformance 1 } +vacmMIBGroups OBJECT IDENTIFIER ::= { vacmMIBConformance 2 } + +-- Compliance statements ********************************************* + +vacmMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for SNMP engines which + implement the SNMP View-based Access Control Model + configuration MIB. + " + MODULE -- this module + MANDATORY-GROUPS { vacmBasicGroup } + + OBJECT vacmAccessContextMatch + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessReadViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessWriteViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessNotifyViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessStorageType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessStatus + MIN-ACCESS read-only + DESCRIPTION "Create/delete/modify access to the + + vacmAccessTable is not required. + " + + OBJECT vacmViewTreeFamilyMask + WRITE-SYNTAX OCTET STRING (SIZE (0)) + MIN-ACCESS read-only + DESCRIPTION "Support for configuration via SNMP of subtree + families using wild-cards is not required. + " + + OBJECT vacmViewTreeFamilyType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmViewTreeFamilyStorageType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmViewTreeFamilyStatus + MIN-ACCESS read-only + DESCRIPTION "Create/delete/modify access to the + vacmViewTreeFamilyTable is not required. + " + ::= { vacmMIBCompliances 1 } + +-- Units of conformance ********************************************** + +vacmBasicGroup OBJECT-GROUP + OBJECTS { + vacmContextName, + vacmGroupName, + vacmSecurityToGroupStorageType, + vacmSecurityToGroupStatus, + vacmAccessContextMatch, + vacmAccessReadViewName, + vacmAccessWriteViewName, + vacmAccessNotifyViewName, + vacmAccessStorageType, + vacmAccessStatus, + vacmViewSpinLock, + vacmViewTreeFamilyMask, + vacmViewTreeFamilyType, + vacmViewTreeFamilyStorageType, + vacmViewTreeFamilyStatus + } + STATUS current + DESCRIPTION "A collection of objects providing for remote + configuration of an SNMP engine which implements + + the SNMP View-based Access Control Model. + " + ::= { vacmMIBGroups 1 } + +END diff --git a/data/mibs/SNMPv2-CONF.txt b/data/mibs/SNMPv2-CONF.txt new file mode 100644 index 000000000..24a1eed95 --- /dev/null +++ b/data/mibs/SNMPv2-CONF.txt @@ -0,0 +1,322 @@ +SNMPv2-CONF DEFINITIONS ::= BEGIN + +IMPORTS ObjectName, NotificationName, ObjectSyntax + FROM SNMPv2-SMI; + +-- definitions for conformance groups + +OBJECT-GROUP MACRO ::= +BEGIN + TYPE NOTATION ::= + ObjectsPart + "STATUS" Status + "DESCRIPTION" Text + ReferPart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + ObjectsPart ::= + "OBJECTS" "{" Objects "}" + Objects ::= + Object + | Objects "," Object + Object ::= + + value(ObjectName) + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + -- a character string as defined in [2] + Text ::= value(IA5String) +END + +-- more definitions for conformance groups + +NOTIFICATION-GROUP MACRO ::= +BEGIN + TYPE NOTATION ::= + NotificationsPart + "STATUS" Status + "DESCRIPTION" Text + ReferPart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + NotificationsPart ::= + "NOTIFICATIONS" "{" Notifications "}" + Notifications ::= + Notification + | Notifications "," Notification + Notification ::= + value(NotificationName) + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + -- a character string as defined in [2] + Text ::= value(IA5String) +END + +-- definitions for compliance statements + +MODULE-COMPLIANCE MACRO ::= +BEGIN + TYPE NOTATION ::= + "STATUS" Status + "DESCRIPTION" Text + ReferPart + ModulePart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + ModulePart ::= + Modules + Modules ::= + Module + | Modules Module + Module ::= + -- name of module -- + "MODULE" ModuleName + MandatoryPart + CompliancePart + + ModuleName ::= + -- identifier must start with uppercase letter + identifier ModuleIdentifier + -- must not be empty unless contained + -- in MIB Module + | empty + ModuleIdentifier ::= + value(OBJECT IDENTIFIER) + | empty + + MandatoryPart ::= + "MANDATORY-GROUPS" "{" Groups "}" + | empty + + Groups ::= + + Group + | Groups "," Group + Group ::= + value(OBJECT IDENTIFIER) + + CompliancePart ::= + Compliances + | empty + + Compliances ::= + Compliance + | Compliances Compliance + Compliance ::= + ComplianceGroup + | Object + + ComplianceGroup ::= + "GROUP" value(OBJECT IDENTIFIER) + "DESCRIPTION" Text + + Object ::= + "OBJECT" value(ObjectName) + SyntaxPart + WriteSyntaxPart + AccessPart + "DESCRIPTION" Text + + -- must be a refinement for object's SYNTAX clause + SyntaxPart ::= "SYNTAX" Syntax + | empty + + -- must be a refinement for object's SYNTAX clause + WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax + | empty + + Syntax ::= -- Must be one of the following: + -- a base type (or its refinement), + -- a textual convention (or its refinement), or + -- a BITS pseudo-type + type + | "BITS" "{" NamedBits "}" + + NamedBits ::= NamedBit + | NamedBits "," NamedBit + + NamedBit ::= identifier "(" number ")" -- number is nonnegative + + AccessPart ::= + "MIN-ACCESS" Access + | empty + Access ::= + "not-accessible" + | "accessible-for-notify" + | "read-only" + | "read-write" + | "read-create" + + -- a character string as defined in [2] + Text ::= value(IA5String) +END + +-- definitions for capabilities statements + +AGENT-CAPABILITIES MACRO ::= +BEGIN + TYPE NOTATION ::= + "PRODUCT-RELEASE" Text + "STATUS" Status + "DESCRIPTION" Text + ReferPart + ModulePart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + Status ::= + "current" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + ModulePart ::= + Modules + | empty + Modules ::= + Module + | Modules Module + Module ::= + -- name of module -- + "SUPPORTS" ModuleName + "INCLUDES" "{" Groups "}" + VariationPart + + ModuleName ::= + + -- identifier must start with uppercase letter + identifier ModuleIdentifier + ModuleIdentifier ::= + value(OBJECT IDENTIFIER) + | empty + + Groups ::= + Group + | Groups "," Group + Group ::= + value(OBJECT IDENTIFIER) + + VariationPart ::= + Variations + | empty + Variations ::= + Variation + | Variations Variation + + Variation ::= + ObjectVariation + | NotificationVariation + + NotificationVariation ::= + "VARIATION" value(NotificationName) + AccessPart + "DESCRIPTION" Text + + ObjectVariation ::= + "VARIATION" value(ObjectName) + SyntaxPart + WriteSyntaxPart + AccessPart + CreationPart + DefValPart + "DESCRIPTION" Text + + -- must be a refinement for object's SYNTAX clause + SyntaxPart ::= "SYNTAX" Syntax + | empty + + WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax + | empty + + Syntax ::= -- Must be one of the following: + -- a base type (or its refinement), + -- a textual convention (or its refinement), or + -- a BITS pseudo-type + + type + | "BITS" "{" NamedBits "}" + + NamedBits ::= NamedBit + | NamedBits "," NamedBit + + NamedBit ::= identifier "(" number ")" -- number is nonnegative + + AccessPart ::= + "ACCESS" Access + | empty + + Access ::= + "not-implemented" + -- only "not-implemented" for notifications + | "accessible-for-notify" + | "read-only" + | "read-write" + | "read-create" + -- following is for backward-compatibility only + | "write-only" + + CreationPart ::= + "CREATION-REQUIRES" "{" Cells "}" + | empty + Cells ::= + Cell + | Cells "," Cell + Cell ::= + value(ObjectName) + + DefValPart ::= "DEFVAL" "{" Defvalue "}" + | empty + + Defvalue ::= -- must be valid for the object's syntax + -- in this macro's SYNTAX clause, if present, + -- or if not, in object's OBJECT-TYPE macro + value(ObjectSyntax) + | "{" BitsValue "}" + + BitsValue ::= BitNames + | empty + + BitNames ::= BitName + | BitNames "," BitName + + BitName ::= identifier + + -- a character string as defined in [2] + Text ::= value(IA5String) +END + +END diff --git a/data/mibs/SNMPv2-MIB.txt b/data/mibs/SNMPv2-MIB.txt new file mode 100644 index 000000000..8c828305e --- /dev/null +++ b/data/mibs/SNMPv2-MIB.txt @@ -0,0 +1,854 @@ +SNMPv2-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + TimeTicks, Counter32, snmpModules, mib-2 + FROM SNMPv2-SMI + DisplayString, TestAndIncr, TimeStamp + + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF; + +snmpMIB MODULE-IDENTITY + LAST-UPDATED "200210160000Z" + ORGANIZATION "IETF SNMPv3 Working Group" + CONTACT-INFO + "WG-EMail: snmpv3@lists.tislabs.com + Subscribe: snmpv3-request@lists.tislabs.com + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + phone: +1 301 947-7107 + + Co-Chair: David Harrington + Enterasys Networks + postal: 35 Industrial Way + P. O. Box 5005 + Rochester, NH 03866-5005 + USA + EMail: dbh@enterasys.com + phone: +1 603 337-2614 + + Editor: Randy Presuhn + BMC Software, Inc. + postal: 2141 North First Street + San Jose, CA 95131 + USA + EMail: randy_presuhn@bmc.com + phone: +1 408 546-1006" + DESCRIPTION + "The MIB module for SNMP entities. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3418; + see the RFC itself for full legal notices. + " + REVISION "200210160000Z" + DESCRIPTION + "This revision of this MIB module was published as + RFC 3418." + REVISION "199511090000Z" + DESCRIPTION + "This revision of this MIB module was published as + RFC 1907." + REVISION "199304010000Z" + DESCRIPTION + "The initial revision of this MIB module was published + as RFC 1450." + ::= { snmpModules 1 } + +snmpMIBObjects OBJECT IDENTIFIER ::= { snmpMIB 1 } + +-- ::= { snmpMIBObjects 1 } this OID is obsolete +-- ::= { snmpMIBObjects 2 } this OID is obsolete +-- ::= { snmpMIBObjects 3 } this OID is obsolete + +-- the System group +-- +-- a collection of objects common to all managed systems. + +system OBJECT IDENTIFIER ::= { mib-2 1 } + +sysDescr OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the entity. This value should + include the full name and version identification of + the system's hardware type, software operating-system, + and networking software." + ::= { system 1 } + +sysObjectID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The vendor's authoritative identification of the + network management subsystem contained in the entity. + This value is allocated within the SMI enterprises + subtree (1.3.6.1.4.1) and provides an easy and + unambiguous means for determining `what kind of box' is + being managed. For example, if vendor `Flintstones, + Inc.' was assigned the subtree 1.3.6.1.4.1.424242, + it could assign the identifier 1.3.6.1.4.1.424242.1.1 + to its `Fred Router'." + ::= { system 2 } + +sysUpTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time (in hundredths of a second) since the + network management portion of the system was last + re-initialized." + ::= { system 3 } + +sysContact OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The textual identification of the contact person for + this managed node, together with information on how + to contact this person. If no contact information is + known, the value is the zero-length string." + ::= { system 4 } + +sysName OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An administratively-assigned name for this managed + node. By convention, this is the node's fully-qualified + domain name. If the name is unknown, the value is + the zero-length string." + ::= { system 5 } + +sysLocation OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..255)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The physical location of this node (e.g., 'telephone + closet, 3rd floor'). If the location is unknown, the + value is the zero-length string." + ::= { system 6 } + +sysServices OBJECT-TYPE + SYNTAX INTEGER (0..127) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A value which indicates the set of services that this + entity may potentially offer. The value is a sum. + + This sum initially takes the value zero. Then, for + each layer, L, in the range 1 through 7, that this node + performs transactions for, 2 raised to (L - 1) is added + to the sum. For example, a node which performs only + routing functions would have a value of 4 (2^(3-1)). + In contrast, a node which is a host offering application + services would have a value of 72 (2^(4-1) + 2^(7-1)). + Note that in the context of the Internet suite of + protocols, values should be calculated accordingly: + + layer functionality + 1 physical (e.g., repeaters) + 2 datalink/subnetwork (e.g., bridges) + 3 internet (e.g., supports the IP) + 4 end-to-end (e.g., supports the TCP) + 7 applications (e.g., supports the SMTP) + + For systems including OSI protocols, layers 5 and 6 + may also be counted." + ::= { system 7 } + +-- object resource information +-- +-- a collection of objects which describe the SNMP entity's +-- (statically and dynamically configurable) support of +-- various MIB modules. + +sysORLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time of the most recent + change in state or value of any instance of sysORID." + ::= { system 8 } + +sysORTable OBJECT-TYPE + SYNTAX SEQUENCE OF SysOREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table listing the capabilities of + the local SNMP application acting as a command + responder with respect to various MIB modules. + SNMP entities having dynamically-configurable support + of MIB modules will have a dynamically-varying number + of conceptual rows." + ::= { system 9 } + +sysOREntry OBJECT-TYPE + SYNTAX SysOREntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) in the sysORTable." + INDEX { sysORIndex } + ::= { sysORTable 1 } + +SysOREntry ::= SEQUENCE { + sysORIndex INTEGER, + sysORID OBJECT IDENTIFIER, + sysORDescr DisplayString, + sysORUpTime TimeStamp +} + +sysORIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The auxiliary variable used for identifying instances + of the columnar objects in the sysORTable." + ::= { sysOREntry 1 } + +sysORID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An authoritative identification of a capabilities + statement with respect to various MIB modules supported + by the local SNMP application acting as a command + responder." + ::= { sysOREntry 2 } + +sysORDescr OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the capabilities identified + by the corresponding instance of sysORID." + ::= { sysOREntry 3 } + +sysORUpTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this conceptual + row was last instantiated." + ::= { sysOREntry 4 } + +-- the SNMP group +-- +-- a collection of objects providing basic instrumentation and +-- control of an SNMP entity. + +snmp OBJECT IDENTIFIER ::= { mib-2 11 } + +snmpInPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages delivered to the SNMP + entity from the transport service." + ::= { snmp 1 } + +snmpInBadVersions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of SNMP messages which were delivered + to the SNMP entity and were for an unsupported SNMP + version." + ::= { snmp 3 } + +snmpInBadCommunityNames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of community-based SNMP messages (for + example, SNMPv1) delivered to the SNMP entity which + used an SNMP community name not known to said entity. + Also, implementations which authenticate community-based + SNMP messages using check(s) in addition to matching + the community name (for example, by also checking + whether the message originated from a transport address + allowed to use a specified community name) MAY include + in this value the number of messages which failed the + additional check(s). It is strongly RECOMMENDED that + + the documentation for any security model which is used + to authenticate community-based SNMP messages specify + the precise conditions that contribute to this value." + ::= { snmp 4 } + +snmpInBadCommunityUses OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of community-based SNMP messages (for + example, SNMPv1) delivered to the SNMP entity which + represented an SNMP operation that was not allowed for + the SNMP community named in the message. The precise + conditions under which this counter is incremented + (if at all) depend on how the SNMP entity implements + its access control mechanism and how its applications + interact with that access control mechanism. It is + strongly RECOMMENDED that the documentation for any + access control mechanism which is used to control access + to and visibility of MIB instrumentation specify the + precise conditions that contribute to this value." + ::= { snmp 5 } + +snmpInASNParseErrs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of ASN.1 or BER errors encountered by + the SNMP entity when decoding received SNMP messages." + ::= { snmp 6 } + +snmpEnableAuthenTraps OBJECT-TYPE + SYNTAX INTEGER { enabled(1), disabled(2) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates whether the SNMP entity is permitted to + generate authenticationFailure traps. The value of this + object overrides any configuration information; as such, + it provides a means whereby all authenticationFailure + traps may be disabled. + + Note that it is strongly recommended that this object + be stored in non-volatile memory so that it remains + constant across re-initializations of the network + management system." + ::= { snmp 30 } + +snmpSilentDrops OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of Confirmed Class PDUs (such as + GetRequest-PDUs, GetNextRequest-PDUs, + GetBulkRequest-PDUs, SetRequest-PDUs, and + InformRequest-PDUs) delivered to the SNMP entity which + were silently dropped because the size of a reply + containing an alternate Response Class PDU (such as a + Response-PDU) with an empty variable-bindings field + was greater than either a local constraint or the + maximum message size associated with the originator of + the request." + ::= { snmp 31 } + +snmpProxyDrops OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of Confirmed Class PDUs + (such as GetRequest-PDUs, GetNextRequest-PDUs, + GetBulkRequest-PDUs, SetRequest-PDUs, and + InformRequest-PDUs) delivered to the SNMP entity which + were silently dropped because the transmission of + the (possibly translated) message to a proxy target + failed in a manner (other than a time-out) such that + no Response Class PDU (such as a Response-PDU) could + be returned." + ::= { snmp 32 } + +-- information for notifications +-- +-- a collection of objects which allow the SNMP entity, when +-- supporting a notification originator application, +-- to be configured to generate SNMPv2-Trap-PDUs. + +snmpTrap OBJECT IDENTIFIER ::= { snmpMIBObjects 4 } + +snmpTrapOID OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The authoritative identification of the notification + currently being sent. This variable occurs as + the second varbind in every SNMPv2-Trap-PDU and + InformRequest-PDU." + ::= { snmpTrap 1 } + +-- ::= { snmpTrap 2 } this OID is obsolete + +snmpTrapEnterprise OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The authoritative identification of the enterprise + associated with the trap currently being sent. When an + SNMP proxy agent is mapping an RFC1157 Trap-PDU + into a SNMPv2-Trap-PDU, this variable occurs as the + last varbind." + ::= { snmpTrap 3 } + +-- ::= { snmpTrap 4 } this OID is obsolete + +-- well-known traps + +snmpTraps OBJECT IDENTIFIER ::= { snmpMIBObjects 5 } + +coldStart NOTIFICATION-TYPE + STATUS current + DESCRIPTION + "A coldStart trap signifies that the SNMP entity, + supporting a notification originator application, is + reinitializing itself and that its configuration may + have been altered." + ::= { snmpTraps 1 } + +warmStart NOTIFICATION-TYPE + STATUS current + DESCRIPTION + "A warmStart trap signifies that the SNMP entity, + supporting a notification originator application, + is reinitializing itself such that its configuration + is unaltered." + ::= { snmpTraps 2 } + +-- Note the linkDown NOTIFICATION-TYPE ::= { snmpTraps 3 } +-- and the linkUp NOTIFICATION-TYPE ::= { snmpTraps 4 } +-- are defined in RFC 2863 [RFC2863] + +authenticationFailure NOTIFICATION-TYPE + STATUS current + DESCRIPTION + "An authenticationFailure trap signifies that the SNMP + entity has received a protocol message that is not + properly authenticated. While all implementations + of SNMP entities MAY be capable of generating this + trap, the snmpEnableAuthenTraps object indicates + whether this trap will be generated." + ::= { snmpTraps 5 } + +-- Note the egpNeighborLoss notification is defined +-- as { snmpTraps 6 } in RFC 1213 + +-- the set group +-- +-- a collection of objects which allow several cooperating +-- command generator applications to coordinate their use of the +-- set operation. + +snmpSet OBJECT IDENTIFIER ::= { snmpMIBObjects 6 } + +snmpSetSerialNo OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An advisory lock used to allow several cooperating + command generator applications to coordinate their + use of the SNMP set operation. + + This object is used for coarse-grain coordination. + To achieve fine-grain coordination, one or more similar + objects might be defined within each MIB group, as + appropriate." + ::= { snmpSet 1 } + +-- conformance information + +snmpMIBConformance + OBJECT IDENTIFIER ::= { snmpMIB 2 } + +snmpMIBCompliances + OBJECT IDENTIFIER ::= { snmpMIBConformance 1 } +snmpMIBGroups OBJECT IDENTIFIER ::= { snmpMIBConformance 2 } + +-- compliance statements + +-- ::= { snmpMIBCompliances 1 } this OID is obsolete +snmpBasicCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for SNMPv2 entities which + implement the SNMPv2 MIB. + + This compliance statement is replaced by + snmpBasicComplianceRev2." + MODULE -- this module + MANDATORY-GROUPS { snmpGroup, snmpSetGroup, systemGroup, + snmpBasicNotificationsGroup } + + GROUP snmpCommunityGroup + DESCRIPTION + "This group is mandatory for SNMPv2 entities which + support community-based authentication." + ::= { snmpMIBCompliances 2 } + +snmpBasicComplianceRev2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which + implement this MIB module." + MODULE -- this module + MANDATORY-GROUPS { snmpGroup, snmpSetGroup, systemGroup, + snmpBasicNotificationsGroup } + + GROUP snmpCommunityGroup + DESCRIPTION + "This group is mandatory for SNMP entities which + support community-based authentication." + + GROUP snmpWarmStartNotificationGroup + DESCRIPTION + "This group is mandatory for an SNMP entity which + supports command responder applications, and is + able to reinitialize itself such that its + configuration is unaltered." + ::= { snmpMIBCompliances 3 } + +-- units of conformance + +-- ::= { snmpMIBGroups 1 } this OID is obsolete +-- ::= { snmpMIBGroups 2 } this OID is obsolete +-- ::= { snmpMIBGroups 3 } this OID is obsolete + +-- ::= { snmpMIBGroups 4 } this OID is obsolete + +snmpGroup OBJECT-GROUP + OBJECTS { snmpInPkts, + snmpInBadVersions, + snmpInASNParseErrs, + snmpSilentDrops, + snmpProxyDrops, + snmpEnableAuthenTraps } + STATUS current + DESCRIPTION + "A collection of objects providing basic instrumentation + and control of an SNMP entity." + ::= { snmpMIBGroups 8 } + +snmpCommunityGroup OBJECT-GROUP + OBJECTS { snmpInBadCommunityNames, + snmpInBadCommunityUses } + STATUS current + DESCRIPTION + "A collection of objects providing basic instrumentation + of a SNMP entity which supports community-based + authentication." + ::= { snmpMIBGroups 9 } + +snmpSetGroup OBJECT-GROUP + OBJECTS { snmpSetSerialNo } + STATUS current + DESCRIPTION + "A collection of objects which allow several cooperating + command generator applications to coordinate their + use of the set operation." + ::= { snmpMIBGroups 5 } + +systemGroup OBJECT-GROUP + OBJECTS { sysDescr, sysObjectID, sysUpTime, + sysContact, sysName, sysLocation, + sysServices, + sysORLastChange, sysORID, + sysORUpTime, sysORDescr } + STATUS current + DESCRIPTION + "The system group defines objects which are common to all + managed systems." + ::= { snmpMIBGroups 6 } + +snmpBasicNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { coldStart, authenticationFailure } + STATUS current + DESCRIPTION + "The basic notifications implemented by an SNMP entity + supporting command responder applications." + ::= { snmpMIBGroups 7 } + +snmpWarmStartNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { warmStart } + STATUS current + DESCRIPTION + "An additional notification for an SNMP entity supporting + command responder applications, if it is able to reinitialize + itself such that its configuration is unaltered." + ::= { snmpMIBGroups 11 } + +snmpNotificationGroup OBJECT-GROUP + OBJECTS { snmpTrapOID, snmpTrapEnterprise } + STATUS current + DESCRIPTION + "These objects are required for entities + which support notification originator applications." + ::= { snmpMIBGroups 12 } + +-- definitions in RFC 1213 made obsolete by the inclusion of a +-- subset of the snmp group in this MIB + +snmpOutPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Messages which were + passed from the SNMP protocol entity to the + transport service." + ::= { snmp 2 } + +-- { snmp 7 } is not used + +snmpInTooBigs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field was + `tooBig'." + ::= { snmp 8 } + +snmpInNoSuchNames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field was + `noSuchName'." + ::= { snmp 9 } + +snmpInBadValues OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were + delivered to the SNMP protocol entity and for + which the value of the error-status field was + `badValue'." + ::= { snmp 10 } + +snmpInReadOnlys OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number valid SNMP PDUs which were delivered + to the SNMP protocol entity and for which the value + of the error-status field was `readOnly'. It should + be noted that it is a protocol error to generate an + SNMP PDU which contains the value `readOnly' in the + error-status field, as such this object is provided + as a means of detecting incorrect implementations of + the SNMP." + ::= { snmp 11 } + +snmpInGenErrs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were delivered + to the SNMP protocol entity and for which the value + of the error-status field was `genErr'." + ::= { snmp 12 } + +snmpInTotalReqVars OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of MIB objects which have been + retrieved successfully by the SNMP protocol entity + as the result of receiving valid SNMP Get-Request + and Get-Next PDUs." + ::= { snmp 13 } + +snmpInTotalSetVars OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of MIB objects which have been + altered successfully by the SNMP protocol entity as + the result of receiving valid SNMP Set-Request PDUs." + ::= { snmp 14 } + +snmpInGetRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Request PDUs which + have been accepted and processed by the SNMP + protocol entity." + ::= { snmp 15 } + +snmpInGetNexts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Next PDUs which have been + accepted and processed by the SNMP protocol entity." + ::= { snmp 16 } + +snmpInSetRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Set-Request PDUs which + have been accepted and processed by the SNMP protocol + entity." + ::= { snmp 17 } + +snmpInGetResponses OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Response PDUs which + have been accepted and processed by the SNMP protocol + entity." + ::= { snmp 18 } + +snmpInTraps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Trap PDUs which have been + accepted and processed by the SNMP protocol entity." + ::= { snmp 19 } + +snmpOutTooBigs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were generated + by the SNMP protocol entity and for which the value + of the error-status field was `tooBig.'" + ::= { snmp 20 } + +snmpOutNoSuchNames OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were generated + by the SNMP protocol entity and for which the value + of the error-status was `noSuchName'." + ::= { snmp 21 } + +snmpOutBadValues OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were generated + by the SNMP protocol entity and for which the value + of the error-status field was `badValue'." + ::= { snmp 22 } + +-- { snmp 23 } is not used + +snmpOutGenErrs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP PDUs which were generated + by the SNMP protocol entity and for which the value + of the error-status field was `genErr'." + ::= { snmp 24 } + +snmpOutGetRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Request PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 25 } + +snmpOutGetNexts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Next PDUs which have + been generated by the SNMP protocol entity." + ::= { snmp 26 } + +snmpOutSetRequests OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Set-Request PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 27 } + +snmpOutGetResponses OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Get-Response PDUs which + have been generated by the SNMP protocol entity." + ::= { snmp 28 } + +snmpOutTraps OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS obsolete + DESCRIPTION + "The total number of SNMP Trap PDUs which have + been generated by the SNMP protocol entity." + ::= { snmp 29 } + +snmpObsoleteGroup OBJECT-GROUP + OBJECTS { snmpOutPkts, snmpInTooBigs, snmpInNoSuchNames, + snmpInBadValues, snmpInReadOnlys, snmpInGenErrs, + snmpInTotalReqVars, snmpInTotalSetVars, + snmpInGetRequests, snmpInGetNexts, snmpInSetRequests, + snmpInGetResponses, snmpInTraps, snmpOutTooBigs, + snmpOutNoSuchNames, snmpOutBadValues, + snmpOutGenErrs, snmpOutGetRequests, snmpOutGetNexts, + snmpOutSetRequests, snmpOutGetResponses, snmpOutTraps + } + STATUS obsolete + DESCRIPTION + "A collection of objects from RFC 1213 made obsolete + by this MIB module." + ::= { snmpMIBGroups 10 } + +END diff --git a/data/mibs/SNMPv2-SMI.txt b/data/mibs/SNMPv2-SMI.txt new file mode 100644 index 000000000..1c01e1dfc --- /dev/null +++ b/data/mibs/SNMPv2-SMI.txt @@ -0,0 +1,344 @@ +SNMPv2-SMI DEFINITIONS ::= BEGIN + +-- the path to the root + +org OBJECT IDENTIFIER ::= { iso 3 } -- "iso" = 1 +dod OBJECT IDENTIFIER ::= { org 6 } +internet OBJECT IDENTIFIER ::= { dod 1 } + +directory OBJECT IDENTIFIER ::= { internet 1 } + +mgmt OBJECT IDENTIFIER ::= { internet 2 } +mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } +transmission OBJECT IDENTIFIER ::= { mib-2 10 } + +experimental OBJECT IDENTIFIER ::= { internet 3 } + +private OBJECT IDENTIFIER ::= { internet 4 } +enterprises OBJECT IDENTIFIER ::= { private 1 } + +security OBJECT IDENTIFIER ::= { internet 5 } + +snmpV2 OBJECT IDENTIFIER ::= { internet 6 } + +-- transport domains +snmpDomains OBJECT IDENTIFIER ::= { snmpV2 1 } + +-- transport proxies +snmpProxys OBJECT IDENTIFIER ::= { snmpV2 2 } + +-- module identities +snmpModules OBJECT IDENTIFIER ::= { snmpV2 3 } + +-- Extended UTCTime, to allow dates with four-digit years +-- (Note that this definition of ExtUTCTime is not to be IMPORTed +-- by MIB modules.) +ExtUTCTime ::= OCTET STRING(SIZE(11 | 13)) + -- format is YYMMDDHHMMZ or YYYYMMDDHHMMZ + + -- where: YY - last two digits of year (only years + -- between 1900-1999) + -- YYYY - last four digits of the year (any year) + -- MM - month (01 through 12) + -- DD - day of month (01 through 31) + -- HH - hours (00 through 23) + -- MM - minutes (00 through 59) + -- Z - denotes GMT (the ASCII character Z) + -- + -- For example, "9502192015Z" and "199502192015Z" represent + -- 8:15pm GMT on 19 February 1995. Years after 1999 must use + -- the four digit year format. Years 1900-1999 may use the + -- two or four digit format. + +-- definitions for information modules + +MODULE-IDENTITY MACRO ::= +BEGIN + TYPE NOTATION ::= + "LAST-UPDATED" value(Update ExtUTCTime) + "ORGANIZATION" Text + "CONTACT-INFO" Text + "DESCRIPTION" Text + RevisionPart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + RevisionPart ::= + Revisions + | empty + Revisions ::= + Revision + | Revisions Revision + Revision ::= + "REVISION" value(Update ExtUTCTime) + "DESCRIPTION" Text + + -- a character string as defined in section 3.1.1 + Text ::= value(IA5String) +END + +OBJECT-IDENTITY MACRO ::= +BEGIN + TYPE NOTATION ::= + "STATUS" Status + "DESCRIPTION" Text + + ReferPart + + VALUE NOTATION ::= + value(VALUE OBJECT IDENTIFIER) + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + -- a character string as defined in section 3.1.1 + Text ::= value(IA5String) +END + +-- names of objects +-- (Note that these definitions of ObjectName and NotificationName +-- are not to be IMPORTed by MIB modules.) + +ObjectName ::= + OBJECT IDENTIFIER + +NotificationName ::= + OBJECT IDENTIFIER + +-- syntax of objects + +-- the "base types" defined here are: +-- 3 built-in ASN.1 types: INTEGER, OCTET STRING, OBJECT IDENTIFIER +-- 8 application-defined types: Integer32, IpAddress, Counter32, +-- Gauge32, Unsigned32, TimeTicks, Opaque, and Counter64 + +ObjectSyntax ::= + CHOICE { + simple + SimpleSyntax, + -- note that SEQUENCEs for conceptual tables and + -- rows are not mentioned here... + + application-wide + ApplicationSyntax + } + +-- built-in ASN.1 types + +SimpleSyntax ::= + CHOICE { + -- INTEGERs with a more restrictive range + -- may also be used + integer-value -- includes Integer32 + INTEGER (-2147483648..2147483647), + -- OCTET STRINGs with a more restrictive size + -- may also be used + string-value + OCTET STRING (SIZE (0..65535)), + objectID-value + OBJECT IDENTIFIER + } + +-- indistinguishable from INTEGER, but never needs more than +-- 32-bits for a two's complement representation +Integer32 ::= + INTEGER (-2147483648..2147483647) + +-- application-wide types + +ApplicationSyntax ::= + CHOICE { + ipAddress-value + IpAddress, + counter-value + Counter32, + timeticks-value + TimeTicks, + arbitrary-value + Opaque, + big-counter-value + Counter64, + unsigned-integer-value -- includes Gauge32 + Unsigned32 + } + +-- in network-byte order + +-- (this is a tagged type for historical reasons) +IpAddress ::= + [APPLICATION 0] + IMPLICIT OCTET STRING (SIZE (4)) + +-- this wraps +Counter32 ::= + [APPLICATION 1] + IMPLICIT INTEGER (0..4294967295) + +-- this doesn't wrap +Gauge32 ::= + [APPLICATION 2] + IMPLICIT INTEGER (0..4294967295) + +-- an unsigned 32-bit quantity +-- indistinguishable from Gauge32 +Unsigned32 ::= + [APPLICATION 2] + IMPLICIT INTEGER (0..4294967295) + +-- hundredths of seconds since an epoch +TimeTicks ::= + [APPLICATION 3] + IMPLICIT INTEGER (0..4294967295) + +-- for backward-compatibility only +Opaque ::= + [APPLICATION 4] + IMPLICIT OCTET STRING + +-- for counters that wrap in less than one hour with only 32 bits +Counter64 ::= + [APPLICATION 6] + IMPLICIT INTEGER (0..18446744073709551615) + +-- definition for objects + +OBJECT-TYPE MACRO ::= +BEGIN + TYPE NOTATION ::= + "SYNTAX" Syntax + UnitsPart + "MAX-ACCESS" Access + "STATUS" Status + "DESCRIPTION" Text + ReferPart + + IndexPart + DefValPart + + VALUE NOTATION ::= + value(VALUE ObjectName) + + Syntax ::= -- Must be one of the following: + -- a base type (or its refinement), + -- a textual convention (or its refinement), or + -- a BITS pseudo-type + type + | "BITS" "{" NamedBits "}" + + NamedBits ::= NamedBit + | NamedBits "," NamedBit + + NamedBit ::= identifier "(" number ")" -- number is nonnegative + + UnitsPart ::= + "UNITS" Text + | empty + + Access ::= + "not-accessible" + | "accessible-for-notify" + | "read-only" + | "read-write" + | "read-create" + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + IndexPart ::= + "INDEX" "{" IndexTypes "}" + | "AUGMENTS" "{" Entry "}" + | empty + IndexTypes ::= + IndexType + | IndexTypes "," IndexType + IndexType ::= + "IMPLIED" Index + | Index + + Index ::= + -- use the SYNTAX value of the + -- correspondent OBJECT-TYPE invocation + value(ObjectName) + Entry ::= + -- use the INDEX value of the + -- correspondent OBJECT-TYPE invocation + value(ObjectName) + + DefValPart ::= "DEFVAL" "{" Defvalue "}" + | empty + + Defvalue ::= -- must be valid for the type specified in + -- SYNTAX clause of same OBJECT-TYPE macro + value(ObjectSyntax) + | "{" BitsValue "}" + + BitsValue ::= BitNames + | empty + + BitNames ::= BitName + | BitNames "," BitName + + BitName ::= identifier + + -- a character string as defined in section 3.1.1 + Text ::= value(IA5String) +END + +-- definitions for notifications + +NOTIFICATION-TYPE MACRO ::= +BEGIN + TYPE NOTATION ::= + ObjectsPart + "STATUS" Status + "DESCRIPTION" Text + ReferPart + + VALUE NOTATION ::= + value(VALUE NotificationName) + + ObjectsPart ::= + "OBJECTS" "{" Objects "}" + | empty + Objects ::= + Object + + | Objects "," Object + Object ::= + value(ObjectName) + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + -- a character string as defined in section 3.1.1 + Text ::= value(IA5String) +END + +-- definitions of administrative identifiers + +zeroDotZero OBJECT-IDENTITY + STATUS current + DESCRIPTION + "A value used for null identifiers." + ::= { 0 0 } + +END diff --git a/data/mibs/SNMPv2-TC.txt b/data/mibs/SNMPv2-TC.txt new file mode 100644 index 000000000..860bf71ee --- /dev/null +++ b/data/mibs/SNMPv2-TC.txt @@ -0,0 +1,772 @@ +SNMPv2-TC DEFINITIONS ::= BEGIN + +IMPORTS + TimeTicks FROM SNMPv2-SMI; + +-- definition of textual conventions + +TEXTUAL-CONVENTION MACRO ::= + +BEGIN + TYPE NOTATION ::= + DisplayPart + "STATUS" Status + "DESCRIPTION" Text + ReferPart + "SYNTAX" Syntax + + VALUE NOTATION ::= + value(VALUE Syntax) -- adapted ASN.1 + + DisplayPart ::= + "DISPLAY-HINT" Text + | empty + + Status ::= + "current" + | "deprecated" + | "obsolete" + + ReferPart ::= + "REFERENCE" Text + | empty + + -- a character string as defined in [2] + Text ::= value(IA5String) + + Syntax ::= -- Must be one of the following: + -- a base type (or its refinement), or + -- a BITS pseudo-type + type + | "BITS" "{" NamedBits "}" + + NamedBits ::= NamedBit + | NamedBits "," NamedBit + + NamedBit ::= identifier "(" number ")" -- number is nonnegative + +END + +DisplayString ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "Represents textual information taken from the NVT ASCII + + character set, as defined in pages 4, 10-11 of RFC 854. + + To summarize RFC 854, the NVT ASCII repertoire specifies: + + - the use of character codes 0-127 (decimal) + + - the graphics characters (32-126) are interpreted as + US ASCII + + - NUL, LF, CR, BEL, BS, HT, VT and FF have the special + meanings specified in RFC 854 + + - the other 25 codes have no standard interpretation + + - the sequence 'CR LF' means newline + + - the sequence 'CR NUL' means carriage-return + + - an 'LF' not preceded by a 'CR' means moving to the + same column on the next line. + + - the sequence 'CR x' for any x other than LF or NUL is + illegal. (Note that this also means that a string may + end with either 'CR LF' or 'CR NUL', but not with CR.) + + Any object defined using this syntax may not exceed 255 + characters in length." + SYNTAX OCTET STRING (SIZE (0..255)) + +PhysAddress ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1x:" + STATUS current + DESCRIPTION + "Represents media- or physical-level addresses." + SYNTAX OCTET STRING + +MacAddress ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1x:" + STATUS current + DESCRIPTION + "Represents an 802 MAC address represented in the + `canonical' order defined by IEEE 802.1a, i.e., as if it + were transmitted least significant bit first, even though + 802.5 (in contrast to other 802.x protocols) requires MAC + addresses to be transmitted most significant bit first." + SYNTAX OCTET STRING (SIZE (6)) + +TruthValue ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents a boolean value." + SYNTAX INTEGER { true(1), false(2) } + +TestAndIncr ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents integer-valued information used for atomic + operations. When the management protocol is used to specify + that an object instance having this syntax is to be + modified, the new value supplied via the management protocol + must precisely match the value presently held by the + instance. If not, the management protocol set operation + fails with an error of `inconsistentValue'. Otherwise, if + the current value is the maximum value of 2^31-1 (2147483647 + decimal), then the value held by the instance is wrapped to + zero; otherwise, the value held by the instance is + incremented by one. (Note that regardless of whether the + management protocol set operation succeeds, the variable- + binding in the request and response PDUs are identical.) + + The value of the ACCESS clause for objects having this + syntax is either `read-write' or `read-create'. When an + instance of a columnar object having this syntax is created, + any value may be supplied via the management protocol. + + When the network management portion of the system is re- + initialized, the value of every object instance having this + syntax must either be incremented from its value prior to + the re-initialization, or (if the value prior to the re- + initialization is unknown) be set to a pseudo-randomly + generated value." + SYNTAX INTEGER (0..2147483647) + +AutonomousType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents an independently extensible type identification + value. It may, for example, indicate a particular sub-tree + with further MIB definitions, or define a particular type of + protocol or hardware." + SYNTAX OBJECT IDENTIFIER + +InstancePointer ::= TEXTUAL-CONVENTION + STATUS obsolete + DESCRIPTION + "A pointer to either a specific instance of a MIB object or + a conceptual row of a MIB table in the managed device. In + the latter case, by convention, it is the name of the + particular instance of the first accessible columnar object + in the conceptual row. + + The two uses of this textual convention are replaced by + VariablePointer and RowPointer, respectively." + SYNTAX OBJECT IDENTIFIER + +VariablePointer ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A pointer to a specific object instance. For example, + sysContact.0 or ifInOctets.3." + SYNTAX OBJECT IDENTIFIER + +RowPointer ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents a pointer to a conceptual row. The value is the + name of the instance of the first accessible columnar object + in the conceptual row. + + For example, ifIndex.3 would point to the 3rd row in the + ifTable (note that if ifIndex were not-accessible, then + ifDescr.3 would be used instead)." + SYNTAX OBJECT IDENTIFIER + +RowStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The RowStatus textual convention is used to manage the + creation and deletion of conceptual rows, and is used as the + value of the SYNTAX clause for the status column of a + conceptual row (as described in Section 7.7.1 of [2].) + + The status column has six defined values: + + - `active', which indicates that the conceptual row is + available for use by the managed device; + + - `notInService', which indicates that the conceptual + row exists in the agent, but is unavailable for use by + the managed device (see NOTE below); 'notInService' has + no implication regarding the internal consistency of + the row, availability of resources, or consistency with + the current state of the managed device; + + - `notReady', which indicates that the conceptual row + exists in the agent, but is missing information + necessary in order to be available for use by the + managed device (i.e., one or more required columns in + the conceptual row have not been instanciated); + + - `createAndGo', which is supplied by a management + station wishing to create a new instance of a + conceptual row and to have its status automatically set + to active, making it available for use by the managed + device; + + - `createAndWait', which is supplied by a management + station wishing to create a new instance of a + conceptual row (but not make it available for use by + the managed device); and, + - `destroy', which is supplied by a management station + wishing to delete all of the instances associated with + an existing conceptual row. + + Whereas five of the six values (all except `notReady') may + be specified in a management protocol set operation, only + three values will be returned in response to a management + protocol retrieval operation: `notReady', `notInService' or + `active'. That is, when queried, an existing conceptual row + has only three states: it is either available for use by + the managed device (the status column has value `active'); + it is not available for use by the managed device, though + the agent has sufficient information to attempt to make it + so (the status column has value `notInService'); or, it is + not available for use by the managed device, and an attempt + to make it so would fail because the agent has insufficient + information (the state column has value `notReady'). + + NOTE WELL + + This textual convention may be used for a MIB table, + irrespective of whether the values of that table's + conceptual rows are able to be modified while it is + active, or whether its conceptual rows must be taken + out of service in order to be modified. That is, it is + the responsibility of the DESCRIPTION clause of the + status column to specify whether the status column must + not be `active' in order for the value of some other + column of the same conceptual row to be modified. If + such a specification is made, affected columns may be + changed by an SNMP set PDU if the RowStatus would not + be equal to `active' either immediately before or after + processing the PDU. In other words, if the PDU also + contained a varbind that would change the RowStatus + value, the column in question may be changed if the + RowStatus was not equal to `active' as the PDU was + received, or if the varbind sets the status to a value + other than 'active'. + + Also note that whenever any elements of a row exist, the + RowStatus column must also exist. + + To summarize the effect of having a conceptual row with a + status column having a SYNTAX clause value of RowStatus, + consider the following state diagram: + + STATE + +--------------+-----------+-------------+------------- + | A | B | C | D + | |status col.|status column| + |status column | is | is |status column + ACTION |does not exist| notReady | notInService| is active +--------------+--------------+-----------+-------------+------------- +set status |noError ->D|inconsist- |inconsistent-|inconsistent- +column to | or | entValue| Value| Value +createAndGo |inconsistent- | | | + | Value| | | +--------------+--------------+-----------+-------------+------------- +set status |noError see 1|inconsist- |inconsistent-|inconsistent- +column to | or | entValue| Value| Value +createAndWait |wrongValue | | | +--------------+--------------+-----------+-------------+------------- +set status |inconsistent- |inconsist- |noError |noError +column to | Value| entValue| | +active | | | | + | | or | | + | | | | + | |see 2 ->D|see 8 ->D| ->D +--------------+--------------+-----------+-------------+------------- +set status |inconsistent- |inconsist- |noError |noError ->C +column to | Value| entValue| | +notInService | | | | + | | or | | or + | | | | + | |see 3 ->C| ->C|see 6 +--------------+--------------+-----------+-------------+------------- +set status |noError |noError |noError |noError ->A +column to | | | | or +destroy | ->A| ->A| ->A|see 7 +--------------+--------------+-----------+-------------+------------- +set any other |see 4 |noError |noError |see 5 +column to some| | | | +value | | see 1| ->C| ->D +--------------+--------------+-----------+-------------+------------- + + (1) goto B or C, depending on information available to the + agent. + + (2) if other variable bindings included in the same PDU, + provide values for all columns which are missing but + required, and all columns have acceptable values, then + return noError and goto D. + + (3) if other variable bindings included in the same PDU, + provide legal values for all columns which are missing but + required, then return noError and goto C. + + (4) at the discretion of the agent, the return value may be + either: + + inconsistentName: because the agent does not choose to + create such an instance when the corresponding + RowStatus instance does not exist, or + + inconsistentValue: if the supplied value is + inconsistent with the state of some other MIB object's + value, or + + noError: because the agent chooses to create the + instance. + + If noError is returned, then the instance of the status + column must also be created, and the new state is B or C, + depending on the information available to the agent. If + inconsistentName or inconsistentValue is returned, the row + remains in state A. + + (5) depending on the MIB definition for the column/table, + either noError or inconsistentValue may be returned. + + (6) the return value can indicate one of the following + errors: + + wrongValue: because the agent does not support + notInService (e.g., an agent which does not support + createAndWait), or + + inconsistentValue: because the agent is unable to take + the row out of service at this time, perhaps because it + is in use and cannot be de-activated. + + (7) the return value can indicate the following error: + + inconsistentValue: because the agent is unable to + remove the row at this time, perhaps because it is in + use and cannot be de-activated. + + (8) the transition to D can fail, e.g., if the values of the + conceptual row are inconsistent, then the error code would + be inconsistentValue. + + NOTE: Other processing of (this and other varbinds of) the + set request may result in a response other than noError + being returned, e.g., wrongValue, noCreation, etc. + + Conceptual Row Creation + + There are four potential interactions when creating a + conceptual row: selecting an instance-identifier which is + not in use; creating the conceptual row; initializing any + objects for which the agent does not supply a default; and, + making the conceptual row available for use by the managed + device. + + Interaction 1: Selecting an Instance-Identifier + + The algorithm used to select an instance-identifier varies + for each conceptual row. In some cases, the instance- + identifier is semantically significant, e.g., the + destination address of a route, and a management station + selects the instance-identifier according to the semantics. + + In other cases, the instance-identifier is used solely to + distinguish conceptual rows, and a management station + without specific knowledge of the conceptual row might + examine the instances present in order to determine an + unused instance-identifier. (This approach may be used, but + it is often highly sub-optimal; however, it is also a + questionable practice for a naive management station to + attempt conceptual row creation.) + + Alternately, the MIB module which defines the conceptual row + might provide one or more objects which provide assistance + in determining an unused instance-identifier. For example, + if the conceptual row is indexed by an integer-value, then + an object having an integer-valued SYNTAX clause might be + defined for such a purpose, allowing a management station to + issue a management protocol retrieval operation. In order + to avoid unnecessary collisions between competing management + stations, `adjacent' retrievals of this object should be + different. + + Finally, the management station could select a pseudo-random + number to use as the index. In the event that this index + + was already in use and an inconsistentValue was returned in + response to the management protocol set operation, the + management station should simply select a new pseudo-random + number and retry the operation. + + A MIB designer should choose between the two latter + algorithms based on the size of the table (and therefore the + efficiency of each algorithm). For tables in which a large + number of entries are expected, it is recommended that a MIB + object be defined that returns an acceptable index for + creation. For tables with small numbers of entries, it is + recommended that the latter pseudo-random index mechanism be + used. + + Interaction 2: Creating the Conceptual Row + + Once an unused instance-identifier has been selected, the + management station determines if it wishes to create and + activate the conceptual row in one transaction or in a + negotiated set of interactions. + + Interaction 2a: Creating and Activating the Conceptual Row + + The management station must first determine the column + requirements, i.e., it must determine those columns for + which it must or must not provide values. Depending on the + complexity of the table and the management station's + knowledge of the agent's capabilities, this determination + can be made locally by the management station. Alternately, + the management station issues a management protocol get + operation to examine all columns in the conceptual row that + it wishes to create. In response, for each column, there + are three possible outcomes: + + - a value is returned, indicating that some other + management station has already created this conceptual + row. We return to interaction 1. + + - the exception `noSuchInstance' is returned, + indicating that the agent implements the object-type + associated with this column, and that this column in at + least one conceptual row would be accessible in the MIB + view used by the retrieval were it to exist. For those + columns to which the agent provides read-create access, + the `noSuchInstance' exception tells the management + station that it should supply a value for this column + when the conceptual row is to be created. + + - the exception `noSuchObject' is returned, indicating + that the agent does not implement the object-type + associated with this column or that there is no + conceptual row for which this column would be + accessible in the MIB view used by the retrieval. As + such, the management station can not issue any + management protocol set operations to create an + instance of this column. + + Once the column requirements have been determined, a + management protocol set operation is accordingly issued. + This operation also sets the new instance of the status + column to `createAndGo'. + + When the agent processes the set operation, it verifies that + it has sufficient information to make the conceptual row + available for use by the managed device. The information + available to the agent is provided by two sources: the + management protocol set operation which creates the + conceptual row, and, implementation-specific defaults + supplied by the agent (note that an agent must provide + implementation-specific defaults for at least those objects + which it implements as read-only). If there is sufficient + information available, then the conceptual row is created, a + `noError' response is returned, the status column is set to + `active', and no further interactions are necessary (i.e., + interactions 3 and 4 are skipped). If there is insufficient + information, then the conceptual row is not created, and the + set operation fails with an error of `inconsistentValue'. + On this error, the management station can issue a management + protocol retrieval operation to determine if this was + because it failed to specify a value for a required column, + or, because the selected instance of the status column + already existed. In the latter case, we return to + interaction 1. In the former case, the management station + can re-issue the set operation with the additional + information, or begin interaction 2 again using + `createAndWait' in order to negotiate creation of the + conceptual row. + + NOTE WELL + + Regardless of the method used to determine the column + requirements, it is possible that the management + station might deem a column necessary when, in fact, + the agent will not allow that particular columnar + instance to be created or written. In this case, the + management protocol set operation will fail with an + error such as `noCreation' or `notWritable'. In this + case, the management station decides whether it needs + to be able to set a value for that particular columnar + instance. If not, the management station re-issues the + management protocol set operation, but without setting + a value for that particular columnar instance; + otherwise, the management station aborts the row + creation algorithm. + + Interaction 2b: Negotiating the Creation of the Conceptual + Row + + The management station issues a management protocol set + operation which sets the desired instance of the status + column to `createAndWait'. If the agent is unwilling to + process a request of this sort, the set operation fails with + an error of `wrongValue'. (As a consequence, such an agent + must be prepared to accept a single management protocol set + operation, i.e., interaction 2a above, containing all of the + columns indicated by its column requirements.) Otherwise, + the conceptual row is created, a `noError' response is + returned, and the status column is immediately set to either + `notInService' or `notReady', depending on whether it has + sufficient information to (attempt to) make the conceptual + row available for use by the managed device. If there is + sufficient information available, then the status column is + set to `notInService'; otherwise, if there is insufficient + information, then the status column is set to `notReady'. + Regardless, we proceed to interaction 3. + + Interaction 3: Initializing non-defaulted Objects + + The management station must now determine the column + requirements. It issues a management protocol get operation + to examine all columns in the created conceptual row. In + the response, for each column, there are three possible + outcomes: + + - a value is returned, indicating that the agent + implements the object-type associated with this column + and had sufficient information to provide a value. For + those columns to which the agent provides read-create + access (and for which the agent allows their values to + be changed after their creation), a value return tells + the management station that it may issue additional + management protocol set operations, if it desires, in + order to change the value associated with this column. + + - the exception `noSuchInstance' is returned, + indicating that the agent implements the object-type + associated with this column, and that this column in at + least one conceptual row would be accessible in the MIB + view used by the retrieval were it to exist. However, + the agent does not have sufficient information to + provide a value, and until a value is provided, the + conceptual row may not be made available for use by the + managed device. For those columns to which the agent + provides read-create access, the `noSuchInstance' + exception tells the management station that it must + issue additional management protocol set operations, in + order to provide a value associated with this column. + + - the exception `noSuchObject' is returned, indicating + that the agent does not implement the object-type + associated with this column or that there is no + conceptual row for which this column would be + accessible in the MIB view used by the retrieval. As + such, the management station can not issue any + management protocol set operations to create an + instance of this column. + + If the value associated with the status column is + `notReady', then the management station must first deal with + all `noSuchInstance' columns, if any. Having done so, the + value of the status column becomes `notInService', and we + proceed to interaction 4. + + Interaction 4: Making the Conceptual Row Available + + Once the management station is satisfied with the values + associated with the columns of the conceptual row, it issues + a management protocol set operation to set the status column + to `active'. If the agent has sufficient information to + make the conceptual row available for use by the managed + device, the management protocol set operation succeeds (a + `noError' response is returned). Otherwise, the management + protocol set operation fails with an error of + `inconsistentValue'. + + NOTE WELL + + A conceptual row having a status column with value + `notInService' or `notReady' is unavailable to the + managed device. As such, it is possible for the + managed device to create its own instances during the + time between the management protocol set operation + which sets the status column to `createAndWait' and the + management protocol set operation which sets the status + column to `active'. In this case, when the management + protocol set operation is issued to set the status + column to `active', the values held in the agent + supersede those used by the managed device. + + If the management station is prevented from setting the + status column to `active' (e.g., due to management station + or network failure) the conceptual row will be left in the + `notInService' or `notReady' state, consuming resources + indefinitely. The agent must detect conceptual rows that + have been in either state for an abnormally long period of + time and remove them. It is the responsibility of the + DESCRIPTION clause of the status column to indicate what an + abnormally long period of time would be. This period of + time should be long enough to allow for human response time + (including `think time') between the creation of the + conceptual row and the setting of the status to `active'. + In the absence of such information in the DESCRIPTION + clause, it is suggested that this period be approximately 5 + minutes in length. This removal action applies not only to + newly-created rows, but also to previously active rows which + are set to, and left in, the notInService state for a + prolonged period exceeding that which is considered normal + for such a conceptual row. + + Conceptual Row Suspension + + When a conceptual row is `active', the management station + may issue a management protocol set operation which sets the + instance of the status column to `notInService'. If the + agent is unwilling to do so, the set operation fails with an + error of `wrongValue' or `inconsistentValue'. Otherwise, + the conceptual row is taken out of service, and a `noError' + response is returned. It is the responsibility of the + DESCRIPTION clause of the status column to indicate under + what circumstances the status column should be taken out of + service (e.g., in order for the value of some other column + of the same conceptual row to be modified). + + Conceptual Row Deletion + + For deletion of conceptual rows, a management protocol set + operation is issued which sets the instance of the status + column to `destroy'. This request may be made regardless of + the current value of the status column (e.g., it is possible + to delete conceptual rows which are either `notReady', + `notInService' or `active'.) If the operation succeeds, + then all instances associated with the conceptual row are + immediately removed." + SYNTAX INTEGER { + -- the following two values are states: + -- these values may be read or written + active(1), + notInService(2), + -- the following value is a state: + -- this value may be read, but not written + notReady(3), + -- the following three values are + -- actions: these values may be written, + -- but are never read + createAndGo(4), + createAndWait(5), + destroy(6) + } + +TimeStamp ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The value of the sysUpTime object at which a specific + occurrence happened. The specific occurrence must be + + defined in the description of any object defined using this + type. + + If sysUpTime is reset to zero as a result of a re- + initialization of the network management (sub)system, then + the values of all TimeStamp objects are also reset. + However, after approximately 497 days without a re- + initialization, the sysUpTime object will reach 2^^32-1 and + then increment around to zero; in this case, existing values + of TimeStamp objects do not change. This can lead to + ambiguities in the value of TimeStamp objects." + SYNTAX TimeTicks + +TimeInterval ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A period of time, measured in units of 0.01 seconds." + SYNTAX INTEGER (0..2147483647) + +DateAndTime ::= TEXTUAL-CONVENTION + DISPLAY-HINT "2d-1d-1d,1d:1d:1d.1d,1a1d:1d" + STATUS current + DESCRIPTION + "A date-time specification. + + field octets contents range + ----- ------ -------- ----- + 1 1-2 year* 0..65536 + 2 3 month 1..12 + 3 4 day 1..31 + 4 5 hour 0..23 + 5 6 minutes 0..59 + 6 7 seconds 0..60 + (use 60 for leap-second) + 7 8 deci-seconds 0..9 + 8 9 direction from UTC '+' / '-' + 9 10 hours from UTC* 0..13 + 10 11 minutes from UTC 0..59 + + * Notes: + - the value of year is in network-byte order + - daylight saving time in New Zealand is +13 + + For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be + displayed as: + + 1992-5-26,13:30:15.0,-4:0 + + Note that if only local time is known, then timezone + information (fields 8-10) is not present." + SYNTAX OCTET STRING (SIZE (8 | 11)) + +StorageType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Describes the memory realization of a conceptual row. A + row which is volatile(2) is lost upon reboot. A row which + is either nonVolatile(3), permanent(4) or readOnly(5), is + backed up by stable storage. A row which is permanent(4) + can be changed but not deleted. A row which is readOnly(5) + cannot be changed nor deleted. + + If the value of an object with this syntax is either + permanent(4) or readOnly(5), it cannot be written. + Conversely, if the value is either other(1), volatile(2) or + nonVolatile(3), it cannot be modified to be permanent(4) or + readOnly(5). (All illegal modifications result in a + 'wrongValue' error.) + + Every usage of this textual convention is required to + specify the columnar objects which a permanent(4) row must + at a minimum allow to be writable." + SYNTAX INTEGER { + other(1), -- eh? + volatile(2), -- e.g., in RAM + nonVolatile(3), -- e.g., in NVRAM + permanent(4), -- e.g., partially in ROM + readOnly(5) -- e.g., completely in ROM + } + +TDomain ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Denotes a kind of transport service. + + Some possible values, such as snmpUDPDomain, are defined in + the SNMPv2-TM MIB module. Other possible values are defined + in other MIB modules." + REFERENCE "The SNMPv2-TM MIB module is defined in RFC 1906." + SYNTAX OBJECT IDENTIFIER + +TAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Denotes a transport service address. + + A TAddress value is always interpreted within the context of a + TDomain value. Thus, each definition of a TDomain value must + be accompanied by a definition of a textual convention for use + with that TDomain. Some possible textual conventions, such as + SnmpUDPAddress for snmpUDPDomain, are defined in the SNMPv2-TM + MIB module. Other possible textual conventions are defined in + other MIB modules." + REFERENCE "The SNMPv2-TM MIB module is defined in RFC 1906." + SYNTAX OCTET STRING (SIZE (1..255)) + +END diff --git a/data/mibs/SNMPv2-TM.txt b/data/mibs/SNMPv2-TM.txt new file mode 100644 index 000000000..949f99c7e --- /dev/null +++ b/data/mibs/SNMPv2-TM.txt @@ -0,0 +1,176 @@ +SNMPv2-TM DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-IDENTITY, + snmpModules, snmpDomains, snmpProxys + FROM SNMPv2-SMI + TEXTUAL-CONVENTION + FROM SNMPv2-TC; + +snmpv2tm MODULE-IDENTITY + LAST-UPDATED "200210160000Z" + ORGANIZATION "IETF SNMPv3 Working Group" + CONTACT-INFO + "WG-EMail: snmpv3@lists.tislabs.com + Subscribe: snmpv3-request@lists.tislabs.com + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + EMail: mundy@tislabs.com + phone: +1 301 947-7107 + + Co-Chair: David Harrington + Enterasys Networks + postal: 35 Industrial Way + P. O. Box 5005 + Rochester, NH 03866-5005 + USA + EMail: dbh@enterasys.com + phone: +1 603 337-2614 + + Editor: Randy Presuhn + BMC Software, Inc. + postal: 2141 North First Street + San Jose, CA 95131 + USA + EMail: randy_presuhn@bmc.com + phone: +1 408 546-1006" + DESCRIPTION + "The MIB module for SNMP transport mappings. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3417; + see the RFC itself for full legal notices. + " + REVISION "200210160000Z" + DESCRIPTION + "Clarifications, published as RFC 3417." + REVISION "199601010000Z" + DESCRIPTION + "Clarifications, published as RFC 1906." + REVISION "199304010000Z" + DESCRIPTION + "The initial version, published as RFC 1449." + ::= { snmpModules 19 } + +-- SNMP over UDP over IPv4 + +snmpUDPDomain OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SNMP over UDP over IPv4 transport domain. + The corresponding transport address is of type + SnmpUDPAddress." + ::= { snmpDomains 1 } + +SnmpUDPAddress ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1d.1d.1d.1d/2d" + STATUS current + DESCRIPTION + "Represents a UDP over IPv4 address: + + octets contents encoding + 1-4 IP-address network-byte order + 5-6 UDP-port network-byte order + " + SYNTAX OCTET STRING (SIZE (6)) + +-- SNMP over OSI + +snmpCLNSDomain OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SNMP over CLNS transport domain. + The corresponding transport address is of type + SnmpOSIAddress." + ::= { snmpDomains 2 } + +snmpCONSDomain OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SNMP over CONS transport domain. + The corresponding transport address is of type + SnmpOSIAddress." + ::= { snmpDomains 3 } + +SnmpOSIAddress ::= TEXTUAL-CONVENTION + DISPLAY-HINT "*1x:/1x:" + STATUS current + DESCRIPTION + "Represents an OSI transport-address: + + octets contents encoding + 1 length of NSAP 'n' as an unsigned-integer + (either 0 or from 3 to 20) + 2..(n+1) NSAP concrete binary representation + (n+2)..m TSEL string of (up to 64) octets + " + SYNTAX OCTET STRING (SIZE (1 | 4..85)) + +-- SNMP over DDP + +snmpDDPDomain OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SNMP over DDP transport domain. The corresponding + transport address is of type SnmpNBPAddress." + ::= { snmpDomains 4 } + +SnmpNBPAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Represents an NBP name: + + octets contents encoding + 1 length of object 'n' as an unsigned integer + 2..(n+1) object string of (up to 32) octets + n+2 length of type 'p' as an unsigned integer + (n+3)..(n+2+p) type string of (up to 32) octets + n+3+p length of zone 'q' as an unsigned integer + (n+4+p)..(n+3+p+q) zone string of (up to 32) octets + + For comparison purposes, strings are + case-insensitive. All strings may contain any octet + other than 255 (hex ff)." + SYNTAX OCTET STRING (SIZE (3..99)) + +-- SNMP over IPX + +snmpIPXDomain OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SNMP over IPX transport domain. The corresponding + transport address is of type SnmpIPXAddress." + ::= { snmpDomains 5 } + +SnmpIPXAddress ::= TEXTUAL-CONVENTION + DISPLAY-HINT "4x.1x:1x:1x:1x:1x:1x.2d" + STATUS current + DESCRIPTION + "Represents an IPX address: + + octets contents encoding + 1-4 network-number network-byte order + 5-10 physical-address network-byte order + 11-12 socket-number network-byte order + " + SYNTAX OCTET STRING (SIZE (12)) + +-- for proxy to SNMPv1 (RFC 1157) + +rfc1157Proxy OBJECT IDENTIFIER ::= { snmpProxys 1 } + +rfc1157Domain OBJECT-IDENTITY + STATUS deprecated + DESCRIPTION + "The transport domain for SNMPv1 over UDP over IPv4. + The corresponding transport address is of type + SnmpUDPAddress." + ::= { rfc1157Proxy 1 } + +-- ::= { rfc1157Proxy 2 } this OID is obsolete + +END diff --git a/data/mibs/SOURCE-ROUTING-MIB.txt b/data/mibs/SOURCE-ROUTING-MIB.txt new file mode 100644 index 000000000..988b1b0e8 --- /dev/null +++ b/data/mibs/SOURCE-ROUTING-MIB.txt @@ -0,0 +1,452 @@ +SOURCE-ROUTING-MIB DEFINITIONS ::= BEGIN + +IMPORTS + Counter, Gauge + FROM RFC1155-SMI + dot1dBridge, dot1dSr + FROM BRIDGE-MIB + OBJECT-TYPE + FROM RFC-1212; + +-- groups in the SR MIB + +-- dot1dSr is imported from the Bridge MIB + +dot1dPortPair OBJECT IDENTIFIER ::= { dot1dBridge 10 } + +-- the dot1dSr group + +-- this group is implemented by those bridges that +-- support the source route bridging mode, including Source +-- Routing and SRT bridges. + +dot1dSrPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dSrPortEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A table that contains information about every + port that is associated with this source route + bridge." + ::= { dot1dSr 1 } + +dot1dSrPortEntry OBJECT-TYPE + SYNTAX Dot1dSrPortEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A list of information for each port of a source + route bridge." + INDEX { dot1dSrPort } + + ::= { dot1dSrPortTable 1 } + +Dot1dSrPortEntry ::= + SEQUENCE { + dot1dSrPort + INTEGER, + dot1dSrPortHopCount + INTEGER, + dot1dSrPortLocalSegment + INTEGER, + dot1dSrPortBridgeNum + INTEGER, + dot1dSrPortTargetSegment + INTEGER, + dot1dSrPortLargestFrame + INTEGER, + dot1dSrPortSTESpanMode + INTEGER, + dot1dSrPortSpecInFrames + Counter, + dot1dSrPortSpecOutFrames + Counter, + dot1dSrPortApeInFrames + Counter, + dot1dSrPortApeOutFrames + Counter, + dot1dSrPortSteInFrames + Counter, + dot1dSrPortSteOutFrames + Counter, + dot1dSrPortSegmentMismatchDiscards + Counter, + dot1dSrPortDuplicateSegmentDiscards + Counter, + dot1dSrPortHopCountExceededDiscards + Counter, + dot1dSrPortDupLanIdOrTreeErrors + Counter, + dot1dSrPortLanIdMismatches + Counter + } + +dot1dSrPort OBJECT-TYPE + SYNTAX INTEGER (1..65535) + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The port number of the port for which this entry + + contains Source Route management information." + ::= { dot1dSrPortEntry 1 } + +dot1dSrPortHopCount OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The maximum number of routing descriptors allowed + in an All Paths or Spanning Tree Explorer frames." + ::= { dot1dSrPortEntry 2 } + +dot1dSrPortLocalSegment OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The segment number that uniquely identifies the + segment to which this port is connected. Current + source routing protocols limit this value to the + range: 0 through 4095. (The value 0 is used by + some management applications for special test + cases.) A value of 65535 signifies that no segment + number is assigned to this port." + ::= { dot1dSrPortEntry 3 } + +dot1dSrPortBridgeNum OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "A bridge number uniquely identifies a bridge when + more than one bridge is used to span the same two + segments. Current source routing protocols limit + this value to the range: 0 through 15. A value of + 65535 signifies that no bridge number is assigned + to this bridge." + ::= { dot1dSrPortEntry 4 } + +dot1dSrPortTargetSegment OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The segment number that corresponds to the target + segment this port is considered to be connected to + by the bridge. Current source routing protocols + limit this value to the range: 0 through 4095. + + (The value 0 is used by some management + applications for special test cases.) A value of + 65535 signifies that no target segment is assigned + to this port." + ::= { dot1dSrPortEntry 5 } + +-- It would be nice if we could use ifMtu as the size of the +-- largest frame, but we can't because ifMtu is defined to be +-- the size that the (inter-)network layer can use which can +-- differ from the MAC layer (especially if several layers of +-- encapsulation are used). + +dot1dSrPortLargestFrame OBJECT-TYPE + SYNTAX INTEGER + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The maximum size of the INFO field (LLC and + above) that this port can send/receive. It does + not include any MAC level (framing) octets. The + value of this object is used by this bridge to + determine whether a modification of the + LargestFrame (LF, see [14]) field of the Routing + Control field of the Routing Information Field is + necessary. + + 64 valid values are defined by the IEEE 802.5M SRT + Addendum: 516, 635, 754, 873, 993, 1112, 1231, + 1350, 1470, 1542, 1615, 1688, 1761, 1833, 1906, + 1979, 2052, 2345, 2638, 2932, 3225, 3518, 3812, + 4105, 4399, 4865, 5331, 5798, 6264, 6730, 7197, + 7663, 8130, 8539, 8949, 9358, 9768, 10178, 10587, + 10997, 11407, 12199, 12992, 13785, 14578, 15370, + 16163, 16956, 17749, 20730, 23711, 26693, 29674, + 32655, 35637, 38618, 41600, 44591, 47583, 50575, + 53567, 56559, 59551, and 65535. + + An illegal value will not be accepted by the + bridge." + ::= { dot1dSrPortEntry 6 } + +dot1dSrPortSTESpanMode OBJECT-TYPE + SYNTAX INTEGER { + auto-span(1), + disabled(2), + forced(3) + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "Determines how this port behaves when presented + with a Spanning Tree Explorer frame. The value + 'disabled(2)' indicates that the port will not + accept or send Spanning Tree Explorer packets; any + STE packets received will be silently discarded. + The value 'forced(3)' indicates the port will + always accept and propagate Spanning Tree Explorer + frames. This allows a manually configured + Spanning Tree for this class of packet to be + configured. Note that unlike transparent + bridging, this is not catastrophic to the network + if there are loops. The value 'auto-span(1)' can + only be returned by a bridge that both implements + the Spanning Tree Protocol and has use of the + protocol enabled on this port. The behavior of the + port for Spanning Tree Explorer frames is + determined by the state of dot1dStpPortState. If + the port is in the 'forwarding' state, the frame + will be accepted or propagated. Otherwise, it + will be silently discarded." + ::= { dot1dSrPortEntry 7 } + +dot1dSrPortSpecInFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of Specifically Routed frames, also + referred to as Source Routed Frames, that have + been received from this port's segment." + ::= { dot1dSrPortEntry 8 } + +dot1dSrPortSpecOutFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of Specifically Routed frames, also + referred to as Source Routed Frames, that this + port has transmitted on its segment." + ::= { dot1dSrPortEntry 9 } + +dot1dSrPortApeInFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of All Paths Explorer frames, also + referred to as All Routes Explorer frames, that + have been received by this port from its segment." + ::= { dot1dSrPortEntry 10 } + +dot1dSrPortApeOutFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of all Paths Explorer Frames, also + referred to as All Routes Explorer frames, that + have been transmitted by this port on its + segment." + ::= { dot1dSrPortEntry 11 } + +dot1dSrPortSteInFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of spanning tree explorer frames that + have been received by this port from its segment." + ::= { dot1dSrPortEntry 12 } + +dot1dSrPortSteOutFrames OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of spanning tree explorer frames that + have been transmitted by this port on its + segment." + ::= { dot1dSrPortEntry 13 } + +dot1dSrPortSegmentMismatchDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of explorer frames that have been + discarded by this port because the routing + descriptor field contained an invalid adjacent + segment value." + ::= { dot1dSrPortEntry 14 } + +dot1dSrPortDuplicateSegmentDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of frames that have been discarded by + this port because the routing descriptor field + contained a duplicate segment identifier." + ::= { dot1dSrPortEntry 15 } + +dot1dSrPortHopCountExceededDiscards OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of explorer frames that have been + discarded by this port because the Routing + Information Field has exceeded the maximum route + descriptor length." + ::= { dot1dSrPortEntry 16 } + +dot1dSrPortDupLanIdOrTreeErrors OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of duplicate LAN IDs or Tree errors. + This helps in detection of problems in networks + containing older IBM Source Routing Bridges." + ::= { dot1dSrPortEntry 17 } + +dot1dSrPortLanIdMismatches OBJECT-TYPE + SYNTAX Counter + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The number of ARE and STE frames that were + discarded because the last LAN ID in the routing + information field did not equal the LAN-in ID. + This error can occur in implementations which do + only a LAN-in ID and Bridge Number check instead + of a LAN-in ID, Bridge Number, and LAN-out ID + check before they forward broadcast frames." + ::= { dot1dSrPortEntry 18 } + +-- scalar object in dot1dSr + +dot1dSrBridgeLfMode OBJECT-TYPE + SYNTAX INTEGER { + mode3(1), + mode6(2) + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "Indicates whether the bridge operates using older + 3 bit length negotiation fields or the newer 6 bit + length field in its RIF." + ::= { dot1dSr 2 } + +-- The Port-Pair Database + +-- Implementation of this group is optional. + +-- This group is implemented by those bridges that support +-- the direct multiport model of the source route bridging +-- mode as defined in the IEEE 802.5 SRT Addendum to +-- 802.1d. + +-- Bridges implementing this group may report 65535 for +-- dot1dSrPortBridgeNumber and dot1dSrPortTargetSegment, +-- indicating that those objects are not applicable. + +dot1dPortPairTableSize OBJECT-TYPE + SYNTAX Gauge + ACCESS read-only + STATUS mandatory + DESCRIPTION + "The total number of entries in the Bridge Port + Pair Database." + ::= { dot1dPortPair 1 } + +-- the Bridge Port-Pair table + +-- this table represents port pairs within a bridge forming +-- a unique bridge path, as defined in the IEEE 802.5M SRT +-- Addendum. + +dot1dPortPairTable OBJECT-TYPE + SYNTAX SEQUENCE OF Dot1dPortPairEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A table that contains information about every + + port pair database entity associated with this + source routing bridge." + ::= { dot1dPortPair 2 } + +dot1dPortPairEntry OBJECT-TYPE + SYNTAX Dot1dPortPairEntry + ACCESS not-accessible + STATUS mandatory + DESCRIPTION + "A list of information for each port pair entity + of a bridge." + INDEX { dot1dPortPairLowPort, dot1dPortPairHighPort } + ::= { dot1dPortPairTable 1 } + +Dot1dPortPairEntry ::= + SEQUENCE { + dot1dPortPairLowPort + INTEGER, + dot1dPortPairHighPort + INTEGER, + dot1dPortPairBridgeNum + INTEGER, + dot1dPortPairBridgeState + INTEGER + } + +dot1dPortPairLowPort OBJECT-TYPE + SYNTAX INTEGER (1..65535) + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The port number of the lower numbered port for + which this entry contains port pair database + information." + ::= { dot1dPortPairEntry 1 } + +dot1dPortPairHighPort OBJECT-TYPE + SYNTAX INTEGER (1..65535) + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The port number of the higher numbered port for + which this entry contains port pair database + information." + ::= { dot1dPortPairEntry 2 } + +dot1dPortPairBridgeNum OBJECT-TYPE + SYNTAX INTEGER + + ACCESS read-write + STATUS mandatory + DESCRIPTION + "A bridge number that uniquely identifies the path + provided by this source routing bridge between the + segments connected to dot1dPortPairLowPort and + dot1dPortPairHighPort. The purpose of bridge + number is to disambiguate between multiple paths + connecting the same two LANs." + ::= { dot1dPortPairEntry 3 } + +dot1dPortPairBridgeState OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + invalid(3) + } + ACCESS read-write + STATUS mandatory + DESCRIPTION + "The state of dot1dPortPairBridgeNum. Writing + 'invalid(3)' to this object removes the + corresponding entry." + ::= { dot1dPortPairEntry 4 } + +END diff --git a/data/mibs/TCP-MIB.txt b/data/mibs/TCP-MIB.txt new file mode 100644 index 000000000..50e7f5752 --- /dev/null +++ b/data/mibs/TCP-MIB.txt @@ -0,0 +1,785 @@ +TCP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, + Gauge32, Counter32, Counter64, IpAddress, mib-2 + FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + InetAddress, InetAddressType, + InetPortNumber FROM INET-ADDRESS-MIB; + +tcpMIB MODULE-IDENTITY + LAST-UPDATED "200502180000Z" -- 18 February 2005 + ORGANIZATION + "IETF IPv6 MIB Revision Team + http://www.ietf.org/html.charters/ipv6-charter.html" + CONTACT-INFO + "Rajiv Raghunarayan (editor) + + Cisco Systems Inc. + 170 West Tasman Drive + San Jose, CA 95134 + + Phone: +1 408 853 9612 + Email: <raraghun@cisco.com> + + Send comments to <ipv6@ietf.org>" + DESCRIPTION + "The MIB module for managing TCP implementations. + + Copyright (C) The Internet Society (2005). This version + of this MIB module is a part of RFC 4022; see the RFC + itself for full legal notices." + REVISION "200502180000Z" -- 18 February 2005 + DESCRIPTION + "IP version neutral revision, published as RFC 4022." + REVISION "9411010000Z" + DESCRIPTION + "Initial SMIv2 version, published as RFC 2012." + REVISION "9103310000Z" + DESCRIPTION + "The initial revision of this MIB module was part of + MIB-II." + ::= { mib-2 49 } + +-- the TCP base variables group + +tcp OBJECT IDENTIFIER ::= { mib-2 6 } + +-- Scalars + +tcpRtoAlgorithm OBJECT-TYPE + SYNTAX INTEGER { + other(1), -- none of the following + constant(2), -- a constant rto + rsre(3), -- MIL-STD-1778, Appendix B + vanj(4), -- Van Jacobson's algorithm + rfc2988(5) -- RFC 2988 + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The algorithm used to determine the timeout value used for + retransmitting unacknowledged octets." + ::= { tcp 1 } + +tcpRtoMin OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum value permitted by a TCP implementation for + the retransmission timeout, measured in milliseconds. + More refined semantics for objects of this type depend + on the algorithm used to determine the retransmission + timeout; in particular, the IETF standard algorithm + rfc2988(5) provides a minimum value." + ::= { tcp 2 } + +tcpRtoMax OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum value permitted by a TCP implementation for + the retransmission timeout, measured in milliseconds. + More refined semantics for objects of this type depend + on the algorithm used to determine the retransmission + timeout; in particular, the IETF standard algorithm + rfc2988(5) provides an upper bound (as part of an + adaptive backoff algorithm)." + ::= { tcp 3 } + +tcpMaxConn OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The limit on the total number of TCP connections the entity + can support. In entities where the maximum number of + connections is dynamic, this object should contain the + value -1." + ::= { tcp 4 } + +tcpActiveOpens OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that TCP connections have made a direct + transition to the SYN-SENT state from the CLOSED state. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 5 } + +tcpPassiveOpens OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times TCP connections have made a direct + transition to the SYN-RCVD state from the LISTEN state. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 6 } + +tcpAttemptFails OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that TCP connections have made a direct + transition to the CLOSED state from either the SYN-SENT + state or the SYN-RCVD state, plus the number of times that + TCP connections have made a direct transition to the + LISTEN state from the SYN-RCVD state. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 7 } + +tcpEstabResets OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times that TCP connections have made a direct + transition to the CLOSED state from either the ESTABLISHED + state or the CLOSE-WAIT state. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 8 } + +tcpCurrEstab OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of TCP connections for which the current state + is either ESTABLISHED or CLOSE-WAIT." + ::= { tcp 9 } + +tcpInSegs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments received, including those + received in error. This count includes segments received + on currently established connections. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 10 } + +tcpOutSegs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments sent, including those on + current connections but excluding those containing only + retransmitted octets. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 11 } + +tcpRetransSegs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments retransmitted; that is, the + number of TCP segments transmitted containing one or more + previously transmitted octets. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 12 } + +tcpInErrs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments received in error (e.g., bad + TCP checksums). + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 14 } + +tcpOutRsts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of TCP segments sent containing the RST flag. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 15 } + +-- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, +-- which has since been obsoleted. It MUST not be used. + +tcpHCInSegs OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments received, including those + received in error. This count includes segments received + + on currently established connections. This object is + the 64-bit equivalent of tcpInSegs. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 17 } + +tcpHCOutSegs OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of segments sent, including those on + current connections but excluding those containing only + retransmitted octets. This object is the 64-bit + equivalent of tcpOutSegs. + + Discontinuities in the value of this counter are + indicated via discontinuities in the value of sysUpTime." + ::= { tcp 18 } + +-- The TCP Connection table + +tcpConnectionTable OBJECT-TYPE + SYNTAX SEQUENCE OF TcpConnectionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing information about existing TCP + connections. Note that unlike earlier TCP MIBs, there + is a separate table for connections in the LISTEN state." + ::= { tcp 19 } + +tcpConnectionEntry OBJECT-TYPE + SYNTAX TcpConnectionEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual row of the tcpConnectionTable containing + information about a particular current TCP connection. + Each row of this table is transient in that it ceases to + exist when (or soon after) the connection makes the + transition to the CLOSED state." + INDEX { tcpConnectionLocalAddressType, + tcpConnectionLocalAddress, + tcpConnectionLocalPort, + tcpConnectionRemAddressType, + tcpConnectionRemAddress, + tcpConnectionRemPort } + ::= { tcpConnectionTable 1 } + +TcpConnectionEntry ::= SEQUENCE { + tcpConnectionLocalAddressType InetAddressType, + tcpConnectionLocalAddress InetAddress, + tcpConnectionLocalPort InetPortNumber, + tcpConnectionRemAddressType InetAddressType, + tcpConnectionRemAddress InetAddress, + tcpConnectionRemPort InetPortNumber, + tcpConnectionState INTEGER, + tcpConnectionProcess Unsigned32 + } + +tcpConnectionLocalAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of tcpConnectionLocalAddress." + ::= { tcpConnectionEntry 1 } + +tcpConnectionLocalAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local IP address for this TCP connection. The type + of this address is determined by the value of + tcpConnectionLocalAddressType. + + As this object is used in the index for the + tcpConnectionTable, implementors should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; otherwise the information + cannot be accessed by using SNMPv1, SNMPv2c, or SNMPv3." + ::= { tcpConnectionEntry 2 } + +tcpConnectionLocalPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local port number for this TCP connection." + ::= { tcpConnectionEntry 3 } + +tcpConnectionRemAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of tcpConnectionRemAddress." + ::= { tcpConnectionEntry 4 } + +tcpConnectionRemAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote IP address for this TCP connection. The type + of this address is determined by the value of + tcpConnectionRemAddressType. + + As this object is used in the index for the + tcpConnectionTable, implementors should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; otherwise the information + cannot be accessed by using SNMPv1, SNMPv2c, or SNMPv3." + ::= { tcpConnectionEntry 5 } + +tcpConnectionRemPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote port number for this TCP connection." + ::= { tcpConnectionEntry 6 } + +tcpConnectionState OBJECT-TYPE + SYNTAX INTEGER { + closed(1), + listen(2), + synSent(3), + synReceived(4), + established(5), + finWait1(6), + finWait2(7), + closeWait(8), + lastAck(9), + closing(10), + timeWait(11), + deleteTCB(12) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The state of this TCP connection. + + The value listen(2) is included only for parallelism to the + old tcpConnTable and should not be used. A connection in + LISTEN state should be present in the tcpListenerTable. + + The only value that may be set by a management station is + deleteTCB(12). Accordingly, it is appropriate for an agent + to return a `badValue' response if a management station + attempts to set this object to any other value. + + If a management station sets this object to the value + deleteTCB(12), then the TCB (as defined in [RFC793]) of + the corresponding connection on the managed node is + deleted, resulting in immediate termination of the + connection. + + As an implementation-specific option, a RST segment may be + sent from the managed node to the other TCP endpoint (note, + however, that RST segments are not sent reliably)." + ::= { tcpConnectionEntry 7 } + +tcpConnectionProcess OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system's process ID for the process associated with + this connection, or zero if there is no such process. This + value is expected to be the same as HOST-RESOURCES-MIB:: + hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some + row in the appropriate tables." + ::= { tcpConnectionEntry 8 } + +-- The TCP Listener table + +tcpListenerTable OBJECT-TYPE + SYNTAX SEQUENCE OF TcpListenerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing information about TCP listeners. A + listening application can be represented in three + possible ways: + + 1. An application that is willing to accept both IPv4 and + IPv6 datagrams is represented by + + a tcpListenerLocalAddressType of unknown (0) and + a tcpListenerLocalAddress of ''h (a zero-length + octet-string). + + 2. An application that is willing to accept only IPv4 or + IPv6 datagrams is represented by a + tcpListenerLocalAddressType of the appropriate address + type and a tcpListenerLocalAddress of '0.0.0.0' or '::' + respectively. + + 3. An application that is listening for data destined + only to a specific IP address, but from any remote + system, is represented by a tcpListenerLocalAddressType + of an appropriate address type, with + tcpListenerLocalAddress as the specific local address. + + NOTE: The address type in this table represents the + address type used for the communication, irrespective + of the higher-layer abstraction. For example, an + application using IPv6 'sockets' to communicate via + IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would + use InetAddressType ipv4(1))." + ::= { tcp 20 } + +tcpListenerEntry OBJECT-TYPE + SYNTAX TcpListenerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A conceptual row of the tcpListenerTable containing + information about a particular TCP listener." + INDEX { tcpListenerLocalAddressType, + tcpListenerLocalAddress, + tcpListenerLocalPort } + ::= { tcpListenerTable 1 } + +TcpListenerEntry ::= SEQUENCE { + tcpListenerLocalAddressType InetAddressType, + tcpListenerLocalAddress InetAddress, + tcpListenerLocalPort InetPortNumber, + tcpListenerProcess Unsigned32 + } + +tcpListenerLocalAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of tcpListenerLocalAddress. The value + should be unknown (0) if connection initiations to all + local IP addresses are accepted." + ::= { tcpListenerEntry 1 } + +tcpListenerLocalAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local IP address for this TCP connection. + + The value of this object can be represented in three + possible ways, depending on the characteristics of the + listening application: + + 1. For an application willing to accept both IPv4 and + IPv6 datagrams, the value of this object must be + ''h (a zero-length octet-string), with the value + of the corresponding tcpListenerLocalAddressType + object being unknown (0). + + 2. For an application willing to accept only IPv4 or + IPv6 datagrams, the value of this object must be + '0.0.0.0' or '::' respectively, with + tcpListenerLocalAddressType representing the + appropriate address type. + + 3. For an application which is listening for data + destined only to a specific IP address, the value + of this object is the specific local address, with + tcpListenerLocalAddressType representing the + appropriate address type. + + As this object is used in the index for the + tcpListenerTable, implementors should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; otherwise the information + cannot be accessed, using SNMPv1, SNMPv2c, or SNMPv3." + ::= { tcpListenerEntry 2 } + +tcpListenerLocalPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local port number for this TCP connection." + ::= { tcpListenerEntry 3 } + +tcpListenerProcess OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system's process ID for the process associated with + this listener, or zero if there is no such process. This + value is expected to be the same as HOST-RESOURCES-MIB:: + hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some + row in the appropriate tables." + ::= { tcpListenerEntry 4 } + +-- The deprecated TCP Connection table + +tcpConnTable OBJECT-TYPE + SYNTAX SEQUENCE OF TcpConnEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "A table containing information about existing IPv4-specific + TCP connections or listeners. This table has been + deprecated in favor of the version neutral + tcpConnectionTable." + ::= { tcp 13 } + +tcpConnEntry OBJECT-TYPE + SYNTAX TcpConnEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "A conceptual row of the tcpConnTable containing information + about a particular current IPv4 TCP connection. Each row + of this table is transient in that it ceases to exist when + (or soon after) the connection makes the transition to the + CLOSED state." + INDEX { tcpConnLocalAddress, + tcpConnLocalPort, + tcpConnRemAddress, + tcpConnRemPort } + ::= { tcpConnTable 1 } + +TcpConnEntry ::= SEQUENCE { + tcpConnState INTEGER, + tcpConnLocalAddress IpAddress, + tcpConnLocalPort Integer32, + tcpConnRemAddress IpAddress, + tcpConnRemPort Integer32 + + } + +tcpConnState OBJECT-TYPE + SYNTAX INTEGER { + closed(1), + listen(2), + synSent(3), + synReceived(4), + established(5), + finWait1(6), + finWait2(7), + closeWait(8), + lastAck(9), + closing(10), + timeWait(11), + deleteTCB(12) + } + MAX-ACCESS read-write + STATUS deprecated + DESCRIPTION + "The state of this TCP connection. + + The only value that may be set by a management station is + deleteTCB(12). Accordingly, it is appropriate for an agent + to return a `badValue' response if a management station + attempts to set this object to any other value. + + If a management station sets this object to the value + deleteTCB(12), then the TCB (as defined in [RFC793]) of + the corresponding connection on the managed node is + deleted, resulting in immediate termination of the + connection. + + As an implementation-specific option, a RST segment may be + sent from the managed node to the other TCP endpoint (note, + however, that RST segments are not sent reliably)." + ::= { tcpConnEntry 1 } + +tcpConnLocalAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The local IP address for this TCP connection. In the case + of a connection in the listen state willing to + accept connections for any IP interface associated with the + node, the value 0.0.0.0 is used." + ::= { tcpConnEntry 2 } + +tcpConnLocalPort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The local port number for this TCP connection." + ::= { tcpConnEntry 3 } + +tcpConnRemAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The remote IP address for this TCP connection." + ::= { tcpConnEntry 4 } + +tcpConnRemPort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The remote port number for this TCP connection." + ::= { tcpConnEntry 5 } + +-- conformance information + +tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } + +tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } +tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } + +-- compliance statements + +tcpMIBCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for systems that implement TCP. + + A number of INDEX objects cannot be + represented in the form of OBJECT clauses in SMIv2 but + have the following compliance requirements, + expressed in OBJECT clause form in this description + clause: + + -- OBJECT tcpConnectionLocalAddressType + -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } + -- DESCRIPTION + -- This MIB requires support for only global IPv4 + + -- and IPv6 address types. + -- + -- OBJECT tcpConnectionRemAddressType + -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } + -- DESCRIPTION + -- This MIB requires support for only global IPv4 + -- and IPv6 address types. + -- + -- OBJECT tcpListenerLocalAddressType + -- SYNTAX InetAddressType { unknown(0), ipv4(1), + -- ipv6(2) } + -- DESCRIPTION + -- This MIB requires support for only global IPv4 + -- and IPv6 address types. The type unknown also + -- needs to be supported to identify a special + -- case in the listener table: a listen using + -- both IPv4 and IPv6 addresses on the device. + -- + " + MODULE -- this module + MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup, + tcpListenerGroup } + GROUP tcpHCGroup + DESCRIPTION + "This group is mandatory for systems that are capable + of receiving or transmitting more than 1 million TCP + segments per second. 1 million segments per second will + cause a Counter32 to wrap in just over an hour." + OBJECT tcpConnectionState + SYNTAX INTEGER { closed(1), listen(2), synSent(3), + synReceived(4), established(5), + finWait1(6), finWait2(7), closeWait(8), + lastAck(9), closing(10), timeWait(11) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, nor is support for the value + deleteTCB (12)." + ::= { tcpMIBCompliances 2 } + +tcpMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for IPv4-only systems that + implement TCP. In order to be IP version independent, this + compliance statement is deprecated in favor of + tcpMIBCompliance2. However, agents are still encouraged + to implement these objects in order to interoperate with + the deployed base of managers." + + MODULE -- this module + MANDATORY-GROUPS { tcpGroup } + OBJECT tcpConnState + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { tcpMIBCompliances 1 } + +-- units of conformance + +tcpGroup OBJECT-GROUP + OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, + tcpMaxConn, tcpActiveOpens, + tcpPassiveOpens, tcpAttemptFails, + tcpEstabResets, tcpCurrEstab, tcpInSegs, + tcpOutSegs, tcpRetransSegs, tcpConnState, + tcpConnLocalAddress, tcpConnLocalPort, + tcpConnRemAddress, tcpConnRemPort, + tcpInErrs, tcpOutRsts } + STATUS deprecated + DESCRIPTION + "The tcp group of objects providing for management of TCP + entities." + ::= { tcpMIBGroups 1 } + +tcpBaseGroup OBJECT-GROUP + OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, + tcpMaxConn, tcpActiveOpens, + tcpPassiveOpens, tcpAttemptFails, + tcpEstabResets, tcpCurrEstab, tcpInSegs, + tcpOutSegs, tcpRetransSegs, + tcpInErrs, tcpOutRsts } + STATUS current + DESCRIPTION + "The group of counters common to TCP entities." + ::= { tcpMIBGroups 2 } + +tcpConnectionGroup OBJECT-GROUP + OBJECTS { tcpConnectionState, tcpConnectionProcess } + STATUS current + DESCRIPTION + "The group provides general information about TCP + connections." + ::= { tcpMIBGroups 3 } + +tcpListenerGroup OBJECT-GROUP + OBJECTS { tcpListenerProcess } + STATUS current + DESCRIPTION + "This group has objects providing general information about + TCP listeners." + ::= { tcpMIBGroups 4 } + +tcpHCGroup OBJECT-GROUP + OBJECTS { tcpHCInSegs, tcpHCOutSegs } + STATUS current + DESCRIPTION + "The group of objects providing for counters of high speed + TCP implementations." + ::= { tcpMIBGroups 5 } + +END diff --git a/data/mibs/TRANSPORT-ADDRESS-MIB.txt b/data/mibs/TRANSPORT-ADDRESS-MIB.txt new file mode 100644 index 000000000..227886e78 --- /dev/null +++ b/data/mibs/TRANSPORT-ADDRESS-MIB.txt @@ -0,0 +1,421 @@ +TRANSPORT-ADDRESS-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-IDENTITY, mib-2 FROM SNMPv2-SMI + TEXTUAL-CONVENTION FROM SNMPv2-TC; + +transportAddressMIB MODULE-IDENTITY + LAST-UPDATED "200211010000Z" + ORGANIZATION + "IETF Operations and Management Area" + CONTACT-INFO + "Juergen Schoenwaelder (Editor) + TU Braunschweig + Bueltenweg 74/75 + 38106 Braunschweig, Germany + + Phone: +49 531 391-3289 + EMail: schoenw@ibr.cs.tu-bs.de + + Send comments to <mibs@ops.ietf.org>." + DESCRIPTION + "This MIB module provides commonly used transport + address definitions. + + Copyright (C) The Internet Society (2002). This version of + this MIB module is part of RFC 3419; see the RFC itself for + full legal notices." + + -- Revision log + + REVISION "200211010000Z" + DESCRIPTION + "Initial version, published as RFC 3419." + ::= { mib-2 100 } + +transportDomains OBJECT IDENTIFIER ::= { transportAddressMIB 1 } + +transportDomainUdpIpv4 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The UDP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4 for + global IPv4 addresses." + ::= { transportDomains 1 } + +transportDomainUdpIpv6 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The UDP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6 for + global IPv6 addresses." + ::= { transportDomains 2 } + +transportDomainUdpIpv4z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The UDP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4z for + scoped IPv4 addresses with a zone index." + ::= { transportDomains 3 } + +transportDomainUdpIpv6z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The UDP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6z for + scoped IPv6 addresses with a zone index." + ::= { transportDomains 4 } + +transportDomainTcpIpv4 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The TCP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4 for + global IPv4 addresses." + ::= { transportDomains 5 } + +transportDomainTcpIpv6 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The TCP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6 for + global IPv6 addresses." + ::= { transportDomains 6 } + +transportDomainTcpIpv4z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The TCP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4z for + scoped IPv4 addresses with a zone index." + ::= { transportDomains 7 } + +transportDomainTcpIpv6z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The TCP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6z for + scoped IPv6 addresses with a zone index." + ::= { transportDomains 8 } + +transportDomainSctpIpv4 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SCTP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4 for + global IPv4 addresses. This transport domain usually + represents the primary address on multihomed SCTP + endpoints." + ::= { transportDomains 9 } + +transportDomainSctpIpv6 OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SCTP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6 for + global IPv6 addresses. This transport domain usually + represents the primary address on multihomed SCTP + endpoints." + ::= { transportDomains 10 } + +transportDomainSctpIpv4z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SCTP over IPv4 transport domain. The corresponding + transport address is of type TransportAddressIPv4z for + scoped IPv4 addresses with a zone index. This transport + domain usually represents the primary address on + multihomed SCTP endpoints." + ::= { transportDomains 11 } + +transportDomainSctpIpv6z OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SCTP over IPv6 transport domain. The corresponding + transport address is of type TransportAddressIPv6z for + scoped IPv6 addresses with a zone index. This transport + domain usually represents the primary address on + multihomed SCTP endpoints." + ::= { transportDomains 12 } + +transportDomainLocal OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The Posix Local IPC transport domain. The corresponding + transport address is of type TransportAddressLocal. + + The Posix Local IPC transport domain incorporates the + well-known UNIX domain sockets." + ::= { transportDomains 13 } + +transportDomainUdpDns OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The UDP transport domain using fully qualified domain + names. The corresponding transport address is of type + TransportAddressDns." + ::= { transportDomains 14 } + +transportDomainTcpDns OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The TCP transport domain using fully qualified domain + names. The corresponding transport address is of type + TransportAddressDns." + ::= { transportDomains 15 } + +transportDomainSctpDns OBJECT-IDENTITY + STATUS current + DESCRIPTION + "The SCTP transport domain using fully qualified domain + names. The corresponding transport address is of type + TransportAddressDns." + ::= { transportDomains 16 } + +TransportDomain ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value that represents a transport domain. + + Some possible values, such as transportDomainUdpIpv4, are + defined in this module. Other possible values can be + defined in other MIB modules." + SYNTAX OBJECT IDENTIFIER + +-- +-- The enumerated values of the textual convention below should +-- be identical to the last sub-identifier of the OID registered +-- for the same domain. +-- + +TransportAddressType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value that represents a transport domain. This is the + enumerated version of the transport domain registrations + in this MIB module. The enumerated values have the + following meaning: + + unknown(0) unknown transport address type + udpIpv4(1) transportDomainUdpIpv4 + udpIpv6(2) transportDomainUdpIpv6 + udpIpv4z(3) transportDomainUdpIpv4z + udpIpv6z(4) transportDomainUdpIpv6z + tcpIpv4(5) transportDomainTcpIpv4 + tcpIpv6(6) transportDomainTcpIpv6 + tcpIpv4z(7) transportDomainTcpIpv4z + + tcpIpv6z(8) transportDomainTcpIpv6z + sctpIpv4(9) transportDomainSctpIpv4 + sctpIpv6(10) transportDomainSctpIpv6 + sctpIpv4z(11) transportDomainSctpIpv4z + sctpIpv6z(12) transportDomainSctpIpv6z + local(13) transportDomainLocal + udpDns(14) transportDomainUdpDns + tcpDns(15) transportDomainTcpDns + sctpDns(16) transportDomainSctpDns + + This textual convention can be used to represent transport + domains in situations where a syntax of TransportDomain is + unwieldy (for example, when used as an index). + + The usage of this textual convention implies that additional + transport domains can only be supported by updating this MIB + module. This extensibility restriction does not apply for the + TransportDomain textual convention which allows MIB authors + to define additional transport domains independently in + other MIB modules." + SYNTAX INTEGER { + unknown(0), + udpIpv4(1), + udpIpv6(2), + udpIpv4z(3), + udpIpv6z(4), + tcpIpv4(5), + tcpIpv6(6), + tcpIpv4z(7), + tcpIpv6z(8), + sctpIpv4(9), + sctpIpv6(10), + sctpIpv4z(11), + sctpIpv6z(12), + local(13), + udpDns(14), + tcpDns(15), + sctpDns(16) + } + +TransportAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Denotes a generic transport address. + + A TransportAddress value is always interpreted within the + context of a TransportAddressType or TransportDomain value. + Every usage of the TransportAddress textual convention MUST + + specify the TransportAddressType or TransportDomain object + which provides the context. Furthermore, MIB authors SHOULD + define a separate TransportAddressType or TransportDomain + object for each TransportAddress object. It is suggested that + the TransportAddressType or TransportDomain is logically + registered before the object(s) which use the + TransportAddress textual convention if they appear in the + same logical row. + + The value of a TransportAddress object must always be + consistent with the value of the associated + TransportAddressType or TransportDomain object. Attempts + to set a TransportAddress object to a value which is + inconsistent with the associated TransportAddressType or + TransportDomain must fail with an inconsistentValue error. + + When this textual convention is used as a syntax of an + index object, there may be issues with the limit of 128 + sub-identifiers specified in SMIv2, STD 58. In this case, + the OBJECT-TYPE declaration MUST include a 'SIZE' clause + to limit the number of potential instance sub-identifiers." + SYNTAX OCTET STRING (SIZE (0..255)) + +TransportAddressIPv4 ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1d.1d.1d.1d:2d" + STATUS current + DESCRIPTION + "Represents a transport address consisting of an IPv4 + address and a port number (as used for example by UDP, + TCP and SCTP): + + octets contents encoding + 1-4 IPv4 address network-byte order + 5-6 port number network-byte order + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair." + SYNTAX OCTET STRING (SIZE (6)) + +TransportAddressIPv6 ::= TEXTUAL-CONVENTION + DISPLAY-HINT "0a[2x:2x:2x:2x:2x:2x:2x:2x]0a:2d" + STATUS current + DESCRIPTION + "Represents a transport address consisting of an IPv6 + address and a port number (as used for example by UDP, + TCP and SCTP): + + octets contents encoding + 1-16 IPv6 address network-byte order + 17-18 port number network-byte order + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair." + SYNTAX OCTET STRING (SIZE (18)) + +TransportAddressIPv4z ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1d.1d.1d.1d%4d:2d" + STATUS current + DESCRIPTION + "Represents a transport address consisting of an IPv4 + address, a zone index and a port number (as used for + example by UDP, TCP and SCTP): + + octets contents encoding + 1-4 IPv4 address network-byte order + 5-8 zone index network-byte order + 9-10 port number network-byte order + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair." + SYNTAX OCTET STRING (SIZE (10)) + +TransportAddressIPv6z ::= TEXTUAL-CONVENTION + DISPLAY-HINT "0a[2x:2x:2x:2x:2x:2x:2x:2x%4d]0a:2d" + STATUS current + DESCRIPTION + "Represents a transport address consisting of an IPv6 + address, a zone index and a port number (as used for + example by UDP, TCP and SCTP): + + octets contents encoding + 1-16 IPv6 address network-byte order + 17-20 zone index network-byte order + 21-22 port number network-byte order + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair." + SYNTAX OCTET STRING (SIZE (22)) + +TransportAddressLocal ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1a" + STATUS current + DESCRIPTION + "Represents a POSIX Local IPC transport address: + + octets contents encoding + all POSIX Local IPC address string + + The Posix Local IPC transport domain subsumes UNIX domain + sockets. + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair. + + When this textual convention is used as a syntax of an + index object, there may be issues with the limit of 128 + sub-identifiers specified in SMIv2, STD 58. In this case, + the OBJECT-TYPE declaration MUST include a 'SIZE' clause + to limit the number of potential instance sub-identifiers." + REFERENCE + "Protocol Independent Interfaces (IEEE POSIX 1003.1g)" + SYNTAX OCTET STRING (SIZE (1..255)) + +TransportAddressDns ::= TEXTUAL-CONVENTION + DISPLAY-HINT "1a" + STATUS current + DESCRIPTION + "Represents a DNS domain name followed by a colon ':' + (ASCII character 0x3A) and a port number in ASCII. + The name SHOULD be fully qualified whenever possible. + + Values of this textual convention are not directly useable as + transport-layer addressing information, and require runtime + resolution. As such, applications that write them must be + prepared for handling errors if such values are not + supported, or cannot be resolved (if resolution occurs at the + time of the management operation). + + The DESCRIPTION clause of TransportAddress objects that may + + have TransportAddressDns values must fully describe how (and + when) such names are to be resolved to IP addresses and vice + versa. + + This textual convention SHOULD NOT be used directly in object + definitions since it restricts addresses to a specific format. + However, if it is used, it MAY be used either on its own or + in conjunction with TransportAddressType or TransportDomain + as a pair. + + When this textual convention is used as a syntax of an + index object, there may be issues with the limit of 128 + sub-identifiers specified in SMIv2, STD 58. In this case, + the OBJECT-TYPE declaration MUST include a 'SIZE' clause + to limit the number of potential instance sub-identifiers." + SYNTAX OCTET STRING (SIZE (1..255)) + +END diff --git a/data/mibs/TUNNEL-MIB.txt b/data/mibs/TUNNEL-MIB.txt new file mode 100644 index 000000000..5f9596b58 --- /dev/null +++ b/data/mibs/TUNNEL-MIB.txt @@ -0,0 +1,738 @@ +TUNNEL-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, transmission, + Integer32, IpAddress FROM SNMPv2-SMI -- [RFC2578] + + RowStatus, StorageType FROM SNMPv2-TC -- [RFC2579] + + MODULE-COMPLIANCE, + OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] + + InetAddressType, + InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] + + IPv6FlowLabelOrAny FROM IPV6-FLOW-LABEL-MIB -- [RFC3595] + + ifIndex, + InterfaceIndexOrZero FROM IF-MIB -- [RFC2863] + + IANAtunnelType FROM IANAifType-MIB; -- [IFTYPE] + +tunnelMIB MODULE-IDENTITY + LAST-UPDATED "200505160000Z" -- May 16, 2005 + ORGANIZATION "IETF IP Version 6 (IPv6) Working Group" + CONTACT-INFO + " Dave Thaler + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052-6399 + EMail: dthaler@microsoft.com" + DESCRIPTION + "The MIB module for management of IP Tunnels, + independent of the specific encapsulation scheme in + use. + + Copyright (C) The Internet Society (2005). This + version of this MIB module is part of RFC 4087; see + the RFC itself for full legal notices." + + REVISION "200505160000Z" -- May 16, 2005 + DESCRIPTION + "IPv4-specific objects were deprecated, including + tunnelIfLocalAddress, tunnelIfRemoteAddress, the + tunnelConfigTable, and the tunnelMIBBasicGroup. + + Added IP version-agnostic objects that should be used + instead, including tunnelIfAddressType, + tunnelIfLocalInetAddress, tunnelIfRemoteInetAddress, + the tunnelInetConfigTable, and the + tunnelIMIBInetGroup. + + The new tunnelIfLocalInetAddress and + tunnelIfRemoteInetAddress objects are read-write, + rather than read-only. + + Updated DESCRIPTION clauses of existing version- + agnostic objects (e.g., tunnelIfTOS) that contained + IPv4-specific text to cover IPv6 as well. + + Added tunnelIfFlowLabel for tunnels over IPv6. + + The encapsulation method was previously an INTEGER + type, and is now an IANA-maintained textual + convention. + + Published as RFC 4087." + REVISION "199908241200Z" -- August 24, 1999 + DESCRIPTION + "Initial version, published as RFC 2667." + ::= { transmission 131 } + +tunnelMIBObjects OBJECT IDENTIFIER ::= { tunnelMIB 1 } + +tunnel OBJECT IDENTIFIER ::= { tunnelMIBObjects 1 } + +-- the IP Tunnel MIB-Group +-- +-- a collection of objects providing information about +-- IP Tunnels + +tunnelIfTable OBJECT-TYPE + SYNTAX SEQUENCE OF TunnelIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table containing information on + configured tunnels." + ::= { tunnel 1 } + +tunnelIfEntry OBJECT-TYPE + SYNTAX TunnelIfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) containing the information + on a particular configured tunnel." + INDEX { ifIndex } + ::= { tunnelIfTable 1 } + +TunnelIfEntry ::= SEQUENCE { + tunnelIfLocalAddress IpAddress, -- deprecated + tunnelIfRemoteAddress IpAddress, -- deprecated + tunnelIfEncapsMethod IANAtunnelType, + tunnelIfHopLimit Integer32, + tunnelIfSecurity INTEGER, + tunnelIfTOS Integer32, + tunnelIfFlowLabel IPv6FlowLabelOrAny, + tunnelIfAddressType InetAddressType, + tunnelIfLocalInetAddress InetAddress, + tunnelIfRemoteInetAddress InetAddress, + tunnelIfEncapsLimit Integer32 +} + +tunnelIfLocalAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The address of the local endpoint of the tunnel + (i.e., the source address used in the outer IP + header), or 0.0.0.0 if unknown or if the tunnel is + over IPv6. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelIfLocalInetAddress." + ::= { tunnelIfEntry 1 } + +tunnelIfRemoteAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The address of the remote endpoint of the tunnel + (i.e., the destination address used in the outer IP + header), or 0.0.0.0 if unknown, or an IPv6 address, or + + the tunnel is not a point-to-point link (e.g., if it + is a 6to4 tunnel). + + Since this object does not support IPv6, it is + deprecated in favor of tunnelIfRemoteInetAddress." + ::= { tunnelIfEntry 2 } + +tunnelIfEncapsMethod OBJECT-TYPE + SYNTAX IANAtunnelType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encapsulation method used by the tunnel." + ::= { tunnelIfEntry 3 } + +tunnelIfHopLimit OBJECT-TYPE + SYNTAX Integer32 (0 | 1..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The IPv4 TTL or IPv6 Hop Limit to use in the outer IP + header. A value of 0 indicates that the value is + copied from the payload's header." + ::= { tunnelIfEntry 4 } + +tunnelIfSecurity OBJECT-TYPE + SYNTAX INTEGER { + none(1), -- no security + ipsec(2), -- IPsec security + other(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The method used by the tunnel to secure the outer IP + header. The value ipsec indicates that IPsec is used + between the tunnel endpoints for authentication or + encryption or both. More specific security-related + information may be available in a MIB module for the + security protocol in use." + ::= { tunnelIfEntry 5 } + +tunnelIfTOS OBJECT-TYPE + SYNTAX Integer32 (-2..63) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The method used to set the high 6 bits (the + + differentiated services codepoint) of the IPv4 TOS or + IPv6 Traffic Class in the outer IP header. A value of + -1 indicates that the bits are copied from the + payload's header. A value of -2 indicates that a + traffic conditioner is invoked and more information + may be available in a traffic conditioner MIB module. + A value between 0 and 63 inclusive indicates that the + bit field is set to the indicated value. + + Note: instead of the name tunnelIfTOS, a better name + would have been tunnelIfDSCPMethod, but the existing + name appeared in RFC 2667 and existing objects cannot + be renamed." + ::= { tunnelIfEntry 6 } + +tunnelIfFlowLabel OBJECT-TYPE + SYNTAX IPv6FlowLabelOrAny + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The method used to set the IPv6 Flow Label value. + This object need not be present in rows where + tunnelIfAddressType indicates the tunnel is not over + IPv6. A value of -1 indicates that a traffic + conditioner is invoked and more information may be + available in a traffic conditioner MIB. Any other + value indicates that the Flow Label field is set to + the indicated value." + ::= { tunnelIfEntry 7 } + +tunnelIfAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The type of address in the corresponding + tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress + objects." + ::= { tunnelIfEntry 8 } + +tunnelIfLocalInetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The address of the local endpoint of the tunnel + (i.e., the source address used in the outer IP + header). If the address is unknown, the value is + + 0.0.0.0 for IPv4 or :: for IPv6. The type of this + object is given by tunnelIfAddressType." + ::= { tunnelIfEntry 9 } + +tunnelIfRemoteInetAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The address of the remote endpoint of the tunnel + (i.e., the destination address used in the outer IP + header). If the address is unknown or the tunnel is + not a point-to-point link (e.g., if it is a 6to4 + tunnel), the value is 0.0.0.0 for tunnels over IPv4 or + :: for tunnels over IPv6. The type of this object is + given by tunnelIfAddressType." + ::= { tunnelIfEntry 10 } + +tunnelIfEncapsLimit OBJECT-TYPE + SYNTAX Integer32 (-1 | 0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The maximum number of additional encapsulations + permitted for packets undergoing encapsulation at this + node. A value of -1 indicates that no limit is + present (except as a result of the packet size)." + REFERENCE "RFC 2473, section 4.1.1" + ::= { tunnelIfEntry 11 } + +tunnelConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF TunnelConfigEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The (conceptual) table containing information on + configured tunnels. This table can be used to map a + set of tunnel endpoints to the associated ifIndex + value. It can also be used for row creation. Note + that every row in the tunnelIfTable with a fixed IPv4 + destination address should have a corresponding row in + the tunnelConfigTable, regardless of whether it was + created via SNMP. + + Since this table does not support IPv6, it is + deprecated in favor of tunnelInetConfigTable." + ::= { tunnel 2 } + +tunnelConfigEntry OBJECT-TYPE + SYNTAX TunnelConfigEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "An entry (conceptual row) containing the information + on a particular configured tunnel. + + Since this entry does not support IPv6, it is + deprecated in favor of tunnelInetConfigEntry." + INDEX { tunnelConfigLocalAddress, + tunnelConfigRemoteAddress, + tunnelConfigEncapsMethod, + tunnelConfigID } + ::= { tunnelConfigTable 1 } + +TunnelConfigEntry ::= SEQUENCE { + tunnelConfigLocalAddress IpAddress, + tunnelConfigRemoteAddress IpAddress, + tunnelConfigEncapsMethod IANAtunnelType, + tunnelConfigID Integer32, + tunnelConfigIfIndex InterfaceIndexOrZero, + tunnelConfigStatus RowStatus +} + +tunnelConfigLocalAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The address of the local endpoint of the tunnel, or + 0.0.0.0 if the device is free to choose any of its + addresses at tunnel establishment time. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigLocalAddress." + ::= { tunnelConfigEntry 1 } + +tunnelConfigRemoteAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The address of the remote endpoint of the tunnel. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigRemoteAddress." + ::= { tunnelConfigEntry 2 } + +tunnelConfigEncapsMethod OBJECT-TYPE + SYNTAX IANAtunnelType + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "The encapsulation method used by the tunnel. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigEncapsMethod." + ::= { tunnelConfigEntry 3 } + +tunnelConfigID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "An identifier used to distinguish between multiple + tunnels of the same encapsulation method, with the + same endpoints. If the encapsulation protocol only + allows one tunnel per set of endpoint addresses (such + as for GRE or IP-in-IP), the value of this object is + 1. For encapsulation methods (such as L2F) which + allow multiple parallel tunnels, the manager is + responsible for choosing any ID which does not + conflict with an existing row, such as choosing a + random number. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigID." + ::= { tunnelConfigEntry 4 } + +tunnelConfigIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "If the value of tunnelConfigStatus for this row is + active, then this object contains the value of ifIndex + corresponding to the tunnel interface. A value of 0 + is not legal in the active state, and means that the + interface index has not yet been assigned. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigIfIndex." + ::= { tunnelConfigEntry 5 } + +tunnelConfigStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS deprecated + DESCRIPTION + "The status of this row, by which new entries may be + created, or old entries deleted from this table. The + agent need not support setting this object to + createAndWait or notInService since there are no other + writable objects in this table, and writable objects + in rows of corresponding tables such as the + tunnelIfTable may be modified while this row is + active. + + To create a row in this table for an encapsulation + method which does not support multiple parallel + tunnels with the same endpoints, the management + station should simply use a tunnelConfigID of 1, and + set tunnelConfigStatus to createAndGo. For + encapsulation methods such as L2F which allow multiple + parallel tunnels, the management station may select a + pseudo-random number to use as the tunnelConfigID and + set tunnelConfigStatus to createAndGo. In the event + that this ID is already in use and an + inconsistentValue is returned in response to the set + operation, the management station should simply select + a new pseudo-random number and retry the operation. + + Creating a row in this table will cause an interface + index to be assigned by the agent in an + implementation-dependent manner, and corresponding + rows will be instantiated in the ifTable and the + tunnelIfTable. The status of this row will become + active as soon as the agent assigns the interface + index, regardless of whether the interface is + operationally up. + + Deleting a row in this table will likewise delete the + corresponding row in the ifTable and in the + tunnelIfTable. + + Since this object does not support IPv6, it is + deprecated in favor of tunnelInetConfigStatus." + ::= { tunnelConfigEntry 6 } + +tunnelInetConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF TunnelInetConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The (conceptual) table containing information on + configured tunnels. This table can be used to map a + set of tunnel endpoints to the associated ifIndex + value. It can also be used for row creation. Note + that every row in the tunnelIfTable with a fixed + destination address should have a corresponding row in + the tunnelInetConfigTable, regardless of whether it + was created via SNMP." + ::= { tunnel 3 } + +tunnelInetConfigEntry OBJECT-TYPE + SYNTAX TunnelInetConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry (conceptual row) containing the information + on a particular configured tunnel. Note that there is + a 128 subid maximum for object OIDs. Implementers + need to be aware that if the total number of octets in + tunnelInetConfigLocalAddress and + tunnelInetConfigRemoteAddress exceeds 110 then OIDs of + column instances in this table will have more than 128 + sub-identifiers and cannot be accessed using SNMPv1, + SNMPv2c, or SNMPv3. In practice this is not expected + to be a problem since IPv4 and IPv6 addresses will not + cause the limit to be reached, but if other types are + supported by an agent, care must be taken to ensure + that the sum of the lengths do not cause the limit to + be exceeded." + INDEX { tunnelInetConfigAddressType, + tunnelInetConfigLocalAddress, + tunnelInetConfigRemoteAddress, + tunnelInetConfigEncapsMethod, + tunnelInetConfigID } + ::= { tunnelInetConfigTable 1 } + +TunnelInetConfigEntry ::= SEQUENCE { + tunnelInetConfigAddressType InetAddressType, + tunnelInetConfigLocalAddress InetAddress, + tunnelInetConfigRemoteAddress InetAddress, + tunnelInetConfigEncapsMethod IANAtunnelType, + tunnelInetConfigID Integer32, + tunnelInetConfigIfIndex InterfaceIndexOrZero, + tunnelInetConfigStatus RowStatus, + tunnelInetConfigStorageType StorageType +} + +tunnelInetConfigAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type over which the tunnel encapsulates + packets." + ::= { tunnelInetConfigEntry 1 } + +tunnelInetConfigLocalAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address of the local endpoint of the tunnel, or + 0.0.0.0 (for IPv4) or :: (for IPv6) if the device is + free to choose any of its addresses at tunnel + establishment time." + ::= { tunnelInetConfigEntry 2 } + +tunnelInetConfigRemoteAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address of the remote endpoint of the tunnel." + ::= { tunnelInetConfigEntry 3 } + +tunnelInetConfigEncapsMethod OBJECT-TYPE + SYNTAX IANAtunnelType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The encapsulation method used by the tunnel." + ::= { tunnelInetConfigEntry 4 } + +tunnelInetConfigID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An identifier used to distinguish between multiple + tunnels of the same encapsulation method, with the + same endpoints. If the encapsulation protocol only + allows one tunnel per set of endpoint addresses (such + as for GRE or IP-in-IP), the value of this object is + 1. For encapsulation methods (such as L2F) which + allow multiple parallel tunnels, the manager is + responsible for choosing any ID which does not + + conflict with an existing row, such as choosing a + random number." + ::= { tunnelInetConfigEntry 5 } + +tunnelInetConfigIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "If the value of tunnelInetConfigStatus for this row + is active, then this object contains the value of + ifIndex corresponding to the tunnel interface. A + value of 0 is not legal in the active state, and means + that the interface index has not yet been assigned." + ::= { tunnelInetConfigEntry 6 } + +tunnelInetConfigStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The status of this row, by which new entries may be + created, or old entries deleted from this table. The + agent need not support setting this object to + createAndWait or notInService since there are no other + writable objects in this table, and writable objects + in rows of corresponding tables such as the + tunnelIfTable may be modified while this row is + active. + + To create a row in this table for an encapsulation + method which does not support multiple parallel + tunnels with the same endpoints, the management + station should simply use a tunnelInetConfigID of 1, + and set tunnelInetConfigStatus to createAndGo. For + encapsulation methods such as L2F which allow multiple + parallel tunnels, the management station may select a + pseudo-random number to use as the tunnelInetConfigID + and set tunnelInetConfigStatus to createAndGo. In the + event that this ID is already in use and an + inconsistentValue is returned in response to the set + operation, the management station should simply select + a new pseudo-random number and retry the operation. + + Creating a row in this table will cause an interface + index to be assigned by the agent in an + implementation-dependent manner, and corresponding + rows will be instantiated in the ifTable and the + + tunnelIfTable. The status of this row will become + active as soon as the agent assigns the interface + index, regardless of whether the interface is + operationally up. + + Deleting a row in this table will likewise delete the + corresponding row in the ifTable and in the + tunnelIfTable." + ::= { tunnelInetConfigEntry 7 } + +tunnelInetConfigStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The storage type of this row. If the row is + permanent(4), no objects in the row need be writable." + ::= { tunnelInetConfigEntry 8 } + +-- conformance information + +tunnelMIBConformance + OBJECT IDENTIFIER ::= { tunnelMIB 2 } +tunnelMIBCompliances + OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 } +tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 } + +-- compliance statements + +tunnelMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The (deprecated) IPv4-only compliance statement for + the IP Tunnel MIB. + + This is deprecated in favor of + tunnelMIBInetFullCompliance and + tunnelMIBInetReadOnlyCompliance." + MODULE -- this module + MANDATORY-GROUPS { tunnelMIBBasicGroup } + + OBJECT tunnelIfHopLimit + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfTOS + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelConfigStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { tunnelMIBCompliances 1 } + +tunnelMIBInetFullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The full compliance statement for the IP Tunnel MIB." + MODULE -- this module + MANDATORY-GROUPS { tunnelMIBInetGroup } + + OBJECT tunnelIfAddressType + SYNTAX InetAddressType { ipv4(1), ipv6(2), + ipv4z(3), ipv6z(4) } + DESCRIPTION + "An implementation is only required to support IPv4 + and/or IPv6 addresses. An implementation only needs to + support the addresses it actually supports on the + device." + ::= { tunnelMIBCompliances 2 } + +tunnelMIBInetReadOnlyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The read-only compliance statement for the IP Tunnel + MIB." + MODULE -- this module + MANDATORY-GROUPS { tunnelMIBInetGroup } + + OBJECT tunnelIfHopLimit + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfTOS + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfFlowLabel + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfAddressType + SYNTAX InetAddressType { ipv4(1), ipv6(2), + ipv4z(3), ipv6z(4) } + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required. + + An implementation is only required to support IPv4 + and/or IPv6 addresses. An implementation only needs to + support the addresses it actually supports on the + device." + + OBJECT tunnelIfLocalInetAddress + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfRemoteInetAddress + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelIfEncapsLimit + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT tunnelInetConfigStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required, and active is the only + status that needs to be supported." + + OBJECT tunnelInetConfigStorageType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { tunnelMIBCompliances 3 } + +-- units of conformance + +tunnelMIBBasicGroup OBJECT-GROUP + OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress, + tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS, + tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus } + STATUS deprecated + DESCRIPTION + "A collection of objects to support basic management + + of IPv4 Tunnels. Since this group cannot support + IPv6, it is deprecated in favor of + tunnelMIBInetGroup." + ::= { tunnelMIBGroups 1 } + +tunnelMIBInetGroup OBJECT-GROUP + OBJECTS { tunnelIfAddressType, tunnelIfLocalInetAddress, + tunnelIfRemoteInetAddress, tunnelIfEncapsMethod, + tunnelIfEncapsLimit, + tunnelIfHopLimit, tunnelIfTOS, tunnelIfFlowLabel, + tunnelIfSecurity, tunnelInetConfigIfIndex, + tunnelInetConfigStatus, tunnelInetConfigStorageType } + STATUS current + DESCRIPTION + "A collection of objects to support basic management + of IPv4 and IPv6 Tunnels." + ::= { tunnelMIBGroups 2 } + +END diff --git a/data/mibs/UDP-MIB.txt b/data/mibs/UDP-MIB.txt new file mode 100644 index 000000000..eec9dbadb --- /dev/null +++ b/data/mibs/UDP-MIB.txt @@ -0,0 +1,549 @@ +UDP-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, + Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + InetAddress, InetAddressType, + InetPortNumber FROM INET-ADDRESS-MIB; + +udpMIB MODULE-IDENTITY + LAST-UPDATED "200505200000Z" -- May 20, 2005 + ORGANIZATION + "IETF IPv6 Working Group + http://www.ietf.org/html.charters/ipv6-charter.html" + CONTACT-INFO + "Bill Fenner (editor) + + AT&T Labs -- Research + 75 Willow Rd. + Menlo Park, CA 94025 + + Phone: +1 650 330-7893 + Email: <fenner@research.att.com> + + John Flick (editor) + + Hewlett-Packard Company + 8000 Foothills Blvd. M/S 5557 + Roseville, CA 95747 + + Phone: +1 916 785 4018 + Email: <john.flick@hp.com> + + Send comments to <ipv6@ietf.org>" + DESCRIPTION + "The MIB module for managing UDP implementations. + Copyright (C) The Internet Society (2005). This + version of this MIB module is part of RFC 4113; + see the RFC itself for full legal notices." + REVISION "200505200000Z" -- May 20, 2005 + DESCRIPTION + "IP version neutral revision, incorporating the + following revisions: + + - Added udpHCInDatagrams and udpHCOutDatagrams in order + to provide high-capacity counters for fast networks. + - Added text to the descriptions of all counter objects + to indicate how discontinuities are detected. + - Deprecated the IPv4-specific udpTable and replaced it + with the version neutral udpEndpointTable. This + table includes support for connected UDP endpoints + and support for identification of the operating + system process associated with a UDP endpoint. + - Deprecated the udpGroup and replaced it with object + groups representing the current set of objects. + - Deprecated udpMIBCompliance and replaced it with + udpMIBCompliance2, which includes the compliance + information for the new object groups. + + This version published as RFC 4113." + REVISION "199411010000Z" -- November 1, 1994 + DESCRIPTION + "Initial SMIv2 version, published as RFC 2013." + REVISION "199103310000Z" -- March 31, 1991 + DESCRIPTION + "The initial revision of this MIB module was part of + MIB-II, published as RFC 1213." + ::= { mib-2 50 } + +-- the UDP group + +udp OBJECT IDENTIFIER ::= { mib-2 7 } + +udpInDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of UDP datagrams delivered to UDP + users. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 1 } + +udpNoPorts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of received UDP datagrams for which + there was no application at the destination port. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 2 } + +udpInErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of received UDP datagrams that could not be + delivered for reasons other than the lack of an + application at the destination port. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 3 } + +udpOutDatagrams OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of UDP datagrams sent from this + entity. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 4 } + +udpHCInDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of UDP datagrams delivered to UDP + users, for devices that can receive more than 1 + million UDP datagrams per second. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 8 } + +udpHCOutDatagrams OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of UDP datagrams sent from this + entity, for devices that can transmit more than 1 + million UDP datagrams per second. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 9 } + +-- +-- { udp 6 } was defined as the ipv6UdpTable in RFC2454's +-- IPV6-UDP-MIB. This RFC obsoletes RFC 2454, so { udp 6 } is +-- obsoleted. +-- + +-- The UDP "Endpoint" table. + +udpEndpointTable OBJECT-TYPE + SYNTAX SEQUENCE OF UdpEndpointEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing information about this entity's UDP + endpoints on which a local application is currently + accepting or sending datagrams. + + The address type in this table represents the address + type used for the communication, irrespective of the + higher-layer abstraction. For example, an application + using IPv6 'sockets' to communicate via IPv4 between + ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would use + InetAddressType ipv4(1). + + Unlike the udpTable in RFC 2013, this table also allows + the representation of an application that completely + specifies both local and remote addresses and ports. A + listening application is represented in three possible + ways: + + 1) An application that is willing to accept both IPv4 + and IPv6 datagrams is represented by a + udpEndpointLocalAddressType of unknown(0) and a + udpEndpointLocalAddress of ''h (a zero-length + octet-string). + + 2) An application that is willing to accept only IPv4 + or only IPv6 datagrams is represented by a + udpEndpointLocalAddressType of the appropriate + address type and a udpEndpointLocalAddress of + '0.0.0.0' or '::' respectively. + + 3) An application that is listening for datagrams only + for a specific IP address but from any remote + system is represented by a + udpEndpointLocalAddressType of the appropriate + address type, with udpEndpointLocalAddress + specifying the local address. + + In all cases where the remote is a wildcard, the + udpEndpointRemoteAddressType is unknown(0), the + udpEndpointRemoteAddress is ''h (a zero-length + octet-string), and the udpEndpointRemotePort is 0. + + If the operating system is demultiplexing UDP packets + by remote address and port, or if the application has + 'connected' the socket specifying a default remote + address and port, the udpEndpointRemote* values should + be used to reflect this." + ::= { udp 7 } + +udpEndpointEntry OBJECT-TYPE + SYNTAX UdpEndpointEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Information about a particular current UDP endpoint. + + Implementers need to be aware that if the total number + of elements (octets or sub-identifiers) in + udpEndpointLocalAddress and udpEndpointRemoteAddress + exceeds 111, then OIDs of column instances in this table + will have more than 128 sub-identifiers and cannot be + accessed using SNMPv1, SNMPv2c, or SNMPv3." + INDEX { udpEndpointLocalAddressType, + udpEndpointLocalAddress, + udpEndpointLocalPort, + udpEndpointRemoteAddressType, + udpEndpointRemoteAddress, + udpEndpointRemotePort, + udpEndpointInstance } + ::= { udpEndpointTable 1 } + +UdpEndpointEntry ::= SEQUENCE { + udpEndpointLocalAddressType InetAddressType, + udpEndpointLocalAddress InetAddress, + udpEndpointLocalPort InetPortNumber, + udpEndpointRemoteAddressType InetAddressType, + udpEndpointRemoteAddress InetAddress, + udpEndpointRemotePort InetPortNumber, + udpEndpointInstance Unsigned32, + udpEndpointProcess Unsigned32 + } + +udpEndpointLocalAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of udpEndpointLocalAddress. Only + IPv4, IPv4z, IPv6, and IPv6z addresses are expected, or + unknown(0) if datagrams for all local IP addresses are + accepted." + ::= { udpEndpointEntry 1 } + +udpEndpointLocalAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local IP address for this UDP endpoint. + + The value of this object can be represented in three + + possible ways, depending on the characteristics of the + listening application: + + 1. For an application that is willing to accept both + IPv4 and IPv6 datagrams, the value of this object + must be ''h (a zero-length octet-string), with + the value of the corresponding instance of the + udpEndpointLocalAddressType object being unknown(0). + + 2. For an application that is willing to accept only IPv4 + or only IPv6 datagrams, the value of this object + must be '0.0.0.0' or '::', respectively, while the + corresponding instance of the + udpEndpointLocalAddressType object represents the + appropriate address type. + + 3. For an application that is listening for data + destined only to a specific IP address, the value + of this object is the specific IP address for which + this node is receiving packets, with the + corresponding instance of the + udpEndpointLocalAddressType object representing the + appropriate address type. + + As this object is used in the index for the + udpEndpointTable, implementors of this table should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; else the information + cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." + ::= { udpEndpointEntry 2 } + +udpEndpointLocalPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The local port number for this UDP endpoint." + ::= { udpEndpointEntry 3 } + +udpEndpointRemoteAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The address type of udpEndpointRemoteAddress. Only + IPv4, IPv4z, IPv6, and IPv6z addresses are expected, or + unknown(0) if datagrams for all remote IP addresses are + accepted. Also, note that some combinations of + + udpEndpointLocalAdressType and + udpEndpointRemoteAddressType are not supported. In + particular, if the value of this object is not + unknown(0), it is expected to always refer to the + same IP version as udpEndpointLocalAddressType." + ::= { udpEndpointEntry 4 } + +udpEndpointRemoteAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote IP address for this UDP endpoint. If + datagrams from any remote system are to be accepted, + this value is ''h (a zero-length octet-string). + Otherwise, it has the type described by + udpEndpointRemoteAddressType and is the address of the + remote system from which datagrams are to be accepted + (or to which all datagrams will be sent). + + As this object is used in the index for the + udpEndpointTable, implementors of this table should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; else the information + cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." + ::= { udpEndpointEntry 5 } + +udpEndpointRemotePort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The remote port number for this UDP endpoint. If + datagrams from any remote system are to be accepted, + this value is zero." + ::= { udpEndpointEntry 6 } + +udpEndpointInstance OBJECT-TYPE + SYNTAX Unsigned32 (1..'ffffffff'h) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The instance of this tuple. This object is used to + distinguish among multiple processes 'connected' to + the same UDP endpoint. For example, on a system + implementing the BSD sockets interface, this would be + used to support the SO_REUSEADDR and SO_REUSEPORT + socket options." + ::= { udpEndpointEntry 7 } + +udpEndpointProcess OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The system's process ID for the process associated with + this endpoint, or zero if there is no such process. + This value is expected to be the same as + HOST-RESOURCES-MIB::hrSWRunIndex or SYSAPPL-MIB:: + sysApplElmtRunIndex for some row in the appropriate + tables." + ::= { udpEndpointEntry 8 } + +-- The deprecated UDP Listener table + +-- The deprecated UDP listener table only contains information +-- about this entity's IPv4 UDP end-points on which a local +-- application is currently accepting datagrams. It does not +-- provide more detailed connection information, or information +-- about IPv6 endpoints. + +udpTable OBJECT-TYPE + SYNTAX SEQUENCE OF UdpEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "A table containing IPv4-specific UDP listener + information. It contains information about all local + IPv4 UDP end-points on which an application is + currently accepting datagrams. This table has been + deprecated in favor of the version neutral + udpEndpointTable." + ::= { udp 5 } + +udpEntry OBJECT-TYPE + SYNTAX UdpEntry + MAX-ACCESS not-accessible + STATUS deprecated + DESCRIPTION + "Information about a particular current UDP listener." + INDEX { udpLocalAddress, udpLocalPort } + ::= { udpTable 1 } + +UdpEntry ::= SEQUENCE { + udpLocalAddress IpAddress, + udpLocalPort Integer32 + +} + +udpLocalAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The local IP address for this UDP listener. In the + case of a UDP listener that is willing to accept + datagrams for any IP interface associated with the + node, the value 0.0.0.0 is used." + ::= { udpEntry 1 } + +udpLocalPort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS deprecated + DESCRIPTION + "The local port number for this UDP listener." + ::= { udpEntry 2 } + +-- conformance information + +udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } +udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } +udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } + +-- compliance statements + +udpMIBCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for systems that implement + UDP. + + There are a number of INDEX objects that cannot be + represented in the form of OBJECT clauses in SMIv2, but + for which we have the following compliance + requirements, expressed in OBJECT clause form in this + description clause: + + -- OBJECT udpEndpointLocalAddressType + -- SYNTAX InetAddressType { unknown(0), ipv4(1), + -- ipv6(2), ipv4z(3), + -- ipv6z(4) } + -- DESCRIPTION + -- Support for dns(5) is not required. + -- OBJECT udpEndpointLocalAddress + + -- SYNTAX InetAddress (SIZE(0|4|8|16|20)) + -- DESCRIPTION + -- Support is only required for zero-length + -- octet-strings, and for scoped and unscoped + -- IPv4 and IPv6 addresses. + -- OBJECT udpEndpointRemoteAddressType + -- SYNTAX InetAddressType { unknown(0), ipv4(1), + -- ipv6(2), ipv4z(3), + -- ipv6z(4) } + -- DESCRIPTION + -- Support for dns(5) is not required. + -- OBJECT udpEndpointRemoteAddress + -- SYNTAX InetAddress (SIZE(0|4|8|16|20)) + -- DESCRIPTION + -- Support is only required for zero-length + -- octet-strings, and for scoped and unscoped + -- IPv4 and IPv6 addresses. + " + MODULE -- this module + MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } + GROUP udpHCGroup + DESCRIPTION + "This group is mandatory for systems that + are capable of receiving or transmitting more than + 1 million UDP datagrams per second. 1 million + datagrams per second will cause a Counter32 to + wrap in just over an hour." + ::= { udpMIBCompliances 2 } + +udpMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for IPv4-only systems that + implement UDP. For IP version independence, this + compliance statement is deprecated in favor of + udpMIBCompliance2. However, agents are still + encouraged to implement these objects in order to + interoperate with the deployed base of managers." + MODULE -- this module + MANDATORY-GROUPS { udpGroup } + ::= { udpMIBCompliances 1 } + +-- units of conformance + +udpGroup OBJECT-GROUP + OBJECTS { udpInDatagrams, udpNoPorts, + udpInErrors, udpOutDatagrams, + udpLocalAddress, udpLocalPort } + STATUS deprecated + DESCRIPTION + "The deprecated group of objects providing for + management of UDP over IPv4." + ::= { udpMIBGroups 1 } + +udpBaseGroup OBJECT-GROUP + OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, + udpOutDatagrams } + STATUS current + DESCRIPTION + "The group of objects providing for counters of UDP + statistics." + ::= { udpMIBGroups 2 } + +udpHCGroup OBJECT-GROUP + OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } + STATUS current + DESCRIPTION + "The group of objects providing for counters of high + speed UDP implementations." + ::= { udpMIBGroups 3 } + +udpEndpointGroup OBJECT-GROUP + OBJECTS { udpEndpointProcess } + STATUS current + DESCRIPTION + "The group of objects providing for the IP version + independent management of UDP 'endpoints'." + ::= { udpMIBGroups 4 } + +END diff --git a/data/mibs/VYATTA-TRAP-MIB.txt b/data/mibs/VYATTA-TRAP-MIB.txt new file mode 100644 index 000000000..9983c2947 --- /dev/null +++ b/data/mibs/VYATTA-TRAP-MIB.txt @@ -0,0 +1,97 @@ +VYATTA-TRAP-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises + FROM SNMPv2-SMI + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + ; + + vyattaTrap MODULE-IDENTITY + LAST-UPDATED "201305060000Z" -- May 6, 2013 + ORGANIZATION "Vyatta, A Brocade Company" + CONTACT-INFO + " Support + Postal: Vyatta, A Brocade Company + 1301 Shoreway Road Suite 200 + Belmont, California 94002 + Tel: +1 650 413 7200 + E-Mail: support@vyatta.com" + DESCRIPTION + "The MIB module to describe traps for the Vyatta + Router." + ::= { enterprises 30803 1 } + + +-- Trap Support Objects + +mgmtTrap OBJECT IDENTIFIER ::= { vyattaTrap 1 } +mgmtEventObjects OBJECT IDENTIFIER ::= { mgmtTrap 1 } +mgmtEvent OBJECT IDENTIFIER ::= { mgmtTrap 2 } + +mgmtEventUser OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The user that initiated the event the trap is reporting." + ::= { mgmtEventObjects 1 } + + +mgmtEventSource OBJECT-TYPE + SYNTAX INTEGER { + unknown (0), + firewall (1) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The source of the event the trap is reporting." + ::= { mgmtEventObjects 2 } + + +mgmtEventType OBJECT-TYPE + SYNTAX INTEGER { + unknown (0), + added (1), + deleted (2), + changed (3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The event type the trap is reporting." + ::= { mgmtEventObjects 3 } + + +mgmtEventPrevCfg OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The previous configuration. This field is only valid + for mgmtEventType deleted and changed." + ::= { mgmtEventObjects 4 } + +mgmtEventCurrCfg OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current configuration. This field is only valid + for mgmtEventType added and changed." + ::= { mgmtEventObjects 5 } + + +-- Traps + + mgmtEventTrap NOTIFICATION-TYPE + OBJECTS { mgmtEventUser, + mgmtEventSource, + mgmtEventType, + mgmtEventPrevCfg, + mgmtEventCurrCfg } + STATUS current + DESCRIPTION + "Notification of a configuration related event." + ::= { mgmtEvent 1 } + +END diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index f444af85c..05ac31d18 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -17,6 +17,10 @@ net-snmp {% if limits is defined %} connlimit {% endif %} +{% if extended_scripts is defined %} +sigchld +pppd_compat +{% endif %} [core] thread-count={{ thread_count }} @@ -133,6 +137,9 @@ service-name={{ service_name | join(',') }} {% endfor %} pado-delay={{ pado_delay_param.value }} {% endif %} +{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %} +called-sid={{ authentication.radius.called_sid_format }} +{% endif %} {% if limits is defined %} [connlimit] @@ -146,12 +153,19 @@ burst={{ limits.burst }} timeout={{ limits.timeout }} {% endif %} {% endif %} -{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %} -called-sid={{ authentication.radius.called_sid_format }} -{% endif %} {# Common RADIUS shaper configuration #} {% include 'accel-ppp/config_shaper_radius.j2' %} +{% if extended_scripts is defined %} +[pppd-compat] +verbose=1 +radattr-prefix=/run/accel-pppd/radattr +{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %} +{% for script in extended_scripts %} +{{ script_name[script] }}={{ extended_scripts[script] }} +{% endfor %} +{% endif %} + [cli] tcp=127.0.0.1:2001 diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.tmpl new file mode 100644 index 000000000..9e97c3286 --- /dev/null +++ b/data/templates/conntrack/sysctl.conf.tmpl @@ -0,0 +1,26 @@ +# Autogenerated by conntrack.py +{# all values have defaults - thus no checking required #} + +net.netfilter.nf_conntrack_expect_max = {{ expect_table_size }} +net.netfilter.nf_conntrack_max = {{ table_size }} + +net.ipv4.tcp_max_syn_backlog = {{ tcp.half_open_connections }} + +net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose == 'enable' else '0' }} +net.netfilter.nf_conntrack_tcp_max_retrans = {{ tcp.max_retrans }} + +net.netfilter.nf_conntrack_icmp_timeout = {{ timeout.icmp }} +net.netfilter.nf_conntrack_generic_timeout = {{ timeout.other }} + +net.netfilter.nf_conntrack_tcp_timeout_close_wait = {{ timeout.tcp.close_wait }} +net.netfilter.nf_conntrack_tcp_timeout_close = {{ timeout.tcp.close }} +net.netfilter.nf_conntrack_tcp_timeout_established = {{ timeout.tcp.established }} +net.netfilter.nf_conntrack_tcp_timeout_fin_wait = {{ timeout.tcp.fin_wait }} +net.netfilter.nf_conntrack_tcp_timeout_last_ack = {{ timeout.tcp.last_ack }} +net.netfilter.nf_conntrack_tcp_timeout_syn_recv = {{ timeout.tcp.syn_recv }} +net.netfilter.nf_conntrack_tcp_timeout_syn_sent = {{ timeout.tcp.syn_sent }} +net.netfilter.nf_conntrack_tcp_timeout_time_wait = {{ timeout.tcp.time_wait }} + +net.netfilter.nf_conntrack_udp_timeout = {{ timeout.udp.other }} +net.netfilter.nf_conntrack_udp_timeout_stream = {{ timeout.udp.stream }} + diff --git a/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl new file mode 100644 index 000000000..111459485 --- /dev/null +++ b/data/templates/conntrack/vyos_nf_conntrack.conf.tmpl @@ -0,0 +1,3 @@ +# Autogenerated by conntrack.py +options nf_conntrack hashsize={{ hash_size }} nf_conntrack_helper=1 + diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.tmpl new file mode 100644 index 000000000..17ee529bf --- /dev/null +++ b/data/templates/conntrackd/conntrackd.conf.tmpl @@ -0,0 +1,109 @@ +# autogenerated by conntrack_sync.py + +# Synchronizer settings +Sync { + Mode FTFW { + DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }} + } +{% for iface, iface_config in interface.items() %} +{% if loop.first %} +{% if iface_config.peer is defined and iface_config.peer is not none %} + UDP { +{% if listen_address is defined and listen_address is not none %} + IPv4_address {{ listen_address }} +{% endif %} + IPv4_Destination_Address {{ iface_config.peer }} + Port 3780 +{% else %} +{% set ip_address = iface | get_ipv4 %} + Multicast { + IPv4_address {{ mcast_group }} + Group 3780 + IPv4_interface {{ ip_address[0] | ip_from_cidr }} +{% endif %} + Interface {{ iface }} +{% endif %} +{% endfor %} + SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }} + Checksum on + } +{% if expect_sync is defined and expect_sync is not none %} + Options { +{% if 'all' in expect_sync %} + ExpectationSync on +{% else %} + ExpectationSync { +{% for protocol in expect_sync %} + {{ protocol }} +{% endfor %} + } +{% endif %} + } +{% endif %} +} +Helper { + Type rpc inet tcp { + QueueNum 3 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type rpc inet udp { + QueueNum 4 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type tns inet tcp { + QueueNum 5 + Policy tns { + ExpectMax 1 + ExpectTimeout 300 + } + } +} + +# General settings +General { + HashSize {{ hash_size }} + HashLimit {{ table_size | int *2 }} + LogFile off + Syslog on + LockFile /var/lock/conntrack.lock + UNIX { + Path /var/run/conntrackd.ctl + } + NetlinkBufferSize {{ 2 *1024 *1024 }} + NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }} + NetlinkOverrunResync off + NetlinkEventsReliable on +{% if ignore_address is defined or accept_protocol is defined %} + Filter From Userspace { +{% if ignore_address is defined and ignore_address is not none %} + Address Ignore { +{% for address in ignore_address if address | is_ipv4 %} + IPv4_address {{ address }} +{% endfor %} +{% for address in ignore_address if address | is_ipv6 %} + IPv6_address {{ address }} +{% endfor %} + } +{% endif %} +{% if accept_protocol is defined and accept_protocol is not none %} + Protocol Accept { +{% for protocol in accept_protocol %} +{% if protocol == 'icmp6' %} + IPv6-ICMP +{% else %} + {{ protocol | upper }} +{% endif %} +{% endfor %} + } +{% endif %} + } +{% endif %} +} + diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl new file mode 100644 index 000000000..82a4b09ad --- /dev/null +++ b/data/templates/conntrackd/conntrackd.op-mode.tmpl @@ -0,0 +1,13 @@ +Source Destination Protocol +{% for parsed in data if parsed.flow is defined and parsed.flow.meta is defined %} +{% for key in parsed.flow.meta %} +{% if key['@direction'] == 'original' %} +{% set saddr = key.layer3.src | bracketize_ipv6 %} +{% set sport = key.layer4.sport %} +{% set daddr = key.layer3.dst | bracketize_ipv6 %} +{% set dport = key.layer4.dport %} +{% set protocol = key.layer4['@protoname'] %} +{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }} +{% endif %} +{% endfor %} +{% endfor %} diff --git a/data/templates/dhcp-server/dhcpdv6.conf.tmpl b/data/templates/dhcp-server/dhcpdv6.conf.tmpl index 25e5fa592..8d653ff72 100644 --- a/data/templates/dhcp-server/dhcpdv6.conf.tmpl +++ b/data/templates/dhcp-server/dhcpdv6.conf.tmpl @@ -9,9 +9,7 @@ option dhcp6.preference {{ preference }}; {% endif %} {% if global_parameters is defined and global_parameters.name_server is defined and global_parameters.name_server is not none %} -{% for nameserver in global_parameters.name_server %} -option dhcp6.name-servers {{ nameserver }}; -{% endfor %} +option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }}; {% endif %} # Shared network configration(s) diff --git a/data/templates/frr/bgpd.frr.tmpl b/data/templates/frr/bgpd.frr.tmpl index 5edd3f97d..158da3605 100644 --- a/data/templates/frr/bgpd.frr.tmpl +++ b/data/templates/frr/bgpd.frr.tmpl @@ -173,6 +173,9 @@ {% if afi_config.maximum_prefix is defined and afi_config.maximum_prefix is not none %} neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }} {% endif %} +{% if afi_config.maximum_prefix_out is defined and afi_config.maximum_prefix_out is not none %} + neighbor {{ neighbor }} maximum-prefix-out {{ afi_config.maximum_prefix_out }} +{% endif %} {% if afi_config.nexthop_self is defined %} neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is defined }} {% endif %} @@ -420,7 +423,7 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none bgp confederation identifier {{ parameters.confederation.identifier }} {% endif %} {% if parameters.confederation.peers is defined and parameters.confederation.peers is not none %} - bgp confederation peers {{ parameters.confederation.peers }} + bgp confederation peers {{ parameters.confederation.peers | join(' ') }} {% endif %} {% endif %} {% if parameters.dampening is defined and parameters.dampening is defined and parameters.dampening.half_life is defined and parameters.dampening.half_life is not none %} diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl index 433f10892..1e651898b 100644 --- a/data/templates/frr/isis.frr.tmpl +++ b/data/templates/frr/isis.frr.tmpl @@ -13,8 +13,15 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if set_overload_bit is defined %} set-overload-bit {% endif %} -{% if domain_password is defined and domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} +{% if domain_password is defined and domain_password is not none %} +{% if domain_password.md5 is defined and domain_password.md5 is not none %} + domain-password md5 {{ domain_password.plaintext_password }} +{% elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} domain-password clear {{ domain_password.plaintext_password }} +{% endif %} +{% endif %} +{% if log_adjacency_changes is defined %} + log-adjacency-changes {% endif %} {% if lsp_gen_interval is defined and lsp_gen_interval is not none %} lsp-gen-interval {{ lsp_gen_interval }} @@ -95,17 +102,18 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %} spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }} {% endif %} -{% if area_password is defined and area_password.md5 is defined and area_password.md5 is not none %} +{% if area_password is defined and area_password is not none %} +{% if area_password.md5 is defined and area_password.md5 is not none %} area-password md5 {{ area_password.md5 }} -{% elif area_password is defined and area_password.plaintext_password is defined and area_password.plaintext_password is not none %} +{% elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %} area-password clear {{ area_password.plaintext_password }} +{% endif %} {% endif %} {% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} -{% for level in default_information.originate.ipv4 if default_information.originate.ipv4 is defined %} - default-information originate ipv4 {{ level | replace('_', '-') }} -{% endfor %} -{% for level in default_information.originate.ipv6 if default_information.originate.ipv6 is defined %} - default-information originate ipv6 {{ level | replace('_', '-') }} always +{% for afi, afi_config in default_information.originate.items() %} +{% for level, level_config in afi_config.items() %} + default-information originate {{ afi }} {{ level | replace('_', '-') }} {{ 'always' if level_config.always is defined }} {{ 'route-map ' ~ level_config.route_map if level_config.route_map is defined }} {{ 'metric ' ~ level_config.metric if level_config.metric is defined }} +{% endfor %} {% endfor %} {% endif %} {% if redistribute is defined and redistribute.ipv4 is defined and redistribute.ipv4 is not none %} @@ -122,12 +130,10 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% endfor %} {% endif %} {% if level is defined and level is not none %} -{% if level == 'level-1' %} - is-type level-1 -{% elif level == 'level-2' %} +{% if level == 'level-2' %} is-type level-2-only -{% elif level == 'level-1-2' %} - is-type level-1-2 +{% else %} + is-type {{ level }} {% endif %} {% endif %} ! @@ -135,6 +141,7 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% for iface, iface_config in interface.items() %} interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} ip router isis VyOS + ipv6 router isis VyOS {% if iface_config.bfd is defined %} isis bfd {% endif %} diff --git a/data/templates/frr/ospfv3.frr.tmpl b/data/templates/frr/ospfv3.frr.tmpl index d08972a80..0026c0d2c 100644 --- a/data/templates/frr/ospfv3.frr.tmpl +++ b/data/templates/frr/ospfv3.frr.tmpl @@ -50,6 +50,11 @@ router ospf6 interface {{ interface }} area {{ area_id }} {% endfor %} {% endif %} +{% if area_config.area_type is defined and area_config.area_type is not none %} +{% for type, type_config in area_config.area_type.items() %} + area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is defined }} +{% endfor %} +{% endif %} {% if area_config.range is defined and area_config.range is not none %} {% for prefix, prefix_config in area_config.range.items() %} area {{ area_id }} range {{ prefix }} {{ 'advertise' if prefix_config.advertise is defined }} {{ 'not-advertise' if prefix_config.not_advertise is defined }} diff --git a/data/templates/frr/policy.frr.tmpl b/data/templates/frr/policy.frr.tmpl index 881afa21f..507ee2a14 100644 --- a/data/templates/frr/policy.frr.tmpl +++ b/data/templates/frr/policy.frr.tmpl @@ -262,6 +262,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.local is defined and rule_config.set.ipv6_next_hop.local is not none %} set ipv6 next-hop local {{ rule_config.set.ipv6_next_hop.local }} {% endif %} +{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.prefer_global is defined %} + set ipv6 next-hop prefer-global +{% endif %} {% if rule_config.set.large_community is defined and rule_config.set.large_community is not none %} set large-community {{ rule_config.set.large_community }} {% endif %} diff --git a/data/templates/ipsec/ike-esp.tmpl b/data/templates/ipsec/ike-esp.tmpl new file mode 100644 index 000000000..deeb8c80d --- /dev/null +++ b/data/templates/ipsec/ike-esp.tmpl @@ -0,0 +1,32 @@ +{% macro conn(ike, ike_ciphers, esp, esp_ciphers) -%} +{% if ike %} +{% if "key_exchange" in ike %} + keyexchange = {{ ike.key_exchange }} +{% endif %} + ike = {{ ike_ciphers }} +{% if "lifetime" in ike %} + ikelifetime = {{ ike.lifetime }}s +{% endif %} + reauth = {{ ike.ikev2_reauth if "ikev2_reauth" in ike else "no" }} + closeaction = {{ ike.close_action if "close_action" in ike else "none" }} +{% if "dead_peer_detection" in ike %} + dpdaction = {{ ike.dead_peer_detection.action }} + dpdtimeout = {{ ike.dead_peer_detection.timeout }} + dpddelay = {{ ike.dead_peer_detection.interval }} +{% endif %} +{% if "key_exchange" in ike and ike.key_exchange == "ikev1" and "mode" in ike and ike.mode == "aggressive" %} + aggressive = yes +{% endif %} +{% if "key_exchange" in ike and ike.key_exchange == "ikev2" %} + mobike = {{ "yes" if "mobike" not in ike or ike.mobike == "enable" else "no" }} +{% endif %} +{% endif %} +{% if esp %} + esp = {{ esp_ciphers }} +{% if "lifetime" in esp %} + keylife = {{ esp.lifetime }}s +{% endif %} + compress = {{ 'yes' if "compression" in esp and esp.compression == 'enable' else 'no' }} + type = {{ esp.mode if "mode" in esp else "tunnel" }} +{% endif %} +{%- endmacro %} diff --git a/data/templates/ipsec/interfaces_use.conf.tmpl b/data/templates/ipsec/interfaces_use.conf.tmpl new file mode 100644 index 000000000..3d285b9be --- /dev/null +++ b/data/templates/ipsec/interfaces_use.conf.tmpl @@ -0,0 +1,6 @@ +{% if ipsec_interfaces is defined and 'interface' in ipsec_interfaces %} +{% set interfaces = ipsec_interfaces['interface'] %} +charon { + interfaces_use = {{ ', '.join(interfaces) if interfaces is not string else interfaces }} +} +{% endif %}
\ No newline at end of file diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl index d0b60765b..342887883 100644 --- a/data/templates/ipsec/ipsec.conf.tmpl +++ b/data/templates/ipsec/ipsec.conf.tmpl @@ -1,3 +1,119 @@ +# Created by VyOS - manual changes will be overwritten + +{% import 'ipsec/ike-esp.tmpl' as ike_esp %} + +config setup + charondebug = "{{ charondebug }}" + uniqueids = {{ "no" if disable_uniqreqids is defined else "yes" }} + +{% if site_to_site is defined and site_to_site.peer is defined %} +{% for peer, peer_conf in site_to_site.peer.items() %} +{% set peer_index = loop.index %} +{% set peer_ike = ike_group[peer_conf.ike_group] %} +{% set peer_esp = esp_group[peer_conf.default_esp_group] if peer_conf.default_esp_group is defined else None %} +conn peer-{{ peer }} +{% if peer_conf.authentication.mode in authby %} + authby = {{ authby[peer_conf.authentication.mode] }} +{% endif %} +{% if peer_conf.authentication.mode == 'x509' %} +{% set cert_file = peer_conf.authentication.x509.cert_file %} + leftcert = {{ cert_file if cert_file.startswith(x509_path) else (x509_path + cert_file) }} + leftsendcert = always + rightca = %same +{% elif peer_conf.authentication.mode == 'rsa' %} + leftsigkey = localhost.pub + rightsigkey = {{ peer_conf.authentication.rsa_key_name }}.pub +{% endif %} + left = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '%defaultroute' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} +{% if peer_conf.authentication.id is defined and peer_conf.authentication.use_x509_id is not defined %} + leftid = "{{ peer_conf.authentication.id }}" +{% endif %} + right = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '%any' }} +{% if peer_conf.authentication.remote_id is defined %} + rightid = "{{ peer_conf.authentication.remote_id }}" +{% elif peer[0:1] == '@' %} + rightid = "{{ peer }}" +{% endif %} + keylife = 3600s + rekeymargin = 540s +{{ ike_esp.conn(peer_ike, ciphers.ike[peer_conf.ike_group], peer_esp, ciphers.esp[peer_conf.default_esp_group] if peer_esp else None) }} +{% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} +{% set vti_esp = esp_group[peer_conf.vti.esp_group] if peer_conf.vti.esp_group is defined else None %} +conn peer-{{ peer }}-vti + also = peer-{{ peer }} + leftsubnet = 0.0.0.0/0 + leftupdown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}" + rightsubnet = 0.0.0.0/0 + mark = {{ marks[peer_conf.vti.bind] }} +{{ ike_esp.conn(None, None, vti_esp, ciphers.esp[peer_conf.vti.esp_group] if vti_esp else None) }} +{% if peer[0:1] == '@' %} + rekey = no + auto = add + keyingtries = %forever +{% else %} +{% if peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %} + auto = start + keyingtries = %forever +{% elif peer_conf.connection_type == 'respond' %} + auto = route + keyingtries = 1 +{% endif %} +{% endif %} +{% elif peer_conf.tunnel is defined %} +{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() %} +{% set tunnel_esp_name = tunnel_conf.esp_group if "esp_group" in tunnel_conf else peer_conf.default_esp_group %} +{% set tunnel_esp = esp_group[tunnel_esp_name] %} +{% set proto = tunnel_conf.protocol if "protocol" in tunnel_conf else '%any' %} +conn peer-{{ peer }}-tunnel-{{tunnel_id}} + also = peer-{{ peer }} +{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %} +{% if tunnel_conf.local is defined and tunnel_conf.local.prefix is defined %} + leftsubnet = {{ tunnel_conf.local.prefix if tunnel_conf.local.prefix != 'any' else '0.0.0.0/0' }}[{{ proto }}/{{ tunnel_conf.local.port if "port" in tunnel_conf.local else '%any' }}] +{% endif %} +{% if tunnel_conf.remote is defined and tunnel_conf.remote.prefix is defined %} + rightsubnet = {{ tunnel_conf.remote.prefix if tunnel_conf.remote.prefix != 'any' else '0.0.0.0/0' }}[{{ proto }}/{{ tunnel_conf.remote.port if "port" in tunnel_conf.remote else '%any' }}] +{% endif %} +{% elif tunnel_esp.mode == 'transport' %} + leftsubnet = {{ peer_conf.local_address }}[{{ proto }}/{{ tunnel_conf.local.port if "local" in tunnel_conf and "port" in tunnel_conf.local else '%any' }}] + rightsubnet = {{ peer }}[{{ proto }}/{{ tunnel_conf.local.port if "local" in tunnel_conf and "port" in tunnel_conf.local else '%any' }}] +{% endif %} +{% if tunnel_conf.esp_group is defined %} +{{ ike_esp.conn(None, None, tunnel_esp, ciphers.esp[tunnel_esp_name]) }} +{% endif %} +{% if peer[0:1] == '@' %} + rekey = no + auto = add + keyingtries = %forever +{% else %} +{% if peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %} + auto = start + keyingtries = %forever +{% elif peer_conf.connection_type == 'respond' %} + auto = route + keyingtries = 1 +{% endif %} +{% endif %} +{% if tunnel_conf.passthrough is defined and tunnel_conf.passthrough is not none %} +conn peer-{{ peer }}-tunnel-{{ tunnel_id }}-passthough + left = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '%defaultroute' }} + right = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '%any' }} + leftsubnet = {{ tunnel_conf.local.prefix }} + rightsubnet = {{ tunnel_conf.local.prefix }} + type = passthrough + authby = never + auto = route +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +{% if include_ipsec_conf is defined %} +include {{ include_ipsec_conf }} +{% endif %} + +{% if delim_ipsec_l2tp_begin is defined %} {{delim_ipsec_l2tp_begin}} include {{ipsec_ra_conn_file}} {{delim_ipsec_l2tp_end}} +{% endif %} diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl index 55c010a3b..a1432de57 100644 --- a/data/templates/ipsec/ipsec.secrets.tmpl +++ b/data/templates/ipsec/ipsec.secrets.tmpl @@ -1,7 +1,34 @@ +# Created by VyOS - manual changes will be overwritten + +{% if site_to_site is defined and "peer" in site_to_site %} +{% set ns = namespace(local_key_set=False) %} +{% for peer, peer_conf in site_to_site.peer.items() %} +{% if peer_conf.authentication.mode == 'pre-shared-secret' %} +{{ (peer_conf.local_address if "local_address" in peer_conf else "%any") ~ + (" " ~ peer) ~ + ((" " ~ peer_conf.authentication.id) if "id" in peer_conf.authentication else "") ~ + ((" " ~ peer_conf.authentication.remote_id) if "remote_id" in peer_conf.authentication else "") +}} : PSK "{{ peer_conf.authentication.pre_shared_secret }}" # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} +{% elif peer_conf.authentication.mode == 'x509' %} +{% set key_file = peer_conf.authentication.x509.key.file %} +: RSA {{ key_file if key_file.startswith(x509_path) else (x509_path + key_file) }}{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %} "{{ peer_conf.authentication.x509.key.password}}"{% endif %} +{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} +{% set ns.local_key_set = True %} +: RSA {{ rsa_local_key }} +{% endif %} +{% endfor %} +{% endif %} + +{% if include_ipsec_secrets is defined %} +include {{ include_ipsec_secrets }} +{% endif %} + +{% if delim_ipsec_l2tp_begin is defined %} {{delim_ipsec_l2tp_begin}} -{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} +{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} {{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}" -{% elif ipsec_l2tp_auth_mode == 'x509' %} +{% elif ipsec_l2tp_auth_mode == 'x509' %} : RSA {{server_key_file_copied}} -{% endif%} +{% endif %} {{delim_ipsec_l2tp_end}} +{% endif %} diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl new file mode 100644 index 000000000..0ce703f20 --- /dev/null +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -0,0 +1,54 @@ +# Created by VyOS - manual changes will be overwritten + +{% if profile is defined %} +connections { +{% for name, profile_conf in profile.items() if "bind" in profile_conf and "tunnel" in profile_conf.bind %} +{% set dmvpn_ike = ike_group[profile_conf.ike_group] %} +{% set dmvpn_esp = esp_group[profile_conf.esp_group] %} +{% for interface in profile_conf.bind.tunnel %} + dmvpn-{{ name }}-{{ interface }} { + proposals = {{ ciphers.ike[profile_conf.ike_group][:-1] }} + version = {{ dmvpn_ike.key_exchange[4:] if "key_exchange" in dmvpn_ike else "0" }} + rekey_time = {{ dmvpn_ike.lifetime if 'lifetime' in dmvpn_ike else '28800' }}s + keyingtries = 0 +{% if profile_conf.authentication.mode == 'pre-shared-secret' %} + local { + auth = psk + } + remote { + auth = psk + } +{% endif %} + children { + dmvpn { + esp_proposals = {{ ciphers.esp[profile_conf.esp_group][:-1] }} + rekey_time = {{ dmvpn_esp.lifetime if 'lifetime' in dmvpn_esp else '3600' }}s + rand_time = 540s + local_ts = dynamic[gre] + remote_ts = dynamic[gre] + mode = {{ dmvpn_esp.mode if "mode" in dmvpn_esp else "transport" }} +{% if 'dead_peer_detection' in dmvpn_ike and 'action' in dmvpn_ike.dead_peer_detection %} + dpd_action = {{ dmvpn_ike.dead_peer_detection.action }} +{% endif %} +{% if 'compression' in dmvpn_esp and dmvpn_esp['compression'] == 'enable' %} + ipcomp = yes +{% endif %} + } + } + } +{% endfor %} +{% endfor %} +} + +secrets { +{% for name, profile_conf in profile.items() if "bind" in profile_conf and "tunnel" in profile_conf.bind %} +{% if profile_conf.authentication.mode == 'pre-shared-secret' %} +{% for interface in profile_conf.bind.tunnel %} + ike-dmvpn-{{ interface }} { + secret = {{ profile_conf.authentication.pre_shared_secret }} + } +{% endfor %} +{% endif %} +{% endfor %} +} +{% endif %} diff --git a/data/templates/nhrp/opennhrp.conf.tmpl b/data/templates/nhrp/opennhrp.conf.tmpl new file mode 100644 index 000000000..948327198 --- /dev/null +++ b/data/templates/nhrp/opennhrp.conf.tmpl @@ -0,0 +1,41 @@ +# Created by VyOS - manual changes will be overwritten + +{% if tunnel is defined and tunnel is not none %} +{% for name, tunnel_conf in tunnel.items() %} +{% set type = 'spoke' if tunnel_conf.map is defined or tunnel_conf.dynamic_map is defined else 'hub' %} +{% set profile_name = profile_map[name] if profile_map is defined and name in profile_map else '' %} +interface {{ name }} #{{ type }} {{ profile_name }} +{% if tunnel_conf.map is defined and tunnel_conf.map is not none %} +{% for map, map_conf in tunnel_conf.map.items() %} +{% set cisco = ' cisco' if map_conf.cisco is defined else '' %} +{% set register = ' register' if map_conf.register is defined else '' %} + map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }} +{% endfor %} +{% endif %} +{% if tunnel_conf.dynamic_map is defined and tunnel_conf.dynamic_map is not none %} +{% for map, map_conf in tunnel_conf.dynamic_map.items() %} + dynamic-map {{ map }} {{ map_conf.nbma_domain_name }} +{% endfor %} +{% endif %} +{% if tunnel_conf.cisco_authentication is defined and tunnel_conf.cisco_authentication is not none %} + cisco-authentication {{ tunnel_conf.cisco_authentication }} +{% endif %} +{% if tunnel_conf.holding_time is defined and tunnel_conf.holding_time is not none %} + holding-time {{ tunnel_conf.holding_time }} +{% endif %} +{% if tunnel_conf.multicast is defined and tunnel_conf.multicast is not none %} + multicast {{ tunnel_conf.multicast }} +{% endif %} +{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %} +{% if key in tunnel_conf %} + {{ key | replace("_", "-") }} +{% endif %} +{% endfor %} +{% if tunnel_conf.shortcut_target is defined and tunnel_conf.shortcut_target is not none %} +{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %} + shortcut-target {{ target }} {{ shortcut_conf.holding_time if shortcut_conf.holding_time is defined else '' }} +{% endfor %} +{% endif %} + +{% endfor %} +{% endif %} diff --git a/data/templates/proxy-ndp/ndppd.conf.tmpl b/data/templates/proxy-ndp/ndppd.conf.tmpl index 0137d8135..ccd1d37ad 100644 --- a/data/templates/proxy-ndp/ndppd.conf.tmpl +++ b/data/templates/proxy-ndp/ndppd.conf.tmpl @@ -21,8 +21,8 @@ {% if config.outbound_interface not in global.ndppd_interfaces %} {% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %} {% endif %} -{% if config.translation.prefix is defined %} -{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.prefix}] %} +{% if config.translation.address is defined and config.translation.address | is_ip_network %} +{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %} {% endif %} {% endif %} {% endfor %} diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl index 2fde78fec..9cc237512 100644 --- a/data/templates/router-advert/radvd.conf.tmpl +++ b/data/templates/router-advert/radvd.conf.tmpl @@ -30,6 +30,19 @@ interface {{ iface }} { AdvOtherConfigFlag {{ 'on' if interface[iface].other_config_flag is defined else 'off' }}; AdvRetransTimer {{ interface[iface].retrans_timer }}; AdvCurHopLimit {{ interface[iface].hop_limit }}; +{% if interface[iface].route is defined %} +{% for route in interface[iface].route %} + route {{ route }} { +{% if interface[iface].route[route].valid_lifetime is defined %} + AdvRouteLifetime {{ interface[iface].route[route].valid_lifetime }}; +{% endif %} +{% if interface[iface].route[route].route_preference is defined %} + AdvRoutePreference {{ interface[iface].route[route].route_preference }}; +{% endif %} + RemoveRoute {{ 'off' if interface[iface].route[route].no_remove_route is defined else 'on' }}; + }; +{% endfor %} +{% endif %} {% for prefix in interface[iface].prefix %} prefix {{ prefix }} { AdvAutonomous {{ 'off' if interface[iface].prefix[prefix].no_autonomous_flag is defined else 'on' }}; diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.tmpl new file mode 100644 index 000000000..72af82ee5 --- /dev/null +++ b/data/templates/system/sysctl.conf.tmpl @@ -0,0 +1,7 @@ +# autogenerated by system_sysctl.py
+
+{% if parameter is defined and parameter is not none %}
+{% for k, v in parameter.items() %}
+{{ k }} = {{ v.value }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl index d51522e45..c01101d85 100644 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ b/data/templates/vrrp/keepalived.conf.tmpl @@ -96,9 +96,10 @@ vrrp_sync_group {{ sync_group.name }} { } {% if sync_group.conntrack_sync %} - notify_master "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh master {{ sync_group.name }}" - notify_backup "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh backup {{ sync_group.name }}" - notify_fault "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh fault {{ sync_group.name }}" + {% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} + notify_master "{{ vyos_helper }} master {{ sync_group.name }}" + notify_backup "{{ vyos_helper }} backup {{ sync_group.name }}" + notify_fault "{{ vyos_helper }} fault {{ sync_group.name }}" {% endif %} } diff --git a/debian/control b/debian/control index 851152d95..ab3b46ba1 100644 --- a/debian/control +++ b/debian/control @@ -35,6 +35,7 @@ Depends: bmon, bsdmainutils, conntrack, + conntrackd, conserver-client, conserver-server, console-data, @@ -67,7 +68,12 @@ Depends: lcdproc, libatomic1, libndp-tools, + libnetfilter-conntrack3, + libnfnetlink0, libpam-radius-auth (>= 1.5.0), + libstrongswan-standard-plugins (>=5.8), + libstrongswan-extra-plugins (>=5.8), + libcharon-extra-plugins (>=5.8), libvyosconfig0, lldpd, lm-sensors, @@ -80,7 +86,9 @@ Depends: nginx-light, ntp, ntpdate, + nvme-cli, ocserv, + opennhrp, openssh-server, openssl, openvpn, @@ -94,6 +102,7 @@ Depends: procps, python3, python3-certbot-nginx, + python3-crypto, ${python3:Depends}, python3-flask, python3-hurry.filesize, @@ -116,12 +125,15 @@ Depends: qrencode, radvd, salt-minion, + smartmontools, snmp, snmpd, squid, squidclient, squidguard, ssl-cert, + strongswan (>= 5.8), + strongswan-swanctl (>= 5.8), systemd, tcpdump, tcptraceroute, @@ -132,6 +144,7 @@ Depends: udp-broadcast-relay, usb-modeswitch, usbutils, + vyatta-cfg, vyos-http-api-tools, vyos-utils, wide-dhcpv6-client, diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index bfc30f7e6..0c6c226ee 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -1,5 +1,7 @@ etc/dhcp +etc/ipsec.d etc/netplug +etc/opennhrp etc/ppp etc/rsyslog.d etc/systemd @@ -22,4 +24,5 @@ usr/libexec/vyos/services usr/libexec/vyos/system usr/libexec/vyos/validators usr/libexec/vyos/*.py +usr/libexec/vyos/*.sh usr/share diff --git a/debian/vyos-1x.links b/debian/vyos-1x.links new file mode 100644 index 000000000..ea4e4e7da --- /dev/null +++ b/debian/vyos-1x.links @@ -0,0 +1 @@ +/usr/share/vyos/mibs /usr/share/snmp/mibs diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 8acc87cc8..136d025d4 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -66,3 +66,16 @@ fi # ensure hte proxy user has a proper shell chsh -s /bin/sh proxy + +# vyatta-cfg-vpn migration +for init in openswan ipsec setkey; do + update-rc.d -f ${init} remove >/dev/null +done + +# remove keys +rm -f /etc/ipsec.secrets +touch /etc/ipsec.secrets +chown root:root /etc/ipsec.secrets +chmod 600 /etc/ipsec.secrets +rm -f /etc/ipsec.d/private/localhost.localdomainKey.pem +rm -f /etc/ipsec.d/certs/localhost.localdomainCert.pem
\ No newline at end of file diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in new file mode 100644 index 000000000..5528d6bc5 --- /dev/null +++ b/interface-definitions/firewall.xml.in @@ -0,0 +1,782 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="nfirewall" owner="${vyos_conf_scripts_dir}/firewall.py"> + <properties> + <priority>199</priority> + <help>Firewall</help> + </properties> + <children> + <leafNode name="all-ping"> + <properties> + <help>Policy for handling of all IPv4 ICMP echo requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="broadcast-ping"> + <properties> + <help>Policy for handling broadcast IPv4 ICMP echo and timestamp requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="config-trap"> + <properties> + <help>SNMP trap generation on firewall configuration changes</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable sending SNMP trap on firewall configuration change</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable sending SNMP trap on firewall configuration change</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <node name="group"> + <properties> + <help>Firewall group</help> + </properties> + <children> + <tagNode name="address-group"> + <properties> + <help>Firewall address-group</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Address-group member</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 range to match (e.g. 10.0.0.1-10.0.0.200)</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-range"/> + </constraint> + <multi/> + </properties> + </leafNode> + #include <include/firewall/description.xml.i> + </children> + </tagNode> + <tagNode name="ipv6-address-group"> + <properties> + <help>Firewall ipv6-address-group</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Address-group member</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + #include <include/firewall/description.xml.i> + </children> + </tagNode> + <tagNode name="ipv6-network-group"> + <properties> + <help>Network-group member</help> + </properties> + <children> + #include <include/firewall/description.xml.i> + <leafNode name="network"> + <properties> + <help>Network-group member</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address to match</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="network-group"> + <properties> + <help>Firewall network-group</help> + </properties> + <children> + #include <include/firewall/description.xml.i> + <leafNode name="network"> + <properties> + <help>Network-group member</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 Subnet to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="port-group"> + <properties> + <help>Firewall port-group</help> + </properties> + <children> + #include <include/firewall/description.xml.i> + <leafNode name="port"> + <properties> + <help>Port-group member</help> + <valueHelp> + <format>txt</format> + <description>Named port (any name in /etc/services, e.g., http)</description> + </valueHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Numbered port</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g. 1001-1050)</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="ip-src-route"> + <properties> + <help>Policy for handling IPv4 packets with source route option</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv4 packets with source route option</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv4 packets with source route option</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="ipv6-name"> + <properties> + <help>IPv6 firewall rule-set name</help> + </properties> + <children> + #include <include/firewall/name-default-action.xml.i> + #include <include/firewall/description.xml.i> + #include <include/firewall/name-default-log.xml.i> + <tagNode name="rule"> + <properties> + <help>Rule number (1-9999)</help> + </properties> + <children> + #include <include/firewall/action.xml.i> + #include <include/firewall/description.xml.i> + <node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/port.xml.i> + </children> + </node> + <node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/port.xml.i> + </children> + </node> + #include <include/firewall/common-rule.xml.i> + <node name="hop-limit"> + <properties> + <help>Hop Limit</help> + </properties> + <children> + <leafNode name="eq"> + <properties> + <help>Value to match a hop limit equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>Hop limit equal to value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="gt"> + <properties> + <help>Value to match a hop limit greater than or equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>Hop limit greater than value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lt"> + <properties> + <help>Value to match a hop limit less than or equal to it</help> + <valueHelp> + <format>u32:0-255</format> + <description>Hop limit less than value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="icmpv6"> + <properties> + <help>ICMPv6 type and code information</help> + </properties> + <children> + <leafNode name="type"> + <properties> + <help>ICMP type-name</help> + <completionHelp> + <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any ICMP type/code</description> + </valueHelp> + <valueHelp> + <format>echo-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>pong</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>destination-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>protocol-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>port-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>fragmentation-needed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-route-failed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>communication-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-precedence-violation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>precedence-cutoff</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-quench</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>echo-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ping</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-advertisement</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-solicitation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>time-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-transit</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-reassembly</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>parameter-problem</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ip-header-bad</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>required-option-missing</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <constraint> + <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply)$</regex> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="p2p"> + <properties> + <help>P2P application packets</help> + </properties> + <children> + <leafNode name="all"> + <properties> + <help>AppleJuice/BitTorrent/Direct Connect/eDonkey/eMule/Gnutella/KaZaA application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="applejuice"> + <properties> + <help>AppleJuice application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="bittorrent"> + <properties> + <help>BitTorrent application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="directconnect"> + <properties> + <help>Direct Connect application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="edonkey"> + <properties> + <help>eDonkey/eMule application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="gnutella"> + <properties> + <help>Gnutella application packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="kazaa"> + <properties> + <help>KaZaA application packets</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </tagNode> + <leafNode name="ipv6-receive-redirects"> + <properties> + <help>Policy for handling received ICMPv6 redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="ipv6-src-route"> + <properties> + <help>Policy for handling IPv6 packets with routing extension header</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv6 packets with routing header type 2</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv6 packets with routing header</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="log-martians"> + <properties> + <help>Policy for logging IPv4 packets with invalid addresses</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable logging of IPv4 packets with invalid addresses</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable logging of Ipv4 packets with invalid addresses</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="name"> + <properties> + <help>IPv4 firewall rule-set name</help> + </properties> + <children> + #include <include/firewall/name-default-action.xml.i> + #include <include/firewall/description.xml.i> + #include <include/firewall/name-default-log.xml.i> + <tagNode name="rule"> + <properties> + <help>Rule number (1-9999)</help> + </properties> + <children> + #include <include/firewall/action.xml.i> + #include <include/firewall/description.xml.i> + <node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/port.xml.i> + </children> + </node> + <node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/port.xml.i> + </children> + </node> + #include <include/firewall/common-rule.xml.i> + <node name="icmp"> + <properties> + <help>ICMP type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMP code (0-255)</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMP type (0-255)</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmp-type-name.xml.i> + </children> + </node> + </children> + </tagNode> + </children> + </tagNode> + <leafNode name="receive-redirects"> + <properties> + <help>Policy for handling received IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="send-redirects"> + <properties> + <help>Policy for sending IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="source-validation"> + <properties> + <help>Policy for source validation by reversed path, as specified in RFC3704</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No source validation</description> + </valueHelp> + <constraint> + <regex>^(strict|loose|disable)$</regex> + </constraint> + </properties> + </leafNode> + <node name="state-policy"> + <properties> + <help>Global firewall state-policy</help> + </properties> + <children> + <node name="established"> + <properties> + <help>Global firewall policy for packets part of an established connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + </children> + </node> + <node name="invalid"> + <properties> + <help>Global firewall policy for packets part of an invalid connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + </children> + </node> + <node name="related"> + <properties> + <help>Global firewall policy for packets part of a related connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="syn-cookies"> + <properties> + <help>Policy for using TCP SYN cookies with IPv4</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="twa-hazards-protection"> + <properties> + <help>RFC1337 TCP TIME-WAIT assasination hazards protection</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/include/bgp/afi-common.xml.i b/interface-definitions/include/bgp/afi-common.xml.i index 20b0dda66..62beff40c 100644 --- a/interface-definitions/include/bgp/afi-common.xml.i +++ b/interface-definitions/include/bgp/afi-common.xml.i @@ -88,6 +88,18 @@ </constraint> </properties> </leafNode> +<leafNode name="maximum-prefix-out"> + <properties> + <help>Maximum number of prefixes to be sent to this peer</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> #include <include/bgp/afi-nexthop-self.xml.i> <leafNode name="remove-private-as"> <properties> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index e6b81ceb1..78a4fb763 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1180,6 +1180,7 @@ <constraint> <validator name="numeric" argument="--range 1-4294967294"/> </constraint> + <multi/> </properties> </leafNode> </children> diff --git a/interface-definitions/include/conntrack-module-disable.xml.i b/interface-definitions/include/conntrack-module-disable.xml.i new file mode 100644 index 000000000..f891225e0 --- /dev/null +++ b/interface-definitions/include/conntrack-module-disable.xml.i @@ -0,0 +1,8 @@ +<!-- include start from conntrack-module-disable.xml.i --> +<leafNode name="disable"> + <properties> + <help>Disable connection tracking helper</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i new file mode 100644 index 000000000..9f8baa884 --- /dev/null +++ b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/action-accept-drop-reject.xml.i --> +<leafNode name="action"> + <properties> + <help>Action for packets</help> + <completionHelp> + <list>accept drop reject</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Action to accept</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Action to drop</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Action to reject</description> + </valueHelp> + <constraint> + <regex>^(accept|drop|reject)$</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i new file mode 100644 index 000000000..230f590cb --- /dev/null +++ b/interface-definitions/include/firewall/action.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/action.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action [REQUIRED]</help> + <completionHelp> + <list>permit deny</list> + </completionHelp> + <valueHelp> + <format>permit</format> + <description>Permit matching entries</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>Deny matching entries</description> + </valueHelp> + <constraint> + <regex>^(permit|deny)$</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address-ipv6.xml.i b/interface-definitions/include/firewall/address-ipv6.xml.i new file mode 100644 index 000000000..fa60c0c8a --- /dev/null +++ b/interface-definitions/include/firewall/address-ipv6.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/address-ipv6.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv6</format> + <description>IP address to match</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Subnet to match</description> + </valueHelp> + <valueHelp> + <format>ipv6range</format> + <description>IP range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv6</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv6range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + <validator name="ipv6-exclude"/> + <validator name="ipv6-range"/> + <validator name="ipv6-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address.xml.i b/interface-definitions/include/firewall/address.xml.i new file mode 100644 index 000000000..2e1bde5a5 --- /dev/null +++ b/interface-definitions/include/firewall/address.xml.i @@ -0,0 +1,39 @@ +<!-- include start from firewall/address.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i new file mode 100644 index 000000000..466599e0a --- /dev/null +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -0,0 +1,326 @@ +<!-- include start from firewall/common-rule.xml.i --> +#include <include/firewall/action.xml.i> +#include <include/firewall/description.xml.i> +<leafNode name="disable"> + <properties> + <help>Option to disable firewall rule</help> + <valueless/> + </properties> +</leafNode> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>burst__change_me</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>rate__change_me</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="log"> + <properties> + <help>Option to log packets matching rule</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable log</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable log</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + <defaultValue>all</defaultValue> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last N seconds</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Source addresses seen in the last N seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/source-destination-group.xml.i> + <leafNode name="mac-address"> + <properties> + <help>Source MAC address</help> + <valueHelp> + <format><MAC address></format> + <description>MAC address to match</description> + </valueHelp> + <valueHelp> + <format>!<MAC address></format> + <description>Match everything except the specified MAC address</description> + </valueHelp> + </properties> + </leafNode> + #include <include/firewall/port.xml.i> + </children> +</node> +<node name="state"> + <properties> + <help>Session state</help> + </properties> + <children> + <leafNode name="established"> + <properties> + <help>Established state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="invalid"> + <properties> + <help>Invalid state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="new"> + <properties> + <help>New state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="related"> + <properties> + <help>Related state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="tcp"> + <properties> + <help>TCP flags to match</help> + </properties> + <children> + <leafNode name="flags"> + <properties> + <help>TCP flags to match</help> + <valueHelp> + <format>txt</format> + <description>TCP flags to match</description> + </valueHelp> + <valueHelp> + <format> </format> + <description>\n\n Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="monthdays"> + <properties> + <help>Monthdays to match rule on</help> + </properties> + </leafNode> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="utc"> + <properties> + <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Weekdays to match rule on</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/description.xml.i b/interface-definitions/include/firewall/description.xml.i new file mode 100644 index 000000000..b6bae406b --- /dev/null +++ b/interface-definitions/include/firewall/description.xml.i @@ -0,0 +1,11 @@ +<!-- include start from firewall/description.xml.i --> +<leafNode name="description"> + <properties> + <help>Description</help> + <valueHelp> + <format>txt</format> + <description>Description</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i new file mode 100644 index 000000000..b45fb619b --- /dev/null +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -0,0 +1,173 @@ +<!-- include start from firewall/icmp-type-name.xml.i --> +<leafNode name="type-name"> + <properties> + <help>ICMP type-name</help> + <completionHelp> + <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any ICMP type/code</description> + </valueHelp> + <valueHelp> + <format>echo-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>pong</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>destination-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>protocol-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>port-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>fragmentation-needed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-route-failed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>communication-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-precedence-violation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>precedence-cutoff</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-quench</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>echo-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ping</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-advertisement</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-solicitation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>time-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-transit</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-reassembly</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>parameter-problem</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ip-header-bad</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>required-option-missing</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <constraint> + <regex>^(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply)$</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i new file mode 100644 index 000000000..46d20c1df --- /dev/null +++ b/interface-definitions/include/firewall/log.xml.i @@ -0,0 +1,15 @@ +<!-- include start from firewall/log.xml.i --> +<node name="log"> + <properties> + <help>Option to log packets</help> + </properties> + <children> + <leafNode name="enable"> + <properties> + <help>Enable logging</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/name-default-action.xml.i new file mode 100644 index 000000000..1b61b076f --- /dev/null +++ b/interface-definitions/include/firewall/name-default-action.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/name-default-action.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default-action for rule-set</help> + <completionHelp> + <list>drop reject accept</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit (default)</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Drop and notify source if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <constraint> + <regex>^(drop|reject|accept)$</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/name-default-log.xml.i b/interface-definitions/include/firewall/name-default-log.xml.i new file mode 100644 index 000000000..979395146 --- /dev/null +++ b/interface-definitions/include/firewall/name-default-log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/name-default-log.xml.i --> +<leafNode name="enable-default-log"> + <properties> + <help>Option to log packets hitting default-action</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/port.xml.i b/interface-definitions/include/firewall/port.xml.i new file mode 100644 index 000000000..59d92978b --- /dev/null +++ b/interface-definitions/include/firewall/port.xml.i @@ -0,0 +1,23 @@ +<!-- include start from firewall/port.xml.i --> +<leafNode name="port"> + <properties> + <help>Port</help> + <valueHelp> + <format>txt</format> + <description>Named port (any name in /etc/services, e.g., http)</description> + </valueHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Numbered port</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Numbered port range (e.g. 1001-1005)</description> + </valueHelp> + <valueHelp> + <format> </format> + <description>\n\n Multiple destination ports can be specified as a comma-separated list.\n The whole list can also be negated using '!'.\n For example: '!22,telnet,http,123,1001-1005'</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-group.xml.i b/interface-definitions/include/firewall/source-destination-group.xml.i new file mode 100644 index 000000000..30226b0d8 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group.xml.i @@ -0,0 +1,24 @@ +<!-- include start from firewall/source-destination-group.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="address-group"> + <properties> + <help>Group of addresses</help> + </properties> + </leafNode> + <leafNode name="network-group"> + <properties> + <help>Group of networks</help> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/interface-parameters-key.xml.i b/interface-definitions/include/interface/interface-parameters-key.xml.i index 1b1d67174..6c59f7879 100644 --- a/interface-definitions/include/interface/interface-parameters-key.xml.i +++ b/interface-definitions/include/interface/interface-parameters-key.xml.i @@ -1,7 +1,7 @@ <!-- include start from interface/interface-parameters-key.xml.i --> <leafNode name="key"> <properties> - <help>Tunnel key</help> + <help>Tunnel key (only GRE tunnels)</help> <valueHelp> <format>u32</format> <description>Tunnel key</description> diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 0355054a4..9e89cbbf6 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -22,9 +22,10 @@ <leafNode name="egress-qos"> <properties> <help>VLAN egress QoS</help> - <completionHelp> - <script>echo Format for qos mapping, e.g.: '0:1 1:6 7:6'</script> - </completionHelp> + <valueHelp> + <format>txt</format> + <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> + </valueHelp> <constraint> <regex>[:0-7 ]+$</regex> </constraint> @@ -34,9 +35,10 @@ <leafNode name="ingress-qos"> <properties> <help>VLAN ingress QoS</help> - <completionHelp> - <script>echo Format for qos mapping '0:1 1:6 7:6'</script> - </completionHelp> + <valueHelp> + <format>txt</format> + <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> + </valueHelp> <constraint> <regex>[:0-7 ]+$</regex> </constraint> diff --git a/interface-definitions/include/ip-protocol.xml.i b/interface-definitions/include/ip-protocol.xml.i new file mode 100644 index 000000000..ce9345024 --- /dev/null +++ b/interface-definitions/include/ip-protocol.xml.i @@ -0,0 +1,17 @@ +<!-- include start from ip-protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol</help> + <valueHelp> + <format>txt</format> + <description>Protocol name</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + </completionHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end from ip-protocol.xml.i --> diff --git a/interface-definitions/include/isis/default-information-level.xml.i b/interface-definitions/include/isis/default-information-level.xml.i new file mode 100644 index 000000000..5ade72a4b --- /dev/null +++ b/interface-definitions/include/isis/default-information-level.xml.i @@ -0,0 +1,32 @@ +<!-- include start from isis/default-information-level.xml.i --> +<node name="level-1"> + <properties> + <help>Distribute default route into level-1</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<node name="level-2"> + <properties> + <help>Distribute default route into level-2</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/metric.xml.i b/interface-definitions/include/isis/metric.xml.i new file mode 100644 index 000000000..30e2cdc10 --- /dev/null +++ b/interface-definitions/include/isis/metric.xml.i @@ -0,0 +1,14 @@ +<!-- include start from isis/metric.xml.i --> +<leafNode name="metric"> + <properties> + <help>Set default metric for circuit</help> + <valueHelp> + <format>u32:0-16777215</format> + <description>Default metric value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index c4a913385..831d12694 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -39,18 +39,7 @@ <help>Distribute default route for IPv4</help> </properties> <children> - <leafNode name="level-1"> - <properties> - <help>Distribute default route into level-1</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="level-2"> - <properties> - <help>Distribute default route into level-2</help> - <valueless/> - </properties> - </leafNode> + #include <include/isis/default-information-level.xml.i> </children> </node> <node name="ipv6"> @@ -58,30 +47,7 @@ <help>Distribute default route for IPv6</help> </properties> <children> - <leafNode name="level-1"> - <properties> - <help>Distribute default route into level-1</help> - <completionHelp> - <list>always</list> - </completionHelp> - <valueHelp> - <format>always</format> - <description>Always advertise default route</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="level-2"> - <properties> - <help>Distribute default route into level-2</help> - <completionHelp> - <list>always</list> - </completionHelp> - <valueHelp> - <format>always</format> - <description>Always advertise default route</description> - </valueHelp> - </properties> - </leafNode> + #include <include/isis/default-information-level.xml.i> </children> </node> </children> @@ -102,7 +68,6 @@ </valueHelp> </properties> </leafNode> -<!-- <leafNode name="md5"> <properties> <help>MD5 authentication type</help> @@ -112,7 +77,6 @@ </valueHelp> </properties> </leafNode> ---> </children> </node> <leafNode name="dynamic-hostname"> @@ -144,6 +108,12 @@ </constraint> </properties> </leafNode> +<leafNode name="log-adjacency-changes"> + <properties> + <help>Log adjacency state changes</help> + <valueless/> + </properties> +</leafNode> <leafNode name="lsp-gen-interval"> <properties> <help>Minimum interval between regenerating same LSP</help> @@ -570,7 +540,7 @@ <help>Delay used while in LONG_WAIT</help> <valueHelp> <format>u32:0-60000</format> - <description>Delay used while in LONG_WAIT state (in ms)</description> + <description>Delay used while in LONG_WAIT state in ms</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-60000"/> @@ -582,7 +552,7 @@ <help>Time with no received IGP events before considering IGP stable</help> <valueHelp> <format>u32:0-60000</format> - <description>Time with no received IGP events before considering IGP stable (in ms)</description> + <description>Time with no received IGP events before considering IGP stable in ms</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-60000"/> @@ -594,7 +564,7 @@ <help>Maximum duration needed to learn all the events related to a single failure</help> <valueHelp> <format>u32:0-60000</format> - <description>Maximum duration needed to learn all the events related to a single failure (in ms)</description> + <description>Maximum duration needed to learn all the events related to a single failure in ms</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-60000"/> @@ -608,7 +578,7 @@ <help>Minimum interval between SPF calculations</help> <valueHelp> <format>u32:1-120</format> - <description>Minimum interval between consecutive SPFs in seconds</description> + <description>Interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-120"/> @@ -677,18 +647,7 @@ </constraint> </properties> </leafNode> - <leafNode name="metric"> - <properties> - <help>Set default metric for circuit</help> - <valueHelp> - <format>u32:0-16777215</format> - <description>Default metric value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-16777215"/> - </constraint> - </properties> - </leafNode> + #include <include/isis/metric.xml.i> <node name="network"> <properties> <help>Set network type</help> @@ -733,10 +692,10 @@ </leafNode> <leafNode name="psnp-interval"> <properties> - <help>Set PSNP interval in seconds</help> + <help>Set PSNP interval</help> <valueHelp> <format>u32:0-127</format> - <description>Priority value</description> + <description>PSNP interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-127"/> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 846f6eb54..2efdaea3d 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -97,6 +97,26 @@ </properties> <defaultValue>0</defaultValue> </leafNode> + <leafNode name="lacp-rate"> + <properties> + <help>Rate in which we will ask our link partner to transmit LACPDU packets</help> + <completionHelp> + <list>slow fast</list> + </completionHelp> + <valueHelp> + <format>slow</format> + <description>Request partner to transmit LACPDUs every 30 seconds (default)</description> + </valueHelp> + <valueHelp> + <format>fast</format> + <description>Request partner to transmit LACPDUs every 1 second</description> + </valueHelp> + <constraint> + <regex>^(slow|fast)$</regex> + </constraint> + </properties> + <defaultValue>slow</defaultValue> + </leafNode> <leafNode name="mode"> <properties> <help>Bonding mode</help> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index 536edcb99..56f8ea79c 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -227,13 +227,22 @@ <children> <leafNode name="no-pmtu-discovery"> <properties> - <help>Disable path MTU discovery</help> + <help>Disable Path MTU Discovery on this tunnel</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ignore-df"> + <properties> + <help>Enable IPv4 DF suppression on this tunnel</help> <valueless/> </properties> </leafNode> #include <include/interface/interface-parameters-key.xml.i> #include <include/interface/interface-parameters-tos.xml.i> #include <include/interface/interface-parameters-ttl.xml.i> + <leafNode name="ttl"> + <defaultValue>64</defaultValue> + </leafNode> </children> </node> <node name="ipv6"> diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in new file mode 100644 index 000000000..604d7dd29 --- /dev/null +++ b/interface-definitions/interfaces-vti.xml.in @@ -0,0 +1,39 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces-vti.py"> + <properties> + <help>Virtual Tunnel interface</help> + <priority>381</priority> + <constraint> + <regex>^vti[0-9]+$</regex> + </constraint> + <constraintErrorMessage>VTI interface must be named vtiN</constraintErrorMessage> + <valueHelp> + <format>vtiN</format> + <description>VTI interface name</description> + </valueHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-host"/> + </constraint> + <multi/> + </properties> + </leafNode> + #include <include/interface/interface-description.xml.i> + #include <include/interface/interface-disable.xml.i> + #include <include/interface/interface-mtu-68-16000.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in index bc54baa27..0bcba9a84 100644 --- a/interface-definitions/ipsec-settings.xml.in +++ b/interface-definitions/ipsec-settings.xml.in @@ -7,6 +7,7 @@ <node name="options" owner="${vyos_conf_scripts_dir}/ipsec-settings.py"> <properties> <help>Global IPsec settings</help> + <priority>902</priority> </properties> <children> <leafNode name="disable-route-autoinstall"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 900fac27e..195e074a3 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -912,7 +912,7 @@ </leafNode> <leafNode name="as-path-prepend"> <properties> - <help>as-path-prepend_help</help> + <help>Prepend string for a Border Gateway Protocol (BGP) AS-path attribute</help> <valueHelp> <format>txt</format> <description>BGP AS path prepend string (ex: "64501 64501")</description> @@ -961,7 +961,7 @@ </node> <leafNode name="community"> <properties> - <help>community_help</help> + <help>Border Gateway Protocl (BGP) community attribute</help> <completionHelp> <list>local-AS no-advertise no-export internet additive none</list> </completionHelp> @@ -1066,6 +1066,12 @@ </constraint> </properties> </leafNode> + <leafNode name="prefer-global"> + <properties> + <help>Prefer global address as the nexthop</help> + <valueless/> + </properties> + </leafNode> </children> </node> <leafNode name="large-community"> @@ -1129,7 +1135,7 @@ </leafNode> <leafNode name="origin"> <properties> - <help>origin_help</help> + <help>Border Gateway Protocl (BGP) origin code</help> <completionHelp> <list>igp egp incomplete</list> </completionHelp> diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols-nhrp.xml.in new file mode 100644 index 000000000..9dd9d3389 --- /dev/null +++ b/interface-definitions/protocols-nhrp.xml.in @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="nhrp" owner="${vyos_conf_scripts_dir}/protocols_nhrp.py"> + <properties> + <help>NHRP parameters</help> + <priority>680</priority> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Tunnel for NHRP [REQUIRED]</help> + <constraint> + <regex>^tun[0-9]+$</regex> + </constraint> + <valueHelp> + <format>tunN</format> + <description>NHRP tunnel name</description> + </valueHelp> + </properties> + <children> + <leafNode name="cisco-authentication"> + <properties> + <help>Pass phrase for cisco authentication</help> + <valueHelp> + <format>txt</format> + <description>Pass phrase for cisco authentication</description> + </valueHelp> + </properties> + </leafNode> + <tagNode name="dynamic-map"> + <properties> + <help>Set an HUB tunnel address</help> + <valueHelp> + <format>ipv4net</format> + <description>Set the IP address and prefix length</description> + </valueHelp> + </properties> + <children> + <leafNode name="nbma-domain-name"> + <properties> + <help>Set HUB fqdn (nbma-address - fqdn) [REQUIRED]</help> + <valueHelp> + <format><fqdn></format> + <description>Set the external HUB fqdn</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="holding-time"> + <properties> + <help>Holding time in seconds</help> + </properties> + </leafNode> + <tagNode name="map"> + <properties> + <help>Set an HUB tunnel address</help> + </properties> + <children> + <leafNode name="cisco"> + <properties> + <help>If the statically mapped peer is running Cisco IOS, specify this</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="nbma-address"> + <properties> + <help>Set HUB address (nbma-address - external hub address or fqdn) [REQUIRED]</help> + </properties> + </leafNode> + <leafNode name="register"> + <properties> + <help>Specifies that Registration Request should be sent to this peer on startup</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="multicast"> + <properties> + <help>Set multicast for NHRP</help> + <completionHelp> + <list>dynamic nhs</list> + </completionHelp> + <constraint> + <regex>^(dynamic|nhs)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="non-caching"> + <properties> + <help>This can be used to reduce memory consumption on big NBMA subnets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="redirect"> + <properties> + <help>Enable sending of Cisco style NHRP Traffic Indication packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="shortcut-destination"> + <properties> + <help>This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destined to addresses in this interface</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="shortcut-target"> + <properties> + <help>Defines an off-NBMA network prefix for which the GRE interface will act as a gateway</help> + </properties> + <children> + <leafNode name="holding-time"> + <properties> + <help>Holding time in seconds</help> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="shortcut"> + <properties> + <help>Enable creation of shortcut routes. A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-ospfv3.xml.in b/interface-definitions/protocols-ospfv3.xml.in index 99e671b32..7b42c448d 100644 --- a/interface-definitions/protocols-ospfv3.xml.in +++ b/interface-definitions/protocols-ospfv3.xml.in @@ -25,6 +25,26 @@ </constraint> </properties> <children> + <node name="area-type"> + <properties> + <help>OSPFv3 Area type</help> + </properties> + <children> + <node name="stub"> + <properties> + <help>Stub OSPFv3 area</help> + </properties> + <children> + <leafNode name="no-summary"> + <properties> + <help>Do not inject inter-area routes into the stub</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> <leafNode name="export-list"> <properties> <help>Name of export-list</help> diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in index 94fab54a5..a73d0aae4 100644 --- a/interface-definitions/protocols-rpki.xml.in +++ b/interface-definitions/protocols-rpki.xml.in @@ -35,7 +35,7 @@ <help>Preference of the cache server</help> <valueHelp> <format>u32:1-255</format> - <description>Polling period</description> + <description>Preference of the cache server</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in new file mode 100644 index 000000000..8d6b57183 --- /dev/null +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -0,0 +1,164 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> + <properties> + <help>Connection tracking synchronization</help> + <priority>995</priority> + </properties> + <children> + <leafNode name="accept-protocol"> + <properties> + <help>Protocols for which local conntrack entries will be synced</help> + <completionHelp> + <list>tcp udp icmp icmp6 sctp dccp</list> + </completionHelp> + <valueHelp> + <format>tcp</format> + <description>Sync Transmission Control Protocol entries</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>Sync User Datagram Protocol entries</description> + </valueHelp> + <valueHelp> + <format>icmp</format> + <description>Sync Internet Control Message Protocol entries</description> + </valueHelp> + <valueHelp> + <format>icmp6</format> + <description>Sync IPv6 Internet Control Message Protocol entries</description> + </valueHelp> + <valueHelp> + <format>sctp</format> + <description>Sync Stream Control Transmission Protocol entries</description> + </valueHelp> + <valueHelp> + <format>dccp</format> + <description>Sync Datagram Congestion Control Protocol entries</description> + </valueHelp> + <constraint> + <regex>^(tcp|udp|icmp|icmp6|sctp|dccp)$</regex> + </constraint> + <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="disable-external-cache"> + <properties> + <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="event-listen-queue-size"> + <properties> + <help>Queue size for local conntrack events</help> + <valueHelp> + <format>u32</format> + <description>Queue size in MB</description> + </valueHelp> + </properties> + <defaultValue>8</defaultValue> + </leafNode> + <leafNode name="expect-sync"> + <properties> + <help>Protocol for which expect entries need to be synchronized</help> + <completionHelp> + <list>all ftp sip h323 nfs sqlnet</list> + </completionHelp> + <constraint> + <regex>^(all|ftp|sip|h323|nfs|sqlnet)$</regex> + </constraint> + <constraintErrorMessage>Invalid protocol</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <node name="failover-mechanism"> + <properties> + <help>Failover mechanism to use for conntrack-sync</help> + </properties> + <children> + <node name="vrrp"> + <properties> + <help>VRRP as failover-mechanism to use for conntrack-sync</help> + </properties> + <children> + <leafNode name="sync-group"> + <properties> + <help>VRRP sync group</help> + <completionHelp> + <path>high-availability vrrp sync-group</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ignore-address"> + <properties> + <help>IP addresses for which local conntrack entries will not be synced</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to ignore</description> + </valueHelp> + <constraint> + <validator name="ipv4"/> + <validator name="ipv6"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Interface to use for syncing conntrack entries</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script> + </completionHelp> + </properties> + <children> + <leafNode name="peer"> + <properties> + <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/listen-address-ipv4.xml.i> + <leafNode name="mcast-group"> + <properties> + <help>Multicast group to use for syncing conntrack entries</help> + <constraint> + <validator name="ipv4-multicast"/> + </constraint> + </properties> + <defaultValue>225.0.0.50</defaultValue> + </leafNode> + <leafNode name="sync-queue-size"> + <properties> + <help>Queue size for syncing conntrack entries</help> + <valueHelp> + <format>u32</format> + <description>Queue size in MB</description> + </valueHelp> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index dc8af67af..9d0f887a9 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -334,6 +334,45 @@ </leafNode> </children> </node> + <node name="extended-scripts"> + <properties> + <help>Extended script execution</help> + </properties> + <children> + <leafNode name="on-pre-up"> + <properties> + <help>Script to run before PPPoE session interface comes up</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-up"> + <properties> + <help>Script to run when PPPoE session interface is completely configured and started</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-down"> + <properties> + <help>Script to run when PPPoE session interface going to terminate</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-change"> + <properties> + <help>Script to run when PPPoE session interface changed by RADIUS CoA handling</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> </children> </node> </children> diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 47ac4e25d..750ae314c 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -10,7 +10,7 @@ <children> <tagNode name="interface"> <properties> - <help>Interface to send DDNS updates for [REQUIRED]</help> + <help>Interface to send RA on [REQUIRED]</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> @@ -154,6 +154,72 @@ <valueless/> </properties> </leafNode> + <tagNode name="route"> + <properties> + <help>IPv6 route to be advertised in Router Advertisements (RAs)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 route to be advertized</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="valid-lifetime"> + <properties> + <help>Time in seconds that the route will remain valid (default: 1800 seconds)</help> + <completionHelp> + <list>infinity</list> + </completionHelp> + <valueHelp> + <format>1-4294967295</format> + <description>Time in seconds that the route will remain valid</description> + </valueHelp> + <valueHelp> + <format>infinity</format> + <description>Route will remain preferred forever</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <regex>^(infinity)$</regex> + </constraint> + </properties> + <defaultValue>1800</defaultValue> + </leafNode> + <leafNode name="route-preference"> + <properties> + <help>Preference associated with the route,</help> + <completionHelp> + <list>low medium high</list> + </completionHelp> + <valueHelp> + <format>low</format> + <description>Route has low preference</description> + </valueHelp> + <valueHelp> + <format>medium</format> + <description>Route has medium preference (default)</description> + </valueHelp> + <valueHelp> + <format>high</format> + <description>Route has high preference</description> + </valueHelp> + <constraint> + <regex>^(low|medium|high)$</regex> + </constraint> + <constraintErrorMessage>Route preference must be low, medium or high</constraintErrorMessage> + </properties> + <defaultValue>medium</defaultValue> + </leafNode> + <leafNode name="no-remove-route"> + <properties> + <help>Do not announce this route with a zero second lifetime upon shutdown</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> <tagNode name="prefix"> <properties> <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in new file mode 100644 index 000000000..fa73df3db --- /dev/null +++ b/interface-definitions/system-conntrack.xml.in @@ -0,0 +1,348 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> + <properties> + <help>Connection Tracking Engine Options</help> + <!-- Before NAT and conntrack-sync are configured --> + <priority>218</priority> + </properties> + <children> + <leafNode name="expect-table-size"> + <properties> + <help>Size of connection tracking expect table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Number of entries allowed in connection tracking expect table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>2048</defaultValue> + </leafNode> + <leafNode name="hash-size"> + <properties> + <help>Hash size for connection tracking table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Size of hash to use for connection tracking table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>32768</defaultValue> + </leafNode> + <node name="modules"> + <properties> + <help>Connection tracking modules settings</help> + </properties> + <children> + <node name="ftp"> + <properties> + <help>FTP connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="h323"> + <properties> + <help>H.323 connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="nfs"> + <properties> + <help>NFS connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="pptp"> + <properties> + <help>PPTP connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="sip"> + <properties> + <help>SIP connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="sqlnet"> + <properties> + <help>SQLnet connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + <node name="tftp"> + <properties> + <help>TFTP connection tracking settings</help> + </properties> + <children> + #include <include/conntrack-module-disable.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="table-size"> + <properties> + <help>Size of connection tracking table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Number of entries allowed in connection tracking table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>262144</defaultValue> + </leafNode> + <node name="tcp"> + <properties> + <help>TCP options</help> + </properties> + <children> + <leafNode name="half-open-connections"> + <properties> + <help>Maximum number of TCP half-open connections</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + <defaultValue>512</defaultValue> + </leafNode> + <leafNode name="loose"> + <properties> + <help>Policy to track previously established connections</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Allow tracking of previously established connections</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Do not allow tracking of previously established connections</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="max-retrans"> + <properties> + <help>TCP maximum retransmit attempts</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> + </node> + <node name="timeout"> + <properties> + <help>Connection timeout options</help> + </properties> + <children> + <leafNode name="icmp"> + <properties> + <help>ICMP timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>ICMP timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="other"> + <properties> + <help>Generic connection timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>600</defaultValue> + </leafNode> + <node name="tcp"> + <properties> + <help>TCP connection timeout options</help> + </properties> + <children> + <leafNode name="close-wait"> + <properties> + <help>TCP CLOSE-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="close"> + <properties> + <help>TCP CLOSE timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="established"> + <properties> + <help>TCP ESTABLISHED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP ESTABLISHED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>432000</defaultValue> + </leafNode> + <leafNode name="fin-wait"> + <properties> + <help>TCP FIN-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP FIN-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="last-ack"> + <properties> + <help>TCP LAST-ACK timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP LAST-ACK timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="syn-recv"> + <properties> + <help>TCP SYN-RECEIVED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-RECEIVED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="syn-sent"> + <properties> + <help>TCP SYN-SENT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-SENT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="time-wait"> + <properties> + <help>TCP TIME-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP TIME-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + </children> + </node> + <node name="udp"> + <properties> + <help>UDP timeout options</help> + </properties> + <children> + <leafNode name="other"> + <properties> + <help>UDP generic timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP generic timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="stream"> + <properties> + <help>UDP stream timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP stream timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>180</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system-sysctl.xml.in new file mode 100644 index 000000000..bf118c24b --- /dev/null +++ b/interface-definitions/system-sysctl.xml.in @@ -0,0 +1,40 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <properties> + <help>System parameters</help> + </properties> + <children> + <node name="sysctl" owner="${vyos_conf_scripts_dir}/system_sysctl.py"> + <properties> + <help>Configure kernel parameters at runtime</help> + <priority>318</priority> + </properties> + <children> + <tagNode name="parameter"> + <properties> + <help>Sysctl key name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_sysctl_parameters.sh</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Sysctl key name</description> + </valueHelp> + <constraint> + <validator name="sysctl"/> + </constraint> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Sysctl configuration value</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 426d7e71c..604f49cb6 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -1,10 +1,14 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="vpn"> + <properties> + <help>Virtual Private Network (VPN)</help> + </properties> <children> - <node name="nipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py"> + <node name="ipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py"> <properties> <help>VPN IP security (IPsec) parameters</help> + <priority>901</priority> </properties> <children> <leafNode name="auto-update"> @@ -296,7 +300,7 @@ </completionHelp> <valueHelp> <format>yes</format> - <description>Enable remote host re-autentication during an IKE rekey. Currently broken due to a strong swan bug</description> + <description>Enable remote host re-authentication during an IKE rekey. Currently broken due to a strongswan bug</description> </valueHelp> <valueHelp> <format>no</format> @@ -386,6 +390,7 @@ </properties> <children> <leafNode name="dh-group"> + <defaultValue>2</defaultValue> <properties> <help>dh-grouphelp</help> <completionHelp> @@ -619,59 +624,6 @@ </leafNode> </children> </node> - <node name="nat-networks"> - <properties> - <help>Network Address Translation (NAT) networks</help> - </properties> - <children> - <tagNode name="allowed-network"> - <properties> - <help>NAT networks to allow</help> - <valueHelp> - <format>ipv4net</format> - <description>NAT networks to allow</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - </properties> - <children> - <leafNode name="exclude"> - <properties> - <help>NAT networks to exclude from allowed-networks</help> - <valueHelp> - <format>ipv4net</format> - <description>NAT networks to exclude from allowed-networks</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - <leafNode name="nat-traversal"> - <properties> - <help>Network Address Translation (NAT) traversal</help> - <completionHelp> - <list>disable enable</list> - </completionHelp> - <valueHelp> - <format>disable</format> - <description>Disable NAT-T</description> - </valueHelp> - <valueHelp> - <format>enable</format> - <description>Enable NAT-T</description> - </valueHelp> - <constraint> - <regex>^(disable|enable)$</regex> - </constraint> - </properties> - </leafNode> <node name="options"> <properties> <help>Global IPsec settings</help> @@ -695,19 +647,18 @@ <help>Authentication [REQUIRED]</help> </properties> <children> - <node name="mode"> + <leafNode name="mode"> <properties> <help>Authentication mode</help> + <completionHelp> + <list>pre-shared-secret</list> + </completionHelp> + <valueHelp> + <format>pre-shared-secret</format> + <description>Use pre shared secret key</description> + </valueHelp> </properties> - <children> - <leafNode name="pre-shared-secret"> - <properties> - <help>Use pre-shared secret key</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + </leafNode> <leafNode name="pre-shared-secret"> <properties> <help>Pre-shared secret key</help> @@ -724,17 +675,21 @@ <help>DMVPN crypto configuration</help> </properties> <children> - <leafNode name="bind_child"> + <leafNode name="tunnel"> <properties> - <help>bind_child_help</help> - <valueless/> + <help>Tunnel interface associated with this configuration profile</help> + <valueHelp> + <format>txt</format> + <description>Tunnel interface associated with this configuration profile</description> + </valueHelp> + <multi/> </properties> </leafNode> </children> </node> <leafNode name="esp-group"> <properties> - <help>Esp group name [REQUIRED]</help> + <help>ESP group name [REQUIRED]</help> <completionHelp> <path>vpn ipsec esp-group</path> </completionHelp> @@ -742,7 +697,7 @@ </leafNode> <leafNode name="ike-group"> <properties> - <help>Ike group name [REQUIRED]</help> + <help>IKE group name [REQUIRED]</help> <completionHelp> <path>vpn ipsec ike-group</path> </completionHelp> @@ -909,6 +864,9 @@ <leafNode name="default-esp-group"> <properties> <help>Defult ESP group name</help> + <completionHelp> + <path>vpn ipsec esp-group</path> + </completionHelp> </properties> </leafNode> <leafNode name="description"> @@ -920,7 +878,9 @@ <leafNode name="dhcp-interface"> <properties> <help>DHCP interface to listen on</help> - <valueless/> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> </properties> </leafNode> <leafNode name="force-encapsulation"> @@ -1091,12 +1051,7 @@ </leafNode> </children> </node> - <leafNode name="protocol"> - <properties> - <help>Protocol to encrypt</help> - <valueless/> - </properties> - </leafNode> + #include <include/ip-protocol.xml.i> <node name="remote"> <properties> <help>Remote parameters for interesting traffic</help> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 91c8cd76f..dab317f68 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -5,6 +5,7 @@ <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py"> <properties> <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help> + <priority>901</priority> </properties> <children> <node name="remote-access"> diff --git a/interface-definitions/vpn_rsa-keys.xml.in b/interface-definitions/vpn_rsa-keys.xml.in new file mode 100644 index 000000000..2d8e97f4f --- /dev/null +++ b/interface-definitions/vpn_rsa-keys.xml.in @@ -0,0 +1,47 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="rsa-keys" owner="${vyos_conf_scripts_dir}/vpn_rsa-keys.py"> + <properties> + <help>RSA keys</help> + <priority>900</priority> + </properties> + <children> + <node name="local-key"> + <properties> + <help>Local RSA key</help> + </properties> + <children> + <leafNode name="file"> + <properties> + <help>Local RSA key file location</help> + <valueHelp> + <format>txt</format> + <description>File in /config/auth or /config/ipsec.d/rsa-keys</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <tagNode name="rsa-key-name"> + <properties> + <help>Name of remote RSA key</help> + </properties> + <children> + <leafNode name="rsa-key"> + <properties> + <help>Remote RSA key</help> + <valueHelp> + <format>txt</format> + <description>Remote RSA key</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/clear-log.xml.in b/op-mode-definitions/clear-log.xml.in new file mode 100644 index 000000000..1f4a1aacd --- /dev/null +++ b/op-mode-definitions/clear-log.xml.in @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="clear"> + <children> + <leafNode name="log"> + <properties> + <help>Clear contents of current master log file</help> + </properties> + <command>sudo journalctl --rotate --vacuum-time=1s</command> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in new file mode 100644 index 000000000..41a71b04a --- /dev/null +++ b/op-mode-definitions/conntrack-sync.xml.in @@ -0,0 +1,94 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="conntrack-sync"> + <properties> + <help>Reset connection syncing parameters</help> + </properties> + <children> + <leafNode name="external-cache"> + <properties> + <help>Reset external cache and request resync with other systems</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-external</command> + </leafNode> + <leafNode name="internal-cache"> + <properties> + <help>Reset internal cache and request resync with other systems</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --reset-cache-internal</command> + </leafNode> + </children> + </node> + </children> + </node> + <node name="restart"> + <children> + <leafNode name="conntrack-sync"> + <properties> + <help>Restart connection tracking synchronization service</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --restart</command> + </leafNode> + </children> + </node> + <node name="show"> + <children> + <node name="conntrack-sync"> + <properties> + <help>Show connection tracking synchronization information</help> + </properties> + <children> + <node name="cache"> + <properties> + <help>Show connection tracking cache entries</help> + </properties> + <children> + <node name="external"> + <properties> + <help>Show external connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + <children> + <leafNode name="main"> + <properties> + <help>Show external main connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command> + </leafNode> + <leafNode name="expect"> + <properties> + <help>Show external expect connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command> + </leafNode> + </children> + </node> + <node name="internal"> + <properties> + <help>Show internal connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + <children> + <leafNode name="main"> + <properties> + <help>Show internal main connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command> + </leafNode> + <leafNode name="expect"> + <properties> + <help>Show internal expect connection tracking cache entries</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/disks.xml.in b/op-mode-definitions/disks.xml.in index fb39c4f3c..2102a2e8e 100644 --- a/op-mode-definitions/disks.xml.in +++ b/op-mode-definitions/disks.xml.in @@ -26,7 +26,6 @@ </tagNode> </children> </node> - <node name="show"> <children> <tagNode name="disk"> diff --git a/op-mode-definitions/flow-accounting-op.xml.in b/op-mode-definitions/flow-accounting-op.xml.in index b847338f9..7aaae5974 100644 --- a/op-mode-definitions/flow-accounting-op.xml.in +++ b/op-mode-definitions/flow-accounting-op.xml.in @@ -57,7 +57,7 @@ <properties> <help>Restart (net)flow accounting process</help> </properties> - <command>${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> + <command>sudo ${vyos_op_scripts_dir}/flow_accounting_op.py --action restart</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/generate-ssh-server-key.xml.in b/op-mode-definitions/generate-ssh-server-key.xml.in index 86bb1b1bd..ecea3e5d1 100644 --- a/op-mode-definitions/generate-ssh-server-key.xml.in +++ b/op-mode-definitions/generate-ssh-server-key.xml.in @@ -14,7 +14,7 @@ <properties> <help>Re-generate SSH host keys and restart SSH server</help> </properties> - <command>${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> + <command>sudo ${vyos_op_scripts_dir}/generate_ssh_server_key.py</command> </node> <tagNode name="client-key"> <properties> diff --git a/op-mode-definitions/ipv4-route.xml.in b/op-mode-definitions/ipv4-route.xml.in index 1bda3ac11..aab3df0f1 100644 --- a/op-mode-definitions/ipv4-route.xml.in +++ b/op-mode-definitions/ipv4-route.xml.in @@ -43,7 +43,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush to "$5"</command> + <command>sudo ip neigh flush to "$5"</command> </tagNode> <tagNode name="interface"> <properties> @@ -52,7 +52,7 @@ <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> - <command>sudo /sbin/ip neigh flush dev "$5"</command> + <command>sudo ip neigh flush dev "$5"</command> </tagNode> </children> </node> @@ -66,7 +66,7 @@ <properties> <help>Flush the kernel route cache</help> </properties> - <command>sudo /sbin/ip route flush cache</command> + <command>sudo ip route flush cache</command> </leafNode> <tagNode name="cache"> @@ -76,7 +76,7 @@ <list><x.x.x.x> <x.x.x.x/x></list> </completionHelp> </properties> - <command>sudo /sbin/ip route flush cache "$5"</command> + <command>sudo ip route flush cache "$5"</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/monitor-bandwidth-test.xml.in b/op-mode-definitions/monitor-bandwidth-test.xml.in index 5b36b1da5..965591280 100644 --- a/op-mode-definitions/monitor-bandwidth-test.xml.in +++ b/op-mode-definitions/monitor-bandwidth-test.xml.in @@ -7,21 +7,51 @@ <help>Initiate or wait for bandwidth test</help> </properties> <children> - <leafNode name="accept"> + <node name="accept"> <properties> <help>Wait for bandwidth test connections (port TCP/5001)</help> </properties> <command>/usr/bin/iperf -V -s</command> - </leafNode> - <tagNode name="initiate"> + <children> + <leafNode name="tcp"> + <properties> + <help>Wait for bandwidth test connections (port TCP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s</command> + </leafNode> + <leafNode name="udp"> + <properties> + <help>Wait for bandwidth test connections (port UDP/5001)</help> + </properties> + <command>/usr/bin/iperf -V -s -u</command> + </leafNode> + </children> + </node> + <node name="initiate"> <properties> - <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> - <completionHelp> - <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> - </completionHelp> + <help>Initiate a bandwidth test to specified host</help> </properties> - <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$4"</command> - </tagNode> + <children> + <tagNode name="tcp"> + <properties> + <help>Initiate a bandwidth test to specified host (port TCP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5"</command> + </tagNode> + <tagNode name="udp"> + <properties> + <help>Initiate a bandwidth test to specified host (port UDP/5001)</help> + <completionHelp> + <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>${vyos_op_scripts_dir}/monitor_bandwidth_test.sh "$5" "-u"</command> + </tagNode> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/nhrp.xml.in b/op-mode-definitions/nhrp.xml.in new file mode 100644 index 000000000..9e746cc35 --- /dev/null +++ b/op-mode-definitions/nhrp.xml.in @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="reset"> + <children> + <node name="nhrp"> + <properties> + <help>Clear/Purge NHRP entries</help> + </properties> + <children> + <node name="flush"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Clear all non-permanent entries</help> + </properties> + <command>sudo opennhrpctl flush dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl flush || echo OpenNHRP is not running.</command> + </node> + <node name="purge"> + <properties> + <help>Purge entries from NHRP cache</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Purge all entries from NHRP cache</help> + </properties> + <command>sudo opennhrpctl purge dev $5 || echo OpenNHRP is not running.</command> + </tagNode> + </children> + <command>sudo opennhrpctl purge || echo OpenNHRP is not running.</command> + </node> + </children> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="nhrp"> + <properties> + <help>Show NHRP info</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Show NHRP interface connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl interface show; else echo OpenNHRP is not running.; fi</command> + </leafNode> + <leafNode name="tunnel"> + <properties> + <help>Show NHRP tunnel connection information</help> + </properties> + <command>if [ -f /var/run/opennhrp.pid ]; then sudo opennhrpctl show ; else echo OpenNHRP is not running.; fi</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/openconnect.xml.in b/op-mode-definitions/openconnect.xml.in index 36f23239e..6b0082b4c 100644 --- a/op-mode-definitions/openconnect.xml.in +++ b/op-mode-definitions/openconnect.xml.in @@ -17,4 +17,14 @@ </node> </children> </node> + <node name="restart"> + <children> + <leafNode name="openconnect-server"> + <properties> + <help>Restart openconnect server process</help> + </properties> + <command>${vyos_op_scripts_dir}/openconnect-control.py --action="restart"</command> + </leafNode> + </children> + </node> </interfaceDefinition> diff --git a/op-mode-definitions/show-arp.xml.in b/op-mode-definitions/show-arp.xml.in new file mode 100644 index 000000000..12e7d3aa2 --- /dev/null +++ b/op-mode-definitions/show-arp.xml.in @@ -0,0 +1,24 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$4"</command> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-console-server.xml.in b/op-mode-definitions/show-console-server.xml.in index 77a7f3376..253d15498 100644 --- a/op-mode-definitions/show-console-server.xml.in +++ b/op-mode-definitions/show-console-server.xml.in @@ -8,7 +8,7 @@ <properties> <help>Show log for serial console server</help> </properties> - <command>/usr/bin/journalctl -u conserver-server.service</command> + <command>/usr/bin/journalctl --unit conserver-server.service</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-hardware.xml.in b/op-mode-definitions/show-hardware.xml.in index 0df2e4404..20fdd753d 100644 --- a/op-mode-definitions/show-hardware.xml.in +++ b/op-mode-definitions/show-hardware.xml.in @@ -53,18 +53,40 @@ </node> </children> </node> - <node name="scsi"> + <node name="storage"> <properties> - <help>Show SCSI device information</help> + <help>Show system storage information</help> </properties> - <command>lsscsi</command> <children> - <node name="detail"> + <leafNode name="nvme"> + <properties> + <help>Show NVMe device information</help> + </properties> + <command>sudo nvme list</command> + </leafNode> + <node name="scsi"> <properties> - <help>Show detailed SCSI device information</help> + <help>Show SCSI device information</help> </properties> - <command>lsscsi -vvv</command> + <command>lsscsi</command> + <children> + <node name="detail"> + <properties> + <help>Show detailed SCSI device information</help> + </properties> + <command>lsscsi -vvv</command> + </node> + </children> </node> + <tagNode name="smart"> + <properties> + <help>Show S.M.A.R.T. device information</help> + <completionHelp> + <script>ls /dev | egrep '([hsv]d[a-z]|nvme[0-9]+n[0-9])$'</script> + </completionHelp> + </properties> + <command>sudo smartctl -a "/dev/$5" | sed 1,3d</command> + </tagNode> </children> </node> <node name="usb"> diff --git a/op-mode-definitions/show-interfaces-macsec.xml.in b/op-mode-definitions/show-interfaces-macsec.xml.in index 6aeab66af..a264ff22e 100644 --- a/op-mode-definitions/show-interfaces-macsec.xml.in +++ b/op-mode-definitions/show-interfaces-macsec.xml.in @@ -11,7 +11,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show</command> + <command>ip macsec show</command> </node> <tagNode name="macsec"> <properties> @@ -20,7 +20,7 @@ <path>interfaces macsec</path> </completionHelp> </properties> - <command>/usr/sbin/ip macsec show $4</command> + <command>ip macsec show $4</command> </tagNode> </children> </node> diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in index 393ca912f..18697a275 100644 --- a/op-mode-definitions/show-interfaces-pppoe.xml.in +++ b/op-mode-definitions/show-interfaces-pppoe.xml.in @@ -17,7 +17,7 @@ <properties> <help>Show specified PPPoE interface log</help> </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> + <command>/usr/bin/journalctl --unit "ppp@$4".service</command> </leafNode> <leafNode name="statistics"> <properties> diff --git a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in index c0ab9c66f..18b1e55c7 100644 --- a/op-mode-definitions/show-interfaces-wirelessmodem.xml.in +++ b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in @@ -17,7 +17,7 @@ <properties> <help>Show specified WWAN interface log</help> </properties> - <command>/usr/bin/journalctl -u "ppp@$4".service</command> + <command>/usr/bin/journalctl --unit "ppp@$4".service</command> </leafNode> <leafNode name="statistics"> <properties> diff --git a/op-mode-definitions/show-ip-route.xml.in b/op-mode-definitions/show-ip-route.xml.in index 729572b4a..0a24bc45a 100644 --- a/op-mode-definitions/show-ip-route.xml.in +++ b/op-mode-definitions/show-ip-route.xml.in @@ -153,9 +153,9 @@ <children> <leafNode name="longer-prefixes"> <properties> - <help>Show longer prefixes of routes for specified IP address or prefix</help> + <help>Show longer prefixes of routes for specified prefix</help> </properties> - <command>vtysh -c "show ip route $4 longer-prefixes"</command> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/show-ipv6-route.xml.in b/op-mode-definitions/show-ipv6-route.xml.in index 065ea6f1f..8624574ac 100644 --- a/op-mode-definitions/show-ipv6-route.xml.in +++ b/op-mode-definitions/show-ipv6-route.xml.in @@ -133,9 +133,9 @@ <children> <node name="longer-prefixes"> <properties> - <help>Show longer prefixes of routes for given address or prefix</help> + <help>Show longer prefixes of routes for given prefix</help> </properties> - <command>vtysh -c "show ipv6 route $4 longer-prefixes"</command> + <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command> </node> </children> <command>vtysh -c "show ipv6 route $4"</command> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 58216bfd1..bb2de1580 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -18,7 +18,7 @@ <properties> <help>Show listing of authorization attempts</help> </properties> - <command>/bin/journalctl -q SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> + <command>/bin/journalctl --quiet SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command> </leafNode> <leafNode name="cluster"> <properties> diff --git a/op-mode-definitions/show-protocols-static.xml.in b/op-mode-definitions/show-protocols-static.xml.in deleted file mode 100644 index aaf875072..000000000 --- a/op-mode-definitions/show-protocols-static.xml.in +++ /dev/null @@ -1,49 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="show"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$4"</command> - </tagNode> - </children> - </node> - <node name="protocols"> - <children> - <node name="static"> - <children> - <node name="arp"> - <properties> - <help>Show Address Resolution Protocol (ARP) information</help> - </properties> - <command>/usr/sbin/arp -e -n</command> - <children> - <tagNode name="interface"> - <properties> - <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -b</script> - </completionHelp> - </properties> - <command>/usr/sbin/arp -e -n -i "$6"</command> - </tagNode> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/op-mode-definitions/show-protocols-bfd.xml.in b/op-mode-definitions/show-protocols.xml.in index 886b01e51..d595e2c3c 100644 --- a/op-mode-definitions/show-protocols-bfd.xml.in +++ b/op-mode-definitions/show-protocols.xml.in @@ -8,6 +8,9 @@ </properties> <children> <node name="bfd"> + <properties> + <help>Show Bidirectional Forwarding Detection (BFD)</help> + </properties> <children> <node name="peer"> <properties> @@ -48,6 +51,30 @@ </leafNode> </children> </node> + <node name="static"> + <properties> + <help>Show static protocol parameters</help> + </properties> + <children> + <node name="arp"> + <properties> + <help>Show Address Resolution Protocol (ARP) information</help> + </properties> + <command>/usr/sbin/arp -e -n</command> + <children> + <tagNode name="interface"> + <properties> + <help>Show Address Resolution Protocol (ARP) cache for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + </properties> + <command>/usr/sbin/arp -e -n -i "$6"</command> + </tagNode> + </children> + </node> + </children> + </node> </children> </node> </children> diff --git a/op-mode-definitions/show-vrf.xml.in b/op-mode-definitions/show-vrf.xml.in index 438e7c334..9c38c30fe 100644 --- a/op-mode-definitions/show-vrf.xml.in +++ b/op-mode-definitions/show-vrf.xml.in @@ -21,7 +21,7 @@ <properties> <help>Shows all process ids associated with VRF</help> </properties> - <command>/usr/sbin/ip vrf pids "$3"</command> + <command>ip vrf pids "$3"</command> </leafNode> </children> </tagNode> diff --git a/op-mode-definitions/traceroute.xml.in b/op-mode-definitions/traceroute.xml.in index 1b619ed43..e3217235c 100644 --- a/op-mode-definitions/traceroute.xml.in +++ b/op-mode-definitions/traceroute.xml.in @@ -90,7 +90,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute "$4"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute "$4"</command> </tagNode> <tagNode name="ipv4"> <properties> @@ -99,13 +99,13 @@ <list><hostname> <x.x.x.x></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -4 "$5"</command> <children> <node name="tcp"> <properties> <help>Route tracing and port detection using TCP</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" </command> <children> <tagNode name="port"> <properties> @@ -114,7 +114,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute "$5" $8</command> </tagNode> </children> </node> @@ -127,13 +127,13 @@ <list><hostname> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> + <command>sudo ip vrf exec "$3" /usr/bin/traceroute -6 "$5"</command> <children> <node name="tcp"> <properties> <help>Use TCP/IPv6 packets to perform a traceroute</help> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" </command> <children> <tagNode name="port"> <properties> @@ -142,7 +142,7 @@ <list>0-65535</list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> + <command>sudo ip vrf exec "$3" /usr/bin/tcptraceroute6 "$5" $8</command> </tagNode> </children> </node> @@ -198,7 +198,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -4 "$6"</command> </tagNode> <tagNode name="ipv6"> <properties> @@ -207,7 +207,7 @@ <list><fqdn></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr -6 "$6"</command> </tagNode> <tagNode name=""> <properties> @@ -216,7 +216,7 @@ <list><hostname> <x.x.x.x> <h:h:h:h:h:h:h:h></list> </completionHelp> </properties> - <command>sudo /usr/sbin/ip vrf exec "$4" /usr/bin/mtr "$5"</command> + <command>sudo ip vrf exec "$4" /usr/bin/mtr "$5"</command> </tagNode> </children> </tagNode> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in new file mode 100644 index 000000000..76f4893c1 --- /dev/null +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -0,0 +1,251 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="generate"> + <children> + <node name="vpn"> + <properties> + <help>VPN key generation utility</help> + </properties> + <children> + <node name="rsa-key"> + <properties> + <help>Generate local RSA key (default: bits=2192)</help> + </properties> + <children> + <tagNode name="bits"> + <properties> + <help>Generate local RSA key with specified number of bits</help> + <completionHelp> + <list><16-4096></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="$5"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="2192"</command> + </node> + <node name="x509"> + <properties> + <help>x509 key-pair generation tool</help> + </properties> + <children> + <tagNode name="key-pair"> + <properties> + <help>Generate x509 key-pair</help> + <completionHelp> + <list><common-name></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="x509" --name="$5"</command> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="reset"> + <children> + <node name="vpn"> + <properties> + <help>Reset Virtual Private Network (VPN) information</help> + </properties> + <children> + <tagNode name="ipsec-peer"> + <properties> + <help>Reset all tunnels for given peer</help> + <completionHelp> + <path>vpn ipsec site-to-site peer</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="$6"</command> + </tagNode> + <node name="vti"> + <properties> + <help>Reset the VTI tunnel for given peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="vti"</command> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="all"</command> + </tagNode> + <tagNode name="ipsec-profile"> + <properties> + <help>Reset all tunnels for given DMVPN profile</help> + <completionHelp> + <path>vpn ipsec profile</path> + </completionHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Reset a specific tunnel for given DMVPN profile</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command> + </tagNode> + </children> + </node> + </children> + </node> + <node name="restart"> + <children> + <node name="vpn"> + <properties> + <help>Restart IPSec VPN</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec restart ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + <node name="show"> + <children> + <node name="vpn"> + <properties> + <help>Show Virtual Private Network (VPN) information</help> + </properties> + <children> + <node name="debug"> + <properties> + <help>Show VPN debugging information</help> + </properties> + <children> + <tagNode name="peer"> + <properties> + <help>Show debugging information for a peer</help> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show debug information for peer tunnel</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"</command> + </node> + <node name="ike"> + <properties> + <help>Show Internet Key Exchange (IKE) information</help> + </properties> + <children> + <node name="rsa-keys"> + <properties> + <help>Show VPN RSA keys</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key-show"</command> + </node> + <node name="sa"> + <properties> + <help>Show all currently active IKE Security Associations (SA)</help> + </properties> + <children> + <node name="nat-traversal"> + <properties> + <help>Show all currently active IKE Security Associations (SA) that are using NAT Traversal</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"</command> + </node> + <tagNode name="peer"> + <properties> + <help>Show all currently active IKE Security Associations (SA) for a peer</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"</command> + </tagNode> + </children> + <command>sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py</command> + </node> + <node name="secrets"> + <properties> + <help>Show all the pre-shared key secrets</help> + </properties> + <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + </node> + <node name="status"> + <properties> + <help>Show summary of IKE process information</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command> + </node> + </children> + </node> + <node name="ipsec"> + <properties> + <help>Show Internet Protocol Security (IPSec) information</help> + </properties> + <children> + <node name="policy"> + <properties> + <help>Show the in-kernel crypto policies</help> + </properties> + <command>sudo ip xfrm policy list</command> + </node> + <node name="sa"> + <properties> + <help>Show all active IPSec Security Associations (SA)</help> + </properties> + <children> + <!-- + <node name="detail"> + <properties> + <help>Show Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command></command> + </node> + <tagNode name="stats"> + <properties> + <help>Show statistics for all currently active IPSec Security Associations (SA)</help> + <valueHelp> + <format>txt</format> + <description>Show Statistics for SAs associated with a specific peer</description> + </valueHelp> + </properties> + <children> + <tagNode name="tunnel"> + <properties> + <help>Show Statistics for SAs associated with a specific peer</help> + </properties> + <command></command> + </tagNode> + </children> + <command></command> + </tagNode> + --> + <node name="verbose"> + <properties> + <help>Show Verbose Detail on all active IPSec Security Associations (SA)</help> + </properties> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + <command>if pgrep charon >/dev/null ; then sudo /usr/libexec/vyos/op_mode/show_ipsec_sa.py ; else echo "IPSec process not running" ; fi</command> + </node> + <node name="state"> + <properties> + <help>Show the in-kernel crypto state</help> + </properties> + <command>sudo ip xfrm state list</command> + </node> + <node name="status"> + <properties> + <help>Show status of IPSec process</help> + </properties> + <command>if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 99c472582..88cbf2d5b 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -45,6 +45,16 @@ def verify_mtu(config): raise ConfigError(f'Interface MTU too high, ' \ f'maximum supported MTU is {max_mtu}!') +def verify_mtu_parent(config, parent): + if 'mtu' not in config or 'mtu' not in parent: + return + + mtu = int(config['mtu']) + parent_mtu = int(parent['mtu']) + if mtu > parent_mtu: + raise ConfigError(f'Interface MTU ({mtu}) too high, ' \ + f'parent interface MTU is {parent_mtu}!') + def verify_mtu_ipv6(config): """ Common helper function used by interface implementations to perform @@ -266,6 +276,7 @@ def verify_vlan_config(config): verify_dhcpv6(vlan) verify_address(vlan) verify_vrf(vlan) + verify_mtu_parent(vlan, config) # 802.1ad (Q-in-Q) VLANs for s_vlan in config.get('vif_s', {}): @@ -273,12 +284,15 @@ def verify_vlan_config(config): verify_dhcpv6(s_vlan) verify_address(s_vlan) verify_vrf(s_vlan) + verify_mtu_parent(s_vlan, config) for c_vlan in s_vlan.get('vif_c', {}): c_vlan = s_vlan['vif_c'][c_vlan] verify_dhcpv6(c_vlan) verify_address(c_vlan) verify_vrf(c_vlan) + verify_mtu_parent(c_vlan, config) + verify_mtu_parent(c_vlan, s_vlan) def verify_accel_ppp_base_service(config): """ diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index bfa3b0025..233d53688 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -51,6 +51,10 @@ class BondIf(Interface): 'validate': assert_positive, 'location': '/sys/class/net/{ifname}/bonding/min_links', }, + 'bond_lacp_rate': { + 'validate': lambda v: assert_list(v, ['slow', 'fast']), + 'location': '/sys/class/net/{ifname}/bonding/lacp_rate', + }, 'bond_miimon': { 'validate': assert_positive, 'location': '/sys/class/net/{ifname}/bonding/miimon' @@ -152,6 +156,26 @@ class BondIf(Interface): """ self.set_interface('bond_min_links', number) + def set_lacp_rate(self, slow_fast): + """ + Option specifying the rate in which we'll ask our link partner + to transmit LACPDU packets in 802.3ad mode. Possible values + are: + + slow or 0 + Request partner to transmit LACPDUs every 30 seconds + + fast or 1 + Request partner to transmit LACPDUs every 1 second + + The default is slow. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_lacp_rate('slow') + """ + self.set_interface('bond_lacp_rate', slow_fast) + def set_arp_interval(self, interval): """ Specifies the ARP link monitoring frequency in milliseconds. @@ -382,9 +406,13 @@ class BondIf(Interface): if not dict_search(f'member.interface_remove.{interface}.disable', config): Interface(interface).set_admin_state('up') - # Bonding policy/mode - value = config.get('mode') - if value: self.set_mode(value) + # Bonding policy/mode - default value, always present + mode = config.get('mode') + self.set_mode(mode) + + # LACPDU transmission rate - default value + if mode == '802.3ad': + self.set_lacp_rate(config.get('lacp_rate')) # Add (enslave) interfaces to bond value = dict_search('member.interface', config) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index ff05cab0e..6a66d958f 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -36,6 +36,7 @@ from vyos.template import render from vyos.util import mac2eui64 from vyos.util import dict_search from vyos.util import read_file +from vyos.util import get_interface_config from vyos.template import is_ipv4 from vyos.validate import is_intf_addr_assigned from vyos.validate import is_ipv6_link_local @@ -743,28 +744,37 @@ class Interface(Control): """ self.set_interface('proxy_arp_pvlan', enable) - def get_addr(self): + def get_addr_v4(self): """ - Retrieve assigned IPv4 and IPv6 addresses from given interface. + Retrieve assigned IPv4 addresses from given interface. This is done using the netifaces and ipaddress python modules. Example: >>> from vyos.ifconfig import Interface - >>> Interface('eth0').get_addrs() - ['172.16.33.30/24', 'fe80::20c:29ff:fe11:a174/64'] + >>> Interface('eth0').get_addr_v4() + ['172.16.33.30/24'] """ - ipv4 = [] - ipv6 = [] - - if AF_INET in ifaddresses(self.config['ifname']).keys(): + if AF_INET in ifaddresses(self.config['ifname']): for v4_addr in ifaddresses(self.config['ifname'])[AF_INET]: # we need to manually assemble a list of IPv4 address/prefix prefix = '/' + \ str(IPv4Network('0.0.0.0/' + v4_addr['netmask']).prefixlen) ipv4.append(v4_addr['addr'] + prefix) + return ipv4 + + def get_addr_v6(self): + """ + Retrieve assigned IPv6 addresses from given interface. + This is done using the netifaces and ipaddress python modules. - if AF_INET6 in ifaddresses(self.config['ifname']).keys(): + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_addr_v6() + ['fe80::20c:29ff:fe11:a174/64'] + """ + ipv6 = [] + if AF_INET6 in ifaddresses(self.config['ifname']): for v6_addr in ifaddresses(self.config['ifname'])[AF_INET6]: # Note that currently expanded netmasks are not supported. That means # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. @@ -777,8 +787,18 @@ class Interface(Control): # addresses v6_addr['addr'] = v6_addr['addr'].split('%')[0] ipv6.append(v6_addr['addr'] + prefix) + return ipv6 - return ipv4 + ipv6 + def get_addr(self): + """ + Retrieve assigned IPv4 and IPv6 addresses from given interface. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_addr() + ['172.16.33.30/24', 'fe80::20c:29ff:fe11:a174/64'] + """ + return self.get_addr_v4() + self.get_addr_v6() def add_addr(self, addr): """ @@ -1289,6 +1309,16 @@ class Interface(Control): vif_s_ifname = f'{ifname}.{vif_s_id}' vif_s_config['ifname'] = vif_s_ifname + + # It is not possible to change the VLAN encapsulation protocol + # "on-the-fly". For this "quirk" we need to actively delete and + # re-create the VIF-S interface. + if self.exists(vif_s_ifname): + cur_cfg = get_interface_config(vif_s_ifname) + protocol = dict_search('linkinfo.info_data.protocol', cur_cfg).lower() + if protocol != vif_s_config['protocol']: + VLANIf(vif_s_ifname).remove() + s_vlan = VLANIf(vif_s_ifname, **tmp) s_vlan.update(vif_s_config) @@ -1315,12 +1345,55 @@ class Interface(Control): # create/update 802.1q VLAN interfaces for vif_id, vif_config in config.get('vif', {}).items(): + + vif_ifname = f'{ifname}.{vif_id}' + vif_config['ifname'] = vif_ifname + tmp = deepcopy(VLANIf.get_config()) tmp['source_interface'] = ifname tmp['vlan_id'] = vif_id + + # We need to ensure that the string format is consistent, and we need to exclude redundant spaces. + sep = ' ' + if 'egress_qos' in vif_config: + # Unwrap strings into arrays + egress_qos_array = vif_config['egress_qos'].split() + # The split array is spliced according to the fixed format + tmp['egress_qos'] = sep.join(egress_qos_array) + + if 'ingress_qos' in vif_config: + # Unwrap strings into arrays + ingress_qos_array = vif_config['ingress_qos'].split() + # The split array is spliced according to the fixed format + tmp['ingress_qos'] = sep.join(ingress_qos_array) + + # Since setting the QoS control parameters in the later stage will + # not completely delete the old settings, + # we still need to delete the VLAN encapsulation interface in order to + # ensure that the changed settings are effective. + cur_cfg = get_interface_config(vif_ifname) + qos_str = '' + tmp2 = dict_search('linkinfo.info_data.ingress_qos', cur_cfg) + if 'ingress_qos' in tmp and tmp2: + for item in tmp2: + from_key = item['from'] + to_key = item['to'] + qos_str += f'{from_key}:{to_key} ' + if qos_str != tmp['ingress_qos']: + if self.exists(vif_ifname): + VLANIf(vif_ifname).remove() + + qos_str = '' + tmp2 = dict_search('linkinfo.info_data.egress_qos', cur_cfg) + if 'egress_qos' in tmp and tmp2: + for item in tmp2: + from_key = item['from'] + to_key = item['to'] + qos_str += f'{from_key}:{to_key} ' + if qos_str != tmp['egress_qos']: + if self.exists(vif_ifname): + VLANIf(vif_ifname).remove() - vif_ifname = f'{ifname}.{vif_id}' - vif_config['ifname'] = vif_ifname vlan = VLANIf(vif_ifname, **tmp) vlan.update(vif_config) diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 2a266fc9f..64c735824 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -62,6 +62,7 @@ class TunnelIf(Interface): mapping_ipv4 = { 'parameters.ip.key' : 'key', 'parameters.ip.no_pmtu_discovery' : 'nopmtudisc', + 'parameters.ip.ignore_df' : 'ignore-df', 'parameters.ip.tos' : 'tos', 'parameters.ip.ttl' : 'ttl', 'parameters.erspan.direction' : 'erspan_dir', diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py index e2090c889..9eafcd11b 100644 --- a/python/vyos/ifconfig/vti.py +++ b/python/vyos/ifconfig/vti.py @@ -14,6 +14,7 @@ # License along with this library. If not, see <http://www.gnu.org/licenses/>. from vyos.ifconfig.interface import Interface +from vyos.util import dict_search @Interface.register class VTIIf(Interface): @@ -25,3 +26,34 @@ class VTIIf(Interface): 'prefixes': ['vti', ], }, } + + def _create(self): + # This table represents a mapping from VyOS internal config dict to + # arguments used by iproute2. For more information please refer to: + # - https://man7.org/linux/man-pages/man8/ip-link.8.html + # - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html + mapping = { + 'source_address' : 'local', + 'source_interface' : 'dev', + 'remote' : 'remote', + 'key' : 'key', + } + + cmd = 'ip link add {ifname} type vti' + for vyos_key, iproute2_key in mapping.items(): + # dict_search will return an empty dict "{}" for valueless nodes like + # "parameters.nolearning" - thus we need to test the nodes existence + # by using isinstance() + tmp = dict_search(vyos_key, self.config) + if isinstance(tmp, dict): + cmd += f' {iproute2_key}' + elif tmp != None: + cmd += f' {iproute2_key} {tmp}' + + self._cmd(cmd.format(**self.config)) + self.set_interface('admin_state', 'down') + + def set_admin_state(self, state): + # function is not implemented for VTI interfaces as this is entirely + # handled by the ipsec up/down scripts + pass diff --git a/python/vyos/template.py b/python/vyos/template.py index 3fbb33acb..e1986b1e4 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -121,6 +121,14 @@ def render( ################################## # Custom template filters follow # ################################## +@register_filter('ip_from_cidr') +def ip_from_cidr(prefix): + """ Take an IPv4/IPv6 CIDR host and strip cidr mask. + Example: + 192.0.2.1/24 -> 192.0.2.1, 2001:db8::1/64 -> 2001:db8::1 + """ + from ipaddress import ip_interface + return str(ip_interface(prefix).ip) @register_filter('address_from_cidr') def address_from_cidr(prefix): @@ -361,3 +369,9 @@ def natural_sort(iterable): return [convert(c) for c in re.split('([0-9]+)', str(key))] return sorted(iterable, key=alphanum_key) + +@register_filter('get_ipv4') +def get_ipv4(interface): + """ Get interface IPv4 addresses""" + from vyos.ifconfig import Interface + return Interface(interface).get_addr_v4() diff --git a/python/vyos/util.py b/python/vyos/util.py index 2a3f6a228..16fcbf10b 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -22,25 +22,13 @@ import sys # where it is used so it is as local as possible to the execution # - -def _need_sudo(command): - return os.path.basename(command.split()[0]) in ('systemctl', ) - - -def _add_sudo(command): - if _need_sudo(command): - return 'sudo ' + command - return command - - from subprocess import Popen from subprocess import PIPE from subprocess import STDOUT from subprocess import DEVNULL - def popen(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=PIPE, decode='utf-8', autosudo=True): + stdout=PIPE, stderr=PIPE, decode='utf-8'): """ popen is a wrapper helper aound subprocess.Popen with it default setting it will return a tuple (out, err) @@ -79,9 +67,6 @@ def popen(command, flag='', shell=None, input=None, timeout=None, env=None, if not debug.enabled(flag): flag = 'command' - if autosudo: - command = _add_sudo(command) - cmd_msg = f"cmd '{command}'" debug.message(cmd_msg, flag) @@ -98,11 +83,8 @@ def popen(command, flag='', shell=None, input=None, timeout=None, env=None, stdin = PIPE input = input.encode() if type(input) is str else input - p = Popen( - command, - stdin=stdin, stdout=stdout, stderr=stderr, - env=env, shell=use_shell, - ) + p = Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, + env=env, shell=use_shell) pipe = p.communicate(input, timeout) @@ -135,7 +117,7 @@ def popen(command, flag='', shell=None, input=None, timeout=None, env=None, def run(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=DEVNULL, stderr=PIPE, decode='utf-8', autosudo=True): + stdout=DEVNULL, stderr=PIPE, decode='utf-8'): """ A wrapper around popen, which discard the stdout and will return the error code of a command @@ -151,8 +133,8 @@ def run(command, flag='', shell=None, input=None, timeout=None, env=None, def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=PIPE, decode='utf-8', autosudo=True, - raising=None, message='', expect=[0]): + stdout=PIPE, stderr=PIPE, decode='utf-8', raising=None, message='', + expect=[0]): """ A wrapper around popen, which returns the stdout and will raise the error code of a command @@ -183,7 +165,7 @@ def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, def call(command, flag='', shell=None, input=None, timeout=None, env=None, - stdout=PIPE, stderr=PIPE, decode='utf-8', autosudo=True): + stdout=PIPE, stderr=PIPE, decode='utf-8'): """ A wrapper around popen, which print the stdout and will return the error code of a command @@ -682,6 +664,16 @@ def get_interface_config(interface): tmp = loads(cmd(f'ip -d -j link show {interface}'))[0] return tmp +def get_interface_address(interface): + """ Returns the used encapsulation protocol for given interface. + If interface does not exist, None is returned. + """ + if not os.path.exists(f'/sys/class/net/{interface}'): + return None + from json import loads + tmp = loads(cmd(f'ip -d -j addr show {interface}'))[0] + return tmp + def get_all_vrfs(): """ Return a dictionary of all system wide known VRF instances """ from json import loads @@ -694,3 +686,35 @@ def get_all_vrfs(): name = entry.pop('name') data[name] = entry return data + +def cidr_fit(cidr_a, cidr_b, both_directions = False): + """ + Does CIDR A fit inside of CIDR B? + + Credit: https://gist.github.com/magnetikonline/686fde8ee0bce4d4930ce8738908a009 + """ + def split_cidr(cidr): + part_list = cidr.split("/") + if len(part_list) == 1: + # if just an IP address, assume /32 + part_list.append("32") + + # return address and prefix size + return part_list[0].strip(), int(part_list[1]) + def address_to_bits(address): + # convert each octet of IP address to binary + bit_list = [bin(int(part)) for part in address.split(".")] + + # join binary parts together + # note: part[2:] to slice off the leading "0b" from bin() results + return "".join([part[2:].zfill(8) for part in bit_list]) + def binary_network_prefix(cidr): + # return CIDR as bits, to the length of the prefix size only (drop the rest) + address, prefix_size = split_cidr(cidr) + return address_to_bits(address)[:prefix_size] + + prefix_a = binary_network_prefix(cidr_a) + prefix_b = binary_network_prefix(cidr_b) + if both_directions: + return prefix_a.startswith(prefix_b) or prefix_b.startswith(prefix_a) + return prefix_a.startswith(prefix_b) diff --git a/smoketest/configs/ospf-small b/smoketest/configs/ospf-small index d95ba4ea4..767f4e21f 100644 --- a/smoketest/configs/ospf-small +++ b/smoketest/configs/ospf-small @@ -124,6 +124,22 @@ system { server 2.pool.ntp.org { } } + sysctl { + all net.ipv4.conf.eth0.tag { + value 1 + } + all net.ipv4.conf.eth1.tag { + value 1 + } + custom net.mpls.default_ttl { + value 10 + } + custom net.mpls.ip_ttl_propagate { + value 0 + } + net.ipv4.igmp_max_memberships 5 + net.ipv4.ipfrag_time 4 + } syslog { global { facility all { diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 29087ff18..7f69b8444 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -25,6 +25,7 @@ from netifaces import interfaces from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError from vyos.ifconfig import Interface from vyos.ifconfig import Section from vyos.util import read_file @@ -230,8 +231,8 @@ class BasicInterfaceTest: # verify changed MTU for intf in self._interfaces: - tmp = read_file(f'/sys/class/net/{intf}/mtu') - self.assertEqual(tmp, self._mtu) + tmp = get_interface_config(intf) + self.assertEqual(tmp['mtu'], int(self._mtu)) def test_mtu_1200_no_ipv6_interface(self): # Testcase if MTU can be changed to 1200 on non IPv6 @@ -255,8 +256,8 @@ class BasicInterfaceTest: # verify changed MTU for intf in self._interfaces: - tmp = read_file(f'/sys/class/net/{intf}/mtu') - self.assertEqual(tmp, self._mtu) + tmp = get_interface_config(intf) + self.assertEqual(tmp['mtu'], int(self._mtu)) self._mtu = old_mtu @@ -275,22 +276,164 @@ class BasicInterfaceTest: for vlan in self._vlan_range: base = self._base_path + [interface, 'vif', vlan] - self.cli_set(base + ['mtu', self._mtu]) for address in self._test_addr: self.cli_set(base + ['address', address]) + self.cli_set(base + ['ingress-qos', '0:1']) + self.cli_set(base + ['egress-qos', '1:6']) self.cli_commit() for intf in self._interfaces: for vlan in self._vlan_range: vif = f'{intf}.{vlan}' + tmp = get_interface_config(f'{vif}') + + tmp2 = dict_search('linkinfo.info_data.ingress_qos', tmp) + for item in tmp2 if tmp2 else []: + from_key = item['from'] + to_key = item['to'] + self.assertEqual(from_key, 0) + self.assertEqual(to_key, 1) + + tmp2 = dict_search('linkinfo.info_data.egress_qos', tmp) + for item in tmp2 if tmp2 else []: + from_key = item['from'] + to_key = item['to'] + self.assertEqual(from_key, 1) + self.assertEqual(to_key, 6) + + for address in self._test_addr: + self.assertTrue(is_intf_addr_assigned(vif, address)) + + self.assertEqual(Interface(vif).get_admin_state(), 'up') + + def test_vif_8021q_mtu_limits(self): + # XXX: This testcase is not allowed to run as first testcase, reason + # is the Wireless test will first load the wifi kernel hwsim module + # which creates a wlan0 and wlan1 interface which will fail the + # tearDown() test in the end that no interface is allowed to survive! + if not self._test_vlan: + self.skipTest('not supported') + + mtu_1500 = '1500' + mtu_9000 = '9000' + + for interface in self._interfaces: + base = self._base_path + [interface] + self.cli_set(base + ['mtu', mtu_1500]) + for option in self._options.get(interface, []): + self.cli_set(base + option.split()) + if 'source-interface' in option: + iface = option.split()[-1] + iface_type = Section.section(iface) + self.cli_set(['interfaces', iface_type, iface, 'mtu', mtu_9000]) + + for vlan in self._vlan_range: + base = self._base_path + [interface, 'vif', vlan] + self.cli_set(base + ['mtu', mtu_9000]) + + # check validate() - VIF MTU must not be larger the parent interface + # MTU size. + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + # Change MTU on base interface to be the same as on the VIF interface + for interface in self._interfaces: + base = self._base_path + [interface] + self.cli_set(base + ['mtu', mtu_9000]) + + self.cli_commit() + + # Verify MTU on base and VIF interfaces + for interface in self._interfaces: + tmp = get_interface_config(interface) + self.assertEqual(tmp['mtu'], int(mtu_9000)) + + for vlan in self._vlan_range: + tmp = get_interface_config(f'{interface}.{vlan}') + self.assertEqual(tmp['mtu'], int(mtu_9000)) + + + def test_vif_8021q_qos_change(self): + # XXX: This testcase is not allowed to run as first testcase, reason + # is the Wireless test will first load the wifi kernel hwsim module + # which creates a wlan0 and wlan1 interface which will fail the + # tearDown() test in the end that no interface is allowed to survive! + if not self._test_vlan: + self.skipTest('not supported') + + for interface in self._interfaces: + base = self._base_path + [interface] + for option in self._options.get(interface, []): + self.cli_set(base + option.split()) + + for vlan in self._vlan_range: + base = self._base_path + [interface, 'vif', vlan] + for address in self._test_addr: + self.cli_set(base + ['address', address]) + self.cli_set(base + ['ingress-qos', '0:1']) + self.cli_set(base + ['egress-qos', '1:6']) + + self.cli_commit() + + for intf in self._interfaces: + for vlan in self._vlan_range: + vif = f'{intf}.{vlan}' + tmp = get_interface_config(f'{vif}') + + tmp2 = dict_search('linkinfo.info_data.ingress_qos', tmp) + for item in tmp2 if tmp2 else []: + from_key = item['from'] + to_key = item['to'] + self.assertEqual(from_key, 0) + self.assertEqual(to_key, 1) + + tmp2 = dict_search('linkinfo.info_data.egress_qos', tmp) + for item in tmp2 if tmp2 else []: + from_key = item['from'] + to_key = item['to'] + self.assertEqual(from_key, 1) + self.assertEqual(to_key, 6) + for address in self._test_addr: self.assertTrue(is_intf_addr_assigned(vif, address)) - tmp = read_file(f'/sys/class/net/{vif}/mtu') - self.assertEqual(tmp, self._mtu) self.assertEqual(Interface(vif).get_admin_state(), 'up') + new_ingress_qos_from = 1 + new_ingress_qos_to = 6 + new_egress_qos_from = 2 + new_egress_qos_to = 7 + for interface in self._interfaces: + base = self._base_path + [interface] + for vlan in self._vlan_range: + base = self._base_path + [interface, 'vif', vlan] + self.cli_delete(base + ['ingress-qos', '0:1']) + self.cli_delete(base + ['egress-qos', '1:6']) + self.cli_set(base + ['ingress-qos', f'{new_ingress_qos_from}:{new_ingress_qos_to}']) + self.cli_set(base + ['egress-qos', f'{new_egress_qos_from}:{new_egress_qos_to}']) + + self.cli_commit() + + for intf in self._interfaces: + for vlan in self._vlan_range: + vif = f'{intf}.{vlan}' + tmp = get_interface_config(f'{vif}') + + tmp2 = dict_search('linkinfo.info_data.ingress_qos', tmp) + if tmp2: + from_key = tmp2[0]['from'] + to_key = tmp2[0]['to'] + self.assertEqual(from_key, new_ingress_qos_from) + self.assertEqual(to_key, new_ingress_qos_to) + + tmp2 = dict_search('linkinfo.info_data.egress_qos', tmp) + if tmp2: + from_key = tmp2[0]['from'] + to_key = tmp2[0]['to'] + self.assertEqual(from_key, new_egress_qos_from) + self.assertEqual(to_key, new_egress_qos_to) + def test_vif_8021q_lower_up_down(self): # Testcase for https://phabricator.vyos.net/T3349 if not self._test_vlan: @@ -364,8 +507,50 @@ class BasicInterfaceTest: # for address in self._test_addr: # self.assertTrue(is_intf_addr_assigned(vif, address)) - tmp = read_file(f'/sys/class/net/{vif}/mtu') - self.assertEqual(tmp, self._mtu) + tmp = get_interface_config(vif) + self.assertEqual(tmp['mtu'], int(self._mtu)) + + def test_vif_s_protocol_change(self): + # XXX: This testcase is not allowed to run as first testcase, reason + # is the Wireless test will first load the wifi kernel hwsim module + # which creates a wlan0 and wlan1 interface which will fail the + # tearDown() test in the end that no interface is allowed to survive! + if not self._test_qinq: + self.skipTest('not supported') + + for interface in self._interfaces: + base = self._base_path + [interface] + for option in self._options.get(interface, []): + self.cli_set(base + option.split()) + + for vif_s in self._qinq_range: + for vif_c in self._vlan_range: + base = self._base_path + [interface, 'vif-s', vif_s, 'vif-c', vif_c] + for address in self._test_addr: + self.cli_set(base + ['address', address]) + + self.cli_commit() + + for interface in self._interfaces: + for vif_s in self._qinq_range: + tmp = get_interface_config(f'{interface}.{vif_s}') + # check for the default value + self.assertEqual(tmp['linkinfo']['info_data']['protocol'], '802.1ad') + + # T3532: now change ethertype + new_protocol = '802.1q' + for interface in self._interfaces: + for vif_s in self._qinq_range: + base = self._base_path + [interface, 'vif-s', vif_s] + self.cli_set(base + ['protocol', new_protocol]) + + self.cli_commit() + + # Verify new ethertype configuration + for interface in self._interfaces: + for vif_s in self._qinq_range: + tmp = get_interface_config(f'{interface}.{vif_s}') + self.assertEqual(tmp['linkinfo']['info_data']['protocol'], new_protocol.upper()) def test_interface_ip_options(self): if not self._test_ip: diff --git a/smoketest/scripts/cli/test_interfaces_bonding.py b/smoketest/scripts/cli/test_interfaces_bonding.py index 03cdafb8d..cf147fe58 100755 --- a/smoketest/scripts/cli/test_interfaces_bonding.py +++ b/smoketest/scripts/cli/test_interfaces_bonding.py @@ -22,6 +22,7 @@ from base_interfaces_test import BasicInterfaceTest from vyos.ifconfig import Section from vyos.ifconfig.interface import Interface from vyos.configsession import ConfigSessionError +from vyos.util import get_interface_config from vyos.util import read_file class BondingInterfaceTest(BasicInterfaceTest.TestCase): @@ -94,5 +95,43 @@ class BondingInterfaceTest(BasicInterfaceTest.TestCase): state = Interface(remove_member).get_admin_state() self.assertEqual('up', state) + def test_bonding_min_links(self): + # configure member interfaces + min_links = len(self._interfaces) + for interface in self._interfaces: + for option in self._options.get(interface, []): + self.cli_set(self._base_path + [interface] + option.split()) + + self.cli_set(self._base_path + [interface, 'min-links', str(min_links)]) + + self.cli_commit() + + # verify config + for interface in self._interfaces: + tmp = get_interface_config(interface) + + self.assertEqual(min_links, tmp['linkinfo']['info_data']['min_links']) + # check LACP default rate + self.assertEqual('slow', tmp['linkinfo']['info_data']['ad_lacp_rate']) + + def test_bonding_lacp_rate(self): + # configure member interfaces + lacp_rate = 'fast' + for interface in self._interfaces: + for option in self._options.get(interface, []): + self.cli_set(self._base_path + [interface] + option.split()) + + self.cli_set(self._base_path + [interface, 'lacp-rate', lacp_rate]) + + self.cli_commit() + + # verify config + for interface in self._interfaces: + tmp = get_interface_config(interface) + + # check LACP minimum links (default value) + self.assertEqual(0, tmp['linkinfo']['info_data']['min_links']) + self.assertEqual(lacp_rate, tmp['linkinfo']['info_data']['ad_lacp_rate']) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py index 21f20c781..4f7e03298 100755 --- a/smoketest/scripts/cli/test_interfaces_bridge.py +++ b/smoketest/scripts/cli/test_interfaces_bridge.py @@ -134,7 +134,19 @@ class BridgeInterfaceTest(BasicInterfaceTest.TestCase): for interface in self._interfaces: base = self._base_path + [interface] self.cli_set(base + ['enable-vlan']) - super().test_vif_8021q_interfaces() + super().test_vif_8021q_lower_up_down() + + def test_vif_8021q_qos_change(self): + for interface in self._interfaces: + base = self._base_path + [interface] + self.cli_set(base + ['enable-vlan']) + super().test_vif_8021q_qos_change() + + def test_vif_8021q_mtu_limits(self): + for interface in self._interfaces: + base = self._base_path + [interface] + self.cli_set(base + ['enable-vlan']) + super().test_vif_8021q_mtu_limits() def test_bridge_vlan_filter(self): vif_vlan = 2 diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py index cb0c8a426..a31d75423 100755 --- a/smoketest/scripts/cli/test_interfaces_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_ethernet.py @@ -118,7 +118,7 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase): self.cli_commit() for interface in self._interfaces: - cpus = read_file('/sys/class/net/eth1/queues/rx-0/rps_cpus') + cpus = read_file(f'/sys/class/net/{interface}/queues/rx-0/rps_cpus') # remove the nasty ',' separation on larger strings cpus = cpus.replace(',','') cpus = int(cpus, 16) diff --git a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py index ff343bb87..ae899cddd 100755 --- a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py @@ -14,8 +14,10 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import unittest +from vyos.ifconfig import Section from base_interfaces_test import BasicInterfaceTest class PEthInterfaceTest(BasicInterfaceTest.TestCase): @@ -29,10 +31,20 @@ class PEthInterfaceTest(BasicInterfaceTest.TestCase): cls._test_vlan = True cls._test_qinq = True cls._base_path = ['interfaces', 'pseudo-ethernet'] - cls._options = { - 'peth0': ['source-interface eth1'], - 'peth1': ['source-interface eth1'], - } + + cls._options = {} + # we need to filter out VLAN interfaces identified by a dot (.) + # in their name - just in case! + if 'TEST_ETH' in os.environ: + for tmp in os.environ['TEST_ETH'].split(): + cls._options.update({f'p{tmp}' : [f'source-interface {tmp}']}) + + else: + for tmp in Section.interfaces('ethernet'): + if '.' in tmp: + continue + cls._options.update({f'p{tmp}' : [f'source-interface {tmp}']}) + cls._interfaces = list(cls._options) # call base-classes classmethod super(cls, cls).setUpClass() diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index ebb0158dc..841527d21 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -189,6 +189,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'no-pmtu-discovery']) self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'key', gre_key]) self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'tos', tos]) + self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'ttl', '0']) # Check if commit is ok self.cli_commit() @@ -221,7 +222,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.assertEqual(encapsulation, conf['linkinfo']['info_kind']) self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) - self.assertEqual(0, conf['linkinfo']['info_data']['ttl']) + self.assertEqual(64, conf['linkinfo']['info_data']['ttl']) # Change remote ip address (inc host by 2 new_remote = inc_ip(remote_ip4, 2) @@ -258,7 +259,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.assertEqual(encapsulation, conf['linkinfo']['info_kind']) self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) - self.assertEqual(0, conf['linkinfo']['info_data']['ttl']) + self.assertEqual(64, conf['linkinfo']['info_data']['ttl']) self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['ikey']) self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['okey']) self.assertEqual(int(idx), conf['linkinfo']['info_data']['erspan_index']) @@ -314,7 +315,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.assertEqual(encapsulation, conf['linkinfo']['info_kind']) self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) - self.assertEqual(0, conf['linkinfo']['info_data']['ttl']) + self.assertEqual(64, conf['linkinfo']['info_data']['ttl']) self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['ikey']) self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['okey']) self.assertEqual(erspan_ver, conf['linkinfo']['info_data']['erspan_ver']) diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 0ed66657c..10adc06e1 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -611,6 +611,7 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f'{family}', frrconfig) self.assertIn(f'local-install {flowspec_int}', frrconfig) + def test_bgp_10_vrf_simple(self): router_id = '127.0.0.3' vrfs = ['red', 'green', 'blue'] @@ -644,5 +645,27 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): # zebra_route_map = f' ip protocol bgp route-map {route_map_in}' # self.assertIn(zebra_route_map, vrfconfig) + + def test_bgp_11_confederation(self): + router_id = '127.10.10.2' + confed_id = str(int(ASN) + 1) + confed_asns = '10 20 30 40' + + self.cli_set(base_path + ['local-as', ASN]) + self.cli_set(base_path + ['parameters', 'router-id', router_id]) + self.cli_set(base_path + ['parameters', 'confederation', 'identifier', confed_id]) + for asn in confed_asns.split(): + self.cli_set(base_path + ['parameters', 'confederation', 'peers', asn]) + + # commit changes + self.cli_commit() + + # Verify FRR bgpd configuration + frrconfig = self.getFRRconfig(f'router bgp {ASN}') + self.assertIn(f'router bgp {ASN}', frrconfig) + self.assertIn(f' bgp router-id {router_id}', frrconfig) + self.assertIn(f' bgp confederation identifier {confed_id}', frrconfig) + self.assertIn(f' bgp confederation peers {confed_asns}', frrconfig) + if __name__ == '__main__': unittest.main(verbosity=2)
\ No newline at end of file diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py index b31d2b494..9b6d4a4ec 100755 --- a/smoketest/scripts/cli/test_protocols_isis.py +++ b/smoketest/scripts/cli/test_protocols_isis.py @@ -29,6 +29,13 @@ domain = 'VyOS' net = '49.0001.1921.6800.1002.00' class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): + @classmethod + def setUpClass(cls): + cls._interfaces = Section.interfaces('ethernet') + + # call base-classes classmethod + super(cls, cls).setUpClass() + def tearDown(self): self.cli_delete(base_path) self.cli_commit() @@ -36,21 +43,30 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) + def isis_base_config(self): + self.cli_set(base_path + ['net', net]) + for interface in self._interfaces: + self.cli_set(base_path + ['interface', interface]) + def test_isis_01_redistribute(self): prefix_list = 'EXPORT-ISIS' route_map = 'EXPORT-ISIS' rule = '10' + self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'action', 'permit']) self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'prefix', '203.0.113.0/24']) self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'action', 'permit']) self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'match', 'ip', 'address', 'prefix-list', prefix_list]) - self.cli_set(base_path + ['net', net]) - self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) + self.cli_set(base_path) - interfaces = Section.interfaces('ethernet') - for interface in interfaces: - self.cli_set(base_path + ['interface', interface]) + # verify() - net id and interface are mandatory + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.isis_base_config() + self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) + self.cli_set(base_path + ['log-adjacency-changes']) # Commit all changes self.cli_commit() @@ -58,11 +74,13 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): # Verify all changes tmp = self.getFRRconfig(f'router isis {domain}') self.assertIn(f' net {net}', tmp) + self.assertIn(f' log-adjacency-changes', tmp) self.assertIn(f' redistribute ipv4 connected level-2 route-map {route_map}', tmp) - for interface in interfaces: + for interface in self._interfaces: tmp = self.getFRRconfig(f'interface {interface}') self.assertIn(f' ip router isis {domain}', tmp) + self.assertIn(f' ipv6 router isis {domain}', tmp) self.cli_delete(['policy', 'route-map', route_map]) self.cli_delete(['policy', 'prefix-list', prefix_list]) @@ -104,14 +122,10 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.cli_set(['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit']) - self.cli_set(base_path + ['net', net]) + self.isis_base_config() self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) - - interfaces = Section.interfaces('ethernet') - for interface in interfaces: - self.cli_set(base_path + ['interface', interface]) - self.cli_set(base_path + ['route-map', route_map]) + # commit changes self.cli_commit() @@ -131,5 +145,59 @@ class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): self.cli_delete(['policy', 'route-map', route_map]) + def test_isis_04_default_information(self): + metric = '50' + route_map = 'default-foo-' + + self.isis_base_config() + for afi in ['ipv4', 'ipv6']: + for level in ['level-1', 'level-2']: + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'always']) + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'metric', metric]) + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'route-map', route_map + level + afi]) + + # Commit all changes + self.cli_commit() + + # Verify all changes + tmp = self.getFRRconfig(f'router isis {domain}') + self.assertIn(f' net {net}', tmp) + + for afi in ['ipv4', 'ipv6']: + for level in ['level-1', 'level-2']: + route_map_name = route_map + level + afi + self.assertIn(f' default-information originate {afi} {level} always route-map {route_map_name} metric {metric}', tmp) + + + def test_isis_05_password(self): + password = 'foo' + + self.isis_base_config() + + self.cli_set(base_path + ['area-password', 'plaintext-password', password]) + self.cli_set(base_path + ['area-password', 'md5', password]) + self.cli_set(base_path + ['domain-password', 'plaintext-password', password]) + self.cli_set(base_path + ['domain-password', 'md5', password]) + + # verify() - can not use both md5 and plaintext-password for area-password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['area-password', 'md5', password]) + + # verify() - can not use both md5 and plaintext-password for domain-password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['domain-password', 'md5', password]) + + # Commit all changes + self.cli_commit() + + # Verify all changes + tmp = self.getFRRconfig(f'router isis {domain}') + self.assertIn(f' net {net}', tmp) + self.assertIn(f' domain-password clear {password}', tmp) + self.assertIn(f' area-password clear {password}', tmp) + + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_protocols_nhrp.py b/smoketest/scripts/cli/test_protocols_nhrp.py new file mode 100755 index 000000000..8389e42e9 --- /dev/null +++ b/smoketest/scripts/cli/test_protocols_nhrp.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM + +from vyos.util import call, process_named_running, read_file + +tunnel_path = ['interfaces', 'tunnel'] +nhrp_path = ['protocols', 'nhrp'] +vpn_path = ['vpn', 'ipsec'] + +class TestProtocolsNHRP(VyOSUnitTestSHIM.TestCase): + def tearDown(self): + self.cli_delete(nhrp_path) + self.cli_delete(tunnel_path) + self.cli_commit() + + def test_config(self): + self.cli_delete(nhrp_path) + self.cli_delete(tunnel_path) + + # Tunnel + self.cli_set(tunnel_path + ["tun100", "address", "172.16.253.134/29"]) + self.cli_set(tunnel_path + ["tun100", "encapsulation", "gre"]) + self.cli_set(tunnel_path + ["tun100", "source-address", "192.0.2.1"]) + self.cli_set(tunnel_path + ["tun100", "multicast", "enable"]) + self.cli_set(tunnel_path + ["tun100", "parameters", "ip", "key", "1"]) + + # NHRP + self.cli_set(nhrp_path + ["tunnel", "tun100", "cisco-authentication", "secret"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "holding-time", "300"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "multicast", "dynamic"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "redirect"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "shortcut"]) + + # IKE/ESP Groups + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "compression", "disable"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "lifetime", "1800"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "mode", "transport"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "pfs", "dh-group2"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "proposal", "1", "encryption", "aes256"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "proposal", "1", "hash", "sha1"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "proposal", "2", "encryption", "3des"]) + self.cli_set(vpn_path + ["esp-group", "ESP-HUB", "proposal", "2", "hash", "md5"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "ikev2-reauth", "no"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "key-exchange", "ikev1"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "lifetime", "3600"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "1", "dh-group", "2"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "1", "encryption", "aes256"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "1", "hash", "sha1"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "2", "dh-group", "2"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "2", "encryption", "aes128"]) + self.cli_set(vpn_path + ["ike-group", "IKE-HUB", "proposal", "2", "hash", "sha1"]) + + # Profile - Not doing full DMVPN checks here, just want to verify the profile name in the output + self.cli_set(vpn_path + ["ipsec-interfaces", "interface", "eth0"]) + self.cli_set(vpn_path + ["profile", "NHRPVPN", "authentication", "mode", "pre-shared-secret"]) + self.cli_set(vpn_path + ["profile", "NHRPVPN", "authentication", "pre-shared-secret", "secret"]) + self.cli_set(vpn_path + ["profile", "NHRPVPN", "bind", "tunnel", "tun100"]) + self.cli_set(vpn_path + ["profile", "NHRPVPN", "esp-group", "ESP-HUB"]) + self.cli_set(vpn_path + ["profile", "NHRPVPN", "ike-group", "IKE-HUB"]) + + self.cli_commit() + + opennhrp_lines = [ + 'interface tun100 #hub NHRPVPN', + 'cisco-authentication secret', + 'holding-time 300', + 'shortcut', + 'multicast dynamic', + 'redirect' + ] + + tmp_opennhrp_conf = read_file('/run/opennhrp/opennhrp.conf') + + for line in opennhrp_lines: + self.assertIn(line, tmp_opennhrp_conf) + + self.assertTrue(process_named_running('opennhrp')) + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_protocols_ospfv3.py b/smoketest/scripts/cli/test_protocols_ospfv3.py index 6bb551642..0b4b01993 100755 --- a/smoketest/scripts/cli/test_protocols_ospfv3.py +++ b/smoketest/scripts/cli/test_protocols_ospfv3.py @@ -150,5 +150,22 @@ class TestProtocolsOSPFv3(VyOSUnitTestSHIM.TestCase): cost = str(int(cost) + 10) priority = str(int(priority) + 5) + + def test_ospfv3_05_area_stub(self): + area_stub = '23' + area_stub_nosum = '26' + + self.cli_set(base_path + ['area', area_stub, 'area-type', 'stub']) + self.cli_set(base_path + ['area', area_stub_nosum, 'area-type', 'stub', 'no-summary']) + + # commit changes + self.cli_commit() + + # Verify FRR ospfd configuration + frrconfig = self.getFRRconfig('router ospf6') + self.assertIn(f'router ospf6', frrconfig) + self.assertIn(f' area {area_stub} stub', frrconfig) + self.assertIn(f' area {area_stub_nosum} stub no-summary', frrconfig) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py index d3f6f21f1..815bd333a 100755 --- a/smoketest/scripts/cli/test_service_dhcp-server.py +++ b/smoketest/scripts/cli/test_service_dhcp-server.py @@ -414,5 +414,29 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) + def test_dhcp_invalid_raw_options(self): + shared_net_name = 'SMOKE-5' + + range_0_start = inc_ip(subnet, 10) + range_0_stop = inc_ip(subnet, 20) + + pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] + # we use the first subnet IP address as default gateway + self.cli_set(pool + ['default-router', router]) + self.cli_set(pool + ['range', '0', 'start', range_0_start]) + self.cli_set(pool + ['range', '0', 'stop', range_0_stop]) + + self.cli_set(base_path + ['global-parameters', 'this-is-crap']) + # check generate() - dhcpd should not acceot this garbage config + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['global-parameters']) + + # commit changes + self.cli_commit() + + # Check for running process + self.assertTrue(process_named_running(PROCESS_NAME)) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py index e85a055c7..a939aa003 100755 --- a/smoketest/scripts/cli/test_service_dhcpv6-server.py +++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py @@ -161,8 +161,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): self.cli_commit() config = read_file(DHCPD_CONF) - self.assertIn(f'option dhcp6.name-servers {ns_global_1};', config) - self.assertIn(f'option dhcp6.name-servers {ns_global_2};', config) + self.assertIn(f'option dhcp6.name-servers {ns_global_1}, {ns_global_2};', config) self.assertIn(f'subnet6 {subnet}' + r' {', config) self.assertIn(f'set shared-networkname = "{shared_net_name}";', config) diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py new file mode 100755 index 000000000..21d626d2f --- /dev/null +++ b/smoketest/scripts/cli/test_system_conntrack.py @@ -0,0 +1,238 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM + +from vyos.configsession import ConfigSession +from vyos.util import cmd +from vyos.util import read_file + +base_path = ['system', 'conntrack'] + +def get_sysctl(parameter): + tmp = parameter.replace(r'.', r'/') + return read_file(f'/proc/sys/{tmp}') + +class TestSystemConntrack(VyOSUnitTestSHIM.TestCase): + def tearDown(self): + self.cli_delete(base_path) + self.cli_commit() + + def test_conntrack_options(self): + conntrack_config = { + 'net.netfilter.nf_conntrack_expect_max' : { + 'cli' : ['expect-table-size'], + 'test_value' : '8192', + 'default_value' : '2048', + }, + 'net.nf_conntrack_max' :{ + 'cli' : ['table-size'], + 'test_value' : '500000', + 'default_value' : '262144', + }, + 'net.ipv4.tcp_max_syn_backlog' :{ + 'cli' : ['tcp', 'half-open-connections'], + 'test_value' : '2048', + 'default_value' : '512', + }, + 'net.netfilter.nf_conntrack_tcp_loose' :{ + 'cli' : ['tcp', 'loose'], + 'test_value' : 'disable', + 'default_value' : '1', + }, + 'net.netfilter.nf_conntrack_tcp_max_retrans' :{ + 'cli' : ['tcp', 'max-retrans'], + 'test_value' : '1024', + 'default_value' : '3', + }, + 'net.netfilter.nf_conntrack_icmp_timeout' :{ + 'cli' : ['timeout', 'icmp'], + 'test_value' : '180', + 'default_value' : '30', + }, + 'net.netfilter.nf_conntrack_generic_timeout' :{ + 'cli' : ['timeout', 'other'], + 'test_value' : '1200', + 'default_value' : '600', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_close_wait' :{ + 'cli' : ['timeout', 'tcp', 'close-wait'], + 'test_value' : '30', + 'default_value' : '60', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_close' :{ + 'cli' : ['timeout', 'tcp', 'close'], + 'test_value' : '20', + 'default_value' : '10', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_established' :{ + 'cli' : ['timeout', 'tcp', 'established'], + 'test_value' : '1000', + 'default_value' : '432000', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_fin_wait' :{ + 'cli' : ['timeout', 'tcp', 'fin-wait'], + 'test_value' : '240', + 'default_value' : '120', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_last_ack' :{ + 'cli' : ['timeout', 'tcp', 'last-ack'], + 'test_value' : '300', + 'default_value' : '30', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_syn_recv' :{ + 'cli' : ['timeout', 'tcp', 'syn-recv'], + 'test_value' : '100', + 'default_value' : '60', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_syn_sent' :{ + 'cli' : ['timeout', 'tcp', 'syn-sent'], + 'test_value' : '300', + 'default_value' : '120', + }, + 'net.netfilter.nf_conntrack_tcp_timeout_time_wait' :{ + 'cli' : ['timeout', 'tcp', 'time-wait'], + 'test_value' : '303', + 'default_value' : '120', + }, + 'net.netfilter.nf_conntrack_udp_timeout' :{ + 'cli' : ['timeout', 'udp', 'other'], + 'test_value' : '90', + 'default_value' : '30', + }, + 'net.netfilter.nf_conntrack_udp_timeout_stream' :{ + 'cli' : ['timeout', 'udp', 'stream'], + 'test_value' : '200', + 'default_value' : '180', + }, + } + + for parameter, parameter_config in conntrack_config.items(): + self.cli_set(base_path + parameter_config['cli'] + [parameter_config['test_value']]) + + # commit changes + self.cli_commit() + + # validate configuration + for parameter, parameter_config in conntrack_config.items(): + tmp = parameter_config['test_value'] + # net.netfilter.nf_conntrack_tcp_loose has a fancy "disable" value, + # make this work + if tmp == 'disable': + tmp = '0' + self.assertEqual(get_sysctl(f'{parameter}'), tmp) + + # delete all configuration options and revert back to defaults + self.cli_delete(base_path) + self.cli_commit() + + # validate configuration + for parameter, parameter_config in conntrack_config.items(): + self.assertEqual(get_sysctl(f'{parameter}'), parameter_config['default_value']) + + + def test_conntrack_module_disable(self): + # Some features are disabled by onloading the kernel helper module(s) + modules = { + 'ftp' : { + 'driver' : ['nf_nat_ftp', 'nf_conntrack_ftp'], + }, + 'h323' : { + 'driver' : ['nf_nat_h323', 'nf_conntrack_h323'], + }, + 'nfs' : { + 'iptables' : ['-A VYATTA_CT_HELPER -p udp -m udp --dport 111 -j CT --helper rpc', + '-A VYATTA_CT_HELPER -p tcp -m tcp --dport 111 -j CT --helper rpc'], + }, + 'pptp' : { + 'driver' : ['nf_nat_pptp', 'nf_conntrack_pptp'], + }, + 'sip' : { + 'driver' : ['nf_nat_sip', 'nf_conntrack_sip'], + }, + 'sqlnet' : { + 'iptables' : ['-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1536 -j CT --helper tns', + '-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1525 -j CT --helper tns', + '-A VYATTA_CT_HELPER -p tcp -m tcp --dport 1521 -j CT --helper tns'], + }, + 'tftp' : { + 'driver' : ['nf_nat_tftp', 'nf_conntrack_tftp'], + }, + } + + for module in modules: + self.cli_set(base_path + ['modules', module, 'disable']) + + # commit changes + self.cli_commit() + + # verify modules are no longer loaded on the system + for module, module_options in modules.items(): + if 'driver' in module_options: + for driver in module_options['driver']: + self.assertFalse(os.path.isdir(f'/sys/module/{driver}')) + if 'iptables' in module_options: + rules = cmd('sudo iptables-save -t raw') + for ruleset in module_options['iptables']: + self.assertNotIn(ruleset, rules) + + # reload modules + for module in modules: + self.cli_delete(base_path + ['modules', module, 'disable']) + + # commit changes + self.cli_commit() + + # verify modules are again loaded on the system + for module, module_options in modules.items(): + if 'driver' in module_options: + for driver in module_options['driver']: + self.assertTrue(os.path.isdir(f'/sys/module/{driver}')) + if 'iptables' in module_options: + rules = cmd('sudo iptables-save -t raw') + for ruleset in module_options['iptables']: + self.assertIn(ruleset, rules) + + def test_conntrack_hash_size(self): + hash_size = '65536' + hash_size_default = '32768' + + self.cli_set(base_path + ['hash-size', hash_size]) + + # commit changes + self.cli_commit() + + # verify new configuration - only effective after reboot, but + # a valid config file is sufficient + tmp = read_file('/etc/modprobe.d/vyatta_nf_conntrack.conf') + self.assertIn(hash_size, tmp) + + # Test default value by deleting the configuration + self.cli_delete(base_path + ['hash-size']) + + # commit changes + self.cli_commit() + + # verify new configuration - only effective after reboot, but + # a valid config file is sufficient + tmp = read_file('/etc/modprobe.d/vyatta_nf_conntrack.conf') + self.assertIn(hash_size_default, tmp) + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py new file mode 100755 index 000000000..4a3340ffb --- /dev/null +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -0,0 +1,149 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM + +from vyos.util import call, process_named_running, read_file + +tunnel_path = ['interfaces', 'tunnel'] +nhrp_path = ['protocols', 'nhrp'] +base_path = ['vpn', 'ipsec'] + +class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): + def tearDown(self): + self.cli_delete(base_path) + self.cli_delete(nhrp_path) + self.cli_delete(tunnel_path) + self.cli_commit() + + def test_site_to_site(self): + self.cli_delete(base_path) + + # IKE/ESP Groups + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"]) + + # Site to site + self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "mode", "pre-shared-secret"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "pre-shared-secret", "MYSECRETKEY"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "local-address", "192.0.2.10"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "gre"]) + + self.cli_commit() + + ipsec_conf_lines = [ + 'authby = secret', + 'ike = aes128-sha1-modp1024!', + 'esp = aes128-sha1-modp1024!', + 'left = 192.0.2.10', + 'right = 203.0.113.45', + 'type = tunnel' + ] + + ipsec_secrets_lines = [ + '192.0.2.10 203.0.113.45 : PSK "MYSECRETKEY" # dhcp:no' + ] + + tmp_ipsec_conf = read_file('/etc/ipsec.conf') + + for line in ipsec_conf_lines: + self.assertIn(line, tmp_ipsec_conf) + + call('sudo chmod 644 /etc/ipsec.secrets') # Needs to be readable + tmp_ipsec_secrets = read_file('/etc/ipsec.secrets') + + for line in ipsec_secrets_lines: + self.assertIn(line, tmp_ipsec_secrets) + + # Check for running process + self.assertTrue(process_named_running('charon')) + + def test_dmvpn(self): + self.cli_delete(base_path) + self.cli_delete(nhrp_path) + self.cli_delete(tunnel_path) + + # Tunnel + self.cli_set(tunnel_path + ["tun100", "address", "172.16.253.134/29"]) + self.cli_set(tunnel_path + ["tun100", "encapsulation", "gre"]) + self.cli_set(tunnel_path + ["tun100", "source-address", "192.0.2.1"]) + self.cli_set(tunnel_path + ["tun100", "multicast", "enable"]) + self.cli_set(tunnel_path + ["tun100", "parameters", "ip", "key", "1"]) + + # NHRP + self.cli_set(nhrp_path + ["tunnel", "tun100", "cisco-authentication", "secret"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "holding-time", "300"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "multicast", "dynamic"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "redirect"]) + self.cli_set(nhrp_path + ["tunnel", "tun100", "shortcut"]) + + # IKE/ESP Groups + self.cli_set(base_path + ["esp-group", "ESP-HUB", "compression", "disable"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "lifetime", "1800"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "mode", "transport"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "pfs", "dh-group2"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "proposal", "1", "encryption", "aes256"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "proposal", "2", "encryption", "3des"]) + self.cli_set(base_path + ["esp-group", "ESP-HUB", "proposal", "2", "hash", "md5"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "ikev2-reauth", "no"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "key-exchange", "ikev1"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "lifetime", "3600"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "1", "dh-group", "2"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "1", "encryption", "aes256"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "2", "dh-group", "2"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "2", "encryption", "aes128"]) + self.cli_set(base_path + ["ike-group", "IKE-HUB", "proposal", "2", "hash", "sha1"]) + + # Profile + self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"]) + self.cli_set(base_path + ["profile", "NHRPVPN", "authentication", "mode", "pre-shared-secret"]) + self.cli_set(base_path + ["profile", "NHRPVPN", "authentication", "pre-shared-secret", "secret"]) + self.cli_set(base_path + ["profile", "NHRPVPN", "bind", "tunnel", "tun100"]) + self.cli_set(base_path + ["profile", "NHRPVPN", "esp-group", "ESP-HUB"]) + self.cli_set(base_path + ["profile", "NHRPVPN", "ike-group", "IKE-HUB"]) + + self.cli_commit() + + swanctl_lines = [ + 'proposals = aes256-sha1-modp1024,aes128-sha1-modp1024', + 'version = 1', + 'rekey_time = 3600s', + 'esp_proposals = aes256-sha1-modp1024,3des-md5-modp1024', + 'local_ts = dynamic[gre]', + 'remote_ts = dynamic[gre]', + 'mode = transport', + 'secret = secret' + ] + + tmp_swanctl_conf = read_file('/etc/swanctl/swanctl.conf') + + for line in swanctl_lines: + self.assertIn(line, tmp_swanctl_conf) + + self.assertTrue(process_named_running('charon')) + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/src/completion/list_disks.py b/src/completion/list_disks.py index ff1135e23..0aa872abb 100755 --- a/src/completion/list_disks.py +++ b/src/completion/list_disks.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,11 +23,20 @@ parser.add_argument("-e", "--exclude", type=str, help="Exclude specified device args = parser.parse_args() disks = set() -with open('/proc/partitions') as partitions_file: - for line in partitions_file: - fields = line.strip().split() - if len(fields) == 4 and fields[3].isalpha() and fields[3] != 'name': - disks.add(fields[3]) +with open('/proc/partitions') as f: + table = f.read() + +for line in table.splitlines()[1:]: + fields = line.strip().split() + # probably an empty line at the top + if len(fields) == 0: + continue + disks.add(fields[3]) + +if 'loop0' in disks: + disks.remove('loop0') +if 'sr0' in disks: + disks.remove('sr0') if args.exclude: disks.remove(args.exclude) diff --git a/src/completion/list_protocols.sh b/src/completion/list_protocols.sh new file mode 100755 index 000000000..e9d50a70f --- /dev/null +++ b/src/completion/list_protocols.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +grep -v '^#' /etc/protocols | awk 'BEGIN {ORS=""} {if ($3) {print TRS $1; TRS=" "}}' diff --git a/src/completion/list_sysctl_parameters.sh b/src/completion/list_sysctl_parameters.sh new file mode 100755 index 000000000..c111716bb --- /dev/null +++ b/src/completion/list_sysctl_parameters.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +declare -a vals +eval "vals=($(/sbin/sysctl -N -a))" +echo ${vals[@]} +exit 0 diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py new file mode 100755 index 000000000..4e6e39c0f --- /dev/null +++ b/src/conf_mode/conntrack.py @@ -0,0 +1,140 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit + +from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.util import cmd +from vyos.util import run +from vyos.util import process_named_running +from vyos.util import dict_search +from vyos.template import render +from vyos.xml import defaults +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +conntrack_config = r'/etc/modprobe.d/vyatta_nf_conntrack.conf' +sysctl_file = r'/run/sysctl/10-vyos-conntrack.conf' + +# Every ALG (Application Layer Gateway) consists of either a Kernel Object +# also called a Kernel Module/Driver or some rules present in iptables +module_map = { + 'ftp' : { + 'ko' : ['nf_nat_ftp', 'nf_conntrack_ftp'], + }, + 'h323' : { + 'ko' : ['nf_nat_h323', 'nf_conntrack_h323'], + }, + 'nfs' : { + 'iptables' : ['VYATTA_CT_HELPER --table raw --proto tcp --dport 111 --jump CT --helper rpc', + 'VYATTA_CT_HELPER --table raw --proto udp --dport 111 --jump CT --helper rpc'], + }, + 'pptp' : { + 'ko' : ['nf_nat_pptp', 'nf_conntrack_pptp'], + }, + 'sip' : { + 'ko' : ['nf_nat_sip', 'nf_conntrack_sip'], + }, + 'sqlnet' : { + 'iptables' : ['VYATTA_CT_HELPER --table raw --proto tcp --dport 1521 --jump CT --helper tns', + 'VYATTA_CT_HELPER --table raw --proto tcp --dport 1525 --jump CT --helper tns', + 'VYATTA_CT_HELPER --table raw --proto tcp --dport 1536 --jump CT --helper tns'], + }, + 'tftp' : { + 'ko' : ['nf_nat_tftp', 'nf_conntrack_tftp'], + }, +} + +def resync_conntrackd(): + tmp = run('/usr/libexec/vyos/conf_mode/conntrack_sync.py') + if tmp > 0: + print('ERROR: error restarting conntrackd!') + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['system', 'conntrack'] + + conntrack = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True) + + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_values = defaults(base) + conntrack = dict_merge(default_values, conntrack) + + return conntrack + +def verify(conntrack): + return None + +def generate(conntrack): + render(conntrack_config, 'conntrack/vyos_nf_conntrack.conf.tmpl', conntrack) + render(sysctl_file, 'conntrack/sysctl.conf.tmpl', conntrack) + + return None + +def apply(conntrack): + # Depending on the enable/disable state of the ALG (Application Layer Gateway) + # modules we need to either insmod or rmmod the helpers. + for module, module_config in module_map.items(): + if dict_search(f'modules.{module}.disable', conntrack) != None: + if 'ko' in module_config: + for mod in module_config['ko']: + # Only remove the module if it's loaded + if os.path.exists(f'/sys/module/{mod}'): + cmd(f'rmmod {mod}') + if 'iptables' in module_config: + for rule in module_config['iptables']: + print(f'iptables --delete {rule}') + cmd(f'iptables --delete {rule}') + else: + if 'ko' in module_config: + for mod in module_config['ko']: + cmd(f'modprobe {mod}') + if 'iptables' in module_config: + for rule in module_config['iptables']: + # Only install iptables rule if it does not exist + tmp = run(f'iptables --check {rule}') + if tmp > 0: + cmd(f'iptables --insert {rule}') + + + if process_named_running('conntrackd'): + # Reload conntrack-sync daemon to fetch new sysctl values + resync_conntrackd() + + # We silently ignore all errors + # See: https://bugzilla.redhat.com/show_bug.cgi?id=1264080 + cmd(f'sysctl -f {sysctl_file}') + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/conntrack_sync.py b/src/conf_mode/conntrack_sync.py new file mode 100755 index 000000000..7f22fa2dd --- /dev/null +++ b/src/conf_mode/conntrack_sync.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit +from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.configverify import verify_interface_exists +from vyos.util import call +from vyos.util import dict_search +from vyos.util import process_named_running +from vyos.util import read_file +from vyos.util import run +from vyos.template import render +from vyos.template import get_ipv4 +from vyos.validate import is_addr_assigned +from vyos.xml import defaults +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +config_file = '/run/conntrackd/conntrackd.conf' + +def resync_vrrp(): + tmp = run('/usr/libexec/vyos/conf_mode/vrrp.py') + if tmp > 0: + print('ERROR: error restarting VRRP daemon!') + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['service', 'conntrack-sync'] + if not conf.exists(base): + return None + + conntrack = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True) + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_values = defaults(base) + conntrack = dict_merge(default_values, conntrack) + + conntrack['hash_size'] = read_file('/sys/module/nf_conntrack/parameters/hashsize') + conntrack['table_size'] = read_file('/proc/sys/net/netfilter/nf_conntrack_max') + + conntrack['vrrp'] = conf.get_config_dict(['high-availability', 'vrrp', 'sync-group'], + get_first_key=True) + + return conntrack + +def verify(conntrack): + if not conntrack: + return None + + if 'interface' not in conntrack: + raise ConfigError('Interface not defined!') + + for interface in conntrack['interface']: + verify_interface_exists(interface) + # Interface must not only exist, it must also carry an IP address + if len(get_ipv4(interface)) < 1: + raise ConfigError(f'Interface {interface} requires an IP address!') + + if 'expect_sync' in conntrack: + if len(conntrack['expect_sync']) > 1 and 'all' in conntrack['expect_sync']: + raise ConfigError('Cannot configure all with other protocol') + + if 'listen_address' in conntrack: + address = conntrack['listen_address'] + if not is_addr_assigned(address): + raise ConfigError(f'Specified listen-address {address} not assigned to any interface!') + + vrrp_group = dict_search('failover_mechanism.vrrp.sync_group', conntrack) + if vrrp_group == None: + raise ConfigError(f'No VRRP sync-group defined!') + if vrrp_group not in conntrack['vrrp']: + raise ConfigError(f'VRRP sync-group {vrrp_group} not configured!') + + return None + +def generate(conntrack): + if not conntrack: + if os.path.isfile(config_file): + os.unlink(config_file) + return None + + render(config_file, 'conntrackd/conntrackd.conf.tmpl', conntrack) + + return None + +def apply(conntrack): + if not conntrack: + # Failover mechanism daemon should be indicated that it no longer needs + # to execute conntrackd actions on transition. This is only required + # once when conntrackd is stopped and taken out of service! + if process_named_running('conntrackd'): + resync_vrrp() + + call('systemctl stop conntrackd.service') + return None + + # Failover mechanism daemon should be indicated that it needs to execute + # conntrackd actions on transition. This is only required once when conntrackd + # is started the first time! + if not process_named_running('conntrackd'): + resync_vrrp() + + call('systemctl restart conntrackd.service') + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 84a8736e8..cdee72e09 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -18,6 +18,8 @@ import os from ipaddress import ip_address from ipaddress import ip_network +from netaddr import IPAddress +from netaddr import IPRange from sys import exit from vyos.config import Config @@ -25,6 +27,7 @@ from vyos.configdict import dict_merge from vyos.template import render from vyos.util import call from vyos.util import dict_search +from vyos.util import run from vyos.validate import is_subnet_connected from vyos.validate import is_addr_assigned from vyos.xml import defaults @@ -162,8 +165,7 @@ def verify(dhcp): # Check if DHCP address range is inside configured subnet declaration if 'range' in subnet_config: - range_start = [] - range_stop = [] + networks = [] for range, range_config in subnet_config['range'].items(): if not {'start', 'stop'} <= set(range_config): raise ConfigError(f'DHCP range "{range}" start and stop address must be defined!') @@ -178,18 +180,16 @@ def verify(dhcp): raise ConfigError(f'DHCP range "{range}" stop address must be greater or equal\n' \ 'to the ranges start address!') - # Range start address must be unique - if range_config['start'] in range_start: - raise ConfigError('Conflicting DHCP lease range: Pool start\n' \ - 'address "{start}" defined multipe times!'.format(range_config)) + for network in networks: + start = range_config['start'] + stop = range_config['stop'] + if start in network: + raise ConfigError(f'Range "{range}" start address "{start}" already part of another range!') + if stop in network: + raise ConfigError(f'Range "{range}" stop address "{stop}" already part of another range!') - # Range stop address must be unique - if range_config['stop'] in range_start: - raise ConfigError('Conflicting DHCP lease range: Pool stop\n' \ - 'address "{stop}" defined multipe times!'.format(range_config)) - - range_start.append(range_config['start']) - range_stop.append(range_config['stop']) + tmp = IPRange(range_config['start'], range_config['stop']) + networks.append(tmp) if 'failover' in subnet_config: for key in ['local_address', 'peer_address', 'name', 'status']: @@ -272,10 +272,25 @@ def generate(dhcp): if not dhcp or 'disable' in dhcp: return None - # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw parameters - # we can pass to ISC DHCPd + # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw + # parameters we can pass to ISC DHCPd + tmp_file = '/tmp/dhcpd.conf' + render(tmp_file, 'dhcp-server/dhcpd.conf.tmpl', dhcp, + formater=lambda _: _.replace(""", '"')) + # XXX: as we have the ability for a user to pass in "raw" options via VyOS + # CLI (see T3544) we now ask ISC dhcpd to test the newly rendered + # configuration + tmp = run(f'/usr/sbin/dhcpd -4 -q -t -cf {tmp_file}') + if tmp > 0: + if os.path.exists(tmp_file): + os.unlink(tmp_file) + raise ConfigError('Configuration file errors encountered - check your options!') + + # Now that we know that the newly rendered configuration is "good" we can + # render the "real" configuration render(config_file, 'dhcp-server/dhcpd.conf.tmpl', dhcp, formater=lambda _: _.replace(""", '"')) + return None def apply(dhcp): diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py new file mode 100755 index 000000000..8e6ce5b14 --- /dev/null +++ b/src/conf_mode/firewall.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit + +from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.configdict import node_changed +from vyos.configdict import leaf_node_changed +from vyos.template import render +from vyos.util import call +from vyos import ConfigError +from vyos import airbag +from pprint import pprint +airbag.enable() + + +def get_config(config=None): + + if config: + conf = config + else: + conf = Config() + base = ['nfirewall'] + firewall = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, + no_tag_node_value_mangle=True) + + pprint(firewall) + return firewall + +def verify(firewall): + # bail out early - looks like removal from running config + if not firewall: + return None + + return None + +def generate(firewall): + if not firewall: + return None + + return None + +def apply(firewall): + if not firewall: + return None + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 0727b47a8..9cae29481 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -43,7 +43,7 @@ uacctd_conf_path = '/etc/pmacct/uacctd.conf' iptables_nflog_table = 'raw' iptables_nflog_chain = 'VYATTA_CT_PREROUTING_HOOK' egress_iptables_nflog_table = 'mangle' -egress_iptables_nflog_chain = 'POSTROUTING' +egress_iptables_nflog_chain = 'FORWARD' # helper functions # check if node exists and return True if this is true diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 1a549f27d..431d65f1f 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -83,6 +83,9 @@ def get_config(config=None): tmp = leaf_node_changed(conf, ['mode']) if tmp: bond.update({'shutdown_required': {}}) + tmp = leaf_node_changed(conf, ['lacp-rate']) + if tmp: bond.update({'shutdown_required': {}}) + # determine which members have been removed interfaces_removed = leaf_node_changed(conf, ['member', 'interface']) if interfaces_removed: diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index 44fc9cb9e..55c783f38 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2020 VyOS maintainers and contributors +# Copyright (C) 2019-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit from vyos.config import Config @@ -42,7 +40,7 @@ def get_config(config=None): return dummy def verify(dummy): - if 'deleted' in dummy.keys(): + if 'deleted' in dummy: verify_bridge_delete(dummy) return None @@ -58,7 +56,7 @@ def apply(dummy): d = DummyIf(dummy['ifname']) # Remove dummy interface - if 'deleted' in dummy.keys(): + if 'deleted' in dummy: d.remove() else: d.update(dummy) diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 34a054837..945a2ea9c 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -24,6 +24,7 @@ from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_source_interface from vyos.configverify import verify_vlan_config +from vyos.configverify import verify_mtu_parent from vyos.ifconfig import MACVLANIf from vyos import ConfigError @@ -45,6 +46,9 @@ def get_config(config=None): mode = leaf_node_changed(conf, ['mode']) if mode: peth.update({'mode_old' : mode}) + if 'source_interface' in peth: + peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'], + peth['source_interface']) return peth def verify(peth): @@ -55,9 +59,10 @@ def verify(peth): verify_source_interface(peth) verify_vrf(peth) verify_address(peth) - + verify_mtu_parent(peth, peth['parent']) # use common function to verify VLAN configuration verify_vlan_config(peth) + return None def generate(peth): diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 4e6c8a9ab..1575c83ef 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -109,6 +109,14 @@ def verify(tunnel): if tunnel['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: raise ConfigError('Can not disable PMTU discovery for given encapsulation') + if dict_search('parameters.ip.ignore_df', tunnel) != None: + if tunnel['encapsulation'] not in ['gretap']: + raise ConfigError('Option ignore-df can only be used on GRETAP tunnels!') + + if dict_search('parameters.ip.no_pmtu_discovery', tunnel) == None: + raise ConfigError('Option ignore-df path MTU discovery to be disabled!') + + def generate(tunnel): return None diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py new file mode 100755 index 000000000..6ff23ae59 --- /dev/null +++ b/src/conf_mode/interfaces-vti.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from netifaces import interfaces +from sys import exit + +from vyos.config import Config +from vyos.configdict import get_interface_dict +from vyos.ifconfig import VTIIf +from vyos.util import dict_search +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +def get_config(config=None): + """ + Retrive CLI config as dictionary. Dictionary can never be empty, as at least the + interface name will be added or a deleted flag + """ + if config: + conf = config + else: + conf = Config() + base = ['interfaces', 'vti'] + vti = get_interface_dict(conf, base) + + # VTI is more then an interface - we retrieve the "real" configuration from + # the IPsec peer configuration which binds this VTI + conf.set_level([]) + vti['ipsec'] = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], + key_mangling=('-', '_'), get_first_key=True, + no_tag_node_value_mangle=True) + + for peer, peer_config in vti['ipsec'].items(): + if dict_search('vti.bind', peer_config) == vti['ifname']: + vti['remote'] = peer + if 'local_address' in peer_config: + vti['source_address'] = peer_config['local_address'] + # we also need to "calculate" a per vti individual key + base = 0x900000 + vti['key'] = base + int(vti['ifname'].lstrip('vti')) + + return vti + +def verify(vti): + if 'deleted' in vti: + return None + + ifname = vti['ifname'] + found = False + for peer, peer_config in vti['ipsec'].items(): + if dict_search('vti.bind', peer_config) == ifname: + found = True + # we can now stop processing the for loop + break + if not found: + tmp = vti['ifname'] + raise ConfigError(f'Interface "{ifname}" not referenced in any VPN configuration!') + + return None + +def generate(vti): + return None + +def apply(vti): + if vti['ifname'] in interfaces(): + # Always delete the VTI interface in advance + VTIIf(**vti).remove() + + if 'deleted' not in vti: + tmp = VTIIf(**vti) + tmp.update(vti) + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py index ef21e0055..c3a444f16 100755 --- a/src/conf_mode/protocols_isis.py +++ b/src/conf_mode/protocols_isis.py @@ -128,9 +128,11 @@ def verify(isis): raise ConfigError(f'Interface {interface} is not a member of VRF {vrf}!') # If md5 and plaintext-password set at the same time - if 'area_password' in isis: - if {'md5', 'plaintext_password'} <= set(isis['encryption']): - raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!') + for password in ['area_password', 'domain_password']: + if password in isis: + if {'md5', 'plaintext_password'} <= set(isis[password]): + tmp = password.replace('_', '-') + raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!') # If one param from delay set, but not set others if 'spf_delay_ietf' in isis: diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py new file mode 100755 index 000000000..12dacdba0 --- /dev/null +++ b/src/conf_mode/protocols_nhrp.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from vyos.config import Config +from vyos.configdict import node_changed +from vyos.template import render +from vyos.util import process_named_running +from vyos.util import run +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +opennhrp_conf = '/run/opennhrp/opennhrp.conf' + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['protocols', 'nhrp'] + + nhrp = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) + nhrp['del_tunnels'] = node_changed(conf, base + ['tunnel'], key_mangling=('-', '_')) + + if not conf.exists(base): + return nhrp + + nhrp['if_tunnel'] = conf.get_config_dict(['interfaces', 'tunnel'], key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) + + nhrp['profile_map'] = {} + profile = conf.get_config_dict(['vpn', 'ipsec', 'profile'], key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) + + for name, profile_conf in profile.items(): + if 'bind' in profile_conf and 'tunnel' in profile_conf['bind']: + interfaces = profile_conf['bind']['tunnel'] + if isinstance(interfaces, str): + interfaces = [interfaces] + for interface in interfaces: + nhrp['profile_map'][interface] = name + + return nhrp + +def verify(nhrp): + if 'tunnel' in nhrp: + for name, nhrp_conf in nhrp['tunnel'].items(): + if not nhrp['if_tunnel'] or name not in nhrp['if_tunnel']: + raise ConfigError(f'Tunnel interface "{name}" does not exist') + + tunnel_conf = nhrp['if_tunnel'][name] + + if 'encapsulation' not in tunnel_conf or tunnel_conf['encapsulation'] != 'gre': + raise ConfigError(f'Tunnel "{name}" is not an mGRE tunnel') + + if 'remote' in tunnel_conf: + raise ConfigError(f'Tunnel "{name}" cannot have a remote address defined') + + if 'map' in nhrp_conf: + for map_name, map_conf in nhrp_conf['map'].items(): + if 'nbma_address' not in map_conf: + raise ConfigError(f'nbma-address missing on map {map_name} on tunnel {name}') + + if 'dynamic_map' in nhrp_conf: + for map_name, map_conf in nhrp_conf['dynamic_map'].items(): + if 'nbma_domain_name' not in map_conf: + raise ConfigError(f'nbma-domain-name missing on dynamic-map {map_name} on tunnel {name}') + return None + +def generate(nhrp): + render(opennhrp_conf, 'nhrp/opennhrp.conf.tmpl', nhrp) + return None + +def apply(nhrp): + if 'tunnel' in nhrp: + for tunnel, tunnel_conf in nhrp['tunnel'].items(): + if 'source_address' in tunnel_conf: + chain = f'VYOS_NHRP_{tunnel}_OUT_HOOK' + source_address = tunnel_conf['source_address'] + + chain_exists = run(f'sudo iptables --check {chain} -j RETURN') == 0 + if not chain_exists: + run(f'sudo iptables --new {chain}') + run(f'sudo iptables --append {chain} -p gre -s {source_address} -d 224.0.0.0/4 -j DROP') + run(f'sudo iptables --append {chain} -j RETURN') + run(f'sudo iptables --insert OUTPUT 2 -j {chain}') + + for tunnel in nhrp['del_tunnels']: + chain = f'VYOS_NHRP_{tunnel}_OUT_HOOK' + chain_exists = run(f'sudo iptables --check {chain} -j RETURN') == 0 + if chain_exists: + run(f'sudo iptables --delete OUTPUT -j {chain}') + run(f'sudo iptables --flush {chain}') + run(f'sudo iptables --delete-chain {chain}') + + action = 'restart' if nhrp and 'tunnel' in nhrp else 'stop' + run(f'systemctl {action} opennhrp') + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py index 65eb11ce3..9afcdd63e 100755 --- a/src/conf_mode/service_router-advert.py +++ b/src/conf_mode/service_router-advert.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2019 VyOS maintainers and contributors +# Copyright (C) 2018-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -40,11 +40,14 @@ def get_config(config=None): # We have gathered the dict representation of the CLI, but there are default # options which we need to update into the dictionary retrived. default_interface_values = defaults(base + ['interface']) - # we deal with prefix defaults later on + # we deal with prefix, route defaults later on if 'prefix' in default_interface_values: del default_interface_values['prefix'] + if 'route' in default_interface_values: + del default_interface_values['route'] default_prefix_values = defaults(base + ['interface', 'prefix']) + default_route_values = defaults(base + ['interface', 'route']) if 'interface' in rtradv: for interface in rtradv['interface']: @@ -56,6 +59,11 @@ def get_config(config=None): rtradv['interface'][interface]['prefix'][prefix] = dict_merge( default_prefix_values, rtradv['interface'][interface]['prefix'][prefix]) + if 'route' in rtradv['interface'][interface]: + for route in rtradv['interface'][interface]['route']: + rtradv['interface'][interface]['route'][route] = dict_merge( + default_route_values, rtradv['interface'][interface]['route'][route]) + if 'name_server' in rtradv['interface'][interface]: # always use a list when dealing with nameservers - eases the template generation if isinstance(rtradv['interface'][interface]['name_server'], str): diff --git a/src/conf_mode/system_sysctl.py b/src/conf_mode/system_sysctl.py new file mode 100755 index 000000000..4f16d1ed6 --- /dev/null +++ b/src/conf_mode/system_sysctl.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit + +from vyos.config import Config +from vyos.template import render +from vyos.util import cmd +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +config_file = r'/run/sysctl/99-vyos-sysctl.conf' + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['system', 'sysctl'] + if not conf.exists(base): + return None + + sysctl = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, + no_tag_node_value_mangle=True) + + return sysctl + +def verify(sysctl): + return None + +def generate(sysctl): + if not sysctl: + if os.path.isfile(config_file): + os.unlink(config_file) + return None + + render(config_file, 'system/sysctl.conf.tmpl', sysctl) + return None + +def apply(sysctl): + if not sysctl: + return None + + # We silently ignore all errors + # See: https://bugzilla.redhat.com/show_bug.cgi?id=1264080 + cmd(f'sysctl -f {config_file}') + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 969266c30..4efedd995 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,51 +17,383 @@ import os from sys import exit +from time import sleep from vyos.config import Config +from vyos.configdict import leaf_node_changed +from vyos.configverify import verify_interface_exists +from vyos.ifconfig import Interface from vyos.template import render from vyos.util import call from vyos.util import dict_search +from vyos.util import get_interface_address +from vyos.util import process_named_running +from vyos.util import run +from vyos.util import cidr_fit from vyos import ConfigError from vyos import airbag -from pprint import pprint airbag.enable() +authby_translate = { + 'pre-shared-secret': 'secret', + 'rsa': 'rsasig', + 'x509': 'rsasig' +} +default_pfs = 'dh-group2' +pfs_translate = { + 'dh-group1': 'modp768', + 'dh-group2': 'modp1024', + 'dh-group5': 'modp1536', + 'dh-group14': 'modp2048', + 'dh-group15': 'modp3072', + 'dh-group16': 'modp4096', + 'dh-group17': 'modp6144', + 'dh-group18': 'modp8192', + 'dh-group19': 'ecp256', + 'dh-group20': 'ecp384', + 'dh-group21': 'ecp512', + 'dh-group22': 'modp1024s160', + 'dh-group23': 'modp2048s224', + 'dh-group24': 'modp2048s256', + 'dh-group25': 'ecp192', + 'dh-group26': 'ecp224', + 'dh-group27': 'ecp224bp', + 'dh-group28': 'ecp256bp', + 'dh-group29': 'ecp384bp', + 'dh-group30': 'ecp512bp', + 'dh-group31': 'curve25519', + 'dh-group32': 'curve448' +} + +any_log_modes = [ + 'dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', 'net', 'asn', + 'enc', 'lib', 'esp', 'tls', 'tnc', 'imc', 'imv', 'pts' +] + +ike_ciphers = {} +esp_ciphers = {} + +mark_base = 0x900000 + +CA_PATH = "/etc/ipsec.d/cacerts/" +CRL_PATH = "/etc/ipsec.d/crls/" + +DHCP_BASE = "/var/lib/dhcp/dhclient" + +LOCAL_KEY_PATHS = ['/config/auth/', '/config/ipsec.d/rsa-keys/'] +X509_PATH = '/config/auth/' + def get_config(config=None): if config: conf = config else: conf = Config() - base = ['vpn', 'nipsec'] + base = ['vpn', 'ipsec'] if not conf.exists(base): return None # retrieve common dictionary keys - ipsec = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + ipsec = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) + + ipsec['interface_change'] = leaf_node_changed(conf, base + ['ipsec-interfaces', 'interface']) + ipsec['l2tp_exists'] = conf.exists('vpn l2tp remote-access ipsec-settings ') + ipsec['nhrp_exists'] = conf.exists('protocols nhrp tunnel') + ipsec['rsa_keys'] = conf.get_config_dict(['vpn', 'rsa-keys'], key_mangling=('-', '_'), + get_first_key=True, no_tag_node_value_mangle=True) + + default_ike_pfs = None + + if 'ike_group' in ipsec: + for group, ike_conf in ipsec['ike_group'].items(): + if 'proposal' in ike_conf: + ciphers = [] + for i in ike_conf['proposal']: + proposal = ike_conf['proposal'][i] + enc = proposal['encryption'] if 'encryption' in proposal else None + hash = proposal['hash'] if 'hash' in proposal else None + pfs = ('dh-group' + proposal['dh_group']) if 'dh_group' in proposal else default_pfs + + if not default_ike_pfs: + default_ike_pfs = pfs + + if enc and hash: + ciphers.append(f"{enc}-{hash}-{pfs_translate[pfs]}" if pfs else f"{enc}-{hash}") + ike_ciphers[group] = ','.join(ciphers) + '!' + + if 'esp_group' in ipsec: + for group, esp_conf in ipsec['esp_group'].items(): + pfs = esp_conf['pfs'] if 'pfs' in esp_conf else 'enable' + + if pfs == 'disable': + pfs = None + + if pfs == 'enable': + pfs = default_ike_pfs + + if 'proposal' in esp_conf: + ciphers = [] + for i in esp_conf['proposal']: + proposal = esp_conf['proposal'][i] + enc = proposal['encryption'] if 'encryption' in proposal else None + hash = proposal['hash'] if 'hash' in proposal else None + if enc and hash: + ciphers.append(f"{enc}-{hash}-{pfs_translate[pfs]}" if pfs else f"{enc}-{hash}") + esp_ciphers[group] = ','.join(ciphers) + '!' + return ipsec +def get_rsa_local_key(ipsec): + return dict_search('local_key.file', ipsec['rsa_keys']) + +def verify_rsa_local_key(ipsec): + file = get_rsa_local_key(ipsec) + + if not file: + return False + + for path in LOCAL_KEY_PATHS: + full_path = os.path.join(path, file) + if os.path.exists(full_path): + return full_path + + return False + +def verify_rsa_key(ipsec, key_name): + return dict_search(f'rsa_key_name.{key_name}.rsa_key', ipsec['rsa_keys']) + def verify(ipsec): if not ipsec: return None + if 'ipsec_interfaces' in ipsec and 'interface' in ipsec['ipsec_interfaces']: + interfaces = ipsec['ipsec_interfaces']['interface'] + if isinstance(interfaces, str): + interfaces = [interfaces] + + for ifname in interfaces: + verify_interface_exists(ifname) + + if 'profile' in ipsec: + for profile, profile_conf in ipsec['profile'].items(): + if 'esp_group' in profile_conf: + if 'esp_group' not in ipsec or profile_conf['esp_group'] not in ipsec['esp_group']: + raise ConfigError(f"Invalid esp-group on {profile} profile") + else: + raise ConfigError(f"Missing esp-group on {profile} profile") + + if 'ike_group' in profile_conf: + if 'ike_group' not in ipsec or profile_conf['ike_group'] not in ipsec['ike_group']: + raise ConfigError(f"Invalid ike-group on {profile} profile") + else: + raise ConfigError(f"Missing ike-group on {profile} profile") + + if 'authentication' not in profile_conf: + raise ConfigError(f"Missing authentication on {profile} profile") + + if 'site_to_site' in ipsec and 'peer' in ipsec['site_to_site']: + for peer, peer_conf in ipsec['site_to_site']['peer'].items(): + has_default_esp = False + if 'default_esp_group' in peer_conf: + has_default_esp = True + if 'esp_group' not in ipsec or peer_conf['default_esp_group'] not in ipsec['esp_group']: + raise ConfigError(f"Invalid esp-group on site-to-site peer {peer}") + + if 'ike_group' in peer_conf: + if 'ike_group' not in ipsec or peer_conf['ike_group'] not in ipsec['ike_group']: + raise ConfigError(f"Invalid ike-group on site-to-site peer {peer}") + else: + raise ConfigError(f"Missing ike-group on site-to-site peer {peer}") + + if 'authentication' not in peer_conf or 'mode' not in peer_conf['authentication']: + raise ConfigError(f"Missing authentication on site-to-site peer {peer}") + + if peer_conf['authentication']['mode'] == 'x509': + if 'x509' not in peer_conf['authentication']: + raise ConfigError(f"Missing x509 settings on site-to-site peer {peer}") + + if 'key' not in peer_conf['authentication']['x509']: + raise ConfigError(f"Missing x509 key on site-to-site peer {peer}") + + if 'ca_cert_file' not in peer_conf['authentication']['x509'] or 'cert_file' not in peer_conf['authentication']['x509']: + raise ConfigError(f"Missing x509 settings on site-to-site peer {peer}") + + if 'file' not in peer_conf['authentication']['x509']['key']: + raise ConfigError(f"Missing x509 key file on site-to-site peer {peer}") + + for key in ['ca_cert_file', 'cert_file', 'crl_file']: + if key in peer_conf['authentication']['x509']: + path = os.path.join(X509_PATH, peer_conf['authentication']['x509'][key]) + if not os.path.exists(path): + raise ConfigError(f"File not found for {key} on site-to-site peer {peer}") + + key_path = os.path.join(X509_PATH, peer_conf['authentication']['x509']['key']['file']) + if not os.path.exists(key_path): + raise ConfigError(f"Private key not found on site-to-site peer {peer}") + + if peer_conf['authentication']['mode'] == 'rsa': + if not verify_rsa_local_key(ipsec): + raise ConfigError(f"Invalid key on rsa-keys local-key") + + if 'rsa_key_name' not in peer_conf['authentication']: + raise ConfigError(f"Missing rsa-key-name on site-to-site peer {peer}") + + if not verify_rsa_key(ipsec, peer_conf['authentication']['rsa_key_name']): + raise ConfigError(f"Invalid rsa-key-name on site-to-site peer {peer}") + + if 'local_address' not in peer_conf and 'dhcp_interface' not in peer_conf: + raise ConfigError(f"Missing local-address or dhcp-interface on site-to-site peer {peer}") + + if 'dhcp_interface' in peer_conf: + dhcp_interface = peer_conf['dhcp_interface'] + + verify_interface_exists(dhcp_interface) + + if not os.path.exists(f'{DHCP_BASE}_{dhcp_interface}.conf'): + raise ConfigError(f"Invalid dhcp-interface on site-to-site peer {peer}") + + address = Interface(dhcp_interface).get_addr() + if not address: + raise ConfigError(f"Failed to get address from dhcp-interface on site-to-site peer {peer}") + + if 'vti' in peer_conf: + if 'local_address' in peer_conf and 'dhcp_interface' in peer_conf: + raise ConfigError(f"A single local-address or dhcp-interface is required when using VTI on site-to-site peer {peer}") + + if 'bind' in peer_conf['vti']: + vti_interface = peer_conf['vti']['bind'] + if not os.path.exists(f'/sys/class/net/{vti_interface}'): + raise ConfigError(f'VTI interface {vti_interface} for site-to-site peer {peer} does not exist!') + + if 'vti' not in peer_conf and 'tunnel' not in peer_conf: + raise ConfigError(f"No VTI or tunnel specified on site-to-site peer {peer}") + + if 'tunnel' in peer_conf: + for tunnel, tunnel_conf in peer_conf['tunnel'].items(): + if 'esp_group' not in tunnel_conf and not has_default_esp: + raise ConfigError(f"Missing esp-group on tunnel {tunnel} for site-to-site peer {peer}") + + esp_group_name = tunnel_conf['esp_group'] if 'esp_group' in tunnel_conf else peer_conf['default_esp_group'] + + if esp_group_name not in ipsec['esp_group']: + raise ConfigError(f"Invalid esp-group on tunnel {tunnel} for site-to-site peer {peer}") + + esp_group = ipsec['esp_group'][esp_group_name] + + if 'mode' in esp_group and esp_group['mode'] == 'transport': + if 'protocol' in tunnel_conf and ((peer in ['any', '0.0.0.0']) or ('local_address' not in peer_conf or peer_conf['local_address'] in ['any', '0.0.0.0'])): + raise ConfigError(f"Fixed local-address or peer required when a protocol is defined with ESP transport mode on tunnel {tunnel} for site-to-site peer {peer}") + + if ('local' in tunnel_conf and 'prefix' in tunnel_conf['local']) or ('remote' in tunnel_conf and 'prefix' in tunnel_conf['remote']): + raise ConfigError(f"Local/remote prefix cannot be used with ESP transport mode on tunnel {tunnel} for site-to-site peer {peer}") + def generate(ipsec): - if not ipsec: - return None + data = {} - return ipsec + if ipsec: + data = ipsec + data['authby'] = authby_translate + data['ciphers'] = {'ike': ike_ciphers, 'esp': esp_ciphers} + data['marks'] = {} + data['rsa_local_key'] = verify_rsa_local_key(ipsec) + data['x509_path'] = X509_PATH + + if 'site_to_site' in data and 'peer' in data['site_to_site']: + for peer, peer_conf in ipsec['site_to_site']['peer'].items(): + if peer_conf['authentication']['mode'] == 'x509': + ca_cert_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['ca_cert_file']) + call(f'cp -f {ca_cert_file} {CA_PATH}') + + if 'crl_file' in peer_conf['authentication']['x509']: + crl_file = os.path.join(X509_PATH, peer_conf['authentication']['x509']['crl_file']) + call(f'cp -f {crl_file} {CRL_PATH}') + + local_ip = '' + if 'local_address' in peer_conf: + local_ip = peer_conf['local_address'] + elif 'dhcp_interface' in peer_conf: + local_ip = Interface(peer_conf['dhcp_interface']).get_addr() + + data['site_to_site']['peer'][peer]['local_address'] = local_ip + + if 'vti' in peer_conf and 'bind' in peer_conf['vti']: + vti_interface = peer_conf['vti']['bind'] + data['marks'][vti_interface] = get_mark(vti_interface) + else: + for tunnel, tunnel_conf in peer_conf['tunnel'].items(): + local_prefix = dict_search('local.prefix', tunnel_conf) + remote_prefix = dict_search('remote.prefix', tunnel_conf) + + if not local_prefix or not remote_prefix: + continue + + passthrough = cidr_fit(local_prefix, remote_prefix) + data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough + + if 'logging' in ipsec and 'log_modes' in ipsec['logging']: + modes = ipsec['logging']['log_modes'] + level = ipsec['logging']['log_level'] if 'log_level' in ipsec['logging'] else '1' + if isinstance(modes, str): + modes = [modes] + if 'any' in modes: + modes = any_log_modes + data['charondebug'] = f' {level}, '.join(modes) + ' ' + level + + render("/etc/ipsec.conf", "ipsec/ipsec.conf.tmpl", data) + render("/etc/ipsec.secrets", "ipsec/ipsec.secrets.tmpl", data) + render("/etc/strongswan.d/interfaces_use.conf", "ipsec/interfaces_use.conf.tmpl", data) + render("/etc/swanctl/swanctl.conf", "ipsec/swanctl.conf.tmpl", data) + +def resync_l2tp(ipsec): + if ipsec and not ipsec['l2tp_exists']: + return + + tmp = run('/usr/libexec/vyos/conf_mode/ipsec-settings.py') + if tmp > 0: + print('ERROR: failed to reapply L2TP IPSec settings!') + +def resync_nhrp(ipsec): + if ipsec and not ipsec['nhrp_exists']: + return + + tmp = run('/usr/libexec/vyos/conf_mode/protocols_nhrp.py') + if tmp > 0: + print('ERROR: failed to reapply NHRP settings!') def apply(ipsec): if not ipsec: - return None + call('sudo /usr/sbin/ipsec stop') + else: + should_start = ('profile' in ipsec or dict_search('site_to_site.peer', ipsec)) + + if not process_named_running('charon') and should_start: + args = f'--auto-update {ipsec["auto_update"]}' if 'auto_update' in ipsec else '' + call(f'sudo /usr/sbin/ipsec start {args}') + elif not should_start: + call('sudo /usr/sbin/ipsec stop') + elif ipsec['interface_change']: + call('sudo /usr/sbin/ipsec restart') + else: + call('sudo /usr/sbin/ipsec rereadall') + call('sudo /usr/sbin/ipsec reload') + + if should_start: + sleep(2) # Give charon enough time to start + call('sudo /usr/sbin/swanctl -q') + + resync_l2tp(ipsec) + resync_nhrp(ipsec) - pprint(ipsec) +def get_mark(vti_interface): + vti_num = int(vti_interface.lstrip('vti')) + return mark_base + vti_num if __name__ == '__main__': try: - c = get_config() - verify(c) - generate(c) - apply(c) + ipsec = get_config() + verify(ipsec) + generate(ipsec) + apply(ipsec) except ConfigError as e: print(e) exit(1) diff --git a/src/conf_mode/vpn_rsa-keys.py b/src/conf_mode/vpn_rsa-keys.py new file mode 100755 index 000000000..6cf7eba6e --- /dev/null +++ b/src/conf_mode/vpn_rsa-keys.py @@ -0,0 +1,111 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import base64 +import os +import struct + +from sys import exit + +from vyos.config import Config +from vyos.util import call +from vyos import ConfigError +from vyos import airbag +from Crypto.PublicKey.RSA import construct + +airbag.enable() + +LOCAL_KEY_PATHS = ['/config/auth/', '/config/ipsec.d/rsa-keys/'] +LOCAL_OUTPUT = '/etc/ipsec.d/certs/localhost.pub' + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['vpn', 'rsa-keys'] + if not conf.exists(base): + return None + + return conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) + +def verify(conf): + if not conf: + return + + if 'local_key' in conf and 'file' in conf['local_key']: + local_key = conf['local_key']['file'] + if not local_key: + raise ConfigError(f'Invalid local-key') + + if not get_local_key(local_key): + raise ConfigError(f'File not found for local-key: {local_key}') + +def get_local_key(local_key): + for path in LOCAL_KEY_PATHS: + full_path = os.path.join(path, local_key) + if os.path.exists(full_path): + return full_path + return False + +def generate(conf): + if not conf: + return + + if 'local_key' in conf and 'file' in conf['local_key']: + local_key = conf['local_key']['file'] + local_key_path = get_local_key(local_key) + call(f'sudo /usr/bin/openssl rsa -in {local_key_path} -pubout -out {LOCAL_OUTPUT}') + + if 'rsa_key_name' in conf: + for key_name, key_conf in conf['rsa_key_name'].items(): + if 'rsa_key' not in key_conf: + continue + + remote_key = key_conf['rsa_key'] + + if remote_key[:2] == "0s": # Vyatta format + remote_key = migrate_from_vyatta_key(remote_key) + else: + remote_key = bytes('-----BEGIN PUBLIC KEY-----\n' + remote_key + '\n-----END PUBLIC KEY-----\n', 'utf-8') + + with open(f'/etc/ipsec.d/certs/{key_name}.pub', 'wb') as f: + f.write(remote_key) + +def migrate_from_vyatta_key(data): + data = base64.b64decode(data[2:]) + length = struct.unpack('B', data[:1])[0] + e = int.from_bytes(data[1:1+length], 'big') + n = int.from_bytes(data[1+length:], 'big') + pubkey = construct((n, e)) + return pubkey.exportKey(format='PEM') + +def apply(conf): + if not conf: + return + + call('sudo /usr/sbin/ipsec rereadall') + call('sudo /usr/sbin/ipsec reload') + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook new file mode 100644 index 000000000..36edf04f3 --- /dev/null +++ b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 + +import os +import sys + +from vyos.util import call + +IPSEC_CONF="/etc/ipsec.conf" +IPSEC_SECRETS="/etc/ipsec.secrets" + +def getlines(file): + with open(file, 'r') as f: + return f.readlines() + +def writelines(file, lines): + with open(file, 'w') as f: + f.writelines(lines) + +if __name__ == '__main__': + interface = os.getenv('interface') + new_ip = os.getenv('new_ip_address') + old_ip = os.getenv('old_ip_address') + reason = os.getenv('reason') + + if (old_ip == new_ip and reason != 'BOUND') or reason in ['REBOOT', 'EXPIRE']: + sys.exit(0) + + conf_lines = getlines(IPSEC_CONF) + secrets_lines = getlines(IPSEC_SECRETS) + found = False + to_match = f'# dhcp:{interface}' + + for i, line in enumerate(conf_lines): + if line.find(to_match) > 0: + conf_lines[i] = line.replace(old_ip, new_ip) + found = True + + for i, line in enumerate(secrets_lines): + if line.find(to_match) > 0: + secrets_lines[i] = line.replace(old_ip, new_ip) + + if found: + writelines(IPSEC_CONF, conf_lines) + writelines(IPSEC_SECRETS, secrets_lines) + call('sudo /usr/sbin/ipsec rereadall') + call('sudo /usr/sbin/ipsec reload') diff --git a/src/etc/ipsec.d/key-pair.template b/src/etc/ipsec.d/key-pair.template new file mode 100644 index 000000000..56be97516 --- /dev/null +++ b/src/etc/ipsec.d/key-pair.template @@ -0,0 +1,67 @@ +[ req ] + default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + string_mask = utf8only + attributes = req_attributes + dirstring_type = nobmp +# SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha256 +# Extension to add when the -x509 option is used. + x509_extensions = v3_ca + +[ req_distinguished_name ] + countryName = Country Name (2 letter code) + countryName_min = 2 + countryName_max = 2 + ST = State Name + localityName = Locality Name (eg, city) + organizationName = Organization Name (eg, company) + organizationalUnitName = Organizational Unit Name (eg, department) + commonName = Common Name (eg, Device hostname) + commonName_max = 64 + emailAddress = Email Address + emailAddress_max = 40 +[ req_attributes ] + challengePassword = A challenge password (optional) + challengePassword_min = 4 + challengePassword_max = 20 +[ v3_ca ] + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid:always,issuer:always + basicConstraints = critical, CA:true + keyUsage = critical, digitalSignature, cRLSign, keyCertSign +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer + basicConstraints = critical, CA:true, pathlen:0 + keyUsage = critical, digitalSignature, cRLSign, keyCertSign +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). + basicConstraints = CA:FALSE + nsCertType = client, email + nsComment = "OpenSSL Generated Client Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer + keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment + extendedKeyUsage = clientAuth, emailProtection +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). + basicConstraints = CA:FALSE + nsCertType = server + nsComment = "OpenSSL Generated Server Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer:always + keyUsage = critical, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). + authorityKeyIdentifier=keyid:always +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). + basicConstraints = CA:FALSE + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer + keyUsage = critical, digitalSignature + extendedKeyUsage = critical, OCSPSigning diff --git a/src/etc/ipsec.d/vti-up-down b/src/etc/ipsec.d/vti-up-down new file mode 100755 index 000000000..0e1cd7753 --- /dev/null +++ b/src/etc/ipsec.d/vti-up-down @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 +## Script called up strongswan to bring the vti interface up/down based on the state of the IPSec tunnel. +## Called as vti_up_down vti_intf_name + +import os +import sys + +from vyos.util import call, get_interface_config, get_interface_address + +def get_dhcp_address(interface): + addr = get_interface_address(interface) + if not addr: + return None + if len(addr['addr_info']) == 0: + return None + return addr['addr_info'][0]['local'] + +if __name__ == '__main__': + verb = os.getenv('PLUTO_VERB') + connection = os.getenv('PLUTO_CONNECTION') + interface = sys.argv[1] + dhcp_interface = sys.argv[2] + + print(f'vti-up-down: start: {verb} {connection} {interface}') + + if verb in ['up-client', 'up-host']: + call('sudo ip route delete default table 220') + + vti_link = get_interface_config(interface) + + if not vti_link: + print('vti-up-down: interface not found') + sys.exit(0) + + vti_link_up = (vti_link['operstate'] == 'UP' if 'operstate' in vti_link else False) + + if verb in ['up-client', 'up-host']: + if not vti_link_up: + if dhcp_interface != 'no': + local_ip = get_dhcp_address(dhcp_interface) + call(f'sudo ip tunnel change {interface} local {local_ip}') + call(f'sudo ip link set {interface} up') + elif verb in ['down-client', 'down-host']: + if vti_link_up: + call(f'sudo ip link set {interface} down') + + print('vti-up-down: finish')
\ No newline at end of file diff --git a/src/etc/opennhrp/opennhrp-script.py b/src/etc/opennhrp/opennhrp-script.py new file mode 100755 index 000000000..f7487ee5f --- /dev/null +++ b/src/etc/opennhrp/opennhrp-script.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from pprint import pprint +import os +import re +import sys +import vici + +from vyos.util import cmd +from vyos.util import process_named_running + +NHRP_CONFIG="/run/opennhrp/opennhrp.conf" + +def parse_type_ipsec(interface): + with open(NHRP_CONFIG, 'r') as f: + lines = f.readlines() + match = rf'^interface {interface} #(hub|spoke)(?:\s([\w-]+))?$' + for line in lines: + m = re.match(match, line) + if m: + return m[1], m[2] + return None, None + +def vici_initiate(conn, child_sa, src_addr, dest_addr): + try: + session = vici.Session() + logs = session.initiate({ + 'ike': conn, + 'child': child_sa, + 'timeout': '-1', + 'my-host': src_addr, + 'other-host': dest_addr + }) + for log in logs: + message = log['msg'].decode('ascii') + print('INIT LOG:', message) + return True + except: + return None + +def vici_terminate(conn, child_sa, src_addr, dest_addr): + try: + session = vici.Session() + logs = session.terminate({ + 'ike': conn, + 'child': child_sa, + 'timeout': '-1', + 'my-host': src_addr, + 'other-host': dest_addr + }) + for log in logs: + message = log['msg'].decode('ascii') + print('TERM LOG:', message) + return True + except: + return None + +def iface_up(interface): + cmd(f'sudo ip route flush proto 42 dev {interface}') + cmd(f'sudo ip neigh flush dev {interface}') + +def peer_up(dmvpn_type, conn): + src_addr = os.getenv('NHRP_SRCADDR') + src_nbma = os.getenv('NHRP_SRCNBMA') + dest_addr = os.getenv('NHRP_DESTADDR') + dest_nbma = os.getenv('NHRP_DESTNBMA') + dest_mtu = os.getenv('NHRP_DESTMTU') + + if dest_mtu: + args = cmd(f'sudo ip route get {dest_nbma} from {src_nbma}') + cmd(f'sudo ip route add {args} proto 42 mtu {dest_mtu}') + + if conn and dmvpn_type == 'spoke' and process_named_running('charon'): + vici_terminate(conn, 'dmvpn', src_nbma, dest_nbma) + vici_initiate(conn, 'dmvpn', src_nbma, dest_nbma) + +def peer_down(dmvpn_type, conn): + src_nbma = os.getenv('NHRP_SRCNBMA') + dest_nbma = os.getenv('NHRP_DESTNBMA') + + if conn and dmvpn_type == 'spoke' and process_named_running('charon'): + vici_terminate(conn, 'dmvpn', src_nbma, dest_nbma) + + cmd(f'sudo ip route del {dest_nbma} src {src_nbma} proto 42') + +def route_up(interface): + dest_addr = os.getenv('NHRP_DESTADDR') + dest_prefix = os.getenv('NHRP_DESTPREFIX') + next_hop = os.getenv('NHRP_NEXTHOP') + + cmd(f'sudo ip route replace {dest_addr}/{dest_prefix} proto 42 via {next_hop} dev {interface}') + cmd('sudo ip route flush cache') + +def route_down(interface): + dest_addr = os.getenv('NHRP_DESTADDR') + dest_prefix = os.getenv('NHRP_DESTPREFIX') + + cmd(f'sudo ip route del {dest_addr}/{dest_prefix} proto 42') + cmd('sudo ip route flush cache') + +if __name__ == '__main__': + action = sys.argv[1] + interface = os.getenv('NHRP_INTERFACE') + dmvpn_type, profile_name = parse_type_ipsec(interface) + + dmvpn_conn = None + + if profile_name: + dmvpn_conn = f'dmvpn-{profile_name}-{interface}' + + if action == 'interface-up': + iface_up(interface) + elif action == 'peer-register': + pass + elif action == 'peer-up': + peer_up(dmvpn_type, dmvpn_conn) + elif action == 'peer-down': + peer_down(dmvpn_type, dmvpn_conn) + elif action == 'route-up': + route_up(interface) + elif action == 'route-down': + route_down(interface) diff --git a/src/etc/systemd/system/conntrackd.service.d/override.conf b/src/etc/systemd/system/conntrackd.service.d/override.conf new file mode 100644 index 000000000..eb611e0d9 --- /dev/null +++ b/src/etc/systemd/system/conntrackd.service.d/override.conf @@ -0,0 +1,8 @@ +[Unit] +After= +After=vyos-router.service +ConditionPathExists=/run/conntrackd/conntrackd.conf + +[Service] +ExecStart= +ExecStart=/usr/sbin/conntrackd -C /run/conntrackd/conntrackd.conf diff --git a/src/etc/vmware-tools/scripts/resume-vm-default.d/ether-resume.py b/src/etc/vmware-tools/scripts/resume-vm-default.d/ether-resume.py index dc751c45c..ec33906ba 100755 --- a/src/etc/vmware-tools/scripts/resume-vm-default.d/ether-resume.py +++ b/src/etc/vmware-tools/scripts/resume-vm-default.d/ether-resume.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -15,48 +15,47 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import sys -import syslog as sl +import syslog from vyos.config import Config from vyos import ConfigError from vyos.util import run - def get_config(): c = Config() interfaces = dict() for intf in c.list_effective_nodes('interfaces ethernet'): # skip interfaces that are disabled or is configured for dhcp - check_disable = "interfaces ethernet {} disable".format(intf) - check_dhcp = "interfaces ethernet {} address dhcp".format(intf) + check_disable = f'interfaces ethernet {intf} disable' + check_dhcp = f'interfaces ethernet {intf} address dhcp' if c.exists_effective(check_disable): continue # get addresses configured on the interface intf_addresses = c.return_effective_values( - "interfaces ethernet {} address".format(intf) - ) + f'interfaces ethernet {intf} address') interfaces[intf] = [addr.strip("'") for addr in intf_addresses] return interfaces - def apply(config): + syslog.openlog(ident='ether-resume', logoption=syslog.LOG_PID, + facility=syslog.LOG_INFO) + for intf, addresses in config.items(): # bring the interface up - cmd = ["ip", "link", "set", "dev", intf, "up"] - sl.syslog(sl.LOG_NOTICE, " ".join(cmd)) + cmd = f'ip link set dev {intf} up' + syslog.syslog(cmd) run(cmd) # add configured addresses to interface for addr in addresses: - if addr == "dhcp": - cmd = ["dhclient", intf] + if addr == 'dhcp': + cmd = ['dhclient', intf] else: - cmd = ["ip", "address", "add", addr, "dev", intf] - sl.syslog(sl.LOG_NOTICE, " ".join(cmd)) + cmd = f'ip address add {addr} dev {intf}' + syslog.syslog(cmd) run(cmd) - if __name__ == '__main__': try: config = get_config() diff --git a/src/helpers/vyos-vrrp-conntracksync.sh b/src/helpers/vyos-vrrp-conntracksync.sh new file mode 100755 index 000000000..4501aa63e --- /dev/null +++ b/src/helpers/vyos-vrrp-conntracksync.sh @@ -0,0 +1,154 @@ +#!/bin/sh +# +# (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. +# +# Description: +# +# This is the script for primary-backup setups for keepalived +# (http://www.keepalived.org). You may adapt it to make it work with other +# high-availability managers. +# +# Modified by : Mohit Mehta <mohit@vyatta.com> +# Slight modifications were made to this script for running with Vyatta +# The original script came from 0.9.14 debian conntrack-tools package +# +# + +CONNTRACKD_BIN=/usr/sbin/conntrackd +CONNTRACKD_LOCK=/var/lock/conntrack.lock +CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf +FACILITY=daemon +LEVEL=notice +TAG=conntrack-tools +LOGCMD="logger -t $TAG -p $FACILITY.$LEVEL" +VRRP_GRP="VRRP sync-group [$2]" +FAILOVER_STATE="/var/run/vyatta-conntrackd-failover-state" + +$LOGCMD "vyatta-vrrp-conntracksync invoked at `date`" + + +if [ ! -e $FAILOVER_STATE ]; then + mkdir -p /var/run + touch $FAILOVER_STATE +fi + +case "$1" in + master) + echo MASTER at `date` > $FAILOVER_STATE + $LOGCMD "`uname -n` transitioning to MASTER state for $VRRP_GRP" + # + # commit the external cache into the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -c" + fi + + # + # commit the expect entries to the kernel + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c exp + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -ce exp" + fi + + # + # flush the internal and the external caches + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -f" + fi + + # + # resynchronize my internal cache to the kernel table + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -R" + fi + + # + # send a bulk update to backups + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -B" + fi + ;; + backup) + echo BACKUP at `date` > $FAILOVER_STATE + $LOGCMD "`uname -n` transitioning to BACKUP state for $VRRP_GRP" + # + # is conntrackd running? request some statistics to check it + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s + if [ $? -eq 1 ] + then + # + # something's wrong, do we have a lock file? + # + if [ -f $CONNTRACKD_LOCK ] + then + $LOGCMD "WARNING: conntrackd was not cleanly stopped." + $LOGCMD "If you suspect that it has crashed:" + $LOGCMD "1) Enable coredumps" + $LOGCMD "2) Try to reproduce the problem" + $LOGCMD "3) Post the coredump to netfilter-devel@vger.kernel.org" + rm -f $CONNTRACKD_LOCK + fi + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: cannot launch conntrackd" + exit 1 + fi + fi + # + # shorten kernel conntrack timers to remove the zombie entries. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -t" + fi + + # + # request resynchronization with master firewall replica (if any) + # Note: this does nothing in the alarm approach. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -n" + fi + ;; + fault) + echo FAULT at `date` > $FAILOVER_STATE + $LOGCMD "`uname -n` transitioning to FAULT state for $VRRP_GRP" + # + # shorten kernel conntrack timers to remove the zombie entries. + # + $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t + if [ $? -eq 1 ] + then + $LOGCMD "ERROR: failed to invoke conntrackd -t" + fi + ;; + *) + echo UNKNOWN at `date` > $FAILOVER_STATE + $LOGCMD "ERROR: `uname -n` unknown state transition for $VRRP_GRP" + echo "Usage: vyatta-vrrp-conntracksync.sh {master|backup|fault}" + exit 1 + ;; +esac + +exit 0 diff --git a/src/migration-scripts/conntrack-sync/1-to-2 b/src/migration-scripts/conntrack-sync/1-to-2 new file mode 100755 index 000000000..ebbd8c35a --- /dev/null +++ b/src/migration-scripts/conntrack-sync/1-to-2 @@ -0,0 +1,66 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# VyOS 1.2 crux allowed configuring a lower or upper case loglevel. This +# is no longer supported as the input data is validated and will lead to +# an error. If user specifies an upper case logleve, make it lowercase + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['service', 'conntrack-sync'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) +else: + base_accept_proto = base + ['accept-protocol'] + if config.exists(base_accept_proto): + tmp = config.return_value(base_accept_proto) + config.delete(base_accept_proto) + for protocol in tmp.split(','): + config.set(base_accept_proto, value=protocol, replace=False) + + base_ignore_addr = base + ['ignore-address', 'ipv4'] + if config.exists(base_ignore_addr): + tmp = config.return_values(base_ignore_addr) + config.delete(base_ignore_addr) + for address in tmp: + config.set(base + ['ignore-address'], value=address, replace=False) + + # we no longer support cluster mode + base_cluster = base + ['failover-mechanism', 'cluster'] + if config.exists(base_cluster): + config.delete(base_cluster) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/migration-scripts/interfaces/20-to-21 b/src/migration-scripts/interfaces/20-to-21 new file mode 100755 index 000000000..d1ec2ad3e --- /dev/null +++ b/src/migration-scripts/interfaces/20-to-21 @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# A VTI interface also requires an IPSec configuration - VyOS 1.2 supported +# having a VTI interface in the CLI but no IPSec configuration - drop VTI +# configuration if this is the case for VyOS 1.4 + +import sys +from vyos.configtree import ConfigTree + +if __name__ == '__main__': + if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + + file_name = sys.argv[1] + + with open(file_name, 'r') as f: + config_file = f.read() + + config = ConfigTree(config_file) + base = ['interfaces', 'vti'] + if not config.exists(base): + # Nothing to do + sys.exit(0) + + ipsec_base = ['vpn', 'ipsec', 'site-to-site', 'peer'] + for interface in config.list_nodes(base): + found = False + if config.exists(ipsec_base): + for peer in config.list_nodes(ipsec_base): + if config.exists(ipsec_base + [peer, 'vti', 'bind']): + tmp = config.return_value(ipsec_base + [peer, 'vti', 'bind']) + if tmp == interface: + # Interface was found and we no longer need to search + # for it in our IPSec peers + found = True + break + if not found: + config.delete(base + [interface]) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) diff --git a/src/migration-scripts/interfaces/5-to-6 b/src/migration-scripts/interfaces/5-to-6 index 1291751d8..ae79c1d1b 100755 --- a/src/migration-scripts/interfaces/5-to-6 +++ b/src/migration-scripts/interfaces/5-to-6 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -55,6 +55,16 @@ def copy_rtradv(c, old_base, interface): min_max = interval.split('-')[0] c.set(new_base + ['interval', min_max], value=tmp) + # cleanup boolean nodes in individual route + route_base = new_base + ['route'] + if c.exists(route_base): + for route in config.list_nodes(route_base): + if c.exists(route_base + [route, 'remove-route']): + tmp = c.return_value(route_base + [route, 'remove-route']) + c.delete(route_base + [route, 'remove-route']) + if tmp == 'false': + c.set(route_base + [route, 'no-remove-route']) + # cleanup boolean nodes in individual prefix prefix_base = new_base + ['prefix'] if c.exists(prefix_base): diff --git a/src/migration-scripts/ipsec/4-to-5 b/src/migration-scripts/ipsec/4-to-5 index b64aa8462..4e959a7bf 100755 --- a/src/migration-scripts/ipsec/4-to-5 +++ b/src/migration-scripts/ipsec/4-to-5 @@ -1,4 +1,18 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. # log-modes have changed, keyword all to any diff --git a/src/migration-scripts/ipsec/5-to-6 b/src/migration-scripts/ipsec/5-to-6 new file mode 100755 index 000000000..86be55d13 --- /dev/null +++ b/src/migration-scripts/ipsec/5-to-6 @@ -0,0 +1,68 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Remove deprecated strongSwan options from VyOS CLI +# - vpn ipsec nat-traversal enable +# - vpn ipsec nat-networks allowed-network + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['vpn', 'ipsec'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +# Delete CLI nodes whose config options got removed by strongSwan +for cli_node in ['nat-traversal', 'nat-networks']: + if config.exists(base + [cli_node]): + config.delete(base + [cli_node]) + +# Remove options only valid in Openswan +if config.exists(base + ['site-to-site', 'peer']): + for peer in config.list_nodes(base + ['site-to-site', 'peer']): + if not config.exists(base + ['site-to-site', 'peer', peer, 'tunnel']): + continue + for tunnel in config.list_nodes(base + ['site-to-site', 'peer', peer, 'tunnel']): + # allow-public-networks - Sets a value in ipsec.conf that was only ever valid in Openswan on kernel 2.6 + nat_networks = base + ['site-to-site', 'peer', peer, 'tunnel', tunnel, 'allow-nat-networks'] + if config.exists(nat_networks): + config.delete(nat_networks) + + # allow-nat-networks - Also sets a value only valid in Openswan + public_networks = base + ['site-to-site', 'peer', peer, 'tunnel', tunnel, 'allow-public-networks'] + if config.exists(public_networks): + config.delete(public_networks) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) diff --git a/src/migration-scripts/ntp/0-to-1 b/src/migration-scripts/ntp/0-to-1 index 9c66f3109..294964580 100755 --- a/src/migration-scripts/ntp/0-to-1 +++ b/src/migration-scripts/ntp/0-to-1 @@ -17,7 +17,7 @@ with open(file_name, 'r') as f: config = ConfigTree(config_file) -if not config.exists(['system', 'ntp']): +if not config.exists(['system', 'ntp', 'server']): # Nothing to do sys.exit(0) else: diff --git a/src/migration-scripts/system/20-to-21 b/src/migration-scripts/system/20-to-21 new file mode 100755 index 000000000..ad41be646 --- /dev/null +++ b/src/migration-scripts/system/20-to-21 @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit, argv +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['system', 'sysctl'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +for all_custom in ['all', 'custom']: + if config.exists(base + [all_custom]): + for key in config.list_nodes(base + [all_custom]): + tmp = config.return_value(base + [all_custom, key, 'value']) + config.set(base + ['parameter', key, 'value'], value=tmp) + config.set_tag(base + ['parameter']) + config.delete(base + [all_custom]) + +for ipv4_param in ['net.ipv4.igmp_max_memberships', 'net.ipv4.ipfrag_time']: + if config.exists(base + [ipv4_param]): + tmp = config.return_value(base + [ipv4_param]) + config.set(base + ['parameter', ipv4_param, 'value'], value=tmp) + config.set_tag(base + ['parameter']) + config.delete(base + [ipv4_param]) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py new file mode 100755 index 000000000..66ecf8439 --- /dev/null +++ b/src/op_mode/conntrack_sync.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import syslog +import xmltodict + +from argparse import ArgumentParser +from vyos.configquery import CliShellApiConfigQuery +from vyos.util import cmd +from vyos.util import run +from vyos.template import render_to_string + +conntrackd_bin = '/usr/sbin/conntrackd' +conntrackd_config = '/run/conntrackd/conntrackd.conf' + +parser = ArgumentParser(description='Conntrack Sync') +group = parser.add_mutually_exclusive_group() +group.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true') +group.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true') +group.add_argument('--reset-cache-external', help='Reset external cache', action='store_true') +group.add_argument('--show-internal', help='Show internal (main) tracking cache', action='store_true') +group.add_argument('--show-external', help='Show external (main) tracking cache', action='store_true') +group.add_argument('--show-internal-expect', help='Show internal (expect) tracking cache', action='store_true') +group.add_argument('--show-external-expect', help='Show external (expect) tracking cache', action='store_true') + +def is_configured(): + """ Check if conntrack-sync service is configured """ + config = CliShellApiConfigQuery() + if not config.exists(['service', 'conntrack-sync']): + print('Service conntrackd-sync not configured!') + exit(1) + +def send_bulk_update(): + """ send bulk update of internal-cache to other systems """ + tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -B') + if tmp > 0: + print('ERROR: failed to send bulk update to other conntrack-sync systems') + +def request_sync(): + """ request resynchronization with other systems """ + tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -n') + if tmp > 0: + print('ERROR: failed to request resynchronization of external cache') + +def flush_cache(direction): + """ flush conntrackd cache (internal or external) """ + if direction not in ['internal', 'external']: + raise ValueError() + tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -f {direction}') + if tmp > 0: + print('ERROR: failed to clear {direction} cache') + +def xml_to_stdout(xml): + out = [] + for line in xml.splitlines(): + if line == '\n': + continue + parsed = xmltodict.parse(line) + out.append(parsed) + + print(render_to_string('conntrackd/conntrackd.op-mode.tmpl', {'data' : out})) + +if __name__ == '__main__': + args = parser.parse_args() + syslog.openlog(ident='conntrack-tools', logoption=syslog.LOG_PID, + facility=syslog.LOG_INFO) + + if args.restart: + is_configured() + + syslog.syslog('Restarting conntrack sync service...') + cmd('systemctl restart conntrackd.service') + # request resynchronization with other systems + request_sync() + # send bulk update of internal-cache to other systems + send_bulk_update() + + elif args.reset_cache_external: + is_configured() + syslog.syslog('Resetting external cache of conntrack sync service...') + + # flush the external cache + flush_cache('external') + # request resynchronization with other systems + request_sync() + + elif args.reset_cache_internal: + is_configured() + syslog.syslog('Resetting internal cache of conntrack sync service...') + # flush the internal cache + flush_cache('internal') + + # request resynchronization of internal cache with kernel conntrack table + tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -R') + if tmp > 0: + print('ERROR: failed to resynchronize internal cache with kernel conntrack table') + + # send bulk update of internal-cache to other systems + send_bulk_update() + + elif args.show_external or args.show_internal or args.show_external_expect or args.show_internal_expect: + is_configured() + opt = '' + if args.show_external: + opt = '-e ct' + elif args.show_external_expect: + opt = '-e expect' + elif args.show_internal: + opt = '-i ct' + elif args.show_internal_expect: + opt = '-i expect' + + if args.show_external or args.show_internal: + print('Main Table Entries:') + else: + print('Expect Table Entries:') + out = cmd(f'sudo {conntrackd_bin} -C {conntrackd_config} {opt} -x') + xml_to_stdout(out) + + else: + parser.print_help() + exit(1) diff --git a/src/op_mode/dynamic_dns.py b/src/op_mode/dynamic_dns.py index 962943896..263a3b6a5 100755 --- a/src/op_mode/dynamic_dns.py +++ b/src/op_mode/dynamic_dns.py @@ -36,6 +36,10 @@ update-status: {{ entry.status }} """ def show_status(): + # A ddclient status file must not always exist + if not os.path.exists(cache_file): + sys.exit(0) + data = { 'hosts': [] } @@ -61,11 +65,10 @@ def show_status(): if ip: outp['ip'] = ip.split(',')[0] - if 'atime=' in line: - atime = line.split('atime=')[1] - if atime: - tmp = atime.split(',')[0] - outp['time'] = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(int(tmp, base=10))) + if 'mtime=' in line: + mtime = line.split('mtime=')[1] + if mtime: + outp['time'] = time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(int(mtime.split(',')[0], base=10))) if 'status=' in line: status = line.split('status=')[1] diff --git a/src/op_mode/monitor_bandwidth_test.sh b/src/op_mode/monitor_bandwidth_test.sh index 6da0291c5..900223bca 100755 --- a/src/op_mode/monitor_bandwidth_test.sh +++ b/src/op_mode/monitor_bandwidth_test.sh @@ -26,5 +26,5 @@ elif [[ $(dig $1 AAAA +short | grep -v '\.$' | wc -l) -gt 0 ]]; then OPT="-V" fi -/usr/bin/iperf $OPT -c $1 +/usr/bin/iperf $OPT -c $1 $2 diff --git a/src/op_mode/openconnect-control.py b/src/op_mode/openconnect-control.py index ef9fe618c..c3cd25186 100755 --- a/src/op_mode/openconnect-control.py +++ b/src/op_mode/openconnect-control.py @@ -58,7 +58,7 @@ def main(): is_ocserv_configured() if args.action == "restart": - run("systemctl restart ocserv") + run("sudo systemctl restart ocserv.service") sys.exit(0) elif args.action == "show_sessions": show_sessions() diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py index 68cff61c8..4b7e40d1f 100755 --- a/src/op_mode/show_nat_rules.py +++ b/src/op_mode/show_nat_rules.py @@ -34,8 +34,8 @@ if args.source or args.destination: tmp = json.loads(tmp) format_nat66_rule = '{0: <10} {1: <50} {2: <50} {3: <10}' - print(format_nat66_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) - print(format_nat66_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) + print(format_nat_rule.format("Rule", "Source" if args.source else "Destination", "Translation", "Outbound Interface" if args.source else "Inbound Interface")) + print(format_nat_rule.format("----", "------" if args.source else "-----------", "-----------", "------------------" if args.source else "-----------------")) data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp) for idx in range(0, len(data_json)): @@ -86,7 +86,7 @@ if args.source or args.destination: else: tran_addr = dict_search('snat.addr' if args.source else 'dnat.addr', data['expr'][3]) - print(format_nat66_rule.format(rule, srcdest, tran_addr, interface)) + print(format_nat_rule.format(rule, srcdest, tran_addr, interface)) exit(0) else: diff --git a/src/op_mode/vpn_ike_sa.py b/src/op_mode/vpn_ike_sa.py new file mode 100755 index 000000000..28da9f8dc --- /dev/null +++ b/src/op_mode/vpn_ike_sa.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import argparse +import re +import vici + +ike_sa_peer_prefix = """\ +Peer ID / IP Local ID / IP +------------ -------------""" + +ike_sa_tunnel_prefix = """ + + State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Time + ----- ------ ------- ---- --------- ----- ------ ------""" + +def s(byte_string): + return str(byte_string, 'utf-8') + +def ike_sa(peer, nat): + session = vici.Session() + sas = session.list_sas() + peers = [] + for conn in sas: + for name, sa in conn.items(): + if peer and not name.startswith('peer-' + peer): + continue + if name.startswith('peer-') and name in peers: + continue + if nat and 'nat-local' not in sa: + continue + peers.append(name) + remote_str = f'{s(sa["remote-host"])} {s(sa["remote-id"])}' if s(sa['remote-id']) != '%any' else s(sa["remote-host"]) + local_str = f'{s(sa["local-host"])} {s(sa["local-id"])}' if s(sa['local-id']) != '%any' else s(sa["local-host"]) + print(ike_sa_peer_prefix) + print('%-39s %-39s' % (remote_str, local_str)) + state = 'up' if 'state' in sa and s(sa['state']) == 'ESTABLISHED' else 'down' + version = 'IKEv' + s(sa['version']) + encryption = f'{s(sa["encr-alg"])}_{s(sa["encr-keysize"])}' if 'encr-alg' in sa else 'n/a' + integrity = s(sa['integ-alg']) if 'integ-alg' in sa else 'n/a' + dh_group = s(sa['dh-group']) if 'dh-group' in sa else 'n/a' + natt = 'yes' if 'nat-local' in sa and s(sa['nat-local']) == 'yes' else 'no' + atime = s(sa['established']) if 'established' in sa else '0' + ltime = s(sa['rekey-time']) if 'rekey_time' in sa else '0' + print(ike_sa_tunnel_prefix) + print(' %-6s %-6s %-12s %-13s %-14s %-6s %-7s %-7s\n' % (state, version, encryption, integrity, dh_group, natt, atime, ltime)) + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument('--peer', help='Peer name', required=False) + parser.add_argument('--nat', help='NAT Traversal', required=False) + + args = parser.parse_args() + + ike_sa(args.peer, args.nat)
\ No newline at end of file diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py new file mode 100755 index 000000000..434186abb --- /dev/null +++ b/src/op_mode/vpn_ipsec.py @@ -0,0 +1,206 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import base64 +import os +import re +import struct +import sys +import argparse +from subprocess import TimeoutExpired + +from vyos.util import ask_yes_no, call, cmd, process_named_running +from Crypto.PublicKey.RSA import importKey + +RSA_LOCAL_KEY_PATH = '/config/ipsec.d/rsa-keys/localhost.key' +RSA_LOCAL_PUB_PATH = '/etc/ipsec.d/certs/localhost.pub' +RSA_KEY_PATHS = ['/config/auth', '/config/ipsec.d/rsa-keys'] + +X509_CONFIG_PATH = '/etc/ipsec.d/key-pair.template' +X509_PATH = '/config/auth/' + +IPSEC_CONF = '/etc/ipsec.conf' +SWANCTL_CONF = '/etc/swanctl.conf' + +def migrate_to_vyatta_key(path): + with open(path, 'r') as f: + key = importKey(f.read()) + e = key.e.to_bytes((key.e.bit_length() + 7) // 8, 'big') + n = key.n.to_bytes((key.n.bit_length() + 7) // 8, 'big') + return '0s' + str(base64.b64encode(struct.pack('B', len(e)) + e + n), 'ascii') + return None + +def find_rsa_keys(): + keys = [] + for path in RSA_KEY_PATHS: + if not os.path.exists(path): + continue + for filename in os.listdir(path): + full_path = os.path.join(path, filename) + if os.path.isfile(full_path) and full_path.endswith(".key"): + keys.append(full_path) + return keys + +def show_rsa_keys(): + for key_path in find_rsa_keys(): + print('Private key: ' + os.path.basename(key_path)) + print('Public key: ' + migrate_to_vyatta_key(key_path) + '\n') + +def generate_rsa_key(bits = 2192): + if (bits < 16 or bits > 4096) or bits % 16 != 0: + print('Invalid bit length') + return + + if os.path.exists(RSA_LOCAL_KEY_PATH): + if not ask_yes_no("A local RSA key file already exists and will be overwritten. Continue?"): + return + + print(f'Generating rsa-key to {RSA_LOCAL_KEY_PATH}') + + directory = os.path.dirname(RSA_LOCAL_KEY_PATH) + call(f'sudo mkdir -p {directory}') + result = call(f'sudo /usr/bin/openssl genrsa -out {RSA_LOCAL_KEY_PATH} {bits}') + + if result != 0: + print(f'Could not generate RSA key: {result}') + return + + call(f'sudo /usr/bin/openssl rsa -inform PEM -in {RSA_LOCAL_KEY_PATH} -pubout -out {RSA_LOCAL_PUB_PATH}') + + print('Your new local RSA key has been generated') + print('The public portion of the key is:\n') + print(migrate_to_vyatta_key(RSA_LOCAL_KEY_PATH)) + +def generate_x509_pair(name): + if os.path.exists(X509_PATH + name): + if not ask_yes_no("A certificate request with this name already exists and will be overwritten. Continue?"): + return + + result = os.system(f'openssl req -new -nodes -keyout {X509_PATH}{name}.key -out {X509_PATH}{name}.csr -config {X509_CONFIG_PATH}') + + if result != 0: + print(f'Could not generate x509 key-pair: {result}') + return + + print('Private key and certificate request has been generated') + print(f'CSR: {X509_PATH}{name}.csr') + print(f'Private key: {X509_PATH}{name}.key') + +def get_peer_connections(peer, tunnel, return_all = False): + search = rf'^conn (peer-{peer}-(tunnel-[\d]+|vti))$' + matches = [] + with open(IPSEC_CONF, 'r') as f: + for line in f.readlines(): + result = re.match(search, line) + if result: + suffix = f'tunnel-{tunnel}' if tunnel.isnumeric() else tunnel + if return_all or (result[2] == suffix): + matches.append(result[1]) + return matches + +def reset_peer(peer, tunnel): + if not peer: + print('Invalid peer, aborting') + return + + conns = get_peer_connections(peer, tunnel, return_all = (not tunnel or tunnel == 'all')) + + if not conns: + print('Tunnel(s) not found, aborting') + return + + result = True + for conn in conns: + try: + call(f'sudo /usr/sbin/ipsec down {conn}', timeout = 10) + call(f'sudo /usr/sbin/ipsec up {conn}', timeout = 10) + except TimeoutExpired as e: + print(f'Timed out while resetting {conn}') + result = False + + + print('Peer reset result: ' + ('success' if result else 'failed')) + +def get_profile_connection(profile, tunnel = None): + search = rf'(dmvpn-{profile}-[\w]+)' if tunnel == 'all' else rf'(dmvpn-{profile}-{tunnel})' + with open(SWANCTL_CONF, 'r') as f: + for line in f.readlines(): + result = re.search(search, line) + if result: + return result[1] + return None + +def reset_profile(profile, tunnel): + if not profile: + print('Invalid profile, aborting') + return + + if not tunnel: + print('Invalid tunnel, aborting') + return + + conn = get_profile_connection(profile) + + if not conn: + print('Profile not found, aborting') + return + + call(f'sudo /usr/sbin/ipsec down {conn}') + result = call(f'sudo /usr/sbin/ipsec up {conn}') + + print('Profile reset result: ' + ('success' if result == 0 else 'failed')) + +def debug_peer(peer, tunnel): + if not peer or peer == "all": + call('sudo /usr/sbin/ipsec statusall') + return + + if not tunnel or tunnel == 'all': + tunnel = '' + + conn = get_peer_connection(peer, tunnel) + + if not conn: + print('Peer not found, aborting') + return + + call(f'sudo /usr/sbin/ipsec statusall | grep {conn}') + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument('--action', help='Control action', required=True) + parser.add_argument('--bits', help='Bits for rsa-key', required=False) + parser.add_argument('--name', help='Name for x509 key-pair, peer for reset', required=False) + parser.add_argument('--tunnel', help='Specific tunnel of peer', required=False) + + args = parser.parse_args() + + if args.action == 'rsa-key': + bits = int(args.bits) if args.bits else 2192 + generate_rsa_key(bits) + elif args.action == 'rsa-key-show': + show_rsa_keys() + elif args.action == 'x509': + if not args.name: + print('Invalid name for key-pair, aborting.') + sys.exit(0) + generate_x509_pair(args.name) + elif args.action == 'reset-peer': + reset_peer(args.name, args.tunnel) + elif args.action == "reset-profile": + reset_profile(args.name, args.tunnel) + elif args.action == "vpn-debug": + debug_peer(args.name, args.tunnel) diff --git a/src/systemd/opennhrp.service b/src/systemd/opennhrp.service new file mode 100644 index 000000000..70235f89d --- /dev/null +++ b/src/systemd/opennhrp.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenNHRP +After=vyos-router.service +ConditionPathExists=/run/opennhrp/opennhrp.conf +StartLimitIntervalSec=0 + +[Service] +Type=forking +ExecStart=/usr/sbin/opennhrp -d -v -a /run/opennhrp.socket -c /run/opennhrp/opennhrp.conf -s /etc/opennhrp/opennhrp-script.py -p /run/opennhrp.pid +ExecReload=/usr/bin/kill -HUP $MAINPID +PIDFile=/run/opennhrp.pid +Restart=on-failure +RestartSec=20 diff --git a/src/validators/ipv4 b/src/validators/ipv4 new file mode 100755 index 000000000..53face090 --- /dev/null +++ b/src/validators/ipv4 @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv4 $1 diff --git a/src/validators/ipv4-multicast b/src/validators/ipv4-multicast new file mode 100755 index 000000000..e5cbc9532 --- /dev/null +++ b/src/validators/ipv4-multicast @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv4-multicast $1 diff --git a/src/validators/ipv6-exclude b/src/validators/ipv6-exclude new file mode 100755 index 000000000..893eeab09 --- /dev/null +++ b/src/validators/ipv6-exclude @@ -0,0 +1,7 @@ +#!/bin/sh +arg="$1" +if [ "${arg:0:1}" != "!" ]; then + exit 1 +fi +path=$(dirname "$0") +${path}/ipv6 "${arg:1}" diff --git a/src/validators/ipv6-multicast b/src/validators/ipv6-multicast new file mode 100755 index 000000000..66cd90c9c --- /dev/null +++ b/src/validators/ipv6-multicast @@ -0,0 +1,3 @@ +#!/bin/sh + +ipaddrcheck --is-ipv6-multicast $1 diff --git a/src/validators/ipv6-range b/src/validators/ipv6-range new file mode 100755 index 000000000..033b6461b --- /dev/null +++ b/src/validators/ipv6-range @@ -0,0 +1,16 @@ +#!/usr/bin/python3 + +import sys +import re +from vyos.template import is_ipv6 + +if __name__ == '__main__': + if len(sys.argv)>1: + ipv6_range = sys.argv[1] + # Regex for ipv6-ipv6 https://regexr.com/ + if re.search('([a-f0-9:]+:+)+[a-f0-9]+-([a-f0-9:]+:+)+[a-f0-9]+', ipv6_range): + for tmp in ipv6_range.split('-'): + if not is_ipv6(tmp): + sys.exit(1) + + sys.exit(0) diff --git a/src/validators/ipv6-range-exclude b/src/validators/ipv6-range-exclude new file mode 100755 index 000000000..912b55ae3 --- /dev/null +++ b/src/validators/ipv6-range-exclude @@ -0,0 +1,7 @@ +#!/bin/sh +arg="$1" +if [ "${arg:0:1}" != "!" ]; then + exit 1 +fi +path=$(dirname "$0") +${path}/ipv6-range "${arg:1}" diff --git a/src/validators/sysctl b/src/validators/sysctl new file mode 100755 index 000000000..9b5bba3e1 --- /dev/null +++ b/src/validators/sysctl @@ -0,0 +1,24 @@ +#!/bin/sh +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +declare -a array +eval "array=($(/sbin/sysctl -N -a))" + +if [[ ! " ${array[@]} " =~ " $1 " ]]; then + # passed sysctl option is invalid + exit 1 +fi +exit 0 |