• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Network Security

SNMP - Elements of Procedure

This is an example of an Elements of Procedure section. We have provided this in order to help people understand some of the details of out recommended design. The specific details of this text will need to be worked out in the working group.

1. Processing A Received SNMPng Message
1. The snmpInPkts counter in incremented. If the received message is not the serialization (according to ??) of an SNMPngMessage value, then the snmpInASNParseErrs counter is incremented, and the message is discarded without further processing.
2. The value of the Version component is extracted from the message. If this value is something other than 2, then the message is either passed to another SNMP entity running on the node (e.g. an SNMPv1 or SNMPv2c entity) if one exists, otherwise, the snmpInBadVersions counter is incremented, and the message is discarded without further processing.
3. The MsgID, MMS, SecurityModel, QOS, and ReportableFlag are extracted and saved.
4. An appropriate Security Model Processing Module is selected according to the extracted value of SecurityModel. If no such module can be found, the snmpBadSecurityModels counter is incremented, a Report PDU is generated, and the message is discarded without further processing.
5. The QOS, the MMS, the entire SNMPngMessage, and a pointer to the location of the SecurityData within the message are passed to the Security Model Processing Module.
1. If the Security Model Processing Module returns an ErrorCode, then a Report PDU as indicated by that ErrorCode is generated, and the message is discarded without further processing.
2. Otherwise, the Security Model Processing Module should return a ScopedPDU-MMS a Group, a SecurityCookie, and a ScopedPDU. These values are saved.
6. The ContextID, ContextName, and PDU are extracted from the ScopedPDU and saved. If the PDU is not the serialization (according to ??) of a PDU value, then the snmpInASNParseErrs counter is incremented, and the message is discarded without further processing.
7. The SNMP operation and request-id are extracted from the PDU and saved. If the operation is a GetBulk request, the non-repeaters and max-repetitions values are extracted and saved, otherwise, the error-status and error-index values are extracted and discarded.
8. If the operation is either a Get, GetNext, GetBulk, or Set operation, then:
1. The ContextID is compared with the local value of (snmpID?):
• If the values are not equal and there is no Proxy Handling application present, the unknownContextIDs counter is incremented, a Report PDU is generated, and processing stops.
• If the values are not equal and there is a Proxy Handling application present, processing continues in the Proxy Handling application. (THIS STEP NEEDS MORE WORK)
• If the values are equal, processing continues with step b.
2. The LCD is consulted for a View authorized for communication using the saved values of QOS, Group, ContextName, and SNMP operation. If no such View can be found, the View is set to an empty view (e.g. everything excluded).
3. All information saved up to this point is cached for later use in generating a response message.
4. The management operation represented by the PDU value is performed by the receiving SNMPv2 entity with respect to the View and ContextName.
9. If the operation is a Response operation, then:
1. The saved values are passed to the interested application.
10. If the operation is a Trap operation, then:
1. The saved values are passed to the interested application.
11. If the operation is a Inform operation, then:
1. The saved values are passed to the interested application.
12. If the operation is a Report operation, then:
1. The value of MsgID is used to locate a corresponding entry in the cache of outstanding requests. If no corresponding entry can be found, the received message is discarded without further processing.