MIDCOM-MIB DEFINITIONS ::= BEGIN

IMPORTS

    MODULE-IDENTITY, OBJECT-TYPE,

    NOTIFICATION-TYPE, Unsigned32,

    Counter32, Gauge32, mib-2

        FROM SNMPv2-SMI                  -- RFC 2578

    TEXTUAL-CONVENTION, TruthValue,

    StorageType, RowStatus

        FROM SNMPv2-TC                   -- RFC 2579

    MODULE-COMPLIANCE, OBJECT-GROUP,

    NOTIFICATION-GROUP

        FROM SNMPv2-CONF                 -- RFC 2580

    SnmpAdminString

        FROM SNMP-FRAMEWORK-MIB          -- RFC 3411

    InetAddressType, InetAddress,

    InetPortNumber,

    InetAddressPrefixLength

        FROM INET-ADDRESS-MIB            -- RFC 4001

    InterfaceIndexOrZero

        FROM IF-MIB                      -- RFC 2863

    NatBindIdOrZero

        FROM NAT-MIB;                    -- RFC 4008

midcomMIB MODULE-IDENTITY

    LAST-UPDATED "200708091011Z"  -- August 09, 2007

    ORGANIZATION "IETF Middlebox Communication Working Group"

    CONTACT-INFO

       "WG charter:

          http://www.ietf.org/html.charters/midcom-charter.html

        Mailing Lists:

          General Discussion: midcom@ietf.org

          To Subscribe: midcom-request@ietf.org

          In Body: subscribe your_email_address

        Co-editor:

          Juergen Quittek

          NEC Europe Ltd.

          Kurfuersten-Anlage 36

          69115 Heidelberg

          Germany

          Tel: +49 6221 4342-115

          Email: quittek@nw.neclab.eu

        Co-editor:

          Martin Stiemerling

          NEC Europe Ltd.

          Kurfuersten-Anlage 36

          69115 Heidelberg

          Germany

          Tel: +49 6221 4342-113

          Email: stiemerling@nw.neclab.eu

        Co-editor:

          Pyda Srisuresh

          Kazeon Systems, Inc.

          1161 San Antonio Rd.

          Mountain View, CA 94043

          U.S.A.

          Tel: +1 408 836-4773

          Email: srisuresh@yahoo.com"

    DESCRIPTION

        "This MIB module defines a set of basic objects for

         configuring middleboxes, such as firewalls and network

         address translators, in order to enable communication

         across these devices.

         Managed objects defined in this MIB module are structured

         in three kinds of objects:

           - transaction objects required according to the MIDCOM

             protocol requirements defined in RFC 3304 and according

             to the MIDCOM protocol semantics defined in RFC 3989,

           - configuration objects that can be used for retrieving or

             setting parameters of the implementation of transaction

             objects,

           - optional monitoring objects that provide information

             about used resource and statistics

         The transaction objects are organized in two subtrees:

           - objects modeling MIDCOM policy rules in the

             midcomRuleTable

           - objects modeling MIDCOM policy rule groups in the

             midcomGroupTable

         Note that typically, configuration objects are not intended

         to be written by MIDCOM clients.  In general, write access

         to these objects needs to be restricted more strictly than

         write access to objects in the transaction subtrees.

         Copyright (C) The Internet Society (2008).  This version

         of this MIB module is part of RFC 5190;  see the RFC

         itself for full legal notices."

    REVISION    "200708091011Z"  -- August 09, 2007

    DESCRIPTION "Initial version, published as RFC 5190."

    ::= { mib-2 171 }

--

-- main components of this MIB module

--

midcomNotifications   OBJECT IDENTIFIER ::= { midcomMIB 0 }

midcomObjects         OBJECT IDENTIFIER ::= { midcomMIB 1 }

midcomConformance     OBJECT IDENTIFIER ::= { midcomMIB 2 }

--  Transaction objects required according to the MIDCOM

--  protocol requirements defined in RFC 3304 and according to

--  the MIDCOM protocol semantics defined in RFC 3989

midcomTransaction     OBJECT IDENTIFIER ::= { midcomObjects 1 }

--  Configuration objects that can be used for retrieving

--  middlebox capability information (mandatory) and for

--  setting parameters of the implementation of transaction

--  objects (optional)

midcomConfig   OBJECT IDENTIFIER ::= { midcomObjects 2 }

--  Optional monitoring objects that provide information about

--  used resource and statistics

midcomMonitoring      OBJECT IDENTIFIER ::= { midcomObjects 3 }

--

-- Transaction Objects

--

-- Transaction objects are structured according to the MIDCOM

-- protocol semantics into two groups:

--   - objects modeling MIDCOM policy rules in the midcomRuleTable

--   - objects modeling MIDCOM policy rule groups in the

--     midcomGroupTable

--

-- Policy rule subtree

--

-- The midcomRuleTable lists policy rules

-- including policy reserve rules and policy enable rules.

--

midcomRuleTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF MidcomRuleEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "This table lists policy rules.

         It is indexed by the midcomRuleOwner, the

         midcomGroupIndex, and the midcomRuleIndex.

         This implies that a rule is a member of exactly

         one group and that group membership cannot

         be changed.

         Entries can be deleted by writing to

         midcomGroupLifetime or midcomRuleLifetime

         and potentially also to midcomRuleStorageTime."

    ::= { midcomTransaction 3 }

midcomRuleEntry OBJECT-TYPE

    SYNTAX      MidcomRuleEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "An entry describing a particular MIDCOM policy rule."

    INDEX { midcomRuleOwner, midcomGroupIndex, midcomRuleIndex }

    ::= { midcomRuleTable 1 }

MidcomRuleEntry ::= SEQUENCE {

    midcomRuleOwner                   SnmpAdminString,

    midcomRuleIndex                   Unsigned32,

    midcomRuleAdminStatus             INTEGER,

    midcomRuleOperStatus              INTEGER,

    midcomRuleStorageType             StorageType,

    midcomRuleStorageTime             Unsigned32,

    midcomRuleError                   SnmpAdminString,

    midcomRuleInterface               InterfaceIndexOrZero,

    midcomRuleFlowDirection           INTEGER,

    midcomRuleMaxIdleTime             Unsigned32,

    midcomRuleTransportProtocol       Unsigned32,

    midcomRulePortRange               INTEGER,

    midcomRuleInternalIpVersion       InetAddressType,

    midcomRuleExternalIpVersion       InetAddressType,

    midcomRuleInternalIpAddr          InetAddress,

    midcomRuleInternalIpPrefixLength  InetAddressPrefixLength,

    midcomRuleInternalPort            InetPortNumber,

    midcomRuleExternalIpAddr          InetAddress,

    midcomRuleExternalIpPrefixLength  InetAddressPrefixLength,

    midcomRuleExternalPort            InetPortNumber,

    midcomRuleInsideIpAddr            InetAddress,

    midcomRuleInsidePort              InetPortNumber,

    midcomRuleOutsideIpAddr           InetAddress,

    midcomRuleOutsidePort             InetPortNumber,

    midcomRuleLifetime                Unsigned32,

    midcomRuleRowStatus               RowStatus

}

midcomRuleOwner OBJECT-TYPE

    SYNTAX      SnmpAdminString (SIZE (0..32))

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "The manager who owns this row in the midcomRuleTable.

         This object SHOULD uniquely identify an authenticated

         MIDCOM client.  This object is part of the table index to

         allow for the use of the SNMPv3 View-based Access Control

         Model (VACM, RFC 3415)."

    ::= { midcomRuleEntry 1 }

midcomRuleIndex OBJECT-TYPE

    SYNTAX      Unsigned32 (1..4294967295)

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "The value of this object must be unique in

         combination with the values of the objects

         midcomRuleOwner and midcomGroupIndex in this row."

    ::= { midcomRuleEntry 3 }

midcomRuleAdminStatus OBJECT-TYPE

    SYNTAX      INTEGER {

                    reserve(1),

                    enable(2),

                    notSet(3)

                }

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "The value of this object indicates the desired status of

         the policy rule.  See the definition of midcomRuleOperStatus

         for a description of the values.

         When a midcomRuleEntry is created without explicitly setting

         this object, its value will be notSet(3).

         However, a SET request can only set this object to either

         reserve(1) or enable(2).  Attempts to set this object to

         notSet(3) will always fail with an 'inconsistentValue'

         error.  Note that this error code is SNMP specific.  If the

         MIB module is used with other protocols than SNMP, errors

         with similar semantics specific to those protocols should

         be returned.

         When the midcomRuleAdminStatus object is set, then the

         MIDCOM-MIB implementation will try to read the respective

         relevant objects of the entry and try to achieve the

         corresponding midcomRuleOperStatus.

         Setting midcomRuleAdminStatus to value reserve(1) when

         object midcomRuleOperStatus has a value of reserved(7)

         does not have any effect on the policy rule.

         Setting midcomRuleAdminStatus to value enable(2) when

         object midcomRuleOperStatus has a value of enabled(8)

         does not have any effect on the policy rule.

         Depending on whether the midcomRuleAdminStatus is set to

         reserve(1) or enable(2), several objects must be set in

         advance.  They serve as parameters of the policy rule to be

         established.

         When object midcomRuleAdminStatus is set to reserve(1),

         then the following objects in the same entry are of

         relevance:

             - midcomRuleInterface

             - midcomRuleTransportProtocol

             - midcomRulePortRange

             - midcomRuleInternalIpVersion

             - midcomRuleExternalIpVersion

             - midcomRuleInternalIpAddr

             - midcomRuleInternalIpPrefixLength

             - midcomRuleInternalPort

             - midcomRuleLifetime

         MIDCOM-MIB implementation may also consider the value

         of object midcomRuleMaxIdleTime when establishing

         a reserve rule.

         When object midcomRuleAdminStatus is set to enable(2),

         then the following objects in the same entry are of

         relevance:

             - midcomRuleInterface

             - midcomRuleFlowDirection

             - midcomRuleMaxIdleTime

             - midcomRuleTransportProtocol

             - midcomRulePortRange

             - midcomRuleInternalIpVersion

             - midcomRuleExternalIpVersion

             - midcomRuleInternalIpAddr

             - midcomRuleInternalIpPrefixLength

             - midcomRuleInternalPort

             - midcomRuleExternalIpAddr

             - midcomRuleExternalIpPrefixLength

             - midcomRuleExternalPort

             - midcomRuleLifetime

         When retrieved, the object returns the last set value.

         If no value has been set, it returns the default value

         notSet(3)."

    DEFVAL { notSet }

    ::= { midcomRuleEntry 4 }

midcomRuleOperStatus OBJECT-TYPE

    SYNTAX      INTEGER {

                    newEntry(1),

                    setting(2),

                    checkingRequest(3),

                    incorrectRequest(4),

                    processingRequest(5),

                    requestRejected(6),

                    reserved(7),

                    enabled(8),

                    timedOut(9),

                    terminatedOnRequest(10),

                    terminated(11),

                    genericError(12)

                }

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "The actual status of the policy rule.  The

         midcomRuleOperStatus object may have the following values:

         - newEntry(1) indicates that the entry in the

           midcomRuleTable was created, but not modified yet.

           Such an entry needs to be filled with values specifying

           a request first.

         - setting(2) indicates that the entry has been already

           modified after generating it, but no request was made

           yet.

         - checkingRequest(3) indicates that midcomRuleAdminStatus

           has recently been set and that the MIDCOM-MIB

           implementation is currently checking the parameters of

           the request.  This is a transient state.  The value of

           this object will change to either incorrectRequest(4)

           or processingRequest(5) without any external

           interaction.  A MIDCOM-MIB implementation MAY return

           this value while checking request parameters.

         - incorrectRequest(4) indicates that checking a request

           resulted in detecting an incorrect value in one of the

           objects containing request parameters.  The failure

           reason is indicated by the value of midcomRuleError.

         - processingRequest(5) indicates that

           midcomRuleAdminStatus has recently been set and that

           the MIDCOM-MIB implementation is currently processing

           the request and trying to configure the middlebox

           accordingly.  This is a transient state.  The value of

           this object will change to either requestRejected(6),

           reserved(7), or enabled(8) without any external

           interaction.  A MIDCOM-MIB implementation MAY return

           this value while processing a request.

         - requestRejected(6) indicates that a request to establish

           a policy rule specified by the entry was rejected.  The

           reason for rejection is indicated by the value of

           midcomRuleError.

         - reserved(7) indicates that the entry describes an

           established policy reserve rule.

           These values of MidcomRuleEntry are meaningful

           for a reserved policy rule:

               - midcomRuleMaxIdleTime

               - midcomRuleInterface

               - midcomRuleTransportProtocol

               - midcomRulePortRange

               - midcomRuleInternalIpVersion

               - midcomRuleExternalIpVersion

               - midcomRuleInternalIpAddr

               - midcomRuleInternalIpPrefixLength

               - midcomRuleInternalPort

               - midcomRuleOutsideIpAddr

               - midcomRuleOutsidePort

               - midcomRuleLifetime

         - enabled(8) indicates that the entry describes an

           established policy enable rule.

           These values of MidcomRuleEntry are meaningful

           for an enabled policy rule:

               - midcomRuleFlowDirection

               - midcomRuleInterface

               - midcomRuleMaxIdleTime

               - midcomRuleTransportProtocol

               - midcomRulePortRange

               - midcomRuleInternalIpVersion

               - midcomRuleExternalIpVersion

               - midcomRuleInternalIpAddr

               - midcomRuleInternalIpPrefixLength

               - midcomRuleInternalPort

               - midcomRuleExternalIpAddr

               - midcomRuleExternalIpPrefixLength

               - midcomRuleExternalPort

               - midcomRuleInsideIpAddr

               - midcomRuleInsidePort

               - midcomRuleOutsideIpAddr

               - midcomRuleOutsidePort

               - midcomRuleLifetime

         - timedOut(9) indicates that the lifetime of a previously

           established policy rule has expired and that the policy

           rule is terminated for this reason.

         - terminatedOnRequest(10) indicates that a previously

           established policy rule was terminated by an SNMP

           manager setting the midcomRuleLifetime to 0 or

           setting midcomGroupLifetime to 0.

         - terminated(11) indicates that a previously established

           policy rule was terminated by the MIDCOM-MIB

           implementation for a reason other than lifetime

           expiration or an explicit request from a MIDCOM client.

         - genericError(12) indicates that the policy rule

           specified by the entry is not established due to

           an error condition not listed above.

         The states timedOut(9), terminatedOnRequest(10), and

         terminated(11) are referred to as termination states.

         The states incorrectRequest(4), requestRejected(6),

         and genericError(12) are referred to as error states.

         The checkingRequest(3) and processingRequest(5)

         states are transient states, which will lead to either

         one of the error states or the reserved(7) state or the

         enabled(8) state.  MIDCOM-MIB implementations MAY return

         these values when checking or processing requests."

    DEFVAL { newEntry }

    ::= { midcomRuleEntry 5 }

midcomRuleStorageType OBJECT-TYPE

    SYNTAX      StorageType

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "When retrieved, this object returns the storage

         type of the policy rule.  Writing to this object can

         change the storage type of the particular row from

         volatile(2) to nonVolatile(3) or vice versa.

         Attempts to set this object to permanent will always

         fail with an 'inconsistentValue' error.  Note that this

         error code is SNMP specific.  If the MIB module is used

         with other protocols than SNMP, errors with similar

         semantics specific to those protocols should be

         returned.

         If midcomRuleStorageType has the value permanent(4),

         then all objects in this row whose MAX-ACCESS value

         is read-create must be read-only."

    DEFVAL { volatile }

    ::= { midcomRuleEntry 6 }

midcomRuleStorageTime OBJECT-TYPE

    SYNTAX      Unsigned32

    UNITS       "seconds"

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "The value of this object specifies how long this row

         can exist in the midcomRuleTable after the

         midcomRuleOperStatus switched to a termination state or

         to an error state.  This object returns the remaining

         time that the row may exist before it is aged out.

         After expiration or termination of the context, the value

         of this object ticks backwards.  The entry in the

         midcomRuleTable is destroyed when the value reaches 0.

         The value of this object may be set in order to increase

         or reduce the remaining time that the row may exist.

         Setting the value to 0 will destroy this entry as soon as

         the midcomRuleOperStatus switched to a termination state

         or to an error state.

         Note that there is no guarantee that the row is stored as

         long as this object indicates.  At any time, the MIDCOM-

         MIB implementation may decide to remove a row describing

         a terminated policy rule before the storage time of the

         corresponding row in the midcomRuleTable reaches the

         value of 0.  In this case, the information stored in this

         row is not available anymore.

         If object midcomRuleStorageType indicates that the policy

         rule has the storage type permanent(4), then this object has

         a constant value of 4294967295."

    DEFVAL { 0 }

    ::= { midcomRuleEntry 7 }

midcomRuleError OBJECT-TYPE

    SYNTAX      SnmpAdminString

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "This object contains a descriptive error message if

         the transition into the operational status reserved(7)

         or enabled(8) failed.  Implementations must reset the

         error message to a zero-length string when a new

         attempt to change the policy rule status to reserved(7)

         or enabled(8) is started.

         RECOMMENDED values to be returned in particular cases

         include

           - 'lack of IP addresses'

           - 'lack of port numbers'

           - 'lack of resources'

           - 'specified NAT interface does not exist'

           - 'specified NAT interface does not support NAT'

           - 'conflict with already existing policy rule'

           - 'no internal IP wildcarding allowed'

           - 'no external IP wildcarding allowed'

         The semantics of these error messages and the corresponding

         behavior of the MIDCOM-MIB implementation are specified

         in sections 2.3.9 and 2.3.10 of RFC 3989."

    REFERENCE

        "RFC 3989, sections 2.3.9 and 2.3.10"

    DEFVAL { ''H }

    ::= { midcomRuleEntry 8 }

midcomRuleInterface OBJECT-TYPE

    SYNTAX      InterfaceIndexOrZero

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "This object indicates the IP interface for which

         enforcement of a policy rule is requested or performed,

         respectively.

         The interface is identified by its index in the ifTable

         (see IF-MIB in RFC 2863).  If the object has a value of 0,

         then no particular interface is indicated.

         This object is used as input to a request for establishing

         a policy rule as well as for indicating the properties of

         an established policy rule.

         If object midcomRuleOperStatus of the same entry has the

         value newEntry(1) or setting(2), then this object can be

         written by a manager in order to request its preference

         concerning the interface at which it requests NAT service.

         The default value of 0 indicates that the manager does not

         have a preferred interface or does not have sufficient

         topology information for specifying one.  Writing to this

         object in any state other than newEntry(1) or setting(2)

         will always fail with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has the

         value reserved(7) or enabled(8), then this object indicates

         the interface at which NAT service for this rule is

         performed.  If NAT service is not required for enforcing

         the policy rule, then the value of this object is 0.  Also,

         if the MIDCOM-MIB implementation cannot indicate an

         interface, because it does not have this information or

         because NAT service is not offered at a particular single

         interface, then the value of the object is 0.

         Note that the index of a particular interface in the

         ifTable may change after a re-initialization of the

         middlebox, for example, after adding another interface to

         it.  In such a case, the value of this object may change,

         but the interface referred to by the MIDCOM-MIB MUST still

         be the same.  If, after a re-initialization of the

         middlebox, the interface referred to before

         re-initialization cannot be uniquely mapped anymore to a

         particular entry in the ifTable, then the value of object

         midcomRuleOperStatus of the same entry MUST be changed to

         terminated(11).

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { 0 }

    ::= { midcomRuleEntry 9 }

midcomRuleFlowDirection OBJECT-TYPE

    SYNTAX      INTEGER {

                    inbound(1),

                    outbound(2),

                    biDirectional(3)

                }

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "This parameter specifies the direction of enabled

         communication, either inbound(1), outbound(2), or

         biDirectional(3).

         The semantics of this object depends on the protocol

         the rule relates to.  If the rule is independent of

         the transport protocol (midcomRuleTransportProtocol

         has a value of 0) or if the transport protocol is UDP,

         then the value of midcomRuleFlowDirection indicates

         the direction of packets traversing the middlebox.

         In this case, value inbound(1) indicates that packets

         are traversing from outside to inside, value outbound(2)

         indicates that packets are traversing from inside to

         outside.  For both values, inbound(1) and outbound(2)

         packets can traverse the middlebox only unidirectional.

         A bidirectional flow is indicated by value

         biDirectional(3).

         If the transport protocol is TCP, the packet flow is

         always bidirectional, but the value of

         midcomRuleFlowDirection indicates that:

           - inbound(1): bidirectional TCP packet flow.

             First packet, with TCP SYN flag set, must arrive

             at an outside interface of the middlebox.

           - outbound(2): bidirectional TCP packet flow.

             First packet, with TCP SYN flag set, must arrive

             at an inside interface of the middlebox.

           - biDirectional(3): bidirectional TCP packet flow.

             First packet, with TCP SYN flag set, may arrive

             at an inside or an outside interface of the middlebox.

         This object is used as input to a request for

         establishing a policy enable rule as well as for

         indicating the properties of an established policy rule.

         If object midcomRuleOperStatus of the same entry has a

         value of either newEntry(1), setting(2), or reserved(7),

         then this object can be written by a manager in order to

         specify a requested direction to be enabled by a policy

         rule.  Writing to this object in any state other than

         newEntry(1), setting(2), or reserved(7) will always fail

         with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has the

         value enabled(8), then this object indicates the enabled

         flow direction.

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { outbound }

    ::= { midcomRuleEntry 10 }

midcomRuleMaxIdleTime OBJECT-TYPE

    SYNTAX      Unsigned32

    UNITS       "seconds"

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "Maximum idle time of the policy rule in seconds.

         If no packet to which the policy rule applies passes the

         middlebox for the specified midcomRuleMaxIdleTime, then

         the policy rule enters the termination state timedOut(9).

         A value of 0 indicates that the policy does not require

         an individual idle time and that instead, a default idle

         time chosen by the middlebox is used.

         A value of 4294967295 ( = 2^32 - 1 ) indicates that the

         policy does not time out if it is idle.

         This object is used as input to a request for

         establishing a policy enable rule as well as for

         indicating the properties of an established policy rule.

         If object midcomRuleOperStatus of the same entry has a

         value of either newEntry(1), setting(2), or reserved(7),

         then this object can be written by a manager in order to

         specify a maximum idle time for the policy rule to be

         requested.  Writing to this object in any state others

         than newEntry(1), setting(2), or reserved(7) will always

         fail with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has the

         value enabled(8), then this object indicates the maximum

         idle time of the policy rule.  Note that even if a maximum

         idle time greater than zero was requested, the middlebox

         may not be able to support maximum idle times and set the

         value of this object to zero when entering state

         enabled(8).

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { 0 }

    ::= { midcomRuleEntry 11 }

midcomRuleTransportProtocol OBJECT-TYPE

    SYNTAX      Unsigned32 (0..255)

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "The transport protocol.

         Valid values for midcomRuleTransportProtocol

         other than zero are defined at:

         http://www.iana.org/assignments/protocol-numbers

         This object is used as input to a request for establishing

         a policy rule as well as for indicating the properties of

         an established policy rule.

         If object midcomRuleOperStatus of the same entry has a

         value of either newEntry(1) or setting(2), then this

         object can be written by a manager in order to specify a

         requested transport protocol.  If translation of an IP

         address only is requested, then this object must have the

         default value 0.  Writing to this object in any state

         other than newEntry(1) or setting(2) will always fail

         with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has the

         value reserved(7) or enabled(8), then this object

         indicates which transport protocol is enforced by this

         policy rule.  A value of 0 indicates a rule acting on IP

         addresses only.

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { 0 }

    ::= { midcomRuleEntry 12 }

midcomRulePortRange OBJECT-TYPE

    SYNTAX      INTEGER {

                    single(1),

                    pair(2)

                }

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "The range of port numbers.

         This object is used as input to a request for establishing

         a policy rule as well as for indicating the properties of

         an established policy rule.  It is relevant to the

         operation of the MIDCOM-MIB implementation only if the

         value of object midcomTransportProtocol in the same entry

         has a value other than 0.

         If object midcomRuleOperStatus of the same entry has the

         value newEntry(1) or setting(2), then this object can be

         written by a manager in order to specify the requested

         size of the port range.  With single(1) just a single

         port number is requested, with pair(2) a consecutive pair

         of port numbers is requested with the lower number being

         even.  Requesting a consecutive pair of port numbers may

         be used by RTP [RFC3550] and may even be required to

         support older RTP applications.

         Writing to this object in any state other than

         newEntry(1), setting(2) or reserved(7) will always fail

         with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has a

         value of either reserved(7) or enabled(8), then this

         object will have the value that it had before the

         transition to this state.

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { single }

    ::= { midcomRuleEntry 13}

midcomRuleInternalIpVersion OBJECT-TYPE

    SYNTAX      InetAddressType

    MAX-ACCESS  read-create

    STATUS      current

    DESCRIPTION

        "IP version of the internal address (A0) and the inside

         address (A1).  Allowed values are ipv4(1), ipv6(2),

         ipv4z(3), and ipv6z(4).

         This object is used as input to a request for establishing

         a policy rule as well as for indicating the properties of

         an established policy rule.

         If object midcomRuleOperStatus of the same entry has the

         value newEntry(1) or setting(2), then this object can be

         written by a manager in order to specify the IP version

         required at the inside of the middlebox.  Writing to this

         object in any state other than newEntry(1) or setting(2)

         will always fail with an 'inconsistentValue' error.

         Note that this error code is SNMP specific.  If the MIB

         module is used with other protocols than SNMP, errors with

         similar semantics specific to those protocols should be

         returned.

         If object midcomRuleOperStatus of the same entry has the

         value reserved(7) or enabled(8), then this object

         indicates the internal/inside IP version.

         If object midcomRuleOperStatus of the same entry has a

         value other than newEntry(1), setting(2), reserved(7), or

         enabled(8), then the value of this object is irrelevant."

    DEFVAL { ipv4 }

    ::= { midcomRuleEntry 14 }