[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC-IPSEC-ACTION-MIB



[pls forward to ipsp WG

I happened to be looking at (since I was checking IPsec PIB)
IPSEC-IPSECACTION-MIB. 

(IPSEC-IKEACTION-MIB may have similar concerns, did not check so much,
but pls do check yourself).

And I see:

   ipsaPeerIdAddress OBJECT-TYPE
       SYNTAX      InetAddress
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The property PeerAddress specifies the IP address of the
            peer.  The format is specified by the
            ipsaPeerIdAddressType.

            Values of unknown, ipv4z, ipv6z and dns are not legal
            values for this object."

Such "not legal" things MUST be specified in the MODULE-COMPLIANCE with

   OBJECT  ipsaPeerIdAddressType
   SYNTAX  InetAddressType { ipv4(x), ipv6(y) }
   DESCRIPTION "No need to support values unknown, ipv4z, ipv6z and 
                dns because they are legal values for this object."

Pls fill out the x and y 

At the same time you can then restrict the SIZE for the InetAddress
(if you want to (also in the MODULE-COMPLIANCE)

For StorageType objects (like ipsaSaPreActStorageType), you MUST specify
which of the columns MUST be writable for permanent rows.
See the STorageType TC in RFC2579 that explains/prescribes this

MODULE assignments like       ::= { spdActions 1 }
are not good. (see MIB review guidelines about that.
It will be difficult to keep track as to which ones have been 
assigned and which ones have not. We have been burnt in the past.
Why not just allocate under mib-2 ?

Tool smilint tells me:

C:\smi\pibs\ietf>smilint -l 6 -m -s -inamelength-32 ./IPSEC-IPSECACTION-MIB
./IPSEC-IPSECACTION-MIB:97: [5] {type-without-format} warning: type `IpsecDoiEnc
apsulationMode' has no format specification
./IPSEC-IPSECACTION-MIB:117: [5] {type-without-format} warning: type `IpsecDoiIp
compTransform' has no format specification
./IPSEC-IPSECACTION-MIB:147: [5] {type-without-format} warning: type `IpsecDoiAu
thAlgorithm' has no format specification
./IPSEC-IPSECACTION-MIB:185: [5] {type-without-format} warning: type `IpsecDoiEs
pTransform' has no format specification
./IPSEC-IPSECACTION-MIB:228: [5] {type-without-format} warning: type `IpsecDoiId
entType' has no format specification

These are only warnings, but you may want to check it anyway,.
I believe it is caused by a missing DISPLAY-HINT

Various of your objects would be improved if you added a UNITS clause.

This sentence (on page 39) seems copied from another MIB document
  Therefore, when configuring data in the IPSEC-SPD-MIB, you SHOULD use
  SNMP version 3.  The rest of this discussion assumes the use of
  SNMPv3.  This is a real strength, because it allows administrators
That is OK, but I guess you want to at least use the name of your
MIB module, no?

I see no IANA COnsiderations section. This is mandatory these days (quite 
a while already).

I think that the prose to explain this MIB module (i.e. sect 3 and 4 is
pretty meager. You may want to expand somewhat on that,

This is not a final review by a long shot. Just some quick remarks 
after a very quick and cursory browse.

You may also want to check
*** matchref -- match citations and references.
    Input file: draft-ietf-ipsp-ipsecaction-mib-01.txt


!! Missing citation for Normative reference:
  P041 L043:    [RFC3411]  Harrington, D., Presuhn, R. and B. Wijnen, "An

!! Missing citation for Normative reference:
  P041 L049:    [RFC3412]  Case, J., Harrington, D., Presuhn, R. and B. Wijnen,

!! Missing citation for Normative reference:
  P041 L055:    [RFC3413]  Levi, D., Meyer, P. and B. Stewart, "Simple Network

!! Missing citation for Normative reference:
  P041 L060:    [RFC3414]  Blumenthal, U. and B. Wijnen, "User-based Security Model

!! Missing citation for Normative reference:
  P042 L006:    [RFC3415]  Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based

~
Bert