rfc2263.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   A proxy forwarder receives notifications in the same manner as a
   notification receiver application, using the processPdu abstract
   service interface.  The following procedure is used when a
   notification is received:

(1)  The incoming management target information received from the
     processPdu interface is translated into outgoing management target
     information.  Note that this translation may vary for different
     values of contextEngineId and/or contextName.  The translation may
     result in multiple management targets.






Levi, et. al.               Standards Track                    [Page 24]

RFC 2263                  SNMPv3 Applications               January 1998


(2)  If appropriate outgoing management target information cannot be
     found and the notification was a Trap, processing of the
     notification is halted.  If appropriate outgoing management target
     information cannot be found and the notification was an Inform, the
     proxy forwarder increments the snmpProxyDrops object, and calls the
     Dispatcher using the returnResponsePdu abstract service interface.

     The parameters are:

       -  The messageProcessingModel is the received value.

       -  The securityModel is the received value.

       -  The securityName is the received value.

       -  The securityLevel is the received value.

       -  The contextEngineID is the received value.

       -  The contextName is the received value.

       -  The pduVersion is the received value.

       -  The PDU is an undefined and unused value.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the received value.

       -  The statusInformation indicates that an error occurred and
          that a Report message should be generated.

     Processing of the message stops at this point.  Otherwise,

(3)  The proxy forwarder generates a notification using the procedures
     described in the preceding section on Notification Originators,
     with the following exceptions:

       -  The contextEngineID and contextName values from the original
          received notification are used.

       -  The outgoing management targets previously determined are
          used.

       -  No filtering mechanisms are applied.





Levi, et. al.               Standards Track                    [Page 25]

RFC 2263                  SNMPv3 Applications               January 1998


       -  The variable-bindings from the original received notification
          are used, rather than retrieving variable-bindings from local
          MIB instrumentation.  In particular, no access-control is
          applied to these variable-bindings.

       -  If for any of the outgoing management targets, the incoming
          SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2
          or SNMPv3, the proxy forwarder must apply the translation
          rules as documented in [RFC1908].

       -  If for any of the outgoing management targets, the incoming
          SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP
          version is SNMPv1, this outgoing management target is not used
          when generating the forwarded notifications.

(4)  If the original received notification contains an SNMPv2-Trap PDU,
     processing of the notification is now completed.  Otherwise, the
     original received notification must contain an Inform PDU, and
     processing continues.

(5)  If the forwarded notifications included any Inform PDUs, processing
     continues when the procedures described in the section for
     Notification Originators determine that either:

       -  None of the generated notifications containing Inform PDUs
          have been successfully acknowledged within the longest of the
          time intervals, in which case processing of the original
          notification is halted, or,

       -  At least one of the generated notifications containing Inform
          PDUs is successfully acknowledged, in which case a response to
          the original received notification containing an Inform PDU is
          generated as described in the following steps.

(6)  A Response PDU is constructed, using the values of request-id and
     variable-bindings from the original received Inform PDU, and
     error-status and error-index values of 0.

(7)  The Dispatcher is called using the returnResponsePdu abstract
     service interface.  Parameters are:

       -  The messageProcessingModel is the originally received value.

       -  The securityModel is the originally received value.

       -  The securityName is the originally received value.

       -  The securityLevel is the originally received value.



Levi, et. al.               Standards Track                    [Page 26]

RFC 2263                  SNMPv3 Applications               January 1998


       -  The contextEngineID is the originally received value.

       -  The contextName is the originally received value.

       -  The pduVersion indicates the version of the PDU constructed in
          step (6) above.

       -  The PDU is the value constructed in step (6) above.

       -  The maxSizeResponseScopedPDU is a local value indicating the
          maximum size of a ScopedPDU that the application can accept.

       -  The stateReference is the originally received value.

       -  The statusInformation indicates that no error occurred and
          that a Response PDU message should be generated.

4.  The Structure of the MIB Modules

   There are three separate MIB modules described in this document, the
   management target MIB, the notification MIB, and the proxy MIB.  The
   following sections describe the structure of these three MIB modules.

   The use of these MIBs by particular types of applications is
   described later in this document:

       -  The use of the management target MIB and the notification MIB
          in notification originator applications is described in
          section 6.

       -  The use of the notification MIB for filtering notifications in
          notification originator applications is described in section
          7.

       -  The use of the management target MIB and the proxy MIB in
          proxy forwarding applications is described in section 8.

4.1.  The Management Target MIB Module

   The SNMP-TARGET-MIB module contains objects for defining management
   targets.  It consists of two tables and conformance/compliance
   statements.

   The first table, the snmpTargetAddrTable, contains information about
   transport domains and addresses.  It also contains an object,
   snmpTargetAddrTagList, which provides a mechanism for grouping
   entries.




Levi, et. al.               Standards Track                    [Page 27]

RFC 2263                  SNMPv3 Applications               January 1998


   The second table, the snmpTargetParamsTable, contains information
   about SNMP version and security information to be used when sending
   messages to particular transport domains and addresses.

4.1.1.  Tag Lists

   The snmpTargetAddrTagList object is used for grouping entries in the
   snmpTargetAddrTable.  The value of this object contains a list of tag
   values which are used to select target addresses to be used for a
   particular operation.

   A tag value, which may also be used in MIB objects other than
   snmpTargetAddrTagList, is an arbitrary string of octets, but may not
   contain a delimiter character.  Delimiter characters are defined to
   be one of the following characters:

       -  An ASCII space character (0x20).

       -  An ASCII TAB character (0x09).

       -  An ASCII carriage return (CR) character (0x0D).

       -  An ASCII line feed (LF) character (0x0B).

   In addition, a tag value may not have a zero length.  Generally, a
   particular MIB object may contain either

       -  a single tag value, in which case the value of the MIB object
          may not contain a delimiter character, or:

       -  a MIB object may contain a list of tag values, separated by
          single delimiter characters.

   For a list of tag values, these constraints imply certain
   restrictions on the value of a MIB object:

       -  There cannot be a leading or trailing delimiter character.

       -  There cannot be multiple adjacent delimiter charaters.

4.1.2.  Definitions

   SNMP-TARGET-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       TEXTUAL-CONVENTION,
       MODULE-IDENTITY,
       OBJECT-TYPE,



Levi, et. al.               Standards Track                    [Page 28]

RFC 2263                  SNMPv3 Applications               January 1998


       snmpModules,
       Integer32
           FROM SNMPv2-SMI

       TDomain,
       TAddress,
       TimeInterval,
       RowStatus,
       StorageType,
       TestAndIncr
           FROM SNMPv2-TC
       SnmpSecurityModel,
       SnmpMessageProcessingModel,
       SnmpSecurityLevel,
       SnmpAdminString
           FROM SNMP-FRAMEWORK-MIB

       OBJECT-GROUP
           FROM SNMPv2-CONF;

   snmpTargetMIB MODULE-IDENTITY
       LAST-UPDATED "9711210000Z"
       ORGANIZATION "IETF SNMPv3 Working Group"
       CONTACT-INFO
           "WG-email:   snmpv3@tis.com
            Subscribe:  majordomo@tis.com
                        In message body:  subscribe snmpv3

            Chair:      Russ Mundy
                        Trusted Information Systems
            Postal:     3060 Washington Rd
                        Glenwood MD 21738
                        USA
            Email:      mundy@tis.com
            Phone:      +1-301-854-6889

            Co-editor:  David B. Levi
                        SNMP Research, Inc.
            Postal:     3001 Kimberlin Heights Road
                        Knoxville, TN 37920-9716
            E-mail:     levi@snmp.com
            Phone:      +1 423 573 1434

            Co-editor:  Paul Meyer
                        Secure Computing Corporation
            Postal:     2675 Long Lake Road
                        Roseville, MN 55113
            E-mail:     paul_meyer@securecomputing.com



Levi, et. al.               Standards Track                    [Page 29]

RFC 2263                  SNMPv3 Applications               January 1998


            Phone:      +1 612 628 1592

            Co-editor:  Bob Stewart
                        Cisco Systems, Inc.
            Postal:     170 West Tasman Drive
                        San Jose, CA 95134-1706
            E-mail:     bstewart@cisco.com
            Phone:      +1 603 654 6923"
       DESCRIPTION
           "This MIB module defines MIB objects which provide
            mechanisms to remotely configure the parameters used
            by an SNMP entity for the generation of SNMP messages."
       REVISION        "9707140000Z"
       DESCRIPTION
           "The initial revision."
       ::= { snmpModules 7 }

   snmpTargetObjects       OBJECT IDENTIFIER ::= { snmpTargetMIB 1 }
   snmpTargetConformance   OBJECT IDENTIFIER ::= { snmpTargetMIB 3 }

   SnmpTagValue ::= TEXTUAL-CONVENTION
       DISPLAY-HINT "255a"
       STATUS       current
       DESCRIPTION
           "An octet string containing a tag value.
            Tag values are preferably in human-readable form.