Network Working Group A. Persson Internet-Draft SUN Intended status: Standards Track P. Schauer Expires: April 8, 2007 A. Durand Comcast D. Thaler Microsoft October 5, 2006 Management Information Base for TCP and UDP processes draft-persson-v6ops-mib-issue-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 8, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Persson, et al. Expires April 8, 2007 [Page 1] Internet-Draft TCP and UDP process MIBs October 2006 Abstract In RFC 4113 and 4022 there is a set of objects that have some outstanding issues. This document provides a short discussion of the issues and how they can be addressed. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Process Objects . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Instance Object . . . . . . . . . . . . . . . . . . . . . . 4 3 Suggested Approaches . . . . . . . . . . . . . . . . . . . . . 6 3.1 Process Objects . . . . . . . . . . . . . . . . . . . . . . 6 3.2 Instance Object . . . . . . . . . . . . . . . . . . . . . . 6 4 Process Information MIB Definitions . . . . . . . . . . . . . . 8 4.1 TCP Process Information MIB . . . . . . . . . . . . . . . . 8 4.2 UDP Process Information MIB . . . . . . . . . . . . . . . . 18 5 Security Considerations . . . . . . . . . . . . . . . . . . . . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 Intellectual Property and Copyright Statements . . . . . . . . . . 28 Persson, et al. Expires April 8, 2007 [Page 2] Internet-Draft TCP and UDP process MIBs October 2006 1 Introduction Between RFC 4113 and 4022 there are several objects that have unclear behavior, or limited functionality on some platforms. Some updates are needed in order to guarantee uniform behavior and functionality across all entities implementing the RFCs. Specifically, the objects in question are tcpConnectionProcess, tcpListenerProcess, udpEndpointProcess (collectively referred to as Process objects) and udpEndpointInstance (Instance object). Persson, et al. Expires April 8, 2007 [Page 3] Internet-Draft TCP and UDP process MIBs October 2006 2 Issues 2.1 Process Objects The Process objects are all described as the system process associated with a particular connection. If the object has a non- zero value, it is expected to correspond to a row in either HOST- RESOURCES-MIB::hrSWRunIndex or SYSAPPL-MIB::sysApplElmRunIndex. An object value of zero is used to identify cases where the connection is not associated with a processes. One of the usages for the Process objects is to track down misbehaving applications. For example, if an administrator detects unwanted data traffic that is sent to or from a machine under his/her control, then the connection tuple could be located in either the TCP or UDP connection tables. Since each entry in the table includes the process id of the controlling application, the administrator can force the application to stop. Establishing a one-to-one association between processes and connections works well on systems that only allow such behavior. However, on certain platforms it is possible to have multiple processes that share a single connection. An example of such behavior can be seen in most UNIX environments, where a process initially opens a new connection, and then uses the fork() system call to create one or more child processes. Each of the child processes will then have access to the connection opened by the parent process. However, it would not be possible to report multiple processes to the administrator using the current tables, which limits the functionality. 2.2 Instance Object The second issue is udpEndpointInstance, which is part of udpEndpointTable. The table is defined in RFC 4113 and it contains all connected and listening UDP endpoints. The entries in the table are indexed using the connection tuple as well as an Instance object. The Instance is used to distinguish between multiple identical UDP endpoints, which might happen, for example, if multicast is used. The assignment of instance values is implementation specific, and to give flexibility for implementors, the description is very minimal. Specifically, the description does not state if instance values can be reused, or if the values should be allocated in any particular order. In certain situations, the lack of such information can make it hard for administrators to detect system issues. To illustrate the issues, consider the following scenarios: Persson, et al. Expires April 8, 2007 [Page 4] Internet-Draft TCP and UDP process MIBs October 2006 Scenario 1: Assume there is a process providing a service, and the UDP endpoint associated with the service has an identifying tuple A. Also, the system has assigned the endpoint an instance value of x, and so the endpoint's index is A.x. An administrator wants to ensure that the service is operating properly, and is doing so by looking up A.x in udpEndpointTable at a regular interval. However, the presence of A.x in udpEndpointTable does not necessarily mean that the service is running properly. It could be the case that the service is constantly restarting due to errors, and the system is reusing the instance value x. Scenario 2: Assume there are multiple UDP endpoints that are receiving multicast packets from a specific sender. All the endpoints will therefore have the same tuple, but different instance values. However, the instance values do not give any indication of how long the different endpoints have been active. It would therefore be difficult to determine the status of the different endpoints. Persson, et al. Expires April 8, 2007 [Page 5] Internet-Draft TCP and UDP process MIBs October 2006 3 Suggested Approaches 3.1 Process Objects Enumerating all processes associated with connections will be done by introducing new tables. The tables are optional, and can be provided by those platforms that want to extend the functionality of RFC 4022 and 4113. RFC 4113 and 4022 define three connection tables: tcpConnectionTable, tcpListenerTable, and udpEndpointTable, which are indexed using connection tuples (the udpEndpointTable also uses the Instance object, but we include that as part of the tuple in the following discussion). For each connection table, we define two new tables: (1) a Creation information table, and (2) a Process information table, resulting in total of six new tables. The Creation Information tables, which are indexed using connection tuples, contains information about how and when a connection was created. More specifically, it contains the id of the process that created the connection, and when the creation event occurred. It is possible for a connection to continue, even if the creating process exits. For example, this could happen if the creating process was sharing the connection with other processes. Therefore, unlike the Process objects, the creator id does not have to correspond to a row in HOST-RESOURCES-MIB::hrSWRunIndex or SYSAPPL- MIB::sysApplElmRunIndex. The creation time can be used to determine if the id corresponds to a running process. Also, the Creation Information tables augment the existing connection tables, and therefore share the same life-time properties. The Process tables, which are indexed using the connection tuple and the process id, are used to enumerate all active processes that are associated with connections. For each process, a corresponding row is expected to be available in either HOST-RESOURCES- MIB::hrSWRunIndex or SYSAPPL-MIB::sysApplElmRunIndex, if those tables are supported. Similarly, a connection tuple should only be present in the Process tables if there is a corresponding row in tcpConnectionTable, tcpListenerTable, or udpEndpointTable. 3.2 Instance Object The basic description of the Instance object will remain as-is to ensure flexibility for all implementations. However, in a future update of RFC 4113, a clarification of the Instance object would be provided by adding an example to the description. One possible example would be: Persson, et al. Expires April 8, 2007 [Page 6] Internet-Draft TCP and UDP process MIBs October 2006 "The instance value could be obtained from a counter that is incremented each time a new UDP endpoint is created. Once the counter wraps around, care must be taken to ensure that newly created indexes are unique." The issue regarding not being able to detect change is no longer a problem, as long as the Creation Information tables are being used. Detecting whether a change has occurred can then be done by examining the creation time of the connection. Persson, et al. Expires April 8, 2007 [Page 7] Internet-Draft TCP and UDP process MIBs October 2006 4 Process Information MIB Definitions 4.1 TCP Process Information MIB TCP-PROC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Gauge32, Counter32, Counter64, IpAddress, mib-2, TimeTicks FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB tcpConnectionEntry, tcpListenerEntry FROM TCP-MIB; tcpProcMIB MODULE-IDENTITY LAST-UPDATED "200610010000Z" ORGANIZATION "IETF IPv6 Working Group" CONTACT-INFO "Alain Durand Comcast Cable 1500 Market st Philadelphia PA 19102 USA Email: alain_durand@cable.comcast.com Anders Persson SUN Microsystems inc. 17 Network Circle Menlo Park CA 94025 USA Email: anders.persson@sun.com Paul Schauer Comcast Cable 183 Inverness Dr West Englewood CO 80112 USA Email: paul_schauer@cable.comcast.com David Thaler Microsoft One Microsoft Way Redmond WA 98052 USA Email: dthaler@microsoft.com" Persson, et al. Expires April 8, 2007 [Page 8] Internet-Draft TCP and UDP process MIBs October 2006 DESCRIPTION "Test branch for proposed TCP connection process information tables" REVISION "200610010000Z" DESCRIPTION "Initial version" ::= { mib-2 990 } tcpProc OBJECT IDENTIFIER ::= { mib-2 992 } -- -- The proposed new TCP Connection Information table -- tcpConnectionInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpConnectionInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing additional information about existing TCP connections. This table augments the existing tcpConnectionTable by providing information for the process that created the connection on the listed address/port, not just the process currently associated with the connection. This aids identifying processes sharing connections on the same port." ::= { tcpProc 1 } tcpConnectionInfoEntry OBJECT-TYPE SYNTAX TcpConnectionInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row of the tcpConnectionInfoTable containing information about a particular current TCP connection. The addition of the tcpConnectionInfoCreatorPID and tcpConnectionInfoProcessCreateTime data provides an operator an explicit way to relate network connections with running processes." AUGMENTS { tcpConnectionEntry } ::= { tcpConnectionInfoTable 1 } TcpConnectionInfoEntry ::= SEQUENCE { tcpConnectionInfoCreatorPID Unsigned32, Persson, et al. Expires April 8, 2007 [Page 9] Internet-Draft TCP and UDP process MIBs October 2006 tcpConnectionInfoProcessCreateTime TimeTicks } tcpConnectionInfoCreatorPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process that created this connection, even if this process no longer exists or is no longer associated with this connection." ::= { tcpConnectionInfoEntry 1 } tcpConnectionInfoProcessCreateTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "This field provides the time the process created the connection on this port." ::= { tcpConnectionInfoEntry 2 } -- -- The proposed new TCP Connection Process table -- tcpConnectionProcTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpConnectionProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing additional information about existing TCP connections. This table delivers functionality beyond the existing tcpConnectionTable by providing an entry for each process that is associated with the connection for operating systems that support this functionality. An entry in the tcpConnectionTable implies the existance of one or more entries in this table for the connection, and vice-versa." ::= { tcpProc 2 } tcpConnectionProcEntry OBJECT-TYPE SYNTAX TcpConnectionProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Persson, et al. Expires April 8, 2007 [Page 10] Internet-Draft TCP and UDP process MIBs October 2006 "A conceptual row of the tcpConnectionProcTable containing information about a particular current TCP connection. Each row of this table is transient in that it ceases to exist when (or soon after) the parent connection that created the connection exits." INDEX { tcpConnectionProcLocalAddressType, tcpConnectionProcLocalAddress, tcpConnectionProcLocalPort, tcpConnectionProcRemAddressType, tcpConnectionProcRemAddress, tcpConnectionProcRemPort, tcpConnectionProcPID } ::= { tcpConnectionProcTable 1 } TcpConnectionProcEntry ::= SEQUENCE { tcpConnectionProcLocalAddressType InetAddressType, tcpConnectionProcLocalAddress InetAddress, tcpConnectionProcLocalPort InetPortNumber, tcpConnectionProcRemAddressType InetAddressType, tcpConnectionProcRemAddress InetAddress, tcpConnectionProcRemPort InetPortNumber, tcpConnectionProcPID Unsigned32 } tcpConnectionProcLocalAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address type of tcpConnectionProcLocalAddress." ::= { tcpConnectionProcEntry 1 } tcpConnectionProcLocalAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local IP address for this TCP connection. The type of this address is determined by the value of tcpConnectionProcLocalAddressType. As this object is used in the index for the tcpConnectionProcTable, implementors should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; otherwise the information cannot be accessed by using SNMPv1, SNMPv2c, or SNMPv3." ::= { tcpConnectionProcEntry 2 } tcpConnectionProcLocalPort OBJECT-TYPE Persson, et al. Expires April 8, 2007 [Page 11] Internet-Draft TCP and UDP process MIBs October 2006 SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this TCP connection." ::= { tcpConnectionProcEntry 3 } tcpConnectionProcRemAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address type of tcpConnectionProcRemAddress." ::= { tcpConnectionProcEntry 4 } tcpConnectionProcRemAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The remote IP address for this TCP connection. The type of this address is determined by the value of tcpConnectionInfoRemAddressType. As this object is used in the index for the tcpConnectionProcTable, implementors should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; otherwise the information cannot be accessed by using SNMPv1, SNMPv2c, or SNMPv3." ::= { tcpConnectionProcEntry 5 } tcpConnectionProcRemPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The remote port number for this TCP connection." ::= { tcpConnectionProcEntry 6 } tcpConnectionProcPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process sharing this connection. This process corresponds to a row in HOST-RESOURCES-MIB::hrSWRunIndex and Persson, et al. Expires April 8, 2007 [Page 12] Internet-Draft TCP and UDP process MIBs October 2006 SYSAPPL-MIB::sysApplElmRunIndex for operating systems that support this functionality and the corresponding MIBs." ::= { tcpConnectionProcEntry 8 } -- The TCP Listener Information table tcpListenerInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpListenerInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing additional information about existing TCP listeners. This table augments the existing tcpListenerTable by providing information for the process that created the listener on the listed address/port, not just the process currently associated with the listener. This aids identifying multiple processes listening on the same port." ::= { tcpProc 3 } tcpListenerInfoEntry OBJECT-TYPE SYNTAX TcpListenerInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row of the tcpListenerProcTable containing information about a particular TCP listener." AUGMENTS { tcpListenerEntry } ::= { tcpListenerInfoTable 1 } TcpListenerInfoEntry ::= SEQUENCE { tcpListenerInfoCreatorPID Unsigned32, tcpListenerInfoProcessCreateTime TimeTicks } tcpListenerInfoCreatorPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process that created this listener, even if this process no longer exists or is no longer associated with this connection." ::= { tcpListenerInfoEntry 1 } tcpListenerInfoProcessCreateTime OBJECT-TYPE Persson, et al. Expires April 8, 2007 [Page 13] Internet-Draft TCP and UDP process MIBs October 2006 SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "This field provides the time the process started listening on this port." ::= { tcpListenerInfoEntry 2 } -- The TCP Listener Process table tcpListenerProcTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpListenerProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing additional information about existing TCP listeners. This table delivers functionality beyond the existing tcpListenerTable by providing an entry for each process that is associated with the listener for operating systems that support this functionality. An entry in the tcpListenerTable implies the existance of one or more entries in this table for the listener, and vice-versa. A listening application can be represented in three possible ways: 1. An application that is willing to accept both IPv4 and IPv6 datagrams is represented by a tcpListenerProcLocalAddressType of unknown (0) and a tcpListenerProcLocalAddress of ''h (a zero-length octet-string). 2. An application that is willing to accept only IPv4 or IPv6 datagrams is represented by a tcpListenerProcLocalAddressType of the appropriate address type and a tcpListenerProcLocalAddress of '0.0.0.0' or '::' respectively. 3. An application that is listening for data destined only to a specific IP address, but from any remote system, is represented by a tcpListenerProcLocalAddressType of an appropriate address type, with tcpListenerProcLocalAddress as the specific local address. NOTE: The address type in this table represents the address type used for the communication, irrespective of the higher-layer abstraction. For example, an application using IPv6 'sockets' to communicate via Persson, et al. Expires April 8, 2007 [Page 14] Internet-Draft TCP and UDP process MIBs October 2006 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would use InetAddressType ipv4(1))." ::= { tcpProc 4 } tcpListenerProcEntry OBJECT-TYPE SYNTAX TcpListenerProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row of the tcpListenerProcTable containing information about a particular TCP listener." INDEX { tcpListenerProcLocalAddressType, tcpListenerProcLocalAddress, tcpListenerProcLocalPort, tcpListenerProcPID } ::= { tcpListenerProcTable 1 } TcpListenerProcEntry ::= SEQUENCE { tcpListenerProcLocalAddressType InetAddressType, tcpListenerProcLocalAddress InetAddress, tcpListenerProcLocalPort InetPortNumber, tcpListenerProcPID Unsigned32 } tcpListenerProcLocalAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address type of tcpListenerProcLocalAddress. The value should be unknown (0) if connection initiations to all local IP addresses are accepted." ::= { tcpListenerProcEntry 1 } tcpListenerProcLocalAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local IP address for this TCP connection. The value of this object can be represented in three possible ways, depending on the characteristics of the listening application: 1. For an application willing to accept both IPv4 and IPv6 datagrams, the value of this object must be ''h (a zero-length octet-string), with the value of the corresponding tcpListenerProcLocalAddressType Persson, et al. Expires April 8, 2007 [Page 15] Internet-Draft TCP and UDP process MIBs October 2006 object being unknown (0). 2. For an application willing to accept only IPv4 or IPv6 datagrams, the value of this object must be '0.0.0.0' or '::' respectively, with tcpListenerProcLocalAddressType representing the appropriate address type. 3. For an application which is listening for data destined only to a specific IP address, the value of this object is the specific local address, with tcpListenerProcLocalAddressType representing the appropriate address type. As this object is used in the index for the tcpListenerProcTable, implementors should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; otherwise the information cannot be accessed, using SNMPv1, SNMPv2c, or SNMPv3." ::= { tcpListenerProcEntry 2 } tcpListenerProcLocalPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this TCP connection." ::= { tcpListenerProcEntry 3 } tcpListenerProcPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process associated with this listener." ::= { tcpListenerProcEntry 4 } -- compliance statements tcpProcMIBConformance OBJECT IDENTIFIER ::= { tcpProcMIB 1 } tcpProcMIBCompliances OBJECT IDENTIFIER ::= { tcpProcMIBConformance 1 } tcpProcMIBGroup OBJECT IDENTIFIER ::= { tcpProcMIBConformance 2 } tcpProcMIBConnectionCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems that implement the Persson, et al. Expires April 8, 2007 [Page 16] Internet-Draft TCP and UDP process MIBs October 2006 TCP process MIB." MODULE -- this module MANDATORY-GROUPS { tcpProcInfoGroup } GROUP tcpProcProcessGroup DESCRIPTION "This group should be implemented for operating systems that support multiple processes sharing a single connection. It is left as optional to accommodate operating systems that do not provide sufficient information to express this data." ::= { tcpProcMIBCompliances 1 } tcpProcMIBListenerCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems that implement the TCP process MIB." MODULE -- this module MANDATORY-GROUPS { tcpProcListenerInfoGroup } GROUP tcpProcListenerProcessGroup DESCRIPTION "This group should be implemented for operating systems that support multiple processes sharing a single listener. It is left as optional to accommodate operating systems that do not provide sufficient information to express this data." ::= { tcpProcMIBCompliances 2 } -- units of conformance tcpProcInfoGroup OBJECT-GROUP OBJECTS { tcpConnectionInfoCreatorPID, tcpConnectionInfoProcessCreateTime } STATUS current DESCRIPTION "The tcpProcInfoGroup providing basic information about processes associated with a specific connection" ::= { tcpProcMIBGroups 1 } tcpProcProcessGroup OBJECT-GROUP OBJECTS { tcpConnectionProcPID } STATUS current DESCRIPTION "The tcpProcProcessGroup providing specific process information about processes associated with a specific connection." Persson, et al. Expires April 8, 2007 [Page 17] Internet-Draft TCP and UDP process MIBs October 2006 ::= { tcpProcMIBGroups 2 } tcpProcListenerInfoGroup OBJECT-GROUP OBJECTS { tcpListenerInfoCreatorPID, tcpListenerInfoProcessCreateTime } STATUS current DESCRIPTION "The tcpProcListenerInfoGroup providing basic information about processes associated with a specific listener." ::= { tcpProcMIBGroups 3 } tcpProcListenerProcessGroup OBJECT-GROUP OBJECTS { tcpListenerProcPID } STATUS current DESCRIPTION "The tcpProcListenerProcessGroup providing specific process information about processes associated with a specific listener." ::= { tcpProcMIBGroups 4 } END 4.2 UDP Process Information MIB UDP-PROC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, TimeTicks, Unsigned32,IpAddress, mib-2 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB udpEndpointEntry FROM UDP-MIB; udpProcMIB MODULE-IDENTITY LAST-UPDATED "200610010000Z" ORGANIZATION "IETF IPv6 Working Group" CONTACT-INFO "Alain Durand Comcast Cable 1500 Market st Philadelphia Persson, et al. Expires April 8, 2007 [Page 18] Internet-Draft TCP and UDP process MIBs October 2006 PA 19102 USA Email: alain_durand@cable.comcast.com Anders Persson SUN Microsystems inc. 17 Network Circle Menlo Park CA 94025 USA Email: anders.persson@sun.com Paul Schauer Comcast Cable 183 Inverness Dr West Englewood CO 80112 USA Email: paul_schauer@cable.comcast.com David Thaler Microsoft One Microsoft Way Redmond WA 98052 USA Email: dthaler@microsoft.com" DESCRIPTION "Test branch for proposed UDP listener information tables" REVISION "200610010000Z" DESCRIPTION "Initial version" ::= { mib-2 994 } udpProc OBJECT IDENTIFIER ::= { mib-2 996 } -- -- The proposed new UDP Endpoint Info table. -- udpEndpointInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF UdpEndpointInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing additional information about existing UDP endpoints. This table augments the existing udpEndpointTable by providing information for the process that created the Persson, et al. Expires April 8, 2007 [Page 19] Internet-Draft TCP and UDP process MIBs October 2006 endpoint on the listed address/port, not just the process currently associated with the endpoint. This aids identifying processes sharing connections on the same port." ::= { udpProc 1 } udpEndpointInfoEntry OBJECT-TYPE SYNTAX UdpEndpointInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The additional time field allows an operator to identify when a partcular UDP endpoint came into existance." AUGMENTS { udpEndpointEntry } ::= { udpEndpointInfoTable 1 } UdpEndpointInfoEntry ::= SEQUENCE { udpEndpointInfoCreatorPID Unsigned32, udpEndpointInfoProcessCreateTime TimeTicks } udpEndpointInfoCreatorPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process that created this endpoint, even if this process no longer exists or is no longer associated with this connection." ::= { udpEndpointInfoEntry 1 } udpEndpointInfoProcessCreateTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "This field provides the time the process created the endpoint on this port. " ::= { udpEndpointInfoEntry 2 } -- -- The proposed new UDP Endpoint process table. Persson, et al. Expires April 8, 2007 [Page 20] Internet-Draft TCP and UDP process MIBs October 2006 -- udpEndpointProcTable OBJECT-TYPE SYNTAX SEQUENCE OF UdpEndpointProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about this entity's UDP endpoints on which a local application is currently accepting or sending datagrams. This table delivers functionality beyond the existing udpEndpointTable by providing an entry for each process that creates a shared endpoint on the same port for operating systems that support this functionality. An entry in the udpEndpointTable implies the existance of one or more entries in this table for the connection, and vice-versa." ::= { udpProc 2 } udpEndpointProcEntry OBJECT-TYPE SYNTAX UdpEndpointProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular current UDP endpoint. Implementers need to be aware that if the total number of elements (octets or sub-identifiers) in udpEndpointProcLocalAddress and udpEndpointProcRemoteAddress exceeds 111, then OIDs of column instances in this table will have more than 128 sub-identifiers and cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." INDEX { udpEndpointProcLocalAddressType, udpEndpointProcLocalAddress, udpEndpointProcLocalPort, udpEndpointProcRemoteAddressType, udpEndpointProcRemoteAddress, udpEndpointProcRemotePort, udpEndpointProcInstance, udpEndpointProcPID } ::= { udpEndpointProcTable 1 } UdpEndpointProcEntry ::= SEQUENCE { udpEndpointProcLocalAddressType InetAddressType, udpEndpointProcLocalAddress InetAddress, udpEndpointProcLocalPort InetPortNumber, Persson, et al. Expires April 8, 2007 [Page 21] Internet-Draft TCP and UDP process MIBs October 2006 udpEndpointProcRemoteAddressType InetAddressType, udpEndpointProcRemoteAddress InetAddress, udpEndpointProcRemotePort InetPortNumber, udpEndpointProcInstance Unsigned32, udpEndpointProcPID Unsigned32 } udpEndpointProcLocalAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address type of udpEndpointProcLocalAddress. Only IPv4, IPv4z, IPv6, and IPv6z addresses are expected, or unknown(0) if datagrams for all local IP addresses are accepted." ::= { udpEndpointProcEntry 1 } udpEndpointProcLocalAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local IP address for this UDP endpoint. The value of this object can be represented in three possible ways, depending on the characteristics of the listening application: 1. For an application that is willing to accept both IPv4 and IPv6 datagrams, the value of this object must be ''h (a zero-length octet-string), with the value of the corresponding instance of the udpEndpointLocalAddressType object being unknown(0). 2. For an application that is willing to accept only IPv4 or only IPv6 datagrams, the value of this object must be '0.0.0.0' or '::', respectively, while the corresponding instance of the udpEndpointLocalAddressType object represents the appropriate address type. 3. For an application that is listening for data destined only to a specific IP address, the value of this object is the specific IP address for which this node is receiving packets, with the corresponding instance of the Persson, et al. Expires April 8, 2007 [Page 22] Internet-Draft TCP and UDP process MIBs October 2006 udpEndpointLocalAddressType object representing the appropriate address type. As this object is used in the index for the udpEndpointProcTable, implementors of this table should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; else the information cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." ::= { udpEndpointProcEntry 2 } udpEndpointProcLocalPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this UDP endpoint." ::= { udpEndpointProcEntry 3 } udpEndpointProcRemoteAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address type of udpEndpointProcRemoteAddress. Only IPv4, IPv4z, IPv6, and IPv6z addresses are expected, or unknown(0) if datagrams for all remote IP addresses are accepted. Also, note that some combinations of udpEndpointProcLocalAddressType and udpEndpointProcRemoteAddressType are not supported. In particular, if the value of this object is not unknown(0), it is expected to always refer to the same IP version as udpEndpointProcLocalAddressType." ::= { udpEndpointProcEntry 4 } udpEndpointProcRemoteAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The remote IP address for this UDP endpoint. If datagrams from any remote system are to be accepted, this value is ''h (a zero-length octet-string). Otherwise, it has the type described by udpEndpointProcRemoteAddressType and is the address of the remote system from which datagrams are to be accepted Persson, et al. Expires April 8, 2007 [Page 23] Internet-Draft TCP and UDP process MIBs October 2006 (or to which all datagrams will be sent). As this object is used in the index for the udpEndpointProcTable, implementors of this table should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; else the information cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." ::= { udpEndpointProcEntry 5 } udpEndpointProcRemotePort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The remote port number for this UDP endpoint. If datagrams from any remote system are to be accepted, this value is zero." ::= { udpEndpointProcEntry 6 } udpEndpointProcInstance OBJECT-TYPE SYNTAX Unsigned32 (1..'ffffffff'h) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The instance of this tuple. This object is used to distinguish among multiple processes 'connected' to the same UDP endpoint. For example, on a system implementing the BSD sockets interface, this would be used to support the SO_REUSEADDR and SO_REUSEPORT socket options." ::= { udpEndpointProcEntry 7 } udpEndpointProcPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The system's process ID for the process associated with this endpoint. This value corresponds to a row in HOST-RESOURCES-MIB::hrSWRunIndex and SYSAPPL-MIB:: sysApplElmtRunIndex for operating systems that support this functionality and the corresponding MIBs." ::= { udpEndpointProcEntry 8 } Persson, et al. Expires April 8, 2007 [Page 24] Internet-Draft TCP and UDP process MIBs October 2006 -- compliance statements udpProcMIBConformance OBJECT IDENTIFIER ::= { udpProcMIB 1 } udpProcMIBCompliances OBJECT IDENTIFIER ::= { udpProcMIBConformance 1 } udpProcMIBGroup OBJECT IDENTIFIER ::= { udpProcMIBConformance 2 } udpProcMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems that implement the UDP Process MIB." MODULE -- this module MANDATORY-GROUPS { udpEndpointInfoGroup } GROUP udpEndpointProcessGroup DESCRIPTION "This group should be implemented for operating systems that support multiple listening processes sharing a single address/port. It is left as optional to accommodate operating systems that do not provide sufficient information to express this data." ::= { udpProcMIBCompliances 1 } -- units of conformance udpEndpointInfoGroup OBJECT-GROUP OBJECTS { udpEndpointInfoCreatorPID, udpEndpointInfoProcessCreateTime } STATUS current DESCRIPTION "" ::= { udpProcMIBGroups 1 } udpEndpointProcessGroup OBJECT-GROUP OBJECTS { udpEndpointProcPID } STATUS current DESCRIPTION "" ::= { udpProcMIBGroups 2 } END Persson, et al. Expires April 8, 2007 [Page 25] Internet-Draft TCP and UDP process MIBs October 2006 5 Security Considerations The security considerations discussed in RFC 4113 and RFC 4022 apply here. Persson, et al. Expires April 8, 2007 [Page 26] Internet-Draft TCP and UDP process MIBs October 2006 Authors' Addresses Anders Persson SUN Microsystems Inc. 17 Network Circle Menlo Park, CA 94025 USA Email: anders.persson@sun.com Paul Schauer Comcast 183 Inverness Dr West Englewood, CO 80112 USA Email: Paul_Schauer@cable.comcast.com Alain Durand Comcast 1500 Market St Philadelphia, PA 19102 USA Email: Alain_Durand@cable.comcast.com Dave Thaler Microsoft One Microsoft Way Redmond, WA 98052 USA Email: dthaler@microsoft.com Persson, et al. Expires April 8, 2007 [Page 27] Internet-Draft TCP and UDP process MIBs October 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Persson, et al. Expires April 8, 2007 [Page 28]