RFC 1592
Simple Network Management Protocol Distributed Protocol Interface Version 2.0
3.3 CONSTANTS AND VALUES This section describes the constants that have been defined for this version of the SNMP DPI Protocol. 3.3.1 PROTOCOL VERSION AND RELEASE VALUES +-----------------------------------------------------------------+ | Table 15. Protocol version and release values | +--------------------------------+--------------------------------+ | FIELD | VALUE | +--------------------------------+--------------------------------+ | protocol major version | 2 (SNMP DPI protocol) | +--------------------------------+--------------------------------+ | protocol minor version | 2 (version 2) | +--------------------------------+--------------------------------+ | protocol release | 0 (release 0) | +--------------------------------+--------------------------------+ Previous versions of this protocol exist and should preferably be supported by an agent: o version 1, release 0, described in [7] Previous internal versions of this protocol exist and may or may not be supported by an agent: o version 1, release 1, experimental within IBM. o version 1, release 2, experimental within BNR.
3.3.2 PACKET TYPE VALUES +-----------------------------------------------------------------+ | Table 16. Valid values for the packet type field | +-------+---------------------------------------------------------+ | VALUE | PACKET TYPE | +-------+---------------------------------------------------------+ | 1 | SNMP_DPI_GET | +-------+---------------------------------------------------------+ | 2 | SNMP_DPI_GETNEXT | +-------+---------------------------------------------------------+ | 3 | SNMP_DPI_SET | +-------+---------------------------------------------------------+ | 4 | SNMP_DPI_TRAP | +-------+---------------------------------------------------------+ | 5 | SNMP_DPI_RESPONSE | +-------+---------------------------------------------------------+ | 6 | SNMP_DPI_REGISTER | +-------+---------------------------------------------------------+ | 7 | SNMP_DPI_UNREGISTER | +-------+---------------------------------------------------------+ | 8 | SNMP_DPI_OPEN | +-------+---------------------------------------------------------+ | 9 | SNMP_DPI_CLOSE | +-------+---------------------------------------------------------+ | 10 | SNMP_DPI_COMMIT | +-------+---------------------------------------------------------+ | 11 | SNMP_DPI_UNDO | +-------+---------------------------------------------------------+ | 12 | SNMP_DPI_GETBULK | +-------+---------------------------------------------------------+ | 13 | SNMP_DPI_TRAPV2 (not yet used) | +-------+---------------------------------------------------------+ | 14 | SNMP_DPI_INFORM (not yet used) | +-------+---------------------------------------------------------+ | 15 | SNMP_DPI_ARE_YOU_THERE | +-------+---------------------------------------------------------+
3.3.3 VARIABLE TYPE VALUES +-----------------------------------------------------------------+ | Table 17. Valid values for the Value Type field | +-------+---------------------------------------------------------+ | VALUE | VALUE TYPE | +-------+---------------------------------------------------------+ | 129 | SNMP_TYPE_Integer32 | +-------+---------------------------------------------------------+ | 2 | SNMP_TYPE_OCTET_STRING | +-------+---------------------------------------------------------+ | 3 | SNMP_TYPE_OBJECT_IDENTIFIER | +-------+---------------------------------------------------------+ | 4 | SNMP_TYPE_NULL (empty, no value) | +-------+---------------------------------------------------------+ | 5 | SNMP_TYPE_IpAddress | +-------+---------------------------------------------------------+ | 134 | SNMP_TYPE_Counter32 | +-------+---------------------------------------------------------+ | 135 | SNMP_TYPE_Gauge32 | +-------+---------------------------------------------------------+ | 136 | SNMP_TYPE_TimeTicks (1/100ths seconds) | +-------+---------------------------------------------------------+ | 9 | SNMP_TYPE_DisplayString | +-------+---------------------------------------------------------+ | 10 | SNMP_TYPE_BIT_STRING | +-------+---------------------------------------------------------+ | 11 | SNMP_TYPE_NsapAddress | +-------+---------------------------------------------------------+ | 140 | SNMP_TYPE_UInteger32 | +-------+---------------------------------------------------------+ | 13 | SNMP_TYPE_Counter64 | +-------+---------------------------------------------------------+ | 14 | SNMP_TYPE_Opaque | +-------+---------------------------------------------------------+ | 15 | SNMP_TYPE_noSuchObject | +-------+---------------------------------------------------------+ | 16 | SNMP_TYPE_noSuchInstance | +-------+---------------------------------------------------------+ | 17 | SNMP_TYPE_endOfMibView | +-------+---------------------------------------------------------+ Notes: 1. A 32-bit integer value has its base base type ORed with 128. 2. DisplayString is a textual convention. An SNMP PDU shows a type of OCTET_STRING for the value. An agent can handle such an object as DisplayString if the object is included in some
form of a compiled MIB for the agent. If not, the agent passes
the value as an OCTET_STRING.
3.3.4 VALUE REPRESENTATION
Values in the DPI packets are represented as follows:
o 32-bit integers are 4-byte elements in network byte order, MSB
(most significant byte) first, LSB (least significant byte)
last. Example: '00000001'h represents 1.
o 64-bit integers are 8-byte elements in network byte order, MSB
first, LSB last.
Example: '0000000100000001'h represents 4,294,967,297.
o Object Identifiers are NULL terminated strings in the selected
character set, representing the OID in ASN.1 dotted notation.
The length includes the terminating NULL.
Example ASCII: '312e332e362e312e322e312e312e312e3000'h
represents "1.3.6.1.2.1.1.1.0" which is sysDescr.0.
Example EBCDIC: 'f14bf34bf64bf14bf24bf14bf14bf14bf000'h
represents "1.3.6.1.2.1.1.1.0" which is sysDescr.0.
o DisplayStrings are in the selected character set. The length
specifies the length of the string.
Example ASCII: '6162630d0a'h represents "abc\r\n", no NULL.
Example EBCDIC: '8182830d25'h represents "abc\r\n", no NULL.
o IpAddress, NsapAddress and Opaque are implicit OCTET_STRING, so
they are octets (e.g. IpAddress in network byte order).
o NULL has a zero length for the value, no value data.
o noSuchObject, noSuchInstance and endOfMibView are implicit NULL
and represented as such.
o BIT_STRING is an OCTET_STRING of the form uubbbb...bb, where
the first octet (uu) is 0x00-0x07 and indicates the number of
unused bits in the last octet (bb). The bb octets represent the
bit string itself, where bit zero (0) comes first and so on.
3.3.5 CHARACTER SET SELECTION
In the DPI OPEN packet, the sub-agent can specify the character set
to be used for the representation of:
o group and instance ID in the DPI REGISTER, UNREGISTER, GET,
GETNEXT, GETBULK, SET, UNDO, COMMIT, RESPONSE and TRAP packets.
o sub-agent ID and sub-agent Description in DPI OPEN packet.
o Object Identifiers in the value field for a value of type
SNMP_TYPE_OBJECT_IDENTIFIER.
o DisplayString in the value field for a value of type
SNMP_TYPE_DPI_DisplayString.
The choice is the native character set or the ASCII character set.
The native set is the set native to the platform where the agent runs. If the native set is ASCII, then character set selection is a moot point. On non-ASCII based platforms, the agent must convert between native and ASCII if the native character set is chosen. 3.3.6 ERROR CODE VALUES FOR SNMP DPI RESPONSE PACKETS When the RESPONSE packet is a response to a GET, GETNEXT, GETBULK, SET, COMMIT, or UNDO, then the error code can have one of the following values:
+-----------------------------------------------------------------+
| Table 18. Valid SNMP_ERROR values for RESPONSE error code |
+-------+---------------------------------------------------------+
| VALUE | ERROR CODE |
+-------+---------------------------------------------------------+
| 0 | SNMP_ERROR_noError |
+-------+---------------------------------------------------------+
| 1 | SNMP_ERROR_tooBig |
+-------+---------------------------------------------------------+
| 2 | SNMP_ERROR_noSuchName (SNMPv1, do not use) |
+-------+---------------------------------------------------------+
| 3 | SNMP_ERROR_badValue (SNMPv1, do not use) |
+-------+---------------------------------------------------------+
| 4 | SNMP_ERROR_readOnly (SNMPv1 do not use) |
+-------+---------------------------------------------------------+
| 5 | SNMP_ERROR_genErr |
+-------+---------------------------------------------------------+
| 6 | SNMP_ERROR_noAccess |
+-------+---------------------------------------------------------+
| 7 | SNMP_ERROR_wrongType |
+-------+---------------------------------------------------------+
| 8 | SNMP_ERROR_wrongLength |
+-------+---------------------------------------------------------+
| 9 | SNMP_ERROR_wrongEncoding |
+-------+---------------------------------------------------------+
| 10 | SNMP_ERROR_wrongValue |
+-------+---------------------------------------------------------+
| 11 | SNMP_ERROR_noCreation |
+-------+---------------------------------------------------------+
| 12 | SNMP_ERROR_inconsistentValue |
+-------+---------------------------------------------------------+
| 13 | SNMP_ERROR_resourceUnavailable |
+-------+---------------------------------------------------------+
| 14 | SNMP_ERROR_commitFailed |
+-------+---------------------------------------------------------+
| 15 | SNMP_ERROR_undoFailed |
+-------+---------------------------------------------------------+
| 16 | SNMP_ERROR_authorizationError |
+-------+---------------------------------------------------------+
| 17 | SNMP_ERROR_notWritable |
+-------+---------------------------------------------------------+
| 18 | SNMP_ERROR_inconsistentName |
+-------+---------------------------------------------------------+
When the RESPONSE packet is a response to an OPEN, REGISTER or
UNREGISTER, then the error code can have one of the following values:
+-----------------------------------------------------------------+
| Table 19. Valid SNMP_ERROR_DPI values for RESPONSE error code |
+-------+---------------------------------------------------------+
| VALUE | ERROR CODE |
+-------+---------------------------------------------------------+
| 0 | SNMP_ERROR_DPI_noError |
+-------+---------------------------------------------------------+
| 101 | SNMP_ERROR_DPI_otherError |
+-------+---------------------------------------------------------+
| 102 | SNMP_ERROR_DPI_notFound |
+-------+---------------------------------------------------------+
| 103 | SNMP_ERROR_DPI_alreadyRegistered |
+-------+---------------------------------------------------------+
| 104 | SNMP_ERROR_DPI_higherPriorityRegistered |
+-------+---------------------------------------------------------+
| 105 | SNMP_ERROR_DPI_mustOpenFirst |
+-------+---------------------------------------------------------+
| 106 | SNMP_ERROR_DPI_notAuthorized |
+-------+---------------------------------------------------------+
| 107 | SNMP_ERROR_DPI_viewSelectionNotSupported |
+-------+---------------------------------------------------------+
| 108 | SNMP_ERROR_DPI_getBulkSelectionNotSupported |
+-------+---------------------------------------------------------+
| 109 | SNMP_ERROR_DPI_duplicateSubAgentIdentifier |
+-------+---------------------------------------------------------+
| 110 | SNMP_ERROR_DPI_invalidDisplayString |
+-------+---------------------------------------------------------+
| 111 | SNMP_ERROR_DPI_characterSetSelectionNotSupported |
+-------+---------------------------------------------------------+
3.3.7 UNREGISTER REASON CODES The following are valid reason codes in an UNREGISTER packet. +-----------------------------------------------------------------+ | Table 20. Valid UNREGISTER reason codes | +-------+---------------------------------------------------------+ | VALUE | REASON CODE | +-------+---------------------------------------------------------+ | 1 | SNMP_UNREGISTER_otherReason | +-------+---------------------------------------------------------+ | 2 | SNMP_UNREGISTER_goingDown | +-------+---------------------------------------------------------+ | 3 | SNMP_UNREGISTER_justUnregister | +-------+---------------------------------------------------------+ | 4 | SNMP_UNREGISTER_newRegistration | +-------+---------------------------------------------------------+ | 5 | SNMP_UNREGISTER_higherPriorityRegistered | +-------+---------------------------------------------------------+ | 6 | SNMP_UNREGISTER_byManager | +-------+---------------------------------------------------------+ | 7 | SNMP_UNREGISTER_timeout | +-------+---------------------------------------------------------+
3.3.8 CLOSE REASON CODES The following are valid reason codes in a CLOSE packet. +-----------------------------------------------------------------+ | Table 21. Valid CLOSE reason codes | +-------+---------------------------------------------------------+ | VALUE | REASON CODE | +-------+---------------------------------------------------------+ | 1 | SNMP_CLOSE_otherReason | +-------+---------------------------------------------------------+ | 2 | SNMP_CLOSE_goingDown | +-------+---------------------------------------------------------+ | 3 | SNMP_CLOSE_unsupportedVersion | +-------+---------------------------------------------------------+ | 4 | SNMP_CLOSE_protocolError | +-------+---------------------------------------------------------+ | 5 | SNMP_CLOSE_authenticationFailure | +-------+---------------------------------------------------------+ | 6 | SNMP_CLOSE_byManager | +-------+---------------------------------------------------------+ | 7 | SNMP_CLOSE_timeout | +-------+---------------------------------------------------------+ | 8 | SNMP_CLOSE_openError | +-------+---------------------------------------------------------+ 4. DPI 2.0 MIB DEFINITION DPI20-MIB DEFINITIONS ::= BEGIN -- Objects in this MIB are implemented in the local SNMP agent. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, snmpModules, enterprises FROM SNMPv2-SMI ibm OBJECT IDENTIFIER ::= { enterprises 2 } ibmDPI OBJECT IDENTIFIER ::= { ibm 2 } dpi20MIB OBJECT IDENTIFIER ::= { ibmDPI 1 } -- dpi20MIB MODULE-IDENTITY -- LAST-UPDATED "9401210000Z" -- ORGANIZATION "IBM Research - T.J. Watson Research Center" -- CONTACT-INFO " Bert Wijnen -- Postal: IBM International Operations -- Watsonweg 2 -- 1423 ND Uithoorn -- The Netherlands
-- Tel: +31 2975 53316
-- Fax: +31 2975 62468
-- E-mail: wijnen@vnet.ibm.com"
-- DESCRIPTION "MIB module describing DPI objects."
-- ::= { snmpModules x }
dpiPort OBJECT IDENTIFIER ::= { dpi20MIB 1 }
dpiPortForTCP OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION "The TCP port number on which the agent
listens for DPI connections. A zero value
means the agent has no DPI TCP port."
::= { dpiPort 1 }
dpiPortForUDP OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION "The UDP port number on which the agent
listens for DPI packets. A zero value
means the agent has no DPI UDP port."
::= { dpiPort 2 }
END
5. SUBAGENT CONSIDERATIONS
When implementing a sub-agent, it is strongly recommended to use the
DPI version 2 approach (SNMPv2 based). This means:
o Use SNMPv2 error codes only (even though we have definitions
for the old SNMPv1 error codes).
o Do implement SET, COMMIT, UNDO processing properly.
o For GET requests, use the SNMPv2 approach and pass back
noSuchInstance or noSuchObject value if such is the case.
Continue to process all remaining varBinds in this case.
o For GETNEXT, use the SNMPv2 approach and pass back endOfMibView
value if such is the case. Continue to process all remaining
varBinds in this case.
o When you are processing a request from the agent (GET, GETNEXT,
GETBULK, SET, COMMIT, UNDO) you are supposed to respond within
the timeout period (which you can specify in the OPEN and
REGISTER packets). If you fail to respond within that timeout
period, the agent will most probably close your DPI connection
and then discard your RESPONSE packet if it comes in later. If
you can detect that the response is not going to make it in
time, then you might decide to abort the request and return an
SNMP_ERROR_genErr in the RESPONSE.
o If you have a UDP "connected" sub-agent, or one that uses
another unreliable protocol, you may want to issue an SNMP DPI
ARE_YOU_THERE request once in a while to ensure that the agent
is still alive and still knows about you.
o When you are running on an EBCDIC based machine, and you use
the (default) native character set, then all OID strings (as
used for things like group ID, instance ID, Enterprise ID,
sub-agent ID) and also all variable values of type
OBJECT_IDENTIFIER or DisplayString will be passed to you in
EBCDIC format. When you return a response, you should then
also use EBCDIC FORMAT.
o When you are running on an EBCDIC based machine, and you use
the ASCII character set (specified in DPI OPEN), then all OID
strings (as used for things like group ID, instance ID,
Enterprise ID, sub-agent ID) and also all variable values of
type OBJECT_IDENTIFIER or DisplayString will be passed to you
in ASCII format. When you return a response, you should then
also use ASCII FORMAT.
o When you are running on an ASCII machine, then the character
set selection for you basically is moot. Except maybe when you
connect to an EBCDIC based agent, in which case you may want to
specify in the DPI OPEN packet that you want to use ASCII
character set. After that, all this is transparent to you and
the burden of conversion is on the EBCDIC based agent.
o Please realize that DisplayString is only a textual convention.
In the SNMP PDU (SNMP packet), the type is just an
OCTET_STRING, and from that it is not clear if this is a
DisplayString or any arbitrary data. This means that the agent
can only know about an object being a DisplayString if the
object is included in some sort of a compiled MIB. If it is,
then the agent will use SNMP_TYPE_DisplayString in the type
field of the varBind in a DPI SET packet. When you send a
DisplayString in a RESPONSE packet, the agent will handle it as
such (e.g. translate EBCDIC to ASCII if needed).
5.1 DPI API
The primary goal of this document is to specify the SNMP DPI, a
protocol by which sub-agents can exchange SNMP related information
with an agent. On top of this protocol, one can imagine one or
possibly many Application Programming Interfaces, but those are not
addressed in this document.
However, in order to provide an environment that is more or less platform independent, we strongly suggest to also define a DPI API. We have a sample DPI API available, see 9, "Sample Sources for Anonymous FTP" for a place to obtain that sample DPI API. 5.2 OVERVIEW OF REQUEST PROCESSING 5.2.1 GET PROCESSING A GET request is the easiest to process. The DPI GET packet holds one or more varBinds that the sub-agent has taken responsibility for. If the sub-agent encounters an error while processing the request, it creates a DPI RESPONSE packet with an appropriate error indication in the error_code field and sets the error_index to the position of the varBind at which the error occurs (first varBind is index 1, second varBind is index 2, and so on). No name/type/length/value information needs to be provided in the packet, because by definition, the varBind information is the same as in the request to which this is a response, and the agent still has that information. If there are no errors, then the sub-agent creates a DPI RESPONSE packet in which the error_code is set to SNMP_ERROR_noError (zero) and error_index is set to zero. The packet must also include the name/type/length/value of each varBind requested. When you get a request for a non-existing object or a non-existing instance of an object, then you must return a NULL value with a type of SNMP_TYPE_noSuchObject or SNMP_TYPE_noSuchInstance respectively. These two values are not considered errors, so the error_code and error_index should be zero. The DPI RESPONSE packet is then sent back to the agent. 5.2.2 SET PROCESSING Processing a DPI SET request is more difficult than a DPI GET request. In the case of a DPI SET packet, additional information is available in the packet, namely the value type, value length and value to be set. If the sub-agent encounters an error while processing the request, it creates a DPI RESPONSE packet with an appropriate error indication in the error_code field and an error_index listing the position of the varBind at which the error occurs (first varBind is index 1, second varBind is index 2, and so on). No name/type/length/value information needs to provided in the packet, because by definition, the varBind information is the same as in the request to which this
is a response, and the agent still has that information. If there are no errors, then the sub-agent creates a DPI RESPONSE packet in which the error_code is set to SNMP_ERROR_noError (zero) and error_index is set to zero. No name/type/length/value information is needed; by definition the RESPONSE to a SET should contain exactly the same varBind data as the data present in the request, so the agent can use the values it already has. (This suggests that the agent must keep state information, and that is indeed the case. It needs to do that anyway in order to be able to later pass the data with a DPI COMMIT or DPI UNDO packet). The sub- agent must have allocated the required resources and prepared itself for the SET. It does not yet effectuate the set, that will be done at COMMIT time. The sub-agent sends a DPI RESPONSE packet (indicating success or failure for the preparation phase) back to the agent. The agent will then issue a SET request for all other varBinds in the same original SNMP request it received. This may be to the same or to one or more different sub-agents. Once all SET requests have returned a "no error" condition, the agent starts sending DPI COMMIT packets to the sub-agent(s). If any SET request returns an error, then the agent sends DPI UNDO packets to those sub-agents that indicated successful processing of the SET preparation phase. When the sub-agent receives the DPI COMMIT packet, again all the varBind information will be available in the packet. The sub-agent can now effectuate the SET request. If the sub-agent encounters an error while processing the COMMIT request, it creates a DPI RESPONSE packet with value SNMP_ERROR_commitFailed in the error_code field and an error_index that lists at which varBind the error occurs (first varBind is index 1 and so on). No name/type/length/value information is needed. The fact that a commitFailed error exists does not mean that this error should be returned easily. A sub-agent should do all that is possible to make a COMMIT succeed. If there are no errors, and the SET/COMMIT has been effectuated with success, then the sub-agent creates a DPI RESPONSE packet in which the error_code is set to SNMP_ERROR_noError (zero) and error_index is set to zero. No name/type/length/value information is needed. So far we have discussed a SET, COMMIT sequence. That happens if all goes well. However, after a successful SET, the sub-agent may receive a DPI UNDO packet. The sub-agent must now undo any preparations it made during the SET processing (like free allocated
memory and such). Even after a COMMIT, a sub-agent may still receive a DPI UNDO packet. This is the case if some other sub-agent could not complete a COMMIT request. Because of the SNMP-requirement that all varBinds in a single SNMP SET request must be changed "as if simultaneous", all committed changes must be undone if any of the COMMIT requests fail. In this case the sub-agent must try and undo the committed SET operation. If the sub-agent encounters an error while processing the UNDO request, it creates a DPI RESPONSE packet with value SNMP_ERROR_undoFailed in the error_code field and an error_index that lists at which varBind the error occurs (first varBind is index 1 and so on). No name/type/length/value information is needed. The fact that an undoFailed error exists does not mean that this error should be returned easily. A sub-agent should do all that is possible to make an UNDO succeed. If there are no errors, and the UNDO has been effectuated with success, then the sub-agent creates a DPI RESPONSE packet in which the error_code is set to SNMP_ERROR_noError (zero) and error_index is set to zero. No name/type/length/value information is needed. 5.2.3 GETNEXT PROCESSING GETNEXT requests are a bit more complicated to process than a GET. The DPI GETNEXT packet contains the object(s) on which the GETNEXT operation must be performed. The semantics of the operation are that the sub-agent is to return the name/type/length/value of the next variable it supports whose (ASN.1) name lexicographically follows the one passed in the group ID (sub-tree) and instance ID. In this case, the instance ID may not be present (NULL) implying that the NEXT object must be the first instance of the first object in the sub-tree that was registered. It is important to realize that a given sub-agent may support several discontiguous sections of the MIB tree. In such a situation it would be incorrect to jump from one section to another. This problem is correctly handled by examining the group ID in the DPI packet. This group ID represents the "reason" why the sub-agent is being called. It holds the prefix of the tree that the sub-agent had indicated it supported (registered). If the next variable supported by the sub-agent does not begin with that prefix, the sub-agent must return the same object instance as in the request (e.g. group ID and instance ID) with a value of SNMP_TYPE_endOfMibView (implied NULL value). This endOfMibView is not considered an error, so the error_code and error_index should be
zero. If required, the SNMP agent will call upon the sub-agent
again, but pass it a different group ID (prefix). This is
illustrated in the discussion below.
Assume there are two sub-agents. The first sub-agent registers two
distinct sections of the tree, A and C. In reality, the sub-agent
supports variables A.1 and A.2, but it correctly registers the
minimal prefix required to uniquely identify the variable class it
supports.
The second sub-agent registers a different section, B, which appears
between the two sections registered by the first agent.
If a management station begins dumping the MIB, starting from A, the
following sequence of queries of the form get-next(group ID, instance
ID) would be performed:
Sub-agent 1 gets called:
get-next(A,none) = A.1
get-next(A,1) = A.2
get-next(A,2) = endOfMibView
Sub-agent 2 is then called:
get-next(B,none) = B.1
get-next(B,1) = endOfMibView
Sub-agent 1 gets called again:
get-next(C,none) = C.1
5.2.4 GETBULK PROCESSING
You can ask the agent to translate GETBULK requests into multiple
GETNEXT requests. This is basically the default and it is specified
in the DPI REGISTER packet. In principle, we expect the majority of
DPI sub-agents to run on the same machine as the agent (or otherwise,
on the same physical network), so repetitive GETNEXT requests stay
local and in general should not be a problem.
If experience tells us different, the sub-agent can tell the agent to
pass on a DPI GETBULK packet.
When a GETBULK request is received, the sub-agent must process the
request and send a RESPONSE that sends back as many varBinds as
requested by the request, as long as they fit with in the buffers.
The GETBULK requires similar processing as a GETNEXT with regard to
endOfMibView handling.
5.2.5 OPEN REQUEST As the very first step, a DPI sub-agent must open a "connection" with the agent. To do so, it must send a DPI OPEN packet in which these things must be specified: o The max timeout value in seconds. The agent is requested to wait this long for a response to any request for an object being handled by this sub-agent. The agent may have an absolute maximum timeout value which will be used if the sub-agent asks for too big a timeout value. A value of zero can be used to indicate that the agent's own default timeout value should be used. A sub-agent is advised to use a reasonably short interval of a few seconds or so. If a specific sub-tree needs a (much) longer time, then a specific REGISTER can be done for that sub-tree with a longer timeout value. o The maximum number of varBinds that the sub-agent is prepared to handle per DPI packet. Specifying 1 would result in DPI version 1 behavior of one varBind per DPI packet that the agent sends to the sub-agent. o The character set you want to use. By default (value 0) this is the native character set of the machine (platform) where the agent runs. Since the sub-agent and agent normally run on the same system or platform, you want to use the native character set (which on many platforms is ASCII anyway). If your platform is EBCDIC based, then using the native character set of EBCDIC makes it easy to recognize the string representations of the fields like group ID, instance ID, etc. At the same time, the agent will translate the value from ASCII NVT to EBCDIC (and vice versa) for objects that it knows (from a compiled MIB) to have a textual convention of DisplayString. Be aware that this fact cannot be determined from the SNMP PDU encoding because in the PDU the object is only known to be an OCTET_STRING. If your sub-agent runs on an ASCII based platform and the agent runs on an EBCDIC based platform (or the other way around), then you can specify that you want to use the ASCII character set, and so you both know how to handle the string-based data. Beware that not all agents need to support other than native character set selection. See 5, "Subagent Considerations" and 3.3.5, "Character set selection" for more information on character set usage. o The sub-agent ID. This an ASN.1 Object Identifier that uniquely identifies the sub-agent. This OID is represented as a null terminated string using the selected character set.
Example: "1.3.5.1.2.3.4.5".
o The sub-agent Description. This is a DisplayString describing
the sub-agent. This is a character string using the selected
character set. Example: "DPI sample sub-agent version 2.0"
Once a sub-agent has sent a DPI OPEN packet to an agent, it should
expect a DPI RESPONSE packet that informs the sub-agent about the
result of the request. The packet ID of the RESPONSE packet should
be the same as that of the OPEN request to which the RESPONSE packet
is the response. See Table 19 for a list of valid DPI RESPONSE error
codes that may be expected. If you receive an error RESPONSE on the
OPEN packet, then you will also receive a DPI CLOSE packet with an
SNMP_CLOSE_openError code, and then the agent closes the
"connection".
If the OPEN is accepted, then the next step is to REGISTER one or
more MIB sub-trees.
5.2.6 CLOSE REQUEST
When a sub-agent is finished and wants to terminate it should first
UNREGISTER its sub-trees and then close the "connection" with the
agent. To do so, it must send a DPI CLOSE packet in which it
specifies a reason for the closing. See Table 21 for a list of valid
CLOSE reason codes. You should not expect a response to the CLOSE
request.
A sub-agent should also be prepared to handle an incoming DPI CLOSE
packet from the agent. Again, the packet will contain a reason code
for the CLOSE request. A sub-agent need not send a response to a
CLOSE request. The agent just assumes that the sub-agent will handle
it appropriately. The close takes place, no matter what the sub-
agent does with it.
5.2.7 REGISTER REQUEST
Before a sub-agent will receive any requests for MIB variables it
must first register the variables or sub-tree it supports with the
SNMP agent. The sub-agent must specify a number of things in the
REGISTER request:
o The sub-tree to be registered. This is a null terminated
string in the selected character set. The sub-tree must have a
trailing dot (example: "1.3.6.1.2.3.4.5.").
o The requested priority for the registration, one of:
-1 Request for best available priority.
0 Request for next better available priority than highest
priority currently registered for this sub-tree.
NNN Any other positive value requests that specific priority if
available or the first worse priority that is available.
o The max timeout value in seconds. The agent is requested to
wait this long for a response to any request for an object in
this sub-tree. The agent may have an absolute maximum timeout
value which will be used if the sub-agents asks for too big a
timeout value. A value of zero can be used to indicate that
the DPI OPEN value should be used for timeout.
o A specification if the sub-agent wants to do view selection.
If it does, then the community name (from SNMPv1 packets) will
be passed in the DPI GET, GETNEXT, SET packets).
o A specification if the sub-agent wants to receive GETBULK
packets or if it just prefers that the agent converts a GETBULK
into multiple GETNEXT requests.
Once a sub-agent has sent a DPI REGISTER packet to the agent, it
should expect a DPI RESPONSE packet that informs the sub-agent about
the result of the request. The packet ID of the RESPONSE packet
should be the same as that of the REGISTER packet to which the
RESPONSE packet is the response. If the response indicates success,
then the error_index field in the RESPONSE packet contains the
priority that the agent assigned to the sub-tree registration. See
Table 19 for a list of valid DPI RESPONSE error codes that may be
expected.
5.2.8 UNREGISTER REQUEST
A sub-agent may unregister a previously registered sub-tree. The
sub-agent must specify a few things in the UNREGISTER request:
o The sub-tree to be unregistered. This is a null terminated
string in the selected character set. The sub-tree must have a
trailing dot (example: "1.3.6.1.2.3.4.5.").
o The reason for the unregister. See Table 20 for a
list of valid reason codes.
Once a sub-agent has sent a DPI UNREGISTER packet to the agent, it
should expect a DPI RESPONSE packet that informs the sub-agent about
the result of the request. The packet ID of the RESPONSE packet
should be the same as that of the REGISTER packet to which the
RESPONSE packet is the response. See Table 19 for a list of valid
DPI RESPONSE error codes that may be expected.
A sub-agent should also be prepared to handle incoming DPI UNREGISTER
packets from the agent. Again, the DPI packet will contain a reason
code for the UNREGISTER. A sub-agent need not send a response to an
UNREGISTER request. The agent just assumes that the sub-agent will
handle it appropriately. The registration is removed, no matter what
the sub-agent returns. 5.2.9 TRAP REQUEST A sub-agent can request that the SNMP agent generates a trap for it. The sub-agent must provide the desired values for the generic and specific parameters of the trap. It may optionally provide a set of one or more name/type/length/value tuples that will be included in the trap packet. Also, it may optionally specify an Enterprise ID (Object Identifier) for the trap to be generated. If a NULL value is specified for the Enterprise ID, then the agent will use the sub- agent Identifier (from the DPI OPEN packet) as the Enterprise ID to be sent with the trap. 5.2.10 ARE_YOU_THERE REQUEST A sub-agent can send an ARE_YOU_THERE packet to the agent. This may be useful to do if you have a DPI "connection" over an unreliable transport protocol (like UDP). If the "connection" is in a healthy state, the agent responds with a RESPONSE packet with SNMP_ERROR_DPI_noError. If the "connection" is not in a healthy state, the agent may respond with a RESPONSE packet with an error indication, but the agent might not react at all, so you would timeout while waiting for a response. 5.2.11 HOW TO QUERY THE DPI PORT. The DPI API implementations are encouraged to provide a facility that helps DPI sub-agent programmers to dynamically find the port that the agent is using for the TCP and/or UDP DPI port(s). A suggested name for such a function is: query_DPI_port(). 6. REFERENCES [1] Case, J., Fedor, M., Schoffstall M., and J. Davin, "Simple Network Management Protocol (SNMP)", STD 15, RFC 1157, SNMP Research, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [2] Information processing systems - Open Systems Interconnection, "Specification of Abstract Syntax Notation One (ASN.1)", International Organization for Standardization, International Standard 8824, December 1987.
[3] Information processing systems - Open Systems Interconnection, "Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)", International Organization for Standardization, International Standard 8825, December 1987. [4] McCloghrie, K., and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets: MIB II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [5] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based internets", STD 16, RFC 1155, Performance Systems International, Hughes LAN Systems, May 1990. [6] Rose, M., "SNMP MUX Protocol and MIB", RFC 1227, Performance Systems International, RFC 1227, May 1991. [7] Carpenter G., and B. Wijnen, "SNMP-DPI, Simple Network Management Protocol Distributed Program Interface", RFC 1228, International Business Machines, Inc., May 1991. [8] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "SNMPv2 RFCs (RFC 1441 through RFC 1452)", SNMP Research Inc, Hughes LAN Systems, Dover Beach Consulting Inc, Carnegie Mellon University, Trusted Information Systems, April 1993. [9] International Business Machines, Inc., TCP/IP for VM: Programmer's Reference, SC31-6084-0, 1990. [10] International Business Machines, Inc., Virtual Machine System Facilities for Programming, Release 6, SC24-5288-01, 1988. 7. SECURITY CONSIDERATIONS Security issues are not discussed in this memo.
8. AUTHORS' ADDRESSES Bert Wijnen IBM International Operations Watsonweg 2 1423 ND Uithoorn The Netherlands Phone: +31-2975-53316 Fax: +31-2975-62468 EMail: wijnen@vnet.ibm.com Geoffrey C. Carpenter IBM T.J. Watson Research Center P.O. Box 218 Yorktown Heights, NY 10598 USA Phone: +1-914-945-1970 EMail: gcc@watson.ibm.com Kim Curran Bell Northern Research Ltd. P.O. Box 3511 Station C Ottawa, Ontario K1Y 4HY Canada Phone: +1-613-763-5283 EMail: kcurran@bnr.ca Aditya Sehgal Bell Northern Research Ltd. P. O. Box 3511 Station C Ottawa, Ontario K1Y 4HY Canada Phone: +1-613-763-8821 EMail: asehgal@bnr.ca
Glen Waters Bell Northern Research Ltd. P.O. Box 3511 Station C Ottawa, Ontario K1Y 4HY Canada Phone: +1-613-763-3933 EMail: gwaters@bnr.ca 9. SAMPLE SOURCES FOR ANONYMOUS FTP An implementation sample of a DPI API (as used at the agent and sub- agent side) plus sample sub-agent code and documentation are available for anonymous FTP from: software.watson.ibm.com (129.34.139.5) To obtain the source, perform the following steps: ftp software.watson.ibm.com user: anonymous password: your_e-mail_address cd /public/dpi get README binary get dpi_api.tar (or compressed dpi_api.tar.Z) quit