smilint output for ./MIDCOM-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 1 |
| Message Types |
|---|
| Type | Count |
|---|
| object-identifier-not-prefix (error) | 1 |
Messages:
MIDCOM-MIB
1: -- extracted from draft-ietf-midcom-mib-09.txt
2: -- at Tue Oct 10 06:07:13 2006
3:
4: MIDCOM-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, OBJECT-TYPE,
8: NOTIFICATION-TYPE, Unsigned32,
9: Counter32, Gauge32, mib-2
10: FROM SNMPv2-SMI -- RFC2578
11:
12: TEXTUAL-CONVENTION, TruthValue,
13: StorageType, RowStatus
14: FROM SNMPv2-TC -- RFC2579
15:
16: MODULE-COMPLIANCE, OBJECT-GROUP,
17: NOTIFICATION-GROUP
18: FROM SNMPv2-CONF -- RFC2580
19:
20: SnmpAdminString
21: FROM SNMP-FRAMEWORK-MIB -- RFC3411
22:
23: InetAddressType, InetAddress,
24: InetPortNumber,
25: InetAddressPrefixLength
26: FROM INET-ADDRESS-MIB -- RFC4001
27:
28: InterfaceIndexOrZero
29: FROM IF-MIB -- RFC2863
30:
31: NatBindIdOrZero
32: FROM NAT-MIB; -- RFC4008
33:
34: midcomMIB MODULE-IDENTITY
35: LAST-UPDATED "200607281800Z" -- July 28, 2006
36: ORGANIZATION "IETF Middlebox Communication Working Group"
37: CONTACT-INFO
38: "WG charter:
39: http://www.ietf.org/html.charters/midcom-charter.html
40:
41: Mailing Lists:
42: General Discussion: midcom@ietf.org
43: To Subscribe: midcom-request@ietf.org
44: In Body: subscribe your_email_address
45:
46: Co-editor:
47: Juergen Quittek
48: NEC Europe Ltd.
49: Network Laboratories
50: Kurfuersten-Anlage 36
51: 69115 Heidelberg
52: Germany
53: Tel: +49 6221 4342-115
54: Email: quittek@netlab.nec.de
55:
56: Co-editor:
57: Martin Stiemerling
58: NEC Europe Ltd.
59: Network Laboratories
60: Kurfuersten-Anlage 36
61: 69115 Heidelberg
62: Germany
63: Tel: +49 6221 4342-113
64: Email: stiemerling@netlab.nec.de
65:
66: Co-editor:
67: P. Srisuresh
68: Caymas Systems, Inc.
69: 1179-A North McDowell Blvd.
70: Petaluma, CA 94954
71: USA
72: Tel: +1 707 283-5063
73: Email: srisuresh@yahoo.com"
74:
75: DESCRIPTION
76: "This MIB module defines a set of basic objects for
77: configuring middleboxes, such as firewalls and network
78: address translators, in order to enable communication
79: across these devices.
80:
81: Managed objects defined in this MIB module are structured
82: in three branches:
83: - transaction objects required according to the MIDCOM
84: protocol requirements defined in RFC 3304 and according
85: to the MIDCOM protocol semantics defined in RFC 3989,
86: - configuration objects that can be used for retrieving or
87: setting parameters of the implementation of objects in
88: the transaction branch,
89: - optional monitoring objects that provide information
90: about used resource and statistics
91:
92: In the transaction objects branch, there are two groups of
93: managed objects defined:
94: - objects modeling MIDCOM policy rules in the
95: midcomRuleTable
96: - objects modeling MIDCOM policy rule groups in the
97: midcomGroupTable
98:
99: Note that typically, objects in the configuration branch
100: are not intended to be written by MIDCOM clients.
101: In general, write access to these objects needs to be
102: restricted more strictly than write access to objects in
103: the transaction branch.
104:
105: Copyright (C) The Internet Society (2006). This version
106: of this MIB module is part of RFC yyyy; see the RFC
107: itself for full legal notices."
108: -- RFC Ed.: replace yyyy with actual RFC number & remove this notice
109:
110: REVISION "200607281800Z" -- July 28, 2006
111: DESCRIPTION "Initial version, published as RFC yyyy."
112: -- RFC Ed.: replace yyyy with actual RFC number and
113: -- remove this notice
114:
115: ::= { mib-2 xxxxx }
115: error -
Object identifier element `xxxxx' name only allowed as first element
116: -- RFC Ed.: replace xxxxx with IANA-assigned number and
117: -- remove this note
118:
119: --
120: -- main components of this MIB module
121: --
122:
123: midcomNotifications OBJECT IDENTIFIER ::= { midcomMIB 0 }
124: midcomObjects OBJECT IDENTIFIER ::= { midcomMIB 1 }
125: midcomConformance OBJECT IDENTIFIER ::= { midcomMIB 2 }
126:
127: -- Transaction objects required according to the MIDCOM
128: -- protocol requirements defined in RFC 3304 and according to
129: -- the MIDCOM protocol semantics defined in RFC 3989
130: midcomTransaction OBJECT IDENTIFIER ::= { midcomObjects 1 }
131:
132: -- Configuration objects that can be used for retrieving
133: -- middlebox capability information (mandatory) and for
134: -- setting parameters of the implementation of objects in
135: -- the transaction branch (optional)
136: midcomConfig OBJECT IDENTIFIER ::= { midcomObjects 2 }
137:
138: -- Optional monitoring objects that provide information about
139: -- used resource and statistics
140: midcomMonitoring OBJECT IDENTIFIER ::= { midcomObjects 3 }
141:
142:
143: --
144: -- Transaction Objects
145: --
146: -- Transaction objects are structured according to the MIDCOM
147: -- protocol semantics into two groups:
148: -- - the policy rules group containing objects that model
149: -- policy rules, and
150: -- - the group group containing objects modeling policy rule
151: -- groups.
152:
153:
154: --
155: -- Policy rule group
156: --
157: -- The midcomRuleTable lists policy rules
158: -- including policy reserve rules and policy enable rules.
159: --
160:
161: midcomRuleTable OBJECT-TYPE
162: SYNTAX SEQUENCE OF MidcomRuleEntry
163: MAX-ACCESS not-accessible
164: STATUS current
165: DESCRIPTION
166: "This table lists policy rules.
167:
168: It is indexed by the midcomRuleOwner, the
169: midcomGroupIndex and the midcomRuleIndex.
170: This implies that a rule is member of exactly
171: one group and that group membership cannot
172: be changed.
173:
174: Entries can be deleted by writing to
175: midcomGroupLifetime or midcomRuleLifetime
176: and potentially also to midcomRuleStorageTime."
177: ::= { midcomTransaction 3 }
178:
179: midcomRuleEntry OBJECT-TYPE
180: SYNTAX MidcomRuleEntry
181: MAX-ACCESS not-accessible
182: STATUS current
183: DESCRIPTION
184: "An entry describing a particular MIDCOM policy rule."
185: INDEX { midcomRuleOwner, midcomGroupIndex, midcomRuleIndex }
186: ::= { midcomRuleTable 1 }
187:
188: MidcomRuleEntry ::= SEQUENCE {
189: midcomRuleOwner SnmpAdminString,
190: midcomRuleIndex Unsigned32,
191: midcomRuleAdminStatus INTEGER,
192: midcomRuleOperStatus INTEGER,
193: midcomRuleStorageType StorageType,
194: midcomRuleStorageTime Unsigned32,
195: midcomRuleError SnmpAdminString,
196: midcomRuleInterface InterfaceIndexOrZero,
197: midcomRuleFlowDirection INTEGER,
198: midcomRuleMaxIdleTime Unsigned32,
199: midcomRuleTransportProtocol Unsigned32,
200: midcomRulePortRange INTEGER,
201: midcomRuleInternalIpVersion InetAddressType,
202: midcomRuleExternalIpVersion InetAddressType,
203: midcomRuleInternalIpAddr InetAddress,
204: midcomRuleInternalIpPrefixLength InetAddressPrefixLength,
205: midcomRuleInternalPort InetPortNumber,
206: midcomRuleExternalIpAddr InetAddress,
207: midcomRuleExternalIpPrefixLength InetAddressPrefixLength,
208: midcomRuleExternalPort InetPortNumber,
209: midcomRuleInsideIpAddr InetAddress,
210: midcomRuleInsidePort InetPortNumber,
211: midcomRuleOutsideIpAddr InetAddress,
212: midcomRuleOutsidePort InetPortNumber,
213: midcomRuleLifetime Unsigned32,
214: midcomRuleRowStatus RowStatus
215: }
216:
217: midcomRuleOwner OBJECT-TYPE
218: SYNTAX SnmpAdminString (SIZE (0..32))
219: MAX-ACCESS not-accessible
220: STATUS current
221: DESCRIPTION
222: "The manager who owns this row in the midcomRuleTable.
223:
224: This object SHOULD uniquely identify an authenticated
225: MIDCOM client. This object is part of the table index to
226: allow for the use of the SNMPv3 View-Based Access Control
227: Model (RFC 3415, VACM)."
228: ::= { midcomRuleEntry 1 }
229:
230: midcomRuleIndex OBJECT-TYPE
231: SYNTAX Unsigned32 (1..4294967295)
232: MAX-ACCESS not-accessible
233: STATUS current
234: DESCRIPTION
235: "The value of this object must be unique in
236: combination with the values of the objects
237: midcomRuleOwner and midcomGroupIndex in this row."
238: ::= { midcomRuleEntry 3 }
239:
240: midcomRuleAdminStatus OBJECT-TYPE
241: SYNTAX INTEGER {
242: reserve(1),
243: enable(2),
244: notSet(3)
245: }
246: MAX-ACCESS read-write
247: STATUS current
248: DESCRIPTION
249: "The value of this object indicates the desired status of
250: the policy rule. See the definition of midcomRuleOperStatus
251: for a description of the values.
252:
253: When a midcomRuleEntry is created without explicitly setting
254: this object, its value will be notSet(3).
255:
256: However, a set request can only set this object to either
257: reserve(1) or enable(2). Attempts to set this object to
258: notSet(3) will always fail with an 'inconsistentValue'
259: error. Note that this error code is SNMP specific. If the MIB
260: module is used with other protocols than SNMP, errors with
261: similar semantics specific to those protocols should be
262: returned.
263:
264: When the midcomRuleAdminStatus object is set, then the
265: MIDCOM MIB implementation will try to read the respective
266: relevant objects of the entry and try to achieve the
267: corresponding midcomRuleOperStatus.
268:
269: Setting midcomRuleAdminStatus to value reserve(1) when
270: object midcomRuleOperStatus has a value of reserved(7)
271: does not have any effect on the policy rule.
272: Setting midcomRuleAdminStatus to value enable(2) when
273: object midcomRuleOperStatus has a value of enabled(8)
274: does not have any effect on the policy rule.
275:
276: Depending on whether the midcomRuleAdminStatus is set to
277: reserve(1) or enable(2) several objects must be set in
278: advance. They serve as parameters of the policy rule to be
279: established
280:
281: When object midcomRuleAdminStatus is set to reserve(1),
282: then the following objects in the same entry are of
283: relevance:
284: - midcomRuleInterface
285: - midcomRuleTransportProtocol
286: - midcomRulePortRange
287: - midcomRuleInternalIpVersion
288: - midcomRuleExternalIpVersion
289: - midcomRuleInternalIpAddr
290: - midcomRuleInternalIpPrefixLength
291: - midcomRuleInternalPort
292: - midcomRuleLifetime
293: MIDCOM MIB implementation may also consider the value
294: of object midcomRuleMaxIdleTime when establishing
295: a reserve rule.
296:
297: When object midcomRuleAdminStatus is set to enable(2),
298: then the following objects in the same entry are of
299: relevance:
300: - midcomRuleInterface
301: - midcomRuleFlowDirection
302: - midcomRuleMaxIdleTime
303: - midcomRuleTransportProtocol
304: - midcomRulePortRange
305: - midcomRuleInternalIpVersion
306: - midcomRuleExternalIpVersion
307: - midcomRuleInternalIpAddr
308: - midcomRuleInternalIpPrefixLength
309: - midcomRuleInternalPort
310: - midcomRuleExternalIpAddr
311: - midcomRuleExternalIpPrefixLength
312: - midcomRuleExternalPort
313: - midcomRuleLifetime
314:
315: When retrieved, the object returns the last set value.
316: If no value has been set, it returns the default value
317: notSet(3)."
318: DEFVAL { notSet }
319: ::= { midcomRuleEntry 4 }
320:
321: midcomRuleOperStatus OBJECT-TYPE
322: SYNTAX INTEGER {
323: newEntry(1),
324: setting(2),
325: checkingRequest(3),
326: incorrectRequest(4),
327: processingRequest(5),
328: requestRejected(6),
329: reserved(7),
330: enabled(8),
331: timedOut(9),
332: terminatedOnRequest(10),
333: terminated(11),
334: genericError(12)
335: }
336: MAX-ACCESS read-only
337: STATUS current
338: DESCRIPTION
339: "The actual status of the policy rule. The
340: midcomRuleOperStatus object may have the following values:
341:
342: - newEntry(1) indicates that the entry in the
343: midcomRuleTable was created, but not modified yet.
344: Such an entry needs to be filled with values specifying
345: a request first.
346:
347: - setting(2) indicates that the entry has been already
348: modified after generating it, but no request was made
349: yet.
350:
351: - checkingRequest(3) indicates that midcomRuleAdminStatus
352: has recently been set and that the MIDCOM MIB
353: implementation is currently checking the parameters of
354: the request. This is a transient state. The value of
355: this object will change to either incorrectRequest(4)
356: or processingRequest(5) without any external
357: interaction. A MIDCOM MIB implementation MAY return
358: this value while checking request parameters.
359:
360: - incorrectRequest(4) indicates that checking a request
361: resulted in detecting an incorrect value in one of the
362: objects containing request parameters. The failure
363: reason is indicated by the value of midcomRuleError.
364:
365: - processingRequest(5) indicates that
366: midcomRuleAdminStatus has recently been set and that
367: the MIDCOM MIB implementation is currently processing
368: the request and trying to configure the middlebox
369: accordingly. This is a transient state. The value of
370: this object will change to either requestRejected(6),
371: reserved(7) or enabled(8) without any external
372: interaction. A MIDCOM MIB implementation MAY return
373: this value while processing a request.
374:
375: - requestRejected(6) indicates that a request to establish
376: a policy rule specified by the entry was rejected. The
377: reason of rejection is indicated by the value of
378: midcomRuleError.
379:
380: - reserved(7) indicates that the entry describes an
381: established policy reserve rule.
382: These values of MidcomRuleEntry are meaningful
383: for a reserved policy rule:
384: - midcomRuleMaxIdleTime
385: - midcomRuleInterface
386: - midcomRuleTransportProtocol
387: - midcomRulePortRange
388: - midcomRuleInternalIpVersion
389: - midcomRuleExternalIpVersion
390: - midcomRuleInternalIpAddr
391: - midcomRuleInternalIpPrefixLength
392: - midcomRuleInternalPort
393: - midcomRuleOutsideIpAddr
394: - midcomRuleOutsidePort
395: - midcomRuleLifetime
396:
397: - enabled(8) indicates that the entry describes an
398: established policy enable rule.
399: These values of MidcomRuleEntry are meaningful
400: for an enabled policy rule:
401: - midcomRuleFlowDirection
402: - midcomRuleInterface
403: - midcomRuleMaxIdleTime
404: - midcomRuleTransportProtocol
405: - midcomRulePortRange
406: - midcomRuleInternalIpVersion
407: - midcomRuleExternalIpVersion
408: - midcomRuleInternalIpAddr
409: - midcomRuleInternalIpPrefixLength
410: - midcomRuleInternalPort
411: - midcomRuleExternalIpAddr
412: - midcomRuleExternalIpPrefixLength
413: - midcomRuleExternalPort
414: - midcomRuleInsideIpAddr
415: - midcomRuleInsidePort
416: - midcomRuleOutsideIpAddr
417: - midcomRuleOutsidePort
418: - midcomRuleLifetime
419:
420: - timedOut(9) indicates that the lifetime of a previously
421: established policy rule has expired and that the policy
422: rule is terminated for this reason.
423:
424: - terminatedOnRequest(10) indicates that a previously
425: established policy rule was terminated by an SNMP
426: manager setting the midcomRuleLifetime to 0 or
427: setting midcomGroupLifetime to 0.
428:
429: - terminated(11) indicates that a previously established
430: policy rule was terminated by the MIDCOM MIB
431: implementation for another reason than lifetime
432: expiration or an explicit request from an SNMP
433: manager.
434:
435: - genericError(12) indicates that the policy rule
436: specified by the entry is not established due to
437: an error condition not listed above.
438:
439: The states timedOut(9), terminatedOnRequest(10) and
440: terminated(11) are referred to as termination states.
441:
442: The states incorrectRequest(4), requestRejected(6)
443: and genericError(12) are referred to as error states.
444:
445: The checkingRequest(3) and processingRequest(4)
446: states are transient states which will either lead to
447: one of the error states or the reserved(7) state or the
448: enabled(8) states. MIDCOM MIB implementations MAY return
449: these values when checking or processing requests."
450: DEFVAL { newEntry }
451: ::= { midcomRuleEntry 5 }
452:
453: midcomRuleStorageType OBJECT-TYPE
454: SYNTAX StorageType
455: MAX-ACCESS read-write
456: STATUS current
457: DESCRIPTION
458: "When retrieved, this object returns the storage
459: type of the policy rule. Writing to this object can
460: change the storage type of the particular row from
461: volatile(2) to nonVolatile(3) or vice versa.
462:
463: Attempts to set this object to permanent will always
464: fail with an 'inconsistentValue' error. Note that this
465: error code is SNMP specific. If the MIB module is used
466: with other protocols than SNMP, errors with similar
467: semantics specific to those protocols should be
468: returned.
469:
470: If midcomRuleStorageType has the value permanent(4),
471: then all objects in this row whose MAX-ACCESS value
472: is read-write must be read-only."
473: DEFVAL { volatile }
474: ::= { midcomRuleEntry 6 }
475:
476: midcomRuleStorageTime OBJECT-TYPE
477: SYNTAX Unsigned32
478: UNITS "seconds"
479: MAX-ACCESS read-write
480: STATUS current
481: DESCRIPTION
482: "The value of this object specifies how long this row
483: can exist in the midcomRuleTable after the
484: midcomRuleOperStatus switched to a termination state or
485: to an error state. This object returns the remaining
486: time that the row may exist before it is aged out.
487:
488: After expiration or termination of the context, the value
489: of this object ticks backwards. The entry in the
490: midcomRuleTable is destroyed when the value reaches 0.
491:
492: The value of this object may be set in order to increase
493: or reduce the remaining time that the row may exist.
494: Setting the value to 0 will destroy this entry as soon as
495: the midcomRuleOperStatus switched to a termination state
496: or to an error state.
497:
498: Note that there is no guarantee that the row is stored as
499: long as this object indicates. At any time, the MIDCOM
500: MIB implementation may decide to remove a row describing
501: a terminated policy rule before the storage time of the
502: corresponding row in the midcomRuleTable reaches the
503: value of 0. In this case the information stored in this
504: row is not anymore available.
505:
506: If object midcomRuleStorageType indicates that the policy
507: rule has storage type permanent(4), then this object has
508: a constant value of 4294967295."
509: DEFVAL { 0 }
510: ::= { midcomRuleEntry 7 }
511:
512: midcomRuleError OBJECT-TYPE
513: SYNTAX SnmpAdminString
514: MAX-ACCESS read-only
515: STATUS current
516: DESCRIPTION
517: "This object contains a descriptive error message if
518: the transition into the operational status reserved(7)
519: or enabled(8) failed. Implementations must reset the
520: error message to a zero-length string when a new
521: attempt to change the policy rule status to reserved(7)
522: or enabled(8) is started.
523:
524: RECOMMENDED values to be returned in particular cases
525: include
526: - 'lack of IP addresses'
527: - 'lack of port numbers'
528: - 'lack of resources'
529: - 'specified NAT interface does not exist'
530: - 'specified NAT interface does not support NAT'
531: - 'conflict with already existing policy rule'
532: - 'no internal IP wildcarding allowed'
533: - 'no external IP wildcarding allowed'
534:
535: The semantics of these error messages and the corresponding
536: behavior of the MIDCOM MIB implementation are specified
537: in sections 2.3.9 and 2.3.10 of RFC 3989."
538: REFERENCE
539: "RFC 3989, sections 2.3.9 and 2.3.10"
540: DEFVAL { ''H }
541: ::= { midcomRuleEntry 8 }
542:
543: midcomRuleInterface OBJECT-TYPE
544: SYNTAX InterfaceIndexOrZero
545: MAX-ACCESS read-write
546: STATUS current
547: DESCRIPTION
548: "This object indicates the IP interface for which
549: enforcement of a policy rule is requested or performed,
550: respectively.
551:
552: The interface is identified by its index in the ifTable
553: (see IF-MIB in RFC2863). If the object has a value of 0,
554: then no particular interface is indicated.
555:
556: This object is used as input to a request for establishing
557: a policy rule as well as for indicating the properties of
558: an established policy rule.
559:
560: If object midcomRuleOperStatus of the same entry has the
561: value newEntry(1) or setting(2), then this object can be
562: written by a manager in order to request its preference
563: concerning the interface at which it requests NAT service.
564: The default value of 0 indicates that the manager does not
565: have a preferred interface or does not have sufficient
566: topology information for specifying one. Writing to this
567: object in any state other than newEntry(1) or setting(2)
568: will always fail with an 'inconsistentValue' error.
569: Note that this error code is SNMP specific. If the MIB
570: module is used with other protocols than SNMP, errors with
571: similar semantics specific to those protocols should be
572: returned.
573:
574: If object midcomRuleOperStatus of the same entry has the
575: value reserved(7) or enabled(8), then this object indicates
576: the interface at which NAT service for this rule is
577: performed. If NAT service is not required for enforcing
578: the policy rule, then the value of this object is 0. Also
579: if the MIDCOM MIB implementation cannot indicate an
580: interface, because it does not have this information or
581: because NAT service is not offered at a particular single
582: interface, then the value of the object is 0.
583:
584: If object midcomRuleOperStatus of the same entry has a
585: value other than newEntry(1), setting(2), reserved(7) or
586: enabled(8), then the value of this object is irrelevant."
587: DEFVAL { 0 }
588: ::= { midcomRuleEntry 9 }
589:
590: midcomRuleFlowDirection OBJECT-TYPE
591: SYNTAX INTEGER {
592: inbound(1),
593: outbound(2),
594: biDirectional(3)
595: }
596: MAX-ACCESS read-write
597: STATUS current
598: DESCRIPTION
599: "This parameter specifies the direction of enabled
600: communication, either inbound(1), outbound(2), or
601: biDirectional(3).
602:
603: The semantics of this object depends on the protocol
604: the rule relates to. If the rule is independent of
605: the transport protocol (midcomRuleTransportProtocol
606: has value of 0) or if the transport protocol is UDP,
607: then the value of midcomRuleFlowDirection indicates
608: the direction of packets traversing the middlebox.
609:
610: In this case, value inbound(1) indicates that packets
611: are traversing from outside to inside, value outbound(2)
612: indicates that packets are traversing from inside to
613: outside. For both values, inbound(1) and outbound(2)
614: packets can traverse the middlebox only uni-directional.
615: A bi-directional flow is indicated by value
616: biDirectional(3).
617:
618: If the transport protocol is TCP, the packet flow is
619: always bi-directional, but the value of
620: midcomRuleFlowDirection indicates that:
621:
622: - inbound(1): bi-directional TCP packet flow.
623: First packet, with TCP SYN flag set, must arrive
624: at an outside interface of the middlebox.
625:
626: - outbound(2): bi-directional TCP packet flow.
627: First packet, with TCP SYN flag set, must arrive
628: at an inside interface of the middlebox.
629:
630: - biDirectional(3): bi-directional TCP packet flow.
631: First packet, with TCP SYN flag set, may arrive
632: at an inside or an outside interface of the middlebox.
633:
634: This object is used as input to a request for
635: establishing a policy enable rule as well as for
636: indicating the properties of an established policy rule.
637:
638: If object midcomRuleOperStatus of the same entry has a
639: value of either newEntry(1), setting(2) or reserved(7),
640: then this object can be written by a manager in order to
641: specify a requested direction to be enabled by a policy
642: rule. Writing to this object in any state other than
643: newEntry(1), setting(2) or reserved(7) will always fail
644: with an 'inconsistentValue' error.
645: Note that this error code is SNMP specific. If the MIB
646: module is used with other protocols than SNMP, errors with
647: similar semantics specific to those protocols should be
648: returned.
649: If object midcomRuleOperStatus of the same entry has the
650: value enabled(8), then this object indicates the enabled
651: flow direction.
652:
653: If object midcomRuleOperStatus of the same entry has a
654: value other than newEntry(1), setting(2), reserved(7) or
655: enabled(8), then the value of this object is irrelevant."
656: DEFVAL { outbound }
657: ::= { midcomRuleEntry 10 }
658:
659: midcomRuleMaxIdleTime OBJECT-TYPE
660: SYNTAX Unsigned32
661: UNITS "seconds"
662: MAX-ACCESS read-write
663: STATUS current
664: DESCRIPTION
665: "Maximum idle time of the policy rule in seconds.
666:
667: If no packet to which the policy rule applies passes the
668: middlebox for the specified midcomRuleMaxIdleTime, then
669: the policy rule enters the termination state timedOut(9).
670:
671: A value of 0 indicates that the policy does not require
672: an individual idle time and that instead, a default idle
673: time chosen by the middlebox is used.
674:
675: A value of 4294967295 ( = 2^32 - 1 ) indicates that the
676: policy does not time out if it is idle.
677:
678: This object is used as input to a request for
679: establishing a policy enable rule as well as for
680: indicating the properties of an established policy rule.
681:
682: If object midcomRuleOperStatus of the same entry has a
683: value of either newEntry(1), setting(2) or reserved(7),
684: then this object can be written by a manager in order to
685: specify a maximum idle time for the policy rule to be
686: requested. Writing to this object in any state other
687: than newEntry(1), setting(2) or reserved(7) will always
688: fail with an 'inconsistentValue' error.
689: Note that this error code is SNMP specific. If the MIB
690: module is used with other protocols than SNMP, errors with
691: similar semantics specific to those protocols should be
692: returned.
693:
694: If object midcomRuleOperStatus of the same entry has the
695: value enabled(8), then this object indicates the maximum
696: idle time of the policy rule. Note that even if a maximum
697: idle time greater than zero was requested, the middlebox
698: may not be able to support maximum idle times and set the
699: value of this object to zero when entering state
700: enabled(8).
701:
702: If object midcomRuleOperStatus of the same entry has a
703: value other than newEntry(1), setting(2), reserved(7) or
704: enabled(8), then the value of this object is irrelevant."
705: DEFVAL { 0 }
706: ::= { midcomRuleEntry 11 }
707:
708: midcomRuleTransportProtocol OBJECT-TYPE
709: SYNTAX Unsigned32 (0..255)
710: MAX-ACCESS read-write
711: STATUS current
712: DESCRIPTION
713: "The transport protocol.
714:
715: Valid values for midcomRuleTransportProtocol
716: other than zero are defined at:
717: http://www.iana.org/assignments/protocol-numbers
718:
719: This object is used as input to a request for establishing
720: a policy rule as well as for indicating the properties of
721: an established policy rule.
722:
723: If object midcomRuleOperStatus of the same entry has a
724: value of either newEntry(1) or setting(2), then this
725: object can be written by a manager in order to specify a
726: requested transport protocol. If translation of an IP
727: address only is requested, then this object must have the
728: default value 0. Writing to this object in any state
729: other than newEntry(1) or setting(2) will always fail
730: with an 'inconsistentValue' error.
731: Note that this error code is SNMP specific. If the MIB
732: module is used with other protocols than SNMP, errors with
733: similar semantics specific to those protocols should be
734: returned.
735:
736: If object midcomRuleOperStatus of the same entry has the
737: value reserved(7) or enabled(8), then this object
738: indicates which transport protocol is enforced by this
739: policy rule. A value of 0 indicates a rule acting on IP
740: addresses only.
741:
742: If object midcomRuleOperStatus of the same entry has a
743: value other than newEntry(1), setting(2), reserved(7) or
744: enabled(8), then the value of this object is irrelevant."
745: DEFVAL { 0 }
746: ::= { midcomRuleEntry 12 }
747:
748: midcomRulePortRange OBJECT-TYPE
749: SYNTAX INTEGER {
750: single(1),
751: pair(2)
752: }
753: MAX-ACCESS read-write
754: STATUS current
755: DESCRIPTION
756: "The range of port numbers.
757:
758: This object is used as input to a request for establishing
759: a policy rule as well as for indicating the properties of
760: an established policy rule. It is relevant to the
761: operation of the MIDCOM MIB implementation only if the
762: value of object midcomTransportProtocol in the same entry
763: has a value other than 0.
764:
765: If object midcomRuleOperStatus of the same entry has the
766: value newEntry(1) or setting(2), then this object can be
767: written by a manager in order to specify the requested
768: size of the port range. With single(1) just a single
769: port number is requested, with pair(2) a consecutive pair
770: of port numbers is requested with the lower number being
771: even. Requesting a consecutive pair of port numbers may
772: be used by RTP [RFC3550] and may even be required to
773: support older RTP applications.
774:
775: Writing to this object in any state other than
776: newEntry(1), setting(2) or reserved(7) will always fail
777: with an 'inconsistentValue' error.
778: Note that this error code is SNMP specific. If the MIB
779: module is used with other protocols than SNMP, errors with
780: similar semantics specific to those protocols should be
781: returned.
782:
783: If object midcomRuleOperStatus of the same entry has a
784: value of either reserved(7) or enabled(8), then this
785: object will have the value which it had before the
786: transition to this state.
787:
788: If object midcomRuleOperStatus of the same entry has a
789: value other than newEntry(1), setting(2), reserved(7) or
790: enabled(8), then the value of this object is irrelevant."
791: DEFVAL { single }
792: ::= { midcomRuleEntry 13}
793:
794: midcomRuleInternalIpVersion OBJECT-TYPE
795: SYNTAX InetAddressType
796: MAX-ACCESS read-write
797: STATUS current
798: DESCRIPTION
799: "IP version of the internal address (A0) and the inside
800: address (A1). Allowed values are ipv4(1), ipv6(2),
801: ipv4z(3), and ipv6z(4).
802:
803: This object is used as input to a request for establishing
804: a policy rule as well as for indicating the properties of
805: an established policy rule.
806:
807: If object midcomRuleOperStatus of the same entry has the
808: value newEntry(1) or setting(2), then this object can be
809: written by a manager in order to specify the IP version
810: required at the inside of the middlebox. Writing to this
811: object in any state other than newEntry(1) or setting(2)
812: will always fail with an 'inconsistentValue' error.
813: Note that this error code is SNMP specific. If the MIB
814: module is used with other protocols than SNMP, errors with
815: similar semantics specific to those protocols should be
816: returned.
817:
818: If object midcomRuleOperStatus of the same entry has the
819: value reserved(7) or enabled(8), then this object
820: indicates the internal/inside IP version.
821:
822: If object midcomRuleOperStatus of the same entry has a
823: value other than newEntry(1), setting(2), reserved(7) or
824: enabled(8), then the value of this object is irrelevant."
825: DEFVAL { ipv4 }
826: ::= { midcomRuleEntry 14 }
827:
828: midcomRuleExternalIpVersion OBJECT-TYPE
829: SYNTAX InetAddressType
830: MAX-ACCESS read-write
831: STATUS current
832: DESCRIPTION
833: "IP version of the external address (A3) and the outside
834: address (A2). Allowed values are ipv4(1) and ipv6(2).
835:
836: This object is used as input to a request for establishing
837: a policy rule as well as for indicating the properties of
838: an established policy rule.
839:
840: If object midcomRuleOperStatus of the same entry has the
841: value newEntry(1) or setting(2), then this object can be
842: written by a manager in order to specify the IP version
843: required at the outside of the middlebox. Writing to
844: this object in any state other than newEntry(1) or
845: setting(2) will always fail with an 'inconsistentValue'
846: error.
847: Note that this error code is SNMP specific. If the MIB
848: module is used with other protocols than SNMP, errors with
849: similar semantics specific to those protocols should be
850: returned.
851:
852: If object midcomRuleOperStatus of the same entry has the
853: value reserved(7) or enabled(8), then this object
854: indicates the external/outside IP version.
855:
856: If object midcomRuleOperStatus of the same entry has a
857: value other than newEntry(1), setting(2), reserved(7) or
858: enabled(8), then the value of this object is irrelevant."
859: DEFVAL { ipv4 }
860: ::= { midcomRuleEntry 15 }
861:
862: midcomRuleInternalIpAddr OBJECT-TYPE
863: SYNTAX InetAddress
864: MAX-ACCESS read-write
865: STATUS current
866: DESCRIPTION
867: "The internal IP address (A0).
868:
869: This object is used as input to a request for establishing
870: a policy rule as well as for indicating the properties of
871: an established policy rule.
872:
873: If object midcomRuleOperStatus of the same entry has the
874: value newEntry(1) or setting(2), then this object can be
875: written by a manager in order to specify the internal IP
876: address for which a reserve policy rule or a enable policy
877: rule is requested to be established. Writing to this
878: object in any state other than newEntry(1) or setting(2)
879: will always fail with an 'inconsistentValue' error.
880: Note that this error code is SNMP specific. If the MIB
881: module is used with other protocols than SNMP, errors with
882: similar semantics specific to those protocols should be
883: returned.
884:
885: If object midcomRuleOperStatus of the same entry has the
886: value reserved(7) or enabled(8), then this object will
887: have the value which it had before the transition to this
888: state.
889:
890: If object midcomRuleOperStatus of the same entry has a
891: value other than newEntry(1), setting(2), reserved(7) or
892: enabled(8), then the value of this object is irrelevant."
893: ::= { midcomRuleEntry 16 }
894:
895: midcomRuleInternalIpPrefixLength OBJECT-TYPE
896: SYNTAX InetAddressPrefixLength
897: MAX-ACCESS read-write
898: STATUS current
899: DESCRIPTION
900: "The prefix length of the internal IP address used for
901: wildcarding. A value of 0 indicates a full wildcard;
902: in this case the value of midcomRuleInternalIpAddr is
903: irrelevant. If midcomRuleInternalIpVersion has a value
904: of ipv4(1) then a value > 31 indicates no wildcarding
905: at all. If midcomRuleInternalIpVersion has a value
906: of ipv4(2) then a value > 127 indicates no wildcarding
907: at all. A MIDCOM MIB implementation that does not
908: support IP address wildcarding MUST implement this object
909: as read-only with a value of 128. A MIDCOM that does
910: not support wildcarding based on prefix length MAY
911: restrict allowed values for this object to 0 and 128.
912:
913: This object is used as input to a request for establishing
914: a policy rule as well as for indicating the properties of
915: an established policy rule.
916:
917: If object midcomRuleOperStatus of the same entry has the
918: value newEntry(1) or setting(2), then this object can be
919: written by a manager in order to specify the internal IP
920: address for which a reserve policy rule or a enable policy
921: rule is requested to be established. Writing to this
922: object in any state other than newEntry(1) or setting(2)
923: will always fail with an 'inconsistentValue' error.
924: Note that this error code is SNMP specific. If the MIB
925: module is used with other protocols than SNMP, errors with
926: similar semantics specific to those protocols should be
927: returned.
928:
929: If object midcomRuleOperStatus of the same entry has the
930: value reserved(7) or enabled(8), then this object will
931: have the value which it had before the transition to this
932: state.
933:
934: If object midcomRuleOperStatus of the same entry has a
935: value other than newEntry(1), setting(2), reserved(7) or
936: enabled(8), then the value of this object is irrelevant."
937: DEFVAL { 128 }
938: ::= { midcomRuleEntry 17 }
939:
940: midcomRuleInternalPort OBJECT-TYPE
941: SYNTAX InetPortNumber
942: MAX-ACCESS read-write
943: STATUS current
944: DESCRIPTION
945: "The internal port number. A value of 0 is a wildcard.
946:
947: This object is used as input to a request for establishing
948: a policy rule as well as for indicating the properties of
949: an established policy rule. It is relevant to the
950: operation of the MIDCOM MIB implementation only if the
951: value of object midcomTransportProtocol in the same entry
952: has a value other than 0.
953:
954: If object midcomRuleOperStatus of the same entry has the
955: value newEntry(1) or setting(2), then this object can be
956: written by a manager in order to specify the port number
957: for which a reserve policy rule or a enable policy rule is
958: requested to be established. Writing to this object in
959: any state other than newEntry(1) or setting(2) will always
960: fail with an 'inconsistentValue' error.
961: Note that this error code is SNMP specific. If the MIB
962: module is used with other protocols than SNMP, errors with
963: similar semantics specific to those protocols should be
964: returned.
965:
966: If object midcomRuleOperStatus of the same entry has the
967: value reserved(7) or enabled(8), then this object will
968: have the value which it had before the transition to this
969: state.
970:
971: If object midcomRuleOperStatus of the same entry has a
972: value other than newEntry(1), setting(2), reserved(7) or
973: enabled(8), then the value of this object is irrelevant."
974: DEFVAL { 0 }
975: ::= { midcomRuleEntry 18 }
976:
977: midcomRuleExternalIpAddr OBJECT-TYPE
978: SYNTAX InetAddress
979: MAX-ACCESS read-write
980: STATUS current
981: DESCRIPTION
982: "The external IP address (A3).
983:
984: This object is used as input to a request for establishing
985: a policy rule as well as for indicating the properties of
986: an established policy rule.
987:
988: If object midcomRuleOperStatus of the same entry has the
989: value newEntry(1), setting(2) or reserved(7), then this
990: object can be written by a manager in order to specify the
991: external IP address for which an enable policy rule is
992: requested to be established. Writing to this object in
993: any state other than newEntry(1), setting(2) or reserved(7)
994: will always fail with an 'inconsistentValue' error.
995: Note that this error code is SNMP specific. If the MIB
996: module is used with other protocols than SNMP, errors with
997: similar semantics specific to those protocols should be
998: returned.
999: If object midcomRuleOperStatus of the same entry has the
1000: value enabled(8), then this object will have the value
1001: which it had before the transition to this state.
1002:
1003: If object midcomRuleOperStatus of the same entry has a
1004: value other than newEntry(1), setting(2), reserved(7) or
1005: enabled(8), then the value of this object is irrelevant."
1006: ::= { midcomRuleEntry 19 }
1007:
1008: midcomRuleExternalIpPrefixLength OBJECT-TYPE
1009: SYNTAX InetAddressPrefixLength
1010: MAX-ACCESS read-write
1011: STATUS current
1012: DESCRIPTION
1013: "The prefix length of the external IP address used for
1014: wildcarding. A value of 0 indicates a full wildcard;
1015: in this case the value of midcomRuleExternalIpAddr is
1016: irrelevant. If midcomRuleExternalIpVersion has a value
1017: of ipv4(1) then a value > 31 indicates no wildcarding
1018: at all. If midcomRuleExternalIpVersion has a value
1019: of ipv4(2) then a value > 127 indicates no wildcarding
1020: at all. A MIDCOM MIB implementation that does not
1021: support IP address wildcarding MUST implement this object
1022: as read-only with a value of 128. A MIDCOM that does
1023: not support wildcarding based on prefix length MAY
1024: restrict allowed values for this object to 0 and 128.
1025:
1026: This object is used as input to a request for establishing
1027: a policy rule as well as for indicating the properties of
1028: an established policy rule.
1029:
1030: If object midcomRuleOperStatus of the same entry has the
1031: value newEntry(1), setting(2) or reserved(7), then this
1032: object can be written by a manager in order to specify the
1033: external IP address for which an enable policy rule is
1034: requested to be established. Writing to this object in
1035: any state other than newEntry(1), setting(2) or reserved(7)
1036: will always fail with an 'inconsistentValue' error.
1037: Note that this error code is SNMP specific. If the MIB
1038: module is used with other protocols than SNMP, errors with
1039: similar semantics specific to those protocols should be
1040: returned.
1041:
1042: If object midcomRuleOperStatus of the same entry has the
1043: value enabled(8), then this object will have the value
1044: which it had before the transition to this state.
1045:
1046: If object midcomRuleOperStatus of the same entry has a
1047: value other than newEntry(1), setting(2), reserved(7) or
1048: enabled(8), then the value of this object is irrelevant."
1049:
1050: DEFVAL { 128 }
1051: ::= { midcomRuleEntry 20 }
1052:
1053: midcomRuleExternalPort OBJECT-TYPE
1054: SYNTAX InetPortNumber
1055: MAX-ACCESS read-write
1056: STATUS current
1057: DESCRIPTION
1058: "The external port number. A value of 0 is a wildcard.
1059:
1060: This object is used as input to a request for establishing
1061: a policy rule as well as for indicating the properties of
1062: an established policy rule. It is relevant to the
1063: operation of the MIDCOM MIB implementation only if the
1064: value of object midcomTransportProtocol in the same entry
1065: has a value other than 0.
1066:
1067: If object midcomRuleOperStatus of the same entry has the
1068: value newEntry(1), setting(2) or reserved(7), then this
1069: object can be written by a manager in order to specify the
1070: external port number for which an enable policy rule is
1071: requested to be established. Writing to this object in
1072: any state other than newEntry(1), setting(2) or reserved(7)
1073: will always fail with an 'inconsistentValue' error.
1074: Note that this error code is SNMP specific. If the MIB
1075: module is used with other protocols than SNMP, errors with
1076: similar semantics specific to those protocols should be
1077: returned.
1078:
1079: If object midcomRuleOperStatus of the same entry has the
1080: value enabled(8), then this object will have the value
1081: which it had before the transition to this state.
1082:
1083: If object midcomRuleOperStatus of the same entry has a
1084: value other than newEntry(1), setting(2), reserved(7) or
1085: enabled(8), then the value of this object is irrelevant."
1086: DEFVAL { 0 }
1087: ::= { midcomRuleEntry 21 }
1088:
1089: midcomRuleInsideIpAddr OBJECT-TYPE
1090: SYNTAX InetAddress
1091: MAX-ACCESS read-only
1092: STATUS current
1093: DESCRIPTION
1094: "The inside IP address at the middlebox (A1).
1095:
1096: The value of this object is relevant only if
1097: object midcomRuleOperStatus of the same entry has
1098: a value of either reserved(7) or enabled(8)."
1099: ::= { midcomRuleEntry 22 }
1100:
1101: midcomRuleInsidePort OBJECT-TYPE
1102: SYNTAX InetPortNumber
1103: MAX-ACCESS read-only
1104: STATUS current
1105: DESCRIPTION
1106: "The inside port number at the middlebox.
1107: A value of 0 is a wildcard.
1108:
1109: The value of this object is relevant only if
1110: object midcomRuleOperStatus of the same entry has
1111: a value of either reserved(7) or enabled(8)."
1112: ::= { midcomRuleEntry 23 }
1113:
1114: midcomRuleOutsideIpAddr OBJECT-TYPE
1115: SYNTAX InetAddress
1116: MAX-ACCESS read-only
1117: STATUS current
1118: DESCRIPTION
1119: "The outside IP address at the middlebox (A2).
1120:
1121: The value of this object is relevant only if
1122: object midcomRuleOperStatus of the same entry has
1123: a value of either reserved(7) or enabled(8)."
1124: ::= { midcomRuleEntry 24 }
1125:
1126: midcomRuleOutsidePort OBJECT-TYPE
1127: SYNTAX InetPortNumber
1128: MAX-ACCESS read-only
1129: STATUS current
1130: DESCRIPTION
1131: "The outside port number at the middlebox.
1132: A value of 0 is a wildcard.
1133:
1134: The value of this object is relevant only if
1135: object midcomRuleOperStatus of the same entry has
1136: a value of either reserved(7) or enabled(8)."
1137: ::= { midcomRuleEntry 25 }
1138:
1139: midcomRuleLifetime OBJECT-TYPE
1140: SYNTAX Unsigned32
1141: UNITS "seconds"
1142: MAX-ACCESS read-write
1143: STATUS current
1144: DESCRIPTION
1145: "The remaining lifetime in seconds of this policy rule.
1146:
1147: Lifetime of a policy rule starts when object
1148: midcomRuleOperStatus in the same entry enters either
1149: state reserved(7) or state enabled(8).
1150: This object is used as input to a request for establishing
1151: a policy rule as well as for indicating the properties of
1152: an established policy rule.
1153:
1154: If object midcomRuleOperStatus of the same entry has a
1155: value of either newEntry(1) or setting(2), then this
1156: object can be written by a manager in order to specify
1157: the requested lifetime of a policy rule to be established.
1158:
1159: If object midcomRuleOperStatus of the same entry has a
1160: value of either reserved(7) or enabled(8), indicates the
1161: (continuously decreasing) remaining lifetime of the
1162: established policy rule. Note that when entering state
1163: reserved(7) or enabled(8), the MIDCOM MIB implementation
1164: can choose a lifetime shorter than the one requested.
1165:
1166: Unlike other parameters of the policy rule, this parameter
1167: can still be written in state reserved(7) and enabled(8).
1168: Writing to this object is processed by the MIDCOM MIB
1169: implementation by choosing a lifetime value that is
1170: greater than zero and less than or equal to the minimum
1171: of the requested value and the value specified by by
1172: object midcomConfigMaxLifetime:
1173:
1174: 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)
1175:
1176: whereas:
1177: - lt_granted is the actually granted lifetime by the
1178: MIDCOM MIB implementation
1179: - lt_requested is the requested lifetime of the MIDCOM
1180: client
1181: - lt_maximum is the value of object
1182: midcomConfigMaxLifetime
1183:
1184: SNMP set requests to this object may be rejected or the
1185: value of the object after an accepted set operation may be
1186: less than the value that was contained in the SNMP set
1187: request.
1188:
1189: Successfully writing a value of 0 terminates the policy
1190: rule. Note that after a policy rule is terminated, still
1191: the entry will exist as long as indicated by the value of
1192: midcomRuleStorageTime.
1193:
1194: Writing to this object in any state other than
1195: newEntry(1), setting(2), reserved(7) or enabled(7)
1196: will always fail with an 'inconsistentValue' error.
1197: Note that this error code is SNMP specific. If the MIB
1198: module is used with other protocols than SNMP, errors with
1199: similar semantics specific to those protocols should be
1200: returned.
1201:
1202: If object midcomRuleOperStatus of the same entry has a
1203: value other than newEntry(1), setting(2), reserved(7) or
1204: enabled(8), then the value of this object is irrelevant."
1205: DEFVAL { 180 }
1206: ::= { midcomRuleEntry 26 }
1207:
1208: midcomRuleRowStatus OBJECT-TYPE
1209: SYNTAX RowStatus
1210: MAX-ACCESS read-create
1211: STATUS current
1212: DESCRIPTION
1213: "A control that allows entries to be added and removed from
1214: this table.
1215:
1216: Entries can also be removed from this table by setting
1217: objects midcomRuleLifetime and midcomRuleStorageTime of
1218: an entry to 0.
1219:
1220: Attempts to set a row notInService(2) where the value
1221: of the midcomRuleStorageType object is permanent(4) or
1222: readOnly(5) will result in an 'inconsistentValue' error.
1223: Note that this error code is SNMP specific. If the MIB
1224: module is used with other protocols than SNMP, errors with
1225: similar semantics specific to those protocols should be
1226: returned.
1227:
1228: The value of this object has no effect on whether other
1229: objects in this conceptual row can be modified."
1230: ::= { midcomRuleEntry 27 }
1231:
1232: --
1233: -- Policy rule group group
1234: --
1235: -- The midcomGroupTable lists all current policy rule groups.
1236: --
1237:
1238: midcomGroupTable OBJECT-TYPE
1239: SYNTAX SEQUENCE OF MidcomGroupEntry
1240: MAX-ACCESS not-accessible
1241: STATUS current
1242: DESCRIPTION
1243: "This table lists all current policy rule groups.
1244:
1245: Entries in this table are created or removed
1246: implicitly when entries in the midcomRuleTable are
1247: created or removed, respectively. A group entry
1248: in this table only exists as long as there are
1249: member rules of this group in the midcomRuleTable.
1250: The table serves for listing the existing groups and
1251: their remaining lifetimes and for changing lifetimes
1252: of groups and implicitly of all group members.
1253: Groups and all their member policy rules can only be
1254: deleted by deleting all member policies in the
1255: midcomRuleTable.
1256:
1257: Setting midcomGroupLifetime will result in setting
1258: the lifetime of all policy members to the same value."
1259: ::= { midcomTransaction 4 }
1260:
1261: midcomGroupEntry OBJECT-TYPE
1262: SYNTAX MidcomGroupEntry
1263: MAX-ACCESS not-accessible
1264: STATUS current
1265: DESCRIPTION
1266: "An entry describing properties of a particular
1267: MIDCOM policy rule group."
1268: INDEX { midcomRuleOwner, midcomGroupIndex }
1269: ::= { midcomGroupTable 1 }
1270:
1271: MidcomGroupEntry ::= SEQUENCE {
1272: midcomGroupIndex Unsigned32,
1273: midcomGroupLifetime Unsigned32
1274: }
1275:
1276: midcomGroupIndex OBJECT-TYPE
1277: SYNTAX Unsigned32 (1..4294967295)
1278: MAX-ACCESS not-accessible
1279: STATUS current
1280: DESCRIPTION
1281: "The index of this group for the midcomRuleOwner.
1282: A group is identified by the combination of
1283: midcomRuleOwner and midcomGroupIndex.
1284:
1285: The value of this index must be unique per
1286: midcomRuleOwner."
1287: ::= { midcomGroupEntry 2 }
1288:
1289: midcomGroupLifetime OBJECT-TYPE
1290: SYNTAX Unsigned32
1291: UNITS "seconds"
1292: MAX-ACCESS read-write
1293: STATUS current
1294: DESCRIPTION
1295: "When retrieved, this object delivers the maximum
1296: lifetime in seconds of all member rules of this group,
1297: i.e. of all rows in the midcomRuleTable that have the
1298: same values for midcomRuleOwner and midcomGroupIndex.
1299: Successfully writing to this object modifies the
1300: lifetime of all member policies. Successfully
1301: writing a value of 0 terminates all member policies
1302: and implicitly deletes the group as soon as all member
1303: entries are removed from the midcomRuleTable.
1304:
1305: Note that after a group's lifetime is expired or is
1306: set to 0, still the corresponding entry in the
1307: midcomGroupTable will exist as long as terminated
1308: member policy rules are stored as entries in the
1309: midcomRuleTable.
1310:
1311: Writing to this object is processed by the MIDCOM MIB
1312: implementation by choosing a lifetime value that is
1313: greater than zero and less than or equal to the minimum
1314: of the requested value and the value specified by object
1315: midcomConfigMaxLifetime:
1316:
1317: 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)
1318:
1319: whereas:
1320: - lt_granted is the actually granted lifetime by the
1321: MIDCOM MIB implementation
1322: - lt_requested is the requested lifetime of the MIDCOM
1323: client
1324: - lt_maximum is the value of object
1325: midcomConfigMaxLifetime
1326:
1327: SNMP set requests to this object may be rejected or the
1328: value of the object after an accepted set operation may be
1329: less than the value that was contained in the SNMP set
1330: request."
1331: ::= { midcomGroupEntry 3 }
1332:
1333:
1334: --
1335: -- Configuration Objects
1336: --
1337: -- Configuration objects that can be used for retrieving
1338: -- middlebox capability information (mandatory) and for
1339: -- setting parameters of the implementation of objects in
1340: -- the transaction branch (optional).
1341: --
1342: -- Note that typically, objects in the configuration branch
1343: -- are not intended to be written by MIDCOM clients. In general,
1344: -- write access to these objects needs to be restricted more
1345: -- strictly than write access to objects in the transaction branch.
1346: --
1347:
1348: --
1349: -- Capabilities Group
1350: --
1351: -- This group contains objects to which MIDCOM clients should
1352: -- have read access.
1353: --
1354:
1355: midcomConfigMaxLifetime OBJECT-TYPE
1356: SYNTAX Unsigned32
1357: UNITS "seconds"
1358: MAX-ACCESS read-write
1359: STATUS current
1360: DESCRIPTION
1361: "When retrieved, this object returns the maximum lifetime
1362: in seconds, that this middlebox allows policy rules to
1363: have."
1364: ::= { midcomConfig 1 }
1365:
1366: midcomConfigPersistentRules OBJECT-TYPE
1367: SYNTAX TruthValue
1368: MAX-ACCESS read-write
1369: STATUS current
1370: DESCRIPTION
1371: "When retrieved, this object returns true(1) if the
1372: MIDCOM-MIB implementation can store policy rules
1373: persistently. Otherwise, it returns false(2).
1374:
1375: A value of true(1) indicates that there may be
1376: entries in the midcomRuleTable with object
1377: midcomRuleStorageType set to value nonVolatile(3)."
1378: ::= { midcomConfig 2 }
1379:
1380:
1381: midcomConfigIfTable OBJECT-TYPE
1382: SYNTAX SEQUENCE OF MidcomConfigIfEntry
1383: MAX-ACCESS not-accessible
1384: STATUS current
1385: DESCRIPTION
1386: "This table indicates capabilities of the MIDCOM-MIB
1387: implementation per IP interface.
1388:
1389: The table is indexed by the object midcomConfigIfIndex.
1390: For indexing a single interface, this object contains
1391: the value of the ifIndex object that is associated
1392: with the interface. If an entry with
1393: midcomConfigIfIndex = 0 occurs, then bits set in
1394: objects of this entry apply to all interfaces for which
1395: there is no entry in this table with the interface's
1396: index."
1397: ::= { midcomConfig 3 }
1398:
1399: midcomConfigIfEntry OBJECT-TYPE
1400: SYNTAX MidcomConfigIfEntry
1401: MAX-ACCESS not-accessible
1402: STATUS current
1403: DESCRIPTION
1404: "An entry describing the capabilities of a middlebox
1405: with respect to the indexed IP interface."
1406: INDEX { midcomConfigIfIndex }
1407: ::= { midcomConfigIfTable 1 }
1408:
1409: MidcomConfigIfEntry ::= SEQUENCE {
1410: midcomConfigIfIndex InterfaceIndexOrZero,
1411: midcomConfigIfBits BITS,
1412: midcomConfigIfEnabled TruthValue
1413: }
1414:
1415: midcomConfigIfIndex OBJECT-TYPE
1416: SYNTAX InterfaceIndexOrZero
1417: MAX-ACCESS not-accessible
1418: STATUS current
1419: DESCRIPTION
1420: "The index of an entry in the midcomConfigIfTable.
1421:
1422: For values different from zero, this object
1423: identifies an IP interface by containing the same
1424: value as the ifIndex object associated with the
1425: interface.
1426:
1427: If the object has a value of 0, then values
1428: specified by further objects of the same entry
1429: apply to all interfaces for which there is no
1430: explicit entry in the midcomConfigIfTable."
1431: ::= { midcomConfigIfEntry 1 }
1432:
1433: midcomConfigIfBits OBJECT-TYPE
1434: SYNTAX BITS {
1435: ipv4(0),
1436: ipv6(1),
1437: addressWildcards(2),
1438: portWildcards(3),
1439: firewall(4),
1440: nat(5),
1441: portTranslation(6),
1442: protocolTranslation(7),
1443: twiceNat(8),
1444: inside(9)
1445: }
1446: MAX-ACCESS read-only
1447: STATUS current
1448: DESCRIPTION
1449: "When retrieved, this object returns a set of bits
1450: indicating the capabilities (or configuration) of
1451: the middlebox with respect to the referenced IP interface.
1452: If the index equals 0, then all set bits apply to all
1453: interfaces.
1454:
1455: If the ipv4(0) bit is set, then the middlebox supports
1456: IPv4 at the indexed IP interface.
1457:
1458: If the ipv6(1) bit is set, then the middlebox supports
1459: IPv6 at the indexed IP interface.
1460:
1461: If the addressWildcards(2) bit is set, then the
1462: middlebox supports IP address wildcarding at the indexed
1463: IP interface.
1464:
1465: If the portWildcards(3) bit is set, then the
1466: middlebox supports port wildcarding at the indexed
1467: IP interface.
1468:
1469: If the firewall(4) bit is set, then the middlebox offers
1470: firewall functionality at the indexed interface.
1471:
1472: If the nat(5) bit is set, then the middlebox offers
1473: network address translation service at the indexed
1474: interface.
1475:
1476: If the portTranslation(6) bit is set, then the middlebox
1477: offers port translation service at the indexed interface.
1478: This bit is only relevant if nat(5) is set.
1479:
1480: If the protocolTranslation(7) bit is set, then the
1481: middlebox offers protocol translation service between
1482: IPv4 and IPv6 at the indexed interface. This bit is only
1483: relevant if nat(5) is set.
1484:
1485: If the twiceNat(8) bit is set, then the middlebox offers
1486: twice network address translation service at the indexed
1487: interface. This bit is only relevant if nat(5) is set.
1488:
1489: If the inside(9) bit is set, then the indexed interface is
1490: an inside interface with respect to NAT functionality.
1491: Otherwise, it is an outside interface. This bit is only
1492: relevant if nat(5) is set. An SNMP agent supporting both,
1493: the MIDCOM-MIB module and the NAT-MIB module SHOULD ensure
1494: that the value of this object is consistent with the values
1495: of corresponding objects in the NAT-MIB module."
1496: ::= { midcomConfigIfEntry 2 }
1497:
1498: midcomConfigIfEnabled OBJECT-TYPE
1499: SYNTAX TruthValue
1500: MAX-ACCESS read-write
1501: STATUS current
1502: DESCRIPTION
1503: "The value of this object indicates the availability of
1504: the middlebox service described by midcomConfigIfBits
1505: at the indexed IP interface.
1506:
1507: By writing to this object, the MIDCOM support for the
1508: entire IP interface can be switched on or off. Setting
1509: this object to false(2) immediately stops middlebox
1510: support at the indexed IP interface. This implies that
1511: all policy rules that use NAT or firewall resources at
1512: the indexed IP interface are terminated immediately.
1513: In this case, the MIDCOM agent MUST send
1514: midcomUnsolicitedRuleEvent to all MIDCOM clients that
1515: have access to one of the terminated rules."
1516: DEFVAL { true }
1517: ::= { midcomConfigIfEntry 3 }
1518:
1519: --
1520: -- Firewall Group
1521: --
1522: -- This group contains the firewall configuration table
1523: --
1524:
1525: midcomConfigFirewallTable OBJECT-TYPE
1526: SYNTAX SEQUENCE OF MidcomConfigFirewallEntry
1527: MAX-ACCESS not-accessible
1528: STATUS current
1529: DESCRIPTION
1530: "This table lists the firewall configuration per IP interface.
1531:
1532: It can be used for configuring how policy rules created by
1533: MIDCOM clients are realized as firewall rules of a firewall
1534: implementation. Particularly, the priority used for MIDCOM
1535: policy rules can be configured. For a single firewall
1536: implementation at a particular IP interface, all MIDCOM
1537: policy rules are realized as firewall rules with the same
1538: priority. Also a firewall rule group name can be configured.
1539:
1540: The table is indexed by the object midcomConfigFirewallIndex.
1541: For indexing a single interface, this object contains the
1542: value of the ifIndex object that is associated with the
1543: interface. If an entry with midcomConfigFirewallIndex = 0
1544: occurs, then bits set in objects of this entry apply to all
1545: interfaces for which there is no entry in this table for the
1546: interface's index."
1547: ::= { midcomConfig 4 }
1548:
1549: midcomConfigFirewallEntry OBJECT-TYPE
1550: SYNTAX MidcomConfigFirewallEntry
1551: MAX-ACCESS not-accessible
1552: STATUS current
1553: DESCRIPTION
1554: "An entry describing a particular set of
1555: firewall resources."
1556: INDEX { midcomConfigFirewallIndex }
1557: ::= { midcomConfigFirewallTable 1 }
1558:
1559: MidcomConfigFirewallEntry ::= SEQUENCE {
1560: midcomConfigFirewallIndex InterfaceIndexOrZero,
1561: midcomConfigFirewallGroupId SnmpAdminString,
1562: midcomConfigFirewallPriority Unsigned32
1563: }
1564:
1565: midcomConfigFirewallIndex OBJECT-TYPE
1566: SYNTAX InterfaceIndexOrZero
1567: MAX-ACCESS not-accessible
1568: STATUS current
1569: DESCRIPTION
1570: "The index of an entry in the midcomConfigFirewallTable.
1571:
1572: For values different from zero, this object identifies an
1573: IP inteface by containing the same value as the ifIndex
1574: object associated with the interface.
1575:
1576: If the object has a value of 0, then values specified by
1577: further objects of the same entry apply to all interfaces
1578: for which there is no explicit entry in the
1579: midcomConfigFirewallTable."
1580: ::= { midcomConfigFirewallEntry 1 }
1581:
1582: midcomConfigFirewallGroupId OBJECT-TYPE
1583: SYNTAX SnmpAdminString
1584: MAX-ACCESS read-write
1585: STATUS current
1586: DESCRIPTION
1587: "The firewall rule group to which all firewall rules are
1588: assigned that the MIDCOM server creates for the interface
1589: indicated by object midcomConfigFirewallIndex. If the
1590: value of object midcomConfigFirewallIndex is 0, then all
1591: firewall rules of the MIDCOM server that are created for
1592: interfaces with no specific entry in the
1593: midcomConfigFirewallTable are assigned to the firewall
1594: rule group indicated by the value of this object."
1595: ::= { midcomConfigFirewallEntry 2 }
1596:
1597: midcomConfigFirewallPriority OBJECT-TYPE
1598: SYNTAX Unsigned32
1599: MAX-ACCESS read-write
1600: STATUS current
1601: DESCRIPTION
1602: "The priority assigned to all firewall rules that the
1603: MIDCOM server creates for the interface indicated by
1604: object midcomConfigFirewallIndex. If the value of object
1605: midcomConfigFirewallIndex is 0, then this priority is
1606: assigned to all firewall rules of the MIDCOM server that
1607: are created for interfaces for which there is no specific
1608: entry in the midcomConfigFirewallTable."
1609: ::= { midcomConfigFirewallEntry 3 }
1610:
1611:
1612: --
1613: -- Monitoring Objects
1614: --
1615: -- Monitoring objects are structured into two groups,
1616: -- the midcomResourceGroup providing information about used
1617: -- resources and the midcomStatisticsGroup providing information
1618: -- about MIDCOM transaction statistics.
1619:
1620: --
1621: -- Resources group
1622: --
1623: -- The MIDCOM resources group contains a set of managed
1624: -- objects describing the currently used resources of NAT
1625: -- and firewall implementations.
1626: --
1627:
1628: --
1629: -- Textual conventions for objects of the resource group
1630: --
1631:
1632: MidcomNatBindMode ::= TEXTUAL-CONVENTION
1633: STATUS current
1634: DESCRIPTION
1635: "An indicator of the kind of NAT resources used by a policy
1636: rule. This definition corresponds to the definition of
1637: NatBindMode in the NAT-MIB (RFC4008). Value none(3) can
1638: be used to indicate that the policy rule does not use
1639: any NAT binding.
1640: "
1641: SYNTAX INTEGER {
1642: addressBind(1),
1643: addressPortBind(2),
1644: none(3)
1645: }
1646:
1647: MidcomNatSessionIdOrZero ::= TEXTUAL-CONVENTION
1648: DISPLAY-HINT "d"
1649: STATUS current
1650: DESCRIPTION
1651: "A unique ID that is assigned to each NAT session by
1652: a NAT implementation. This definition corresponds to
1653: the definition of NatSessionId in the NAT-MIB (RFC4008).
1654: Value 0 can be used to indicate that policy rule does
1655: not use any NAT binding"
1656: SYNTAX Unsigned32
1657:
1658: --
1659: -- The MIDCOM resource table
1660: --
1661:
1662: midcomResourceTable OBJECT-TYPE
1663: SYNTAX SEQUENCE OF MidcomResourceEntry
1664: MAX-ACCESS not-accessible
1665: STATUS current
1666: DESCRIPTION
1667: "This table lists all used middlebox resources per
1668: MIDCOM policy rule.
1669:
1670: The midcomResourceTable augments the
1671: midcomRuleTable."
1672: ::= { midcomMonitoring 1 }
1673:
1674: midcomResourceEntry OBJECT-TYPE
1675: SYNTAX MidcomResourceEntry
1676: MAX-ACCESS not-accessible
1677: STATUS current
1678: DESCRIPTION
1679: "An entry describing a particular set of middlebox
1680: resources."
1681: AUGMENTS { midcomRuleEntry }
1682: ::= { midcomResourceTable 1 }
1683:
1684: MidcomResourceEntry ::= SEQUENCE {
1685: midcomRscNatInternalAddrBindMode MidcomNatBindMode,
1686: midcomRscNatInternalAddrBindId NatBindIdOrZero,
1687: midcomRscNatInsideAddrBindMode MidcomNatBindMode,
1688: midcomRscNatInsideAddrBindId NatBindIdOrZero,
1689: midcomRscNatSessionId1 MidcomNatSessionIdOrZero,
1690: midcomRscNatSessionId2 MidcomNatSessionIdOrZero,
1691: midcomRscFirewallRuleId Unsigned32
1692: }
1693:
1694: midcomRscNatInternalAddrBindMode OBJECT-TYPE
1695: SYNTAX MidcomNatBindMode
1696: MAX-ACCESS read-only
1697: STATUS current
1698: DESCRIPTION
1699: "An indication whether this policy rule uses an address
1700: NAT bind or an address-port NAT bind for binding the
1701: internal address.
1702:
1703: If the MIDCOM MIB module is operated together with
1704: the NAT MIB module (RFC 4008) then object
1705: midcomRscNatInternalAddrBindMode contains the same
1706: value as the corresponding object
1707: natSessionPrivateSrcEPBindMode of the NAT MIB module."
1708: ::= { midcomResourceEntry 4 }
1709:
1710: midcomRscNatInternalAddrBindId OBJECT-TYPE
1711: SYNTAX NatBindIdOrZero
1712: MAX-ACCESS read-only
1713: STATUS current
1714: DESCRIPTION
1715: "This object references to the allocated internal NAT
1716: bind that is used by this policy rule. A NAT bind
1717: describes the mapping of internal addresses to
1718: outside addresses. MIDCOM MIB implementations can
1719: read this object to learn the corresponding NAT bind
1720: resource for this particular policy rule.
1721:
1722: If the MIDCOM MIB module is operated together with
1723: the NAT MIB module (RFC 4008) then object
1724: midcomRscNatInternalAddrBindId contains the same
1725: value as the corresponding object
1726: natSessionPrivateSrcEPBindId of the NAT MIB module."
1727: ::= { midcomResourceEntry 5 }
1728:
1729: midcomRscNatInsideAddrBindMode OBJECT-TYPE
1730: SYNTAX MidcomNatBindMode
1731: MAX-ACCESS read-only
1732: STATUS current
1733: DESCRIPTION
1734: "An indication whether this policy rule uses an address
1735: NAT bind or an address-port NAT bind for binding the
1736: external address.
1737:
1738: If the MIDCOM MIB module is operated together with
1739: the NAT MIB module (RFC 4008) then object
1740: midcomRscNatInsideAddrBindMode contains the same
1741: value as the corresponding object
1742: natSessionPrivateDstEPBindMode of the NAT MIB module."
1743: ::= { midcomResourceEntry 6 }
1744:
1745: midcomRscNatInsideAddrBindId OBJECT-TYPE
1746: SYNTAX NatBindIdOrZero
1747: MAX-ACCESS read-only
1748: STATUS current
1749: DESCRIPTION
1750: "This object references to the allocated external NAT
1751: bind that is used by this policy rule. A NAT bind
1752: describes the mapping of external addresses to
1753: inside addresses. MIDCOM MIB implementations can
1754: read this object to learn the corresponding NAT bind
1755: resource for this particular policy rule.
1756:
1757: If the MIDCOM MIB module is operated together with the
1758: NAT MIB module (RFC 4008) then object
1759: midcomRscNatInsideAddrBindId contains the same
1760: value as the corresponding object
1761: natSessionPrivateDstEPBindId of the NAT MIB module."
1762: ::= { midcomResourceEntry 7 }
1763:
1764: midcomRscNatSessionId1 OBJECT-TYPE
1765: SYNTAX MidcomNatSessionIdOrZero
1766: MAX-ACCESS read-only
1767: STATUS current
1768: DESCRIPTION
1769: "This object references to the first allocated NAT
1770: session for this policy rule. MIDCOM MIB
1771: implementations can read this object to learn
1772: whether a NAT session for a particular policy rule is
1773: used or not. A value of 0 means that no NAT session
1774: is allocated for this policy rule. A value other than
1775: 0 references to the NAT session."
1776: ::= { midcomResourceEntry 8 }
1777:
1778: midcomRscNatSessionId2 OBJECT-TYPE
1779: SYNTAX MidcomNatSessionIdOrZero
1780: MAX-ACCESS read-only
1781: STATUS current
1782: DESCRIPTION
1783: "This object references to the second allocated NAT
1784: session for this policy rule. MIDCOM MIB
1785: implementations can read this object to learn
1786: whether a NAT session for a particular policy rule is
1787: used or not. A value of 0 means that no NAT session
1788: is allocated for this policy rule. A value other than
1789: 0 references to the NAT session."
1790: ::= { midcomResourceEntry 9 }
1791:
1792: midcomRscFirewallRuleId OBJECT-TYPE
1793: SYNTAX Unsigned32
1794: MAX-ACCESS read-only
1795: STATUS current
1796: DESCRIPTION
1797: "This object references to the allocated firewall
1798: rule in the firewall engine for this policy rule.
1799: MIDCOM MIB implementations can read this value to
1800: learn whether a firewall rule for this particular
1801: policy rule is used or not. A value of 0 means that
1802: no firewall rule is allocated for this policy rule.
1803: A value other than 0 references to the firewall rule
1804: number within the firewall engine."
1805: ::= { midcomResourceEntry 10 }
1806:
1807: --
1808: -- Statistics group
1809: --
1810: -- The MIDCOM statistics group contains a set of managed
1811: -- objects providing statistics about the usage of objects
1812: -- in the transaction branch.
1813: --
1814:
1815: midcomStatistics OBJECT IDENTIFIER ::= { midcomMonitoring 2 }
1816:
1817: midcomCurrentOwners OBJECT-TYPE
1818: SYNTAX Gauge32
1819: MAX-ACCESS read-only
1820: STATUS current
1821: DESCRIPTION
1822: "The number of different values for midcomRuleOwner
1823: for all current entries in the midcomRuleTable."
1824: ::= { midcomStatistics 1 }
1825:
1826: midcomTotalRejectedRuleEntries OBJECT-TYPE
1827: SYNTAX Counter32
1828: MAX-ACCESS read-only
1829: STATUS current
1830: DESCRIPTION
1831: "The total number of failed attempts to create an entry
1832: in the midcomRuleTable."
1833: ::= { midcomStatistics 2 }
1834:
1835: midcomCurrentRulesIncomplete OBJECT-TYPE
1836: SYNTAX Gauge32
1837: MAX-ACCESS read-only
1838: STATUS current
1839: DESCRIPTION
1840: "The current number of policy rules that are incomplete.
1841:
1842: Policy rules are loaded via row entries in midcomRuleTable.
1843: This object counts policy rules that are loaded but not
1844: fully specified, i.e., they are in state newEntry(1) or
1845: setting(2)."
1846: ::= { midcomStatistics 3 }
1847:
1848: midcomTotalIncorrectReserveRules OBJECT-TYPE
1849: SYNTAX Counter32
1850: MAX-ACCESS read-only
1851: STATUS current
1852: DESCRIPTION
1853: "The total number of policy reserve rules that failed
1854: parameter check and entered state incorrectRequest(4)."
1855: ::= { midcomStatistics 4 }
1856:
1857: midcomTotalRejectedReserveRules OBJECT-TYPE
1858: SYNTAX Counter32
1859: MAX-ACCESS read-only
1860: STATUS current
1861: DESCRIPTION
1862: "The total number of policy reserve rules that failed
1863: while being processed and entered state requestRejected(6)."
1864: ::= { midcomStatistics 5 }
1865:
1866: midcomCurrentReserveRulesActive OBJECT-TYPE
1867: SYNTAX Gauge32
1868: MAX-ACCESS read-only
1869: STATUS current
1870: DESCRIPTION
1871: "The number of currently active policy reserve rules."
1872: ::= { midcomStatistics 6 }
1873:
1874: midcomTotalReserveRulesExpired OBJECT-TYPE
1875: SYNTAX Counter32
1876: MAX-ACCESS read-only
1877: STATUS current
1878: DESCRIPTION
1879: "The total number of expired policy reserve rules
1880: (entered termination state timedOut(9))."
1881: ::= { midcomStatistics 7 }
1882:
1883: midcomTotalTerminatedOnRqReserveRules OBJECT-TYPE
1884: SYNTAX Counter32
1885: MAX-ACCESS read-only
1886: STATUS current
1887: DESCRIPTION
1888: "The total number of policy reserve rules that were
1889: terminated on request (entered termination state
1890: terminatedOnRequest(10))."
1891: ::= { midcomStatistics 8 }
1892:
1893: midcomTotalTerminatedReserveRules OBJECT-TYPE
1894: SYNTAX Counter32
1895: MAX-ACCESS read-only
1896: STATUS current
1897: DESCRIPTION
1898: "The total number of policy reserve rules that were
1899: terminated, but not on request (entered termination state
1900: terminated(11))."
1901: ::= { midcomStatistics 9 }
1902:
1903: midcomTotalIncorrectEnableRules OBJECT-TYPE
1904: SYNTAX Counter32
1905: MAX-ACCESS read-only
1906: STATUS current
1907: DESCRIPTION
1908: "The total number of policy enable rules that failed
1909: parameter check and entered state incorrectRequest(4)."
1910: ::= { midcomStatistics 10 }
1911:
1912: midcomTotalRejectedEnableRules OBJECT-TYPE
1913: SYNTAX Counter32
1914: MAX-ACCESS read-only
1915: STATUS current
1916: DESCRIPTION
1917: "The total number of policy enable rules that failed
1918: while being processed and entered state requestRejected(6)."
1919: ::= { midcomStatistics 11 }
1920:
1921: midcomCurrentEnableRulesActive OBJECT-TYPE
1922: SYNTAX Gauge32
1923: MAX-ACCESS read-only
1924: STATUS current
1925: DESCRIPTION
1926: "The number of currently active policy enable rules."
1927: ::= { midcomStatistics 12 }
1928:
1929: midcomTotalEnableRulesExpired OBJECT-TYPE
1930: SYNTAX Counter32
1931: MAX-ACCESS read-only
1932: STATUS current
1933: DESCRIPTION
1934: "The total number of expired policy enable rules
1935: (entered termination state timedOut(9))."
1936: ::= { midcomStatistics 13 }
1937:
1938: midcomTotalTerminatedOnRqEnableRules OBJECT-TYPE
1939: SYNTAX Counter32
1940: MAX-ACCESS read-only
1941: STATUS current
1942: DESCRIPTION
1943: "The total number of policy enable rules that were
1944: terminated on request (entered termination state
1945: terminatedOnRequest(10))."
1946: ::= { midcomStatistics 14 }
1947:
1948: midcomTotalTerminatedEnableRules OBJECT-TYPE
1949: SYNTAX Counter32
1950: MAX-ACCESS read-only
1951: STATUS current
1952: DESCRIPTION
1953: "The total number of policy enable rules that were
1954: terminated, but not on request (entered termination state
1955: terminated(11))."
1956: ::= { midcomStatistics 15 }
1957:
1958:
1959: --
1960: -- Notifications.
1961: --
1962:
1963: midcomUnsolicitedRuleEvent NOTIFICATION-TYPE
1964: OBJECTS { midcomRuleOperStatus, midcomRuleLifetime }
1965: STATUS current
1966: DESCRIPTION
1967: "This notification is generated whenever the value of
1968: midcomRuleOperStatus enters any error state or any
1969: termination state without an explicit trigger by a
1970: MIDCOM client."
1971: ::= { midcomNotifications 1 }
1972:
1973: midcomSolicitedRuleEvent NOTIFICATION-TYPE
1974: OBJECTS { midcomRuleOperStatus, midcomRuleLifetime }
1975: STATUS current
1976: DESCRIPTION
1977: "This notification is generated whenever the value
1978: of midcomRuleOperStatus enters one of the states
1979: {reserved, enabled, any error state, any termination state}
1980: as a result of a MIDCOM agent writing successfully to
1981: object midcomRuleAdminStatus.
1982:
1983: In addition, it is generated when the lifetime of
1984: a rule was changed by successfully writing to object
1985: midcomRuleLifetime."
1986: ::= { midcomNotifications 2 }
1987:
1988: midcomSolicitedGroupEvent NOTIFICATION-TYPE
1989: OBJECTS { midcomGroupLifetime }
1990: STATUS current
1991: DESCRIPTION
1992: "This notification is generated for indicating that the
1993: lifetime of all member rules of the group was changed by
1994: successfully writing to object midcomGroupLifetime.
1995:
1996: Note that this notification is only sent if the lifetime
1997: of a group was changed by successfully writing to object
1998: midcomGroupLifetime. No notification is sent
1999: - if a group's lifetime is changed by writing to object
2000: midcomRuleLifetime of any of its member policies,
2001: - if a group's lifetime expires (in this case
2002: notifications are sent for all member policies)
2003: - if the group is terminated by terminating the last
2004: of its member policies without writing to object
2005: midcomGroupLifetime."
2006: ::= { midcomNotifications 3 }
2007:
2008:
2009: --
2010: -- Conformance information
2011: --
2012:
2013: midcomCompliances OBJECT IDENTIFIER ::= { midcomConformance 1 }
2014: midcomGroups OBJECT IDENTIFIER ::= { midcomConformance 2 }
2015:
2016: --
2017: -- compliance statements
2018: --
2019:
2020: -- This is the MIDCOM compliance definition ...
2021: --
2022:
2023: midcomCompliance MODULE-COMPLIANCE
2024: STATUS current
2025: DESCRIPTION
2026: "The compliance statement for SNMP entities that
2027: implement the MIDCOM MIB module.
2028:
2029: Note that compliance with this compliance
2030: statement requires compliance with the
2031: ifCompliance3 MODULE-COMPLIANCE statement of the
2032: IF-MIB [RFC2863]."
2033: MODULE -- this module
2034: MANDATORY-GROUPS {
2035: midcomRuleGroup,
2036: midcomNotificationsGroup,
2037: midcomCapabilitiesGroup,
2038: midcomStatisticsGroup
2039: }
2040: GROUP midcomConfigFirewallGroup
2041: DESCRIPTION
2042: "A compliant implementation does not have to implement
2043: the midcomConfigFirewallGroup."
2044: GROUP midcomResourceGroup
2045: DESCRIPTION
2046: "A compliant implementation does not have to implement
2047: the midcomResourceGroup."
2048: OBJECT midcomRuleInternalIpPrefixLength
2049: MIN-ACCESS read-only
2050: DESCRIPTION
2051: "Write access is not required. When write access is
2052: not supported return 128 as the value of this object.
2053: A value of 128 means that the function represented by
2054: this option is not supported."
2055: OBJECT midcomRuleExternalIpPrefixLength
2056: MIN-ACCESS read-only
2057: DESCRIPTION
2058: "Write access is not required. When write access is
2059: not supported return 128 as the value of this object.
2060: A value of 128 means that the function represented by
2061: this option is not supported."
2062: OBJECT midcomRuleMaxIdleTime
2063: MIN-ACCESS read-only
2064: DESCRIPTION
2065: "Write access is not required. When write access is
2066: not supported return 0 as the value of this object.
2067: A value of 0 means that the function represented by
2068: this option is not supported."
2069: OBJECT midcomRuleInterface
2070: MIN-ACCESS read-only
2071: DESCRIPTION
2072: "Write access is not required."
2073: OBJECT midcomConfigMaxLifetime
2074: MIN-ACCESS read-only
2075: DESCRIPTION
2076: "Write access is not required."
2077: OBJECT midcomConfigPersistentRules
2078: MIN-ACCESS read-only
2079: DESCRIPTION
2080: "Write access is not required."
2081: OBJECT midcomConfigIfEnabled
2082: MIN-ACCESS read-only
2083: DESCRIPTION
2084: "Write access is not required."
2085: OBJECT midcomConfigFirewallGroupId
2086: MIN-ACCESS read-only
2087: DESCRIPTION
2088: "Write access is not required."
2089: OBJECT midcomConfigFirewallPriority
2090: MIN-ACCESS read-only
2091: DESCRIPTION
2092: "Write access is not required."
2093: ::= { midcomCompliances 1 }
2094:
2095: midcomRuleGroup OBJECT-GROUP
2096: OBJECTS {
2097: midcomRuleAdminStatus,
2098: midcomRuleOperStatus,
2099: midcomRuleStorageType,
2100: midcomRuleStorageTime,
2101: midcomRuleError,
2102: midcomRuleInterface,
2103: midcomRuleFlowDirection,
2104: midcomRuleMaxIdleTime,
2105: midcomRuleTransportProtocol,
2106: midcomRulePortRange,
2107: midcomRuleInternalIpVersion,
2108: midcomRuleExternalIpVersion,
2109: midcomRuleInternalIpAddr,
2110: midcomRuleInternalIpPrefixLength,
2111: midcomRuleInternalPort,
2112: midcomRuleExternalIpAddr,
2113: midcomRuleExternalIpPrefixLength,
2114: midcomRuleExternalPort,
2115: midcomRuleInsideIpAddr,
2116: midcomRuleInsidePort,
2117: midcomRuleOutsideIpAddr,
2118: midcomRuleOutsidePort,
2119: midcomRuleLifetime,
2120: midcomRuleRowStatus,
2121: midcomGroupLifetime
2122: }
2123: STATUS current
2124: DESCRIPTION
2125: "A collection of objects providing information about
2126: policy rules and policy rule groups."
2127: ::= { midcomGroups 1 }
2128:
2129: midcomCapabilitiesGroup OBJECT-GROUP
2130: OBJECTS {
2131: midcomConfigMaxLifetime,
2132: midcomConfigPersistentRules,
2133: midcomConfigIfBits,
2134: midcomConfigIfEnabled
2135: }
2136: STATUS current
2137: DESCRIPTION
2138: "A collection of objects providing information about
2139: the capabilities of a middlebox."
2140: ::= { midcomGroups 2 }
2141:
2142: midcomConfigFirewallGroup OBJECT-GROUP
2143: OBJECTS {
2144: midcomConfigFirewallGroupId,
2145: midcomConfigFirewallPriority
2146: }
2147: STATUS current
2148: DESCRIPTION
2149: "A collection of objects providing information about
2150: the firewall rule group and firewall rule priority to
2151: be used by firewalls loaded through MIDCOM."
2152: ::= { midcomGroups 3 }
2153:
2154: midcomResourceGroup OBJECT-GROUP
2155: OBJECTS {
2156: midcomRscNatInternalAddrBindMode,
2157: midcomRscNatInternalAddrBindId,
2158: midcomRscNatInsideAddrBindMode,
2159: midcomRscNatInsideAddrBindId,
2160: midcomRscNatSessionId1,
2161: midcomRscNatSessionId2,
2162: midcomRscFirewallRuleId
2163: }
2164: STATUS current
2165: DESCRIPTION
2166: "A collection of objects providing information about
2167: the used NAT and firewall resources."
2168: ::= { midcomGroups 4 }
2169:
2170: midcomStatisticsGroup OBJECT-GROUP
2171: OBJECTS {
2172: midcomCurrentOwners,
2173: midcomTotalRejectedRuleEntries,
2174: midcomCurrentRulesIncomplete,
2175: midcomTotalIncorrectReserveRules,
2176: midcomTotalRejectedReserveRules,
2177: midcomCurrentReserveRulesActive,
2178: midcomTotalReserveRulesExpired,
2179: midcomTotalTerminatedOnRqReserveRules,
2180: midcomTotalTerminatedReserveRules,
2181: midcomTotalIncorrectEnableRules,
2182: midcomTotalRejectedEnableRules,
2183: midcomCurrentEnableRulesActive,
2184: midcomTotalEnableRulesExpired,
2185: midcomTotalTerminatedOnRqEnableRules,
2186: midcomTotalTerminatedEnableRules
2187: }
2188: STATUS current
2189: DESCRIPTION
2190: "A collection of objects providing statistical
2191: information about the MIDCOM server."
2192: ::= { midcomGroups 5 }
2193:
2194: midcomNotificationsGroup NOTIFICATION-GROUP
2195: NOTIFICATIONS {
2196: midcomUnsolicitedRuleEvent,
2197: midcomSolicitedRuleEvent,
2198: midcomSolicitedGroupEvent
2199:
2200: }
2201: STATUS current
2202: DESCRIPTION
2203: "The notifications emitted by the midcomMIB."
2204: ::= { midcomGroups 6 }
2205:
2206: END
2207:
2208: --
2209: -- Copyright (C) The Internet Society (2006). This document is subject
2210: -- to the rights, licenses and restrictions contained in BCP 78, and
2211: -- except as set forth therein, the authors retain all their rights.
2212: --
2213: -- Acknowledgment
2214: -- Funding for the RFC Editor function is currently provided by the
2215: -- Internet Society.
2216: