CISCO-IP-TAP-MIB.my

-- *****************************************************************
-- CISCO-IP-TAP-MIB.my:  Cisco intercept extension MIB for IP
--
-- January 2004,Srinivas Dhulipala
--
-- Copyright (c) 2004-2005 by Cisco Systems, Inc.
-- All rights reserved.
--
-- *****************************************************************
--

CISCO-IP-TAP-MIB DEFINITIONS ::= BEGIN

IMPORTS
        Integer32,
        MODULE-IDENTITY,
        OBJECT-TYPE
                FROM SNMPv2-SMI

        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF

        InetAddress,
        InetAddressPrefixLength,
        InetAddressType,
        InetPortNumber
                FROM INET-ADDRESS-MIB

        SnmpAdminString
                FROM SNMP-FRAMEWORK-MIB

        RowStatus
                FROM SNMPv2-TC

        cTap2MediationContentId,
        cTap2StreamIndex
                FROM CISCO-TAP2-MIB

        ciscoMgmt
                FROM CISCO-SMI;
 

ciscoIpTapMIB MODULE-IDENTITY
      LAST-UPDATED  "200403110000Z"
      ORGANIZATION  "Cisco Systems, Inc."
      CONTACT-INFO
              "      Cisco Systems
                     Customer Service

              Postal:170 W. Tasman Drive
                     San Jose, CA  95134
                     USA

                 Tel:+1 800 553-NETS

              E-mail:cs-li@cisco.com"
      DESCRIPTION
              "This module manages Cisco's intercept feature for IP.

              This MIB is used along with CISCO-TAP2-MIB to
              intercept IP traffic. CISCO-TAP2-MIB along with
              specific filter MIBs like this MIB replace 
              CISCO-TAP-MIB.

              To create an IP intercept, an entry citapStreamEntry 
              is created which contains the filter details. An entry
              cTap2StreamEntry of CISCO-TAP2-MIB is created, which is
              the common stream information for all kinds of 
              intercepts and type of the specific stream is set to
              ip in this entry."

      REVISION        "200403110000Z"
      DESCRIPTION
              "Initial version of this MIB module."
      ::= { ciscoMgmt 394 }


ciscoIpTapMIBNotifs           OBJECT IDENTIFIER ::= { ciscoIpTapMIB 0 }
ciscoIpTapMIBObjects          OBJECT IDENTIFIER ::= { ciscoIpTapMIB 1 }
ciscoIpTapMIBConform          OBJECT IDENTIFIER ::= { ciscoIpTapMIB 2 }

citapStreamEncodePacket OBJECT IDENTIFIER ::= { ciscoIpTapMIBObjects
1 }

--
-- The filter specifics for intercepting IPv4 and IPv6 traffic
-- 

citapStreamCapabilities  OBJECT-TYPE
     SYNTAX     BITS {
                         tapEnable(0),
                         interface(1),
                         ipV4(2),
                         ipV6(3),
                         l4Port(4),
                         dscp(5),
                         voip(6)
                     }
     MAX-ACCESS read-only
     STATUS     current
     DESCRIPTION
         "This object displays what types of intercept streams can be
         configured on this type of device. This may be dependent on
         hardware capabilities, software capabilities. The following
         fields may be supported:
             tapEnable:   set if table entries with
                          cTap2StreamInterceptEnable set to 'false'
                          are used to pre-screen packets for intercept;
                          otherwise these entries are ignored.
             interface:   SNMP ifIndex Value may be used to select
                          interception of all data crossing an
                          interface or set of interfaces.
             ipV4:        IPv4 Address or prefix may be used to select
                          traffic to be intercepted.
             ipV6:        IPv6 Address or prefix may be used to select
                          traffic to be intercepted.
             l4Port:      TCP/UDP Ports may be used to select traffic
                          to be intercepted.
             dscp:        DSCP (Differentiated Services Code Point) may
                          be used to select traffic to be intercepted.
             voip:        packets belonging to a voice session may
                          be intercepted using source IPv4 address and
                          source UDP port."
     ::= { citapStreamEncodePacket 1 }

--
-- The 'access list' for intercepting data at the IP network layer
--


citapStreamTable OBJECT-TYPE
     SYNTAX       SEQUENCE OF CitapStreamEntry
     MAX-ACCESS   not-accessible
     STATUS       current
     DESCRIPTION
        "The Intercept Stream IP Table lists the IPv4 and IPv6 streams
        to be intercepted.  The same data stream may be required by
        multiple taps, and one might assume that often the intercepted
        stream is a small subset of the traffic that could be
        intercepted.


        This essentially provides options for packet selection, only
        some of which might be used. For example, if all traffic to or
        from a given interface is to be intercepted, one would
        configure an entry which lists the interface, and wild-card
        everything else.  If all traffic to or from a given IP Address
        is to be intercepted, one would configure two such entries
        listing the IP Address as source and destination respectively,
        and wild-card everything else.  If a particular voice on a
        teleconference is to be intercepted, on the other hand, one
        would extract the multicast (destination) IP address, the
        source IP Address, the protocol (UDP), and the source and
        destination ports from the call control exchange and list all
        necessary information.


        The first index indicates which Mediation Device the
        intercepted traffic will be diverted to. The second index
        permits multiple classifiers to be used together, such as
        having an IP address as source or destination. The value of the
        second index is that of the stream's counter entry in the 
        cTap2StreamTable.

        Entries are added to this table via citapStreamStatus in 
        accordance with the RowStatus convention."
     ::= { citapStreamEncodePacket 2 }


citapStreamEntry OBJECT-TYPE
     SYNTAX     CitapStreamEntry
     MAX-ACCESS not-accessible
     STATUS     current
     DESCRIPTION
        "A stream entry indicates a single data stream to be
        intercepted to a Mediation Device. Many selected data
        streams may go to the same application interface, and many
        application interfaces are supported."
     INDEX      { cTap2MediationContentId, cTap2StreamIndex }
     ::= { citapStreamTable 1 }


CitapStreamEntry::= SEQUENCE {
        citapStreamInterface             Integer32,
        citapStreamAddrType              InetAddressType,
        citapStreamDestinationAddress    InetAddress,
        citapStreamDestinationLength     InetAddressPrefixLength,
        citapStreamSourceAddress         InetAddress,
        citapStreamSourceLength          InetAddressPrefixLength,
        citapStreamTosByte               Integer32,
        citapStreamTosByteMask           Integer32,
        citapStreamFlowId                Integer32,
        citapStreamProtocol              Integer32,
        citapStreamDestL4PortMin         InetPortNumber,
        citapStreamDestL4PortMax         InetPortNumber,
        citapStreamSourceL4PortMin       InetPortNumber,
        citapStreamSourceL4PortMax       InetPortNumber,
        citapStreamVRF                   SnmpAdminString,
        citapStreamStatus                RowStatus
}


citapStreamInterface OBJECT-TYPE
     SYNTAX     Integer32 (-2..2147483647)
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The ifIndex value of the interface over which traffic to be
        intercepted is received or transmitted. The interface may be
        physical or virtual. If this is the only parameter specified,
        and it is other than -2, -1 or 0, all traffic on the selected
        interface will be chosen.


        If the value is zero, matching traffic may be received or
        transmitted on any interface.  Additional selection parameters
        must be selected to limit the scope of traffic intercepted.
        This is most useful on non-routing platforms or on intercepts
        placed elsewhere than a subscriber interface.


        If the value is -1, one or both of
        citapStreamDestinationAddress and citapStreamSourceAddress
        must be specified with prefix length greater than zero.
        Matching traffic on the interface pointed to by ipRouteIfIndex
        or ipCidrRouteIfIndex values associated with those values is
        intercepted, whichever is specified to be more focused than a
        default route.  If routing changes, either by operator action
        or by routing protocol events, the interface will change with
        it. This is primarily intended for use on subscriber interfaces
        and other places where routing is guaranteed to be
        symmetrical.


        In both of these cases, it is possible to have the same packet
        selected for intersection on both its ingress and egress
        interface.  Nonetheless, only one instance of the packet is
        sent to the Mediation Device.


        If the value is -2, packets belonging to a Voice over IP (VoIP)
        session identified by citapStreamSourceAddress, 
        citapStreamSourceLen and citapStreamSourceL4PortMin may be 
        intercepted, as a specific voice session can be identified 
        with source IP address and udp port number. Other selection 
        parameters may be not considered, even if they are set by 
        the Mediation Device.


        This value must be set when creating a stream entry, either to
        select an interface, to select all interfaces, or to select the
        interface that routing chooses. Some platforms may not
        implement the entire range of options."
     REFERENCE  "RFC 1213, RFC 2096"
     ::= { citapStreamEntry 1 }


citapStreamAddrType OBJECT-TYPE
     SYNTAX     InetAddressType
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The type of address, used in packet selection."
     DEFVAL     { ipv4 }
     ::= { citapStreamEntry 2 }


citapStreamDestinationAddress OBJECT-TYPE
     SYNTAX     InetAddress
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The Destination address or prefix used in packet selection.
        This address will be of the type specified in
        citapStreamAddrType."
     DEFVAL       { '00000000'H } -- 0.0.0.0
     ::= { citapStreamEntry 3 }


citapStreamDestinationLength OBJECT-TYPE
     SYNTAX     InetAddressPrefixLength
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The length of the Destination Prefix. A value of zero causes
        all addresses to match.  This prefix length will be consistent
        with the type specified in citapStreamAddrType."
     DEFVAL { 0 } -- by default, any destination address
     ::= { citapStreamEntry 4 }


citapStreamSourceAddress OBJECT-TYPE
     SYNTAX     InetAddress
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The Source Address used in packet selection. This address will
        be of the type specified in citapStreamAddrType."
     DEFVAL       { '00000000'H } -- 0.0.0.0
     ::= { citapStreamEntry 5 }


citapStreamSourceLength OBJECT-TYPE
     SYNTAX     InetAddressPrefixLength
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The length of the Source Prefix. A value of zero causes all
        addresses to match. This prefix length will be consistent with
        the type specified in citapStreamAddrType."
     DEFVAL { 0 } -- by default, any source address
     ::= { citapStreamEntry 6 }


citapStreamTosByte OBJECT-TYPE
     SYNTAX     Integer32 (0..255)
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The value of the TOS byte, when masked with
        citapStreamTosByteMask, of traffic to be intercepted.  If
        citapStreamTosByte&(~citapStreamTosByteMask)!=0,
        configuration is rejected."
     DEFVAL { 0 }
     ::= { citapStreamEntry 7 }


citapStreamTosByteMask OBJECT-TYPE
     SYNTAX     Integer32 (0..255)
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The value of the TOS byte in an IPv4 or IPv6 header is ANDed
        with citapStreamTosByteMask and compared with
        citapStreamTosByte.  If the values are equal, the comparison
        is equal. If the mask is zero and the TosByte value is zero,
        the result is to always accept."
     DEFVAL { 0 } -- by default, any DSCP or other TOS byte value
     ::= { citapStreamEntry 8 }


citapStreamFlowId OBJECT-TYPE
     SYNTAX     Integer32 (-1 | 0..1048575)
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The flow identifier in an IPv6 header. -1 indicates that the
        Flow Id is unused."
     DEFVAL { -1 } -- by default, any flow identifier value
     ::= { citapStreamEntry 9 }


citapStreamProtocol OBJECT-TYPE
     SYNTAX     Integer32 (-1 | 0..255)
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The IP protocol to match against the IPv4 protocol number or
        the IPv6 Next- Header number in the packet. -1 means 'any IP
        protocol'."
     DEFVAL { -1 } -- by default, any IP protocol
     ::= { citapStreamEntry 10 }


citapStreamDestL4PortMin OBJECT-TYPE
     SYNTAX     InetPortNumber
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The minimum value that the layer-4 destination port number in
        the packet must have in order to match.  This value must be
        equal to or less than the value specified for this entry in
        citapStreamDestL4PortMax.


        If both citapStreamDestL4PortMin and citapStreamDestL4PortMax
        are at their default values, the port number is effectively
        unused."
     DEFVAL { 0 } -- by default, any transport layer port number
     ::= { citapStreamEntry 11 }


citapStreamDestL4PortMax OBJECT-TYPE
     SYNTAX     InetPortNumber
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The maximum value that the layer-4 destination port number in
        the packet must have in order to match this classifier entry.
        This value must be equal to or greater than the value specified
        for this entry in citapStreamDestL4PortMin.


        If both citapStreamDestL4PortMin and citapStreamDestL4PortMax
        are at their default values, the port number is effectively
        unused."
     DEFVAL { 65535 } -- by default, any transport layer port number
     ::= { citapStreamEntry 12 }


citapStreamSourceL4PortMin OBJECT-TYPE
     SYNTAX     InetPortNumber
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The minimum value that the layer-4 destination port number in
        the packet must have in order to match.  This value must be
        equal to or less than the value specified for this entry in
        citapStreamSourceL4PortMax.


        If both citapStreamSourceL4PortMin and
        citapStreamSourceL4PortMax are at their default values, the
        port number is effectively unused."
     DEFVAL { 0 } -- by default, any transport layer port number
     ::= { citapStreamEntry 13 }


citapStreamSourceL4PortMax OBJECT-TYPE
     SYNTAX     InetPortNumber
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The maximum value that the layer-4 destination port number in
        the packet must have in order to match this classifier entry.
        This value must be equal to or greater than the value specified
        for this entry in citapStreamSourceL4PortMin.


        If both citapStreamSourceL4PortMin and
        citapStreamSourceL4PortMax are at their default values, the
        port number is effectively unused."
     DEFVAL { 65535 } -- by default, any transport layer port number
     ::= { citapStreamEntry 14 }

citapStreamVRF OBJECT-TYPE
        SYNTAX SnmpAdminString
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "An ASCII string, which is the name of a Virtual Routing
            and Forwarding (VRF) table comprising the routing context
            of a Virtual Private Network. The interface or set of 
            interfaces on which the packet might be found should be 
            selected from the set of interfaces in the VRF table. 
            A string length of zero implies that global routing table
            be used for selection of interfaces on which the packet
            might be found."
        DEFVAL { "" } -- by default, global routing table
        ::= { citapStreamEntry 15 }

citapStreamStatus OBJECT-TYPE
     SYNTAX     RowStatus
     MAX-ACCESS read-create
     STATUS     current
     DESCRIPTION
        "The status of this conceptual row. This object manages
        creation, modification, and deletion of rows in this table.
        When any rows must be changed, citapStreamStatus must be first 
        set to 'notInService'."
     ::= { citapStreamEntry 16 }


-- conformance information


ciscoIpTapMIBCompliances OBJECT IDENTIFIER ::= { ciscoIpTapMIBConform
1 }
ciscoIpTapMIBGroups      OBJECT IDENTIFIER ::= { ciscoIpTapMIBConform
2 }


-- compliance statement


ciscoIpTapMIBCompliance MODULE-COMPLIANCE
     STATUS  current
     DESCRIPTION
        "The compliance statement for entities which implement the 
        Cisco Intercept MIB for IP."
     MODULE        -- this module
        MANDATORY-GROUPS {
                ciscoIpTapStreamComplianceGroup
        }
     ::= {ciscoIpTapMIBCompliances 1 }

-- units of conformance

ciscoIpTapStreamComplianceGroup OBJECT-GROUP
     OBJECTS {
        citapStreamCapabilities,
        citapStreamInterface,
        citapStreamAddrType,
        citapStreamDestinationAddress,
        citapStreamDestinationLength,
        citapStreamSourceAddress,
        citapStreamSourceLength,
        citapStreamTosByte,
        citapStreamTosByteMask,
        citapStreamFlowId,
        citapStreamProtocol,
        citapStreamDestL4PortMin,
        citapStreamDestL4PortMax,
        citapStreamSourceL4PortMin,
        citapStreamSourceL4PortMax,
        citapStreamVRF,
        citapStreamStatus
     }
     STATUS     current
     DESCRIPTION
        "These objects are necessary for a description of IPv4 and IPv6
        packets to select for interception."
     ::= { ciscoIpTapMIBGroups 1 }

END
OID .1.3.6.1.4.1.9.9.394OID .1.3.6.1.4.1.9.9.394.0OID .1.3.6.1.4.1.9.9.394.1OID .1.3.6.1.4.1.9.9.394.1.1OID .1.3.6.1.4.1.9.9.394.1.1.1OID .1.3.6.1.4.1.9.9.394.1.1.2OID .1.3.6.1.4.1.9.9.394.1.1.2.1OID .1.3.6.1.4.1.9.9.394.1.1.2.1.1OID .1.3.6.1.4.1.9.9.394.1.1.2.1.2OID .1.3.6.1.4.1.9.9.394.1.1.2.1.3OID .1.3.6.1.4.1.9.9.394.1.1.2.1.4OID .1.3.6.1.4.1.9.9.394.1.1.2.1.5OID .1.3.6.1.4.1.9.9.394.1.1.2.1.6OID .1.3.6.1.4.1.9.9.394.1.1.2.1.7OID .1.3.6.1.4.1.9.9.394.1.1.2.1.8OID .1.3.6.1.4.1.9.9.394.1.1.2.1.9OID .1.3.6.1.4.1.9.9.394.1.1.2.1.10OID .1.3.6.1.4.1.9.9.394.1.1.2.1.11OID .1.3.6.1.4.1.9.9.394.1.1.2.1.12OID .1.3.6.1.4.1.9.9.394.1.1.2.1.13OID .1.3.6.1.4.1.9.9.394.1.1.2.1.14OID .1.3.6.1.4.1.9.9.394.1.1.2.1.15OID .1.3.6.1.4.1.9.9.394.1.1.2.1.16OID .1.3.6.1.4.1.9.9.394.2OID .1.3.6.1.4.1.9.9.394.2.1OID .1.3.6.1.4.1.9.9.394.2.1.1OID .1.3.6.1.4.1.9.9.394.2.2OID .1.3.6.1.4.1.9.9.394.2.2.1