📄 rfc2452.txt
字号:
RFC 2452 TCP MIB for IPv6 December 1998
(ipv6TcpConnLocalAddress) is not a link-local address, this
object identifies a local interface on the same link as
the connection's remote link-local address.
Otherwise, this object identifies the local interface that
is associated with the ipv6TcpConnLocalAddress for this
TCP connection. If such a local interface cannot be determined,
this object should take on the value 0. (A possible example
of this would be if the value of ipv6TcpConnLocalAddress is ::0.)
The interface identified by a particular non-0 value of this
index is the same interface as identified by the same value
of ipv6IfIndex.
The value of this object must remain constant during the life
of the TCP connection."
::= { ipv6TcpConnEntry 5 }
ipv6TcpConnState OBJECT-TYPE
SYNTAX INTEGER {
closed(1),
listen(2),
synSent(3),
synReceived(4),
established(5),
finWait1(6),
finWait2(7),
closeWait(8),
lastAck(9),
closing(10),
timeWait(11),
deleteTCB(12) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The state of this TCP connection.
The only value which may be set by a management station is
deleteTCB(12). Accordingly, it is appropriate for an agent
to return an error response (`badValue' for SNMPv1, 'wrongValue'
for SNMPv2) if a management station attempts to set this
object to any other value.
If a management station sets this object to the value
deleteTCB(12), then this has the effect of deleting the TCB
(as defined in RFC 793) of the corresponding connection on
the managed node, resulting in immediate termination of the
connection.
Daniele Standards Track [Page 6]
RFC 2452 TCP MIB for IPv6 December 1998
As an implementation-specific option, a RST segment may be
sent from the managed node to the other TCP endpoint (note
however that RST segments are not sent reliably)."
::= { ipv6TcpConnEntry 6 }
--
-- conformance information
--
ipv6TcpConformance OBJECT IDENTIFIER ::= { ipv6TcpMIB 2 }
ipv6TcpCompliances OBJECT IDENTIFIER ::= { ipv6TcpConformance 1 }
ipv6TcpGroups OBJECT IDENTIFIER ::= { ipv6TcpConformance 2 }
-- compliance statements
ipv6TcpCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMPv2 entities which
implement TCP over IPv6."
MODULE -- this module
MANDATORY-GROUPS { ipv6TcpGroup }
::= { ipv6TcpCompliances 1 }
ipv6TcpGroup OBJECT-GROUP
OBJECTS { -- these are defined in this module
-- ipv6TcpConnLocalAddress (not-accessible)
-- ipv6TcpConnLocalPort (not-accessible)
-- ipv6TcpConnRemAddress (not-accessible)
-- ipv6TcpConnRemPort (not-accessible)
-- ipv6TcpConnIfIndex (not-accessible)
ipv6TcpConnState }
STATUS current
DESCRIPTION
"The group of objects providing management of
TCP over IPv6."
::= { ipv6TcpGroups 1 }
END
Daniele Standards Track [Page 7]
RFC 2452 TCP MIB for IPv6 December 1998
7. Acknowledgments
This memo is a product of the IPng work group, and benefited
especially from the contributions of the following working group
members:
Dimitry Haskin Bay Networks
Margaret Forsythe Epilogue
Tim Hartrick Mentat
Frank Solensky FTP
Jack McCann DEC
8. References
[1] Information processing systems - Open Systems
Interconnection - Specification of Abstract Syntax
Notation One (ASN.1), International Organization for
Standardization. International Standard 8824,
(December, 1987).
[2] McCloghrie, K., Editor, "Structure of Management
Information for version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1902, January 1996.
[TCP MIB] SNMPv2 Working Group, McCloghrie, K., Editor, "SNMPv2
Management Information Base for the Transmission
Control Protocol using SMIv2", RFC 2012, November 1996.
[IPV6 MIB TC] Haskin, D., and S. Onishi, "Management Information
Base for IP Version 6: Textual Conventions and General
Group", RFC 2465, December 1998.
[IPV6] Deering, S., and R. Hinden, "Internet Protocol, Version
6 (IPv6) Specification", RFC 2460, December 1998.
[RFC2274] Blumenthal, U., and B. Wijnen, "The User-Based Security
Model for Version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 2274, January 1998.
[RFC2275] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model for the Simple Network Management
Protocol (SNMP)", RFC 2275, January 1998.
9. Security Considerations
This MIB contains a management object that has a MAX-ACCESS clause of
read-write and/or read-create. In particular, it is possible to
delete individual TCP control blocks (i.e., connections).
Daniele Standards Track [Page 8]
RFC 2452 TCP MIB for IPv6 December 1998
Consequently, anyone having the ability to issue a SET on this object
can impact the operation of the node.
There are a number of managed objects in this MIB that may be
considered to contain sensitive information in some environments.
For example, the MIB identifies the active TCP connections on the
node. Although this information might be considered sensitive in
some environments (i.e., to identify ports on which to launch
denial-of-service or other attacks), there are already other ways of
obtaining similar information. For example, sending a random TCP
packet to an unused port prompts the generation of a TCP reset
message.
Therefore, it may be important in some environments to control read
and/or write access to these objects and possibly to even encrypt the
values of these object when sending them over the network via SNMP.
Not all versions of SNMP provide features for such a secure
environment. SNMPv1 by itself does not provide encryption or strong
authentication.
It is recommended that the implementors consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model [RFC2274] and the View-based Access
Control Model [RFC2275] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to those objects only to those principals
(users) that have legitimate rights to access them.
10. Author's Address
Mike Daniele
Compaq Computer Corporation
110 Spit Brook Rd
Nashua, NH 03062
Phone: +1-603-884-1423
EMail: daniele@zk3.dec.com
Daniele Standards Track [Page 9]
RFC 2452 TCP MIB for IPv6 December 1998
11. Full Copyright Statement
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Daniele Standards Track [Page 10]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -