📄 rfc1353.txt
字号:
STATUS mandatory
DESCRIPTION
"The status of the access privileges for a
particular requesting SNMP party in accessing a
particular target SNMP party. Setting an instance
of this object to the value 'invalid(2)' has the
effect of invalidating the corresponding access
privileges.
It is an implementation-specific matter as to
whether the agent removes an invalidated entry
from the table. Accordingly, management stations
must be prepared to receive from agents tabular
information corresponding to entries not currently
in use. Proper interpretation of such entries
requires examination of the relevant aclStatus
object."
DEFVAL { valid }
::= { aclEntry 4 }
McCloghrie, Davin, & Galvin [Page 20]
RFC 1353 SNMP Party MIB July 1992
-- The MIB View Database Group
-- This group of objects allows the SNMP itself to be used to
-- configure new SNMP parties, or to manipulate the MIB
-- MIB views of existing parties.
--
-- Implementation of the objects in this group is mandatory.
viewTable OBJECT-TYPE
SYNTAX SEQUENCE OF ViewEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The table contained in the local database which
defines local MIB views. Each SNMP party has a
single MIB view which is defined by two
collections of view subtrees: the included view
subtrees, and the excluded view subtrees. Every
such subtree, both included and excluded, is
defined in this table.
To determine if a particular object instance is in
a particular SNMP party's MIB view, compare the
object instance's Object Identifier with each
entry (for this party) in this table. If none
match, then the object instance is not in the MIB
view. If one or more match, then the object
instance is included in, or excluded from, the MIB
view according to the value of viewStatus in the
entry whose value of viewSubtree has the most
sub-identifiers. If multiple entries match and
have the same number of sub-identifiers, then the
lexicographically greatest instance of viewStatus
determines the inclusion or exclusion.
An object instance's Object Identifier X matches
an entry in this table when the number of sub-
identifiers in X is at least as many as in the
value of viewSubtree for the entry, and each sub-
identifier in the value of viewSubtree matches its
corresponding sub-identifier in X. Two sub-
identifiers match either if the corresponding bit
of viewMask is zero (the 'wild card' value), or if
they are equal.
Due to this 'wild card' capability, we introduce
the term, a 'family' of view subtrees, to refer to
McCloghrie, Davin, & Galvin [Page 21]
RFC 1353 SNMP Party MIB July 1992
the set of subtrees defined by a particular
combination of values of viewSubtree and viewMask.
In the case where no 'wild card' is defined in
viewMask, the family of view subtrees reduces to a
single view subtree."
::= { partyViews 1 }
viewEntry OBJECT-TYPE
SYNTAX ViewEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Information on a particular family of view
subtrees included in or excluded from a particular
SNMP party's MIB view."
INDEX { viewParty, viewSubtree }
::= { viewTable 1 }
ViewEntry ::=
SEQUENCE {
viewParty
Party,
viewSubtree
OBJECT IDENTIFIER,
viewStatus
INTEGER,
viewMask
OCTET STRING
}
viewParty OBJECT-TYPE
SYNTAX Party
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The SNMP party whose single MIB view includes or
excludes a particular family of view subtrees."
::= { viewEntry 1 }
viewSubtree OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The view subtree which, in combination with the
corresponding instance of viewMask, defines a
family of view subtrees. This family is included
in, or excluded from the particular SNMP party's
McCloghrie, Davin, & Galvin [Page 22]
RFC 1353 SNMP Party MIB July 1992
MIB view, according to the value of the
corresponding instance of viewStatus."
::= { viewEntry 2 }
viewStatus OBJECT-TYPE
SYNTAX INTEGER {
included(1),
excluded(2),
invalid(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of a particular family of view
subtrees within the particular SNMP party's MIB
view. The value 'included(1)' indicates that the
corresponding instances of viewSubtree and
viewMask define a family of view subtrees included
in the MIB view. The value 'excluded(2)'
indicates that the corresponding instances of
viewSubtree and viewMask define a family of view
subtrees excluded from the MIB view.
Setting an instance of this object to the value
'invalid(3)' has the effect of invalidating the
presence or absence of the corresponding family of
view subtrees in the corresponding SNMP party's
MIB view.
It is an implementation-specific matter as to
whether the agent removes an invalidated entry
from the table. Accordingly, management stations
must be prepared to receive from agents tabular
information corresponding to entries not currently
in use. Proper interpretation of such entries
requires examination of the relevant viewStatus
object."
DEFVAL { included }
::= { viewEntry 3 }
viewMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..16))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The bit mask which, in combination with the
corresponding instance of viewSubtree, defines a
family of view subtrees.
McCloghrie, Davin, & Galvin [Page 23]
RFC 1353 SNMP Party MIB July 1992
Each bit of this bit mask corresponds to a sub-
identifier of viewSubtree, with the most
significant bit of the i-th octet of this octet
string value (extended if necessary, see below)
corresponding to the (8*i - 7)-th sub-identifier,
and the least significant bit of the i-th octet of
this octet string corresponding to the (8*i)-th
sub-identifier, where i is in the range 1 through
16.
Each bit of this bit mask specifies whether or not
the corresponding sub-identifiers must match when
determining if an Object Identifier is in this
family of view subtrees; a '1' indicates that an
exact match must occur; a '0' indicates 'wild
card', i.e., any sub-identifier value matches.
Thus, the Object Identifier X of an object
instance is contained in a family of view subtrees
if the following criteria are met:
for each sub-identifier of the value of
viewSubtree, either:
the i-th bit of viewMask is 0, or
the i-th sub-identifier of X is equal to
the i-th sub-identifier of the value of
viewSubtree.
If the value of this bit mask is M bits long and
there are more than M sub-identifiers in the
corresponding instance of viewSubtree, then the
bit mask is extended with 1's to be the required
length.
Note that when the value of this object is the
zero-length string, this extension rule results in
a mask of all-1's being used (i.e., no 'wild
card'), and the family of view subtrees is the one
view subtree uniquely identified by the
corresponding instance of viewSubtree."
DEFVAL { ''h }
::= { viewEntry 4 }
END
McCloghrie, Davin, & Galvin [Page 24]
RFC 1353 SNMP Party MIB July 1992
5. Acknowledgments
This document was produced on behalf of the SNMP Security Working
Group of the Internet Engineering Task Force. The authors wish to
thank the members of the working group, and others who contributed to
this effort.
6. References
[1] Rose, M., and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP based internets", RFC 1155,
Performance Systems International, Hughes LAN Systems, May 1990.
[2] McCloghrie, K., and M. Rose, "Management Information Base for
Network Management of TCP/IP-based Internets", RFC 1156, Hughes
LAN Systems and Performance Systems International, May 1990.
[3] Case, J., M. Fedor, M. Schoffstall, and J. Davin, The Simple
Network Management Protocol", RFC 1157, University of Tennessee
at Knoxville, Performance Systems International, Performance
Systems International, and the MIT Laboratory for Computer
Science, May 1990.
[4] McCloghrie K., and M. Rose, Editors, "Management Information Base
for Network Management of TCP/IP-based internets", RFC 1213,
Performance Systems International, March 1991.
[5] Information processing systems - Open Systems Interconnection -
Specification of Abstract Syntax Notation One (ASN.1),
International Organization for Standardization, International
Standard 8824, December 1987.
[6] Information processing systems - Open Systems Interconnection -
Specification of Basic Encoding Rules for Abstract Notation One
(ASN.1), International Organization for Standardization,
International Standard 8825, December 1987.
[7] Rose, M., and K. McCloghrie, Editors, "Concise MIB Definitions",
RFC 1212, Performance Systems International, Hughes LAN Systems,
March 1991.
[8] Davin, J., Galvin, J., and K. McCloghrie, "SNMP Administrative
Model", RFC 1351, MIT Laboratory for Computer Science, Trusted
Information Systems, Inc., Hughes LAN Systems, Inc., July 1992.
[9] Galvin, J., McCloghrie, K., and J. Davin, "SNMP Security
Protocols", RFC 1352, Trusted Information Systems, Inc., Hughes
LAN Systems, Inc., MIT Laboratory for Computer Science, July
McCloghrie, Davin, & Galvin [Page 25]
RFC 1353 SNMP Party MIB July 1992
1992.
Security Considerstions
Security issues are discussed in section 3.1. and in RFCs 1351 and
1352.
Authors' Addresses
Keith McCloghrie
Hughes LAN Systems, Inc.
Mountain View, CA 94043
Phone: (415) 966-7934
EMail: kzm@hls.com
James R. Davin
MIT Laboratory for Computer Science
545 Technology Square
Cambridge, MA 02139
Phone: (617) 253-6020
EMail: jrd@ptt.lcs.mit.edu
James M. Galvin
Trusted Information Systems, Inc.
3060 Washington Road, Route 97
Glenwood, MD 21738
Phone: (301) 854-6889
EMail: galvin@tis.com
McCloghrie, Davin, & Galvin [Page 26]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -