rfc2572.txt

来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,654 行 · 第 1/5 页

6.6.  msgSecurityParameters

   The msgSecurityParameters field of the SNMPv3 Message is used for
   communication between the Security Model modules in the sending and
   receiving SNMP engines. The data in the msgSecurityParameters field
   is used exclusively by the Security Model, and the contents and
   format of the data is defined by the Security Model.  This OCTET
   STRING is not interpreted by the v3MP, but is passed to the local
   implementation of the Security Model indicated by the
   msgSecurityModel field in the message.

6.7.  scopedPduData

   The scopedPduData field represents either the plain text scopedPDU if
   the privFlag in the msgFlags is zero, or it represents an
   encryptedPDU (encoded as an OCTET STRING) which must be decrypted by
   the securityModel in use to produce a plaintext scopedPDU.



SNMPv3 Working Group        Standards Track                    [Page 24]

RFC 2572           Message Processing and Dispatching           April 1999


6.8.  scopedPDU

   The scopedPDU contains information to identify an administratively
   unique context and a PDU. The object identifiers in the PDU refer to
   managed objects which are (expected to be) accessible within the
   specified context.

6.8.1.  contextEngineID

   The contextEngineID in the SNMPv3 message, uniquely identifies,
   within an administrative domain, an SNMP entity that may realize an
   instance of a context with a particular contextName.

   For incoming messages, the contextEngineID is used in conjunction
   with pduType to determine to which application the scopedPDU will be
   sent for processing.

   For outgoing messages, the v3MP sets the contextEngineID to the value
   provided by the application in the request for a message to be sent.

6.8.2.  contextName

   The contextName field in an SNMPv3 message, in conjunction with the
   contextEngineID field, identifies the particular context associated
   with the management information contained in the PDU portion of the
   message.  The contextName is unique within the SNMP entity specified
   by the contextEngineID, which may realize the managed objects
   referenced within the PDU.  An application which originates a message
   provides the value for the contextName field and this value may be
   used during processing by an application at the receiving SNMP
   Engine.

6.8.3.  data

   The data field of the SNMPv3 Message contains the PDU.  Among other
   things, the PDU contains the PDU type that is used by the v3MP to
   determine the type of the incoming SNMP message.  The v3MP specifies
   that the PDU must be one of those specified in [RFC1905].

7.  Elements of Procedure for v3MP

   This section describes the procedures followed by an SNMP engine when
   generating and processing SNMP messages according to the SNMPv3
   Message Processing Model.

   Please note, that for the sake of clarity and to prevent the text
   from being even longer and more complicated, some details were
   omitted from the steps below.



SNMPv3 Working Group        Standards Track                    [Page 25]

RFC 2572           Message Processing and Dispatching           April 1999


      a) Some steps specify that when some error conditions are
         encountered when processing a received message, a message
         containing a Report PDU is generated and the received message
         is discarded without further processing.  However, a Report-PDU
         must not be generated unless the PDU causing generation of the
         Report PDU can be determine to be a member of the Confirmed
         Class, or the reportableFlag is set to one and the PDU class
         cannot be determined.

      b) The elements of procedure do not always explicitly indicate
         when state information needs to be released. The general rule
         is that if state information is available when a message is to
         be "discarded without further processing", then the state
         information should also be released at that same time.

7.1.  Prepare an Outgoing SNMP Message

   This section describes the procedure followed to prepare an SNMPv3
   message from the data elements passed by the Message Dispatcher.

   1) The Message Dispatcher may request that an SNMPv3 message
      containing a Read Class, Write Class, or Notification Class PDU be
      prepared for sending.

      a) It makes such a request according to the abstract service
         primitive:

         statusInformation =           -- success or errorIndication
           prepareOutgoingMessage(
           IN   transportDomain        -- requested transport domain
           IN   transportAddress       -- requested destination address
           IN   messageProcessingModel -- typically, SNMP version
           IN   securityModel          -- Security Model to use
           IN   securityName           -- on behalf of this principal
           IN   securityLevel          -- Level of Security requested
           IN   contextEngineID        -- data from/at this entity
           IN   contextName            -- data from/in this context
           IN   pduVersion             -- version of the PDU
           IN   PDU                    -- SNMP Protocol Data Unit
           IN   expectResponse         -- TRUE or FALSE *
           IN   sendPduHandle          -- the handle for matching
                                       -- incoming responses
           OUT  destTransportDomain    -- destination transport domain
           OUT  destTransportAddress   -- destination transport address
           OUT  outgoingMessage        -- the message to send
           OUT  outgoingMessageLength  -- the length of the message
           )




SNMPv3 Working Group        Standards Track                    [Page 26]

RFC 2572           Message Processing and Dispatching           April 1999


      *  The SNMPv3 Message Processing Model does not use the values of
         expectResponse or pduVersion.

      b) A unique msgID is generated.  The number used for msgID should
         not have been used recently, and must not be the same as was
         used for any outstanding request.

   2) The Message Dispatcher may request that an SNMPv3 message
      containing a Response Class or Internal Class PDU be prepared for
      sending.

      a) It makes such a request according to the abstract service
         primitive:

         result =                        -- SUCCESS or FAILURE
         prepareResponseMessage(
          IN   messageProcessingModel   -- typically, SNMP version
          IN   securityModel            -- same as on incoming request
          IN   securityName             -- same as on incoming request
          IN   securityLevel            -- same as on incoming request
          IN   contextEngineID          -- data from/at this SNMP entity
          IN   contextName              -- data from/in this context
          IN   pduVersion               -- version of the PDU
          IN   PDU                      -- SNMP Protocol Data Unit
          IN   maxSizeResponseScopedPDU -- maximum size sender can accept
          IN   stateReference           -- reference to state
                                        -- information presented with
                                        -- the request
          IN   statusInformation        -- success or errorIndication
                                        -- error counter OID and value
                                        -- when errorIndication
          OUT  destTransportDomain      -- destination transport domain
          OUT  destTransportAddress     -- destination transport address
          OUT  outgoingMessage          -- the message to send
          OUT  outgoingMessageLength    -- the length of the message
          )

      b) The cached information for the original request is retrieved
         via the stateReference, including












SNMPv3 Working Group        Standards Track                    [Page 27]

RFC 2572           Message Processing and Dispatching           April 1999


                  - msgID,
                  - contextEngineID,
                  - contextName,
                  - securityModel,
                  - securityName,
                  - securityLevel,
                  - securityStateReference,
                  - reportableFlag,
                  - transportDomain, and
                  - transportAddress.

         The SNMPv3 Message Processing Model does not allow cached data
         to be overridden, except by error indications as detailed in
         (3) below.

   3) If statusInformation contains values for an OID/value combination
      (potentially also containing a securityLevel value,
      contextEngineID value, or contextName value), then

      a) If reportableFlag is zero, then the original message is
         discarded, and no further processing is done. A result of
         FAILURE is returned. SNMPv3 Message Processing is complete.

      b) If a PDU is provided, it is the PDU from the original request.
         If possible, extract the request-id.

      c) A Report PDU is prepared:

         1) the varBindList is set to contain the OID and value from the
            statusInformation

         2) error-status is set to 0

         3) error-index is set to 0.

         4) request-id is set to the value extracted in step b)
            Otherwise, request-id is set to 0

      d) The errorIndication in statusInformation may be accompanied by
         a securityLevel value, a contextEngineID value, or a
         contextName value.

         1) If statusInformation contains a value for securityLevel,
            then securityLevel is set to that value, otherwise it is set
            to noAuthNoPriv.






SNMPv3 Working Group        Standards Track                    [Page 28]

RFC 2572           Message Processing and Dispatching           April 1999


         2) If statusInformation contains a value for contextEngineID,
            then contextEngineID is set to that value, otherwise it is
            set to the value of this entity's snmpEngineID.

         3) If statusInformation contains a value for contextName, then
            contextName is set to that value, otherwise it is set to the
            default context of "" (zero-length string).

      e) PDU is set to refer to the new Report-PDU.  The old PDU is
         discarded.

      f) Processing continues with step 6) below.

   4) If contextEngineID is not yet determined, then the contextEngineID
      is determined, in an implementation-dependent manner, possibly
      using the transportDomain and transportAddress.

   5) If the contextName is not yet determined, the contextName is set
      to the default context.

   6) A scopedPDU is prepared from the contextEngineID, contextName, and
      PDU.

   7) msgGlobalData is constructed as follows

      a) The msgVersion field is set to snmpv3(3).

      b) msgID is set as determined in step 1 or 2 above.

      c) msgMaxSize is set to an implementation-dependent value.

      d) msgFlags are set as follows:

         -  If securityLevel specifies noAuthNoPriv, then authFlag and
            privFlag are both set to zero.

         -  If securityLevel specifies authNoPriv, then authFlag is set
            to one and privFlag is set to zero.

         -  If securityLevel specifies authPriv, then authFlag is set to
            one and privFlag is set to one.

         -  If the PDU is from the Unconfirmed Class, then the
            reportableFlag is set to zero.

         -  If the PDU is from the Confirmed Class then the
            reportableFlag is set to one.




SNMPv3 Working Group        Standards Track                    [Page 29]

RFC 2572           Message Processing and Dispatching           April 1999


         -  All other msgFlags bits are set to zero.

      e) msgSecurityModel is set to the value of securityModel

   8) If the PDU is from the Response Class or the Internal Class, then

      a) The specified Security Model is called to generate the message
         according to the primitive:

         statusInformation =
           generateResponseMsg(
           IN   messageProcessingModel -- SNMPv3 Message Processing
                                       -- Model
           IN   globalData             -- msgGlobalData from step 7
           IN   maxMessageSize         -- from msgMaxSize (step 7c)
           IN   securityModel          -- as determined in step 7e
           IN   securityEngineID       -- the value of snmpEngineID
           IN   securityName           -- on behalf of this principal
           IN   securityLevel          -- for the outgoing message
           IN   scopedPDU              -- as prepared in step 6)
           IN   securityStateReference -- as determined in step 2
           OUT  securityParameters     -- filled in by Security Module
           OUT  wholeMsg               -- complete generated message