MIDCOM-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY,
	OBJECT-TYPE,
	NOTIFICATION-TYPE,
	Unsigned32,
	Counter32,
	Gauge32,
	mib-2
		FROM SNMPv2-SMI		-- RFC 2578
	TEXTUAL-CONVENTION,
	TruthValue,
	StorageType,
	RowStatus
		FROM SNMPv2-TC		-- RFC 2579
	MODULE-COMPLIANCE,
	OBJECT-GROUP,
	NOTIFICATION-GROUP
		FROM SNMPv2-CONF		-- RFC 2580
	SnmpAdminString
		FROM SNMP-FRAMEWORK-MIB		-- RFC 3411
	InetAddressType,
	InetAddress,
	InetPortNumber,
	InetAddressPrefixLength
		FROM INET-ADDRESS-MIB		-- RFC 4001
	InterfaceIndexOrZero
		FROM IF-MIB		-- RFC 2863
	NatBindIdOrZero
		FROM NAT-MIB;

-- RFC 4008

midcomMIB MODULE-IDENTITY
	LAST-UPDATED "200708091011Z"	-- Aug 9, 2007 10:11:00 AM
	ORGANIZATION "IETF Middlebox Communication Working Group"
	CONTACT-INFO
		"WG charter:
		  http://www.ietf.org/html.charters/midcom-charter.html

		Mailing Lists:
		  General Discussion: midcom@ietf.org
		  To Subscribe: midcom-request@ietf.org
		  In Body: subscribe your_email_address

		Co-editor:
		  Juergen Quittek
		  NEC Europe Ltd.
		  Kurfuersten-Anlage 36
		  69115 Heidelberg
		  Germany
		  Tel: +49 6221 4342-115
		  Email: quittek@nw.neclab.eu

		Co-editor:
		  Martin Stiemerling
		  NEC Europe Ltd.
		  Kurfuersten-Anlage 36
		  69115 Heidelberg
		  Germany
		  Tel: +49 6221 4342-113
		  Email: stiemerling@nw.neclab.eu

		Co-editor:
		  Pyda Srisuresh
		  Kazeon Systems, Inc.
		  1161 San Antonio Rd.
		  Mountain View, CA 94043
		  U.S.A.
		  Tel: +1 408 836-4773
		  Email: srisuresh@yahoo.com"
	DESCRIPTION
		"This MIB module defines a set of basic objects for
		configuring middleboxes, such as firewalls and network





		address translators, in order to enable communication
		across these devices.

		Managed objects defined in this MIB module are structured
		in three kinds of objects:
		  - transaction objects required according to the MIDCOM
		    protocol requirements defined in RFC 3304 and according
		    to the MIDCOM protocol semantics defined in RFC 3989,
		  - configuration objects that can be used for retrieving or
		    setting parameters of the implementation of transaction
		    objects,
		  - optional monitoring objects that provide information
		    about used resource and statistics

		The transaction objects are organized in two subtrees:
		  - objects modeling MIDCOM policy rules in the
		    midcomRuleTable
		  - objects modeling MIDCOM policy rule groups in the
		    midcomGroupTable

		Note that typically, configuration objects are not intended
		to be written by MIDCOM clients.  In general, write access
		to these objects needs to be restricted more strictly than
		write access to objects in the transaction subtrees.

		Copyright (C) The Internet Society (2008).  This version
		of this MIB module is part of RFC 5190;  see the RFC
		itself for full legal notices."
	REVISION "200708091011Z"	-- Aug 9, 2007 10:11:00 AM
	DESCRIPTION
		"Initial version, published as RFC 5190."
	-- 1.3.6.1.2.1.171
	::= { mib-2 171 }


--
-- main components of this MIB module
--

midcomNotifications OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.0
	::= { midcomMIB 0 }

midcomObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.1
	::= { midcomMIB 1 }

midcomConformance OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.2
	::= { midcomMIB 2 }

--  Transaction objects required according to the MIDCOM
--  protocol requirements defined in RFC 3304 and according to
--  the MIDCOM protocol semantics defined in RFC 3989

midcomTransaction OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.1.1
	::= { midcomObjects 1 }

--  Configuration objects that can be used for retrieving
--  middlebox capability information (mandatory) and for
--  setting parameters of the implementation of transaction
--  objects (optional)

midcomConfig OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.1.2
	::= { midcomObjects 2 }

--  Optional monitoring objects that provide information about
--  used resource and statistics

midcomMonitoring OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.1.3
	::= { midcomObjects 3 }

--
-- Transaction Objects
--
-- Transaction objects are structured according to the MIDCOM
-- protocol semantics into two groups:
--   - objects modeling MIDCOM policy rules in the midcomRuleTable
--   - objects modeling MIDCOM policy rule groups in the
--     midcomGroupTable
--
-- Policy rule subtree
--
-- The midcomRuleTable lists policy rules
-- including policy reserve rules and policy enable rules.
--

midcomRuleTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF MidcomRuleEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table lists policy rules.

		It is indexed by the midcomRuleOwner, the
		midcomGroupIndex, and the midcomRuleIndex.
		This implies that a rule is a member of exactly
		one group and that group membership cannot
		be changed.

		Entries can be deleted by writing to
		midcomGroupLifetime or midcomRuleLifetime
		and potentially also to midcomRuleStorageTime."
	-- 1.3.6.1.2.1.171.1.1.3
	::= { midcomTransaction 3 }


midcomRuleEntry OBJECT-TYPE
	SYNTAX  MidcomRuleEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry describing a particular MIDCOM policy rule."
	INDEX {
		midcomRuleOwner,
		midcomGroupIndex,
		midcomRuleIndex }
	-- 1.3.6.1.2.1.171.1.1.3.1
	::= { midcomRuleTable 1 }


MidcomRuleEntry ::= SEQUENCE {

	midcomRuleOwner                  SnmpAdminString,
	midcomRuleIndex                  Unsigned32,
	midcomRuleAdminStatus            INTEGER,
	midcomRuleOperStatus             INTEGER,
	midcomRuleStorageType            StorageType,
	midcomRuleStorageTime            Unsigned32,
	midcomRuleError                  SnmpAdminString,
	midcomRuleInterface              InterfaceIndexOrZero,
	midcomRuleFlowDirection          INTEGER,
	midcomRuleMaxIdleTime            Unsigned32,
	midcomRuleTransportProtocol      Unsigned32,
	midcomRulePortRange              INTEGER,
	midcomRuleInternalIpVersion      InetAddressType,
	midcomRuleExternalIpVersion      InetAddressType,
	midcomRuleInternalIpAddr         InetAddress,
	midcomRuleInternalIpPrefixLength InetAddressPrefixLength,
	midcomRuleInternalPort           InetPortNumber,
	midcomRuleExternalIpAddr         InetAddress,
	midcomRuleExternalIpPrefixLength InetAddressPrefixLength,
	midcomRuleExternalPort           InetPortNumber,
	midcomRuleInsideIpAddr           InetAddress,
	midcomRuleInsidePort             InetPortNumber,
	midcomRuleOutsideIpAddr          InetAddress,
	midcomRuleOutsidePort            InetPortNumber,
	midcomRuleLifetime               Unsigned32,
	midcomRuleRowStatus              RowStatus }


midcomRuleOwner OBJECT-TYPE
	SYNTAX  SnmpAdminString (SIZE (0..32))
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The manager who owns this row in the midcomRuleTable.

		This object SHOULD uniquely identify an authenticated
		MIDCOM client.  This object is part of the table index to
		allow for the use of the SNMPv3 View-based Access Control
		Model (VACM, RFC 3415)."
	-- 1.3.6.1.2.1.171.1.1.3.1.1
	::= { midcomRuleEntry 1 }


midcomRuleIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The value of this object must be unique in
		combination with the values of the objects
		midcomRuleOwner and midcomGroupIndex in this row."
	-- 1.3.6.1.2.1.171.1.1.3.1.3
	::= { midcomRuleEntry 3 }


midcomRuleAdminStatus OBJECT-TYPE
	SYNTAX  INTEGER {
			reserve(1),
			enable(2),
			notSet(3) }
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The value of this object indicates the desired status of
		the policy rule.  See the definition of midcomRuleOperStatus
		for a description of the values.

		When a midcomRuleEntry is created without explicitly setting
		this object, its value will be notSet(3).

		However, a SET request can only set this object to either
		reserve(1) or enable(2).  Attempts to set this object to
		notSet(3) will always fail with an 'inconsistentValue'
		error.  Note that this error code is SNMP specific.  If the
		MIB module is used with other protocols than SNMP, errors
		with similar semantics specific to those protocols should
		be returned.

		When the midcomRuleAdminStatus object is set, then the
		MIDCOM-MIB implementation will try to read the respective
		relevant objects of the entry and try to achieve the
		corresponding midcomRuleOperStatus.

		Setting midcomRuleAdminStatus to value reserve(1) when
		object midcomRuleOperStatus has a value of reserved(7)
		does not have any effect on the policy rule.
		Setting midcomRuleAdminStatus to value enable(2) when
		object midcomRuleOperStatus has a value of enabled(8)
		does not have any effect on the policy rule.

		Depending on whether the midcomRuleAdminStatus is set to
		reserve(1) or enable(2), several objects must be set in
		advance.  They serve as parameters of the policy rule to be
		established.






		When object midcomRuleAdminStatus is set to reserve(1),
		then the following objects in the same entry are of
		relevance:
		    - midcomRuleInterface
		    - midcomRuleTransportProtocol
		    - midcomRulePortRange
		    - midcomRuleInternalIpVersion
		    - midcomRuleExternalIpVersion
		    - midcomRuleInternalIpAddr
		    - midcomRuleInternalIpPrefixLength
		    - midcomRuleInternalPort
		    - midcomRuleLifetime

		MIDCOM-MIB implementation may also consider the value
		of object midcomRuleMaxIdleTime when establishing
		a reserve rule.

		When object midcomRuleAdminStatus is set to enable(2),
		then the following objects in the same entry are of
		relevance:
		    - midcomRuleInterface
		    - midcomRuleFlowDirection
		    - midcomRuleMaxIdleTime
		    - midcomRuleTransportProtocol
		    - midcomRulePortRange
		    - midcomRuleInternalIpVersion
		    - midcomRuleExternalIpVersion
		    - midcomRuleInternalIpAddr
		    - midcomRuleInternalIpPrefixLength
		    - midcomRuleInternalPort
		    - midcomRuleExternalIpAddr
		    - midcomRuleExternalIpPrefixLength
		    - midcomRuleExternalPort
		    - midcomRuleLifetime

		When retrieved, the object returns the last set value.
		If no value has been set, it returns the default value
		notSet(3)."
	DEFVAL { notSet }
	-- 1.3.6.1.2.1.171.1.1.3.1.4
	::= { midcomRuleEntry 4 }


midcomRuleOperStatus OBJECT-TYPE
	SYNTAX  INTEGER {
			newEntry(1),
			setting(2),
			checkingRequest(3),
			incorrectRequest(4),
			processingRequest(5),
			requestRejected(6),
			reserved(7),
			enabled(8),
			timedOut(9),
			terminatedOnRequest(10),
			terminated(11),
			genericError(12) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The actual status of the policy rule.  The
		midcomRuleOperStatus object may have the following values:

		- newEntry(1) indicates that the entry in the
		  midcomRuleTable was created, but not modified yet.
		  Such an entry needs to be filled with values specifying
		  a request first.

		- setting(2) indicates that the entry has been already
		  modified after generating it, but no request was made
		  yet.

		- checkingRequest(3) indicates that midcomRuleAdminStatus
		  has recently been set and that the MIDCOM-MIB
		  implementation is currently checking the parameters of
		  the request.  This is a transient state.  The value of
		  this object will change to either incorrectRequest(4)
		  or processingRequest(5) without any external
		  interaction.  A MIDCOM-MIB implementation MAY return
		  this value while checking request parameters.

		- incorrectRequest(4) indicates that checking a request
		  resulted in detecting an incorrect value in one of the
		  objects containing request parameters.  The failure
		  reason is indicated by the value of midcomRuleError.

		- processingRequest(5) indicates that
		  midcomRuleAdminStatus has recently been set and that
		  the MIDCOM-MIB implementation is currently processing
		  the request and trying to configure the middlebox
		  accordingly.  This is a transient state.  The value of
		  this object will change to either requestRejected(6),
		  reserved(7), or enabled(8) without any external
		  interaction.  A MIDCOM-MIB implementation MAY return
		  this value while processing a request.

		- requestRejected(6) indicates that a request to establish





		  a policy rule specified by the entry was rejected.  The
		  reason for rejection is indicated by the value of
		  midcomRuleError.

		- reserved(7) indicates that the entry describes an
		  established policy reserve rule.
		  These values of MidcomRuleEntry are meaningful
		  for a reserved policy rule:
		      - midcomRuleMaxIdleTime
		      - midcomRuleInterface
		      - midcomRuleTransportProtocol
		      - midcomRulePortRange
		      - midcomRuleInternalIpVersion
		      - midcomRuleExternalIpVersion
		      - midcomRuleInternalIpAddr
		      - midcomRuleInternalIpPrefixLength
		      - midcomRuleInternalPort
		      - midcomRuleOutsideIpAddr
		      - midcomRuleOutsidePort
		      - midcomRuleLifetime

		- enabled(8) indicates that the entry describes an
		  established policy enable rule.
		  These values of MidcomRuleEntry are meaningful
		  for an enabled policy rule:

		      - midcomRuleFlowDirection
		      - midcomRuleInterface
		      - midcomRuleMaxIdleTime
		      - midcomRuleTransportProtocol
		      - midcomRulePortRange
		      - midcomRuleInternalIpVersion
		      - midcomRuleExternalIpVersion
		      - midcomRuleInternalIpAddr
		      - midcomRuleInternalIpPrefixLength
		      - midcomRuleInternalPort
		      - midcomRuleExternalIpAddr
		      - midcomRuleExternalIpPrefixLength
		      - midcomRuleExternalPort
		      - midcomRuleInsideIpAddr
		      - midcomRuleInsidePort
		      - midcomRuleOutsideIpAddr
		      - midcomRuleOutsidePort
		      - midcomRuleLifetime

		- timedOut(9) indicates that the lifetime of a previously
		  established policy rule has expired and that the policy
		  rule is terminated for this reason.





		- terminatedOnRequest(10) indicates that a previously
		  established policy rule was terminated by an SNMP
		  manager setting the midcomRuleLifetime to 0 or
		  setting midcomGroupLifetime to 0.

		- terminated(11) indicates that a previously established
		  policy rule was terminated by the MIDCOM-MIB
		  implementation for a reason other than lifetime
		  expiration or an explicit request from a MIDCOM client.

		- genericError(12) indicates that the policy rule
		  specified by the entry is not established due to
		  an error condition not listed above.

		The states timedOut(9), terminatedOnRequest(10), and
		terminated(11) are referred to as termination states.

		The states incorrectRequest(4), requestRejected(6),
		and genericError(12) are referred to as error states.

		The checkingRequest(3) and processingRequest(5)
		states are transient states, which will lead to either
		one of the error states or the reserved(7) state or the
		enabled(8) state.  MIDCOM-MIB implementations MAY return
		these values when checking or processing requests."
	DEFVAL { newEntry }
	-- 1.3.6.1.2.1.171.1.1.3.1.5
	::= { midcomRuleEntry 5 }


midcomRuleStorageType OBJECT-TYPE
	SYNTAX  StorageType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"When retrieved, this object returns the storage
		type of the policy rule.  Writing to this object can
		change the storage type of the particular row from
		volatile(2) to nonVolatile(3) or vice versa.

		Attempts to set this object to permanent will always
		fail with an 'inconsistentValue' error.  Note that this
		error code is SNMP specific.  If the MIB module is used
		with other protocols than SNMP, errors with similar
		semantics specific to those protocols should be
		returned.

		If midcomRuleStorageType has the value permanent(4),
		then all objects in this row whose MAX-ACCESS value
		is read-create must be read-only."
	DEFVAL { volatile }
	-- 1.3.6.1.2.1.171.1.1.3.1.6
	::= { midcomRuleEntry 6 }


midcomRuleStorageTime OBJECT-TYPE
	SYNTAX  Unsigned32
	UNITS	"seconds"
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The value of this object specifies how long this row
		can exist in the midcomRuleTable after the
		midcomRuleOperStatus switched to a termination state or
		to an error state.  This object returns the remaining
		time that the row may exist before it is aged out.

		After expiration or termination of the context, the value
		of this object ticks backwards.  The entry in the
		midcomRuleTable is destroyed when the value reaches 0.

		The value of this object may be set in order to increase
		or reduce the remaining time that the row may exist.
		Setting the value to 0 will destroy this entry as soon as
		the midcomRuleOperStatus switched to a termination state
		or to an error state.

		Note that there is no guarantee that the row is stored as
		long as this object indicates.  At any time, the MIDCOM-
		MIB implementation may decide to remove a row describing
		a terminated policy rule before the storage time of the
		corresponding row in the midcomRuleTable reaches the
		value of 0.  In this case, the information stored in this
		row is not available anymore.

		If object midcomRuleStorageType indicates that the policy
		rule has the storage type permanent(4), then this object has
		a constant value of 4294967295."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.7
	::= { midcomRuleEntry 7 }


midcomRuleError OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object contains a descriptive error message if
		the transition into the operational status reserved(7)
		or enabled(8) failed.  Implementations must reset the
		error message to a zero-length string when a new





		attempt to change the policy rule status to reserved(7)
		or enabled(8) is started.

		RECOMMENDED values to be returned in particular cases
		include
		  - 'lack of IP addresses'
		  - 'lack of port numbers'
		  - 'lack of resources'
		  - 'specified NAT interface does not exist'
		  - 'specified NAT interface does not support NAT'
		  - 'conflict with already existing policy rule'
		  - 'no internal IP wildcarding allowed'
		  - 'no external IP wildcarding allowed'

		The semantics of these error messages and the corresponding
		behavior of the MIDCOM-MIB implementation are specified
		in sections 2.3.9 and 2.3.10 of RFC 3989."
	REFERENCE
		"RFC 3989, sections 2.3.9 and 2.3.10"
	DEFVAL { ''H }
	-- 1.3.6.1.2.1.171.1.1.3.1.8
	::= { midcomRuleEntry 8 }


midcomRuleInterface OBJECT-TYPE
	SYNTAX  InterfaceIndexOrZero
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This object indicates the IP interface for which
		enforcement of a policy rule is requested or performed,
		respectively.

		The interface is identified by its index in the ifTable
		(see IF-MIB in RFC 2863).  If the object has a value of 0,
		then no particular interface is indicated.

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to request its preference
		concerning the interface at which it requests NAT service.
		The default value of 0 indicates that the manager does not
		have a preferred interface or does not have sufficient
		topology information for specifying one.  Writing to this
		object in any state other than newEntry(1) or setting(2)
		will always fail with an 'inconsistentValue' error.





		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object indicates
		the interface at which NAT service for this rule is
		performed.  If NAT service is not required for enforcing
		the policy rule, then the value of this object is 0.  Also,
		if the MIDCOM-MIB implementation cannot indicate an
		interface, because it does not have this information or
		because NAT service is not offered at a particular single
		interface, then the value of the object is 0.

		Note that the index of a particular interface in the
		ifTable may change after a re-initialization of the
		middlebox, for example, after adding another interface to
		it.  In such a case, the value of this object may change,
		but the interface referred to by the MIDCOM-MIB MUST still
		be the same.  If, after a re-initialization of the
		middlebox, the interface referred to before
		re-initialization cannot be uniquely mapped anymore to a
		particular entry in the ifTable, then the value of object
		midcomRuleOperStatus of the same entry MUST be changed to
		terminated(11).

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.9
	::= { midcomRuleEntry 9 }


midcomRuleFlowDirection OBJECT-TYPE
	SYNTAX  INTEGER {
			inbound(1),
			outbound(2),
			biDirectional(3) }
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"This parameter specifies the direction of enabled
		communication, either inbound(1), outbound(2), or
		biDirectional(3).

		The semantics of this object depends on the protocol
		the rule relates to.  If the rule is independent of





		the transport protocol (midcomRuleTransportProtocol
		has a value of 0) or if the transport protocol is UDP,
		then the value of midcomRuleFlowDirection indicates
		the direction of packets traversing the middlebox.

		In this case, value inbound(1) indicates that packets
		are traversing from outside to inside, value outbound(2)
		indicates that packets are traversing from inside to
		outside.  For both values, inbound(1) and outbound(2)
		packets can traverse the middlebox only unidirectional.
		A bidirectional flow is indicated by value
		biDirectional(3).

		If the transport protocol is TCP, the packet flow is
		always bidirectional, but the value of
		midcomRuleFlowDirection indicates that:

		  - inbound(1): bidirectional TCP packet flow.
		    First packet, with TCP SYN flag set, must arrive
		    at an outside interface of the middlebox.

		  - outbound(2): bidirectional TCP packet flow.
		    First packet, with TCP SYN flag set, must arrive
		    at an inside interface of the middlebox.

		  - biDirectional(3): bidirectional TCP packet flow.
		    First packet, with TCP SYN flag set, may arrive
		    at an inside or an outside interface of the middlebox.

		This object is used as input to a request for
		establishing a policy enable rule as well as for
		indicating the properties of an established policy rule.

		If object midcomRuleOperStatus of the same entry has a
		value of either newEntry(1), setting(2), or reserved(7),
		then this object can be written by a manager in order to
		specify a requested direction to be enabled by a policy
		rule.  Writing to this object in any state other than
		newEntry(1), setting(2), or reserved(7) will always fail
		with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value enabled(8), then this object indicates the enabled





		flow direction.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { outbound }
	-- 1.3.6.1.2.1.171.1.1.3.1.10
	::= { midcomRuleEntry 10 }


midcomRuleMaxIdleTime OBJECT-TYPE
	SYNTAX  Unsigned32
	UNITS	"seconds"
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"Maximum idle time of the policy rule in seconds.

		If no packet to which the policy rule applies passes the
		middlebox for the specified midcomRuleMaxIdleTime, then
		the policy rule enters the termination state timedOut(9).

		A value of 0 indicates that the policy does not require
		an individual idle time and that instead, a default idle
		time chosen by the middlebox is used.

		A value of 4294967295 ( = 2^32 - 1 ) indicates that the
		policy does not time out if it is idle.

		This object is used as input to a request for
		establishing a policy enable rule as well as for
		indicating the properties of an established policy rule.

		If object midcomRuleOperStatus of the same entry has a
		value of either newEntry(1), setting(2), or reserved(7),
		then this object can be written by a manager in order to
		specify a maximum idle time for the policy rule to be
		requested.  Writing to this object in any state others
		than newEntry(1), setting(2), or reserved(7) will always
		fail with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value enabled(8), then this object indicates the maximum
		idle time of the policy rule.  Note that even if a maximum
		idle time greater than zero was requested, the middlebox





		may not be able to support maximum idle times and set the
		value of this object to zero when entering state
		enabled(8).

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.11
	::= { midcomRuleEntry 11 }


midcomRuleTransportProtocol OBJECT-TYPE
	SYNTAX  Unsigned32 (0..255)
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The transport protocol.

		Valid values for midcomRuleTransportProtocol
		other than zero are defined at:
		http://www.iana.org/assignments/protocol-numbers

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has a
		value of either newEntry(1) or setting(2), then this
		object can be written by a manager in order to specify a
		requested transport protocol.  If translation of an IP
		address only is requested, then this object must have the
		default value 0.  Writing to this object in any state
		other than newEntry(1) or setting(2) will always fail
		with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object
		indicates which transport protocol is enforced by this
		policy rule.  A value of 0 indicates a rule acting on IP
		addresses only.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.12
	::= { midcomRuleEntry 12 }


midcomRulePortRange OBJECT-TYPE
	SYNTAX  INTEGER {
			single(1),
			pair(2) }
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The range of port numbers.

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.  It is relevant to the
		operation of the MIDCOM-MIB implementation only if the
		value of object midcomTransportProtocol in the same entry
		has a value other than 0.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the requested
		size of the port range.  With single(1) just a single
		port number is requested, with pair(2) a consecutive pair
		of port numbers is requested with the lower number being
		even.  Requesting a consecutive pair of port numbers may
		be used by RTP [RFC3550] and may even be required to
		support older RTP applications.

		Writing to this object in any state other than
		newEntry(1), setting(2) or reserved(7) will always fail
		with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has a
		value of either reserved(7) or enabled(8), then this
		object will have the value that it had before the
		transition to this state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { single }
	-- 1.3.6.1.2.1.171.1.1.3.1.13
	::= { midcomRuleEntry 13 }


midcomRuleInternalIpVersion OBJECT-TYPE
	SYNTAX  InetAddressType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"IP version of the internal address (A0) and the inside
		address (A1).  Allowed values are ipv4(1), ipv6(2),
		ipv4z(3), and ipv6z(4).

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the IP version
		required at the inside of the middlebox.  Writing to this
		object in any state other than newEntry(1) or setting(2)
		will always fail with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object
		indicates the internal/inside IP version.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { ipv4 }
	-- 1.3.6.1.2.1.171.1.1.3.1.14
	::= { midcomRuleEntry 14 }


midcomRuleExternalIpVersion OBJECT-TYPE
	SYNTAX  InetAddressType
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"IP version of the external address (A3) and the outside
		address (A2).  Allowed values are ipv4(1) and ipv6(2).

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.





		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the IP version
		required at the outside of the middlebox.  Writing to
		this object in any state other than newEntry(1) or
		setting(2) will always fail with an 'inconsistentValue'
		error.
		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object
		indicates the external/outside IP version.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7) or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { ipv4 }
	-- 1.3.6.1.2.1.171.1.1.3.1.15
	::= { midcomRuleEntry 15 }


midcomRuleInternalIpAddr OBJECT-TYPE
	SYNTAX  InetAddress
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The internal IP address (A0).

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the internal IP
		address for which a reserve policy rule or a enable policy
		rule is requested to be established.  Writing to this
		object in any state other than newEntry(1) or setting(2)
		will always fail with an 'inconsistentValue' error.
		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object will
		have the value which it had before the transition to this





		state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7) or
		enabled(8), then the value of this object is irrelevant."
	-- 1.3.6.1.2.1.171.1.1.3.1.16
	::= { midcomRuleEntry 16 }


midcomRuleInternalIpPrefixLength OBJECT-TYPE
	SYNTAX  InetAddressPrefixLength
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The prefix length of the internal IP address used for
		wildcarding.  A value of 0 indicates a full wildcard;
		in this case, the value of midcomRuleInternalIpAddr is
		irrelevant.  If midcomRuleInternalIpVersion has a value
		of ipv4(1), then a value > 31 indicates no wildcarding
		at all.  If midcomRuleInternalIpVersion has a value
		of ipv4(2), then a value > 127 indicates no wildcarding
		at all.  A MIDCOM-MIB implementation that does not
		support IP address wildcarding MUST implement this object
		as read-only with a value of 128.  A MIDCOM that does
		not support wildcarding based on prefix length MAY
		restrict allowed values for this object to 0 and 128.

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the prefix length
		of the internal IP address for which a reserve policy rule
		or an enable policy rule is requested to be established.
		Writing to this object in any state other than newEntry(1)
		or setting(2) will always fail with an 'inconsistentValue'
		error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object will
		have the value which it had before the transition to this
		state.






		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 128 }
	-- 1.3.6.1.2.1.171.1.1.3.1.17
	::= { midcomRuleEntry 17 }


midcomRuleInternalPort OBJECT-TYPE
	SYNTAX  InetPortNumber
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The internal port number.  A value of 0 is a wildcard.

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.  It is relevant to the
		operation of the MIDCOM-MIB implementation only if the
		value of object midcomTransportProtocol in the same entry
		has a value other than 0.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1) or setting(2), then this object can be
		written by a manager in order to specify the internal port
		number for which a reserve policy rule or an enable policy
		rule is requested to be established.  Writing to this
		object in any state other than newEntry(1) or setting(2)
		will always fail with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value reserved(7) or enabled(8), then this object will
		have the value that it had before the transition to this
		state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.18
	::= { midcomRuleEntry 18 }


midcomRuleExternalIpAddr OBJECT-TYPE
	SYNTAX  InetAddress
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The external IP address (A3).

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1), setting(2), or reserved(7), then this
		object can be written by a manager in order to specify the
		external IP address for which an enable policy rule is
		requested to be established.  Writing to this object in
		any state other than newEntry(1), setting(2), or reserved(7)
		will always fail with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value enabled(8), then this object will have the value
		that it had before the transition to this state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	-- 1.3.6.1.2.1.171.1.1.3.1.19
	::= { midcomRuleEntry 19 }


midcomRuleExternalIpPrefixLength OBJECT-TYPE
	SYNTAX  InetAddressPrefixLength
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The prefix length of the external IP address used for
		wildcarding.  A value of 0 indicates a full wildcard;
		in this case, the value of midcomRuleExternalIpAddr is
		irrelevant.  If midcomRuleExternalIpVersion has a value
		of ipv4(1), then a value > 31 indicates no wildcarding
		at all.  If midcomRuleExternalIpVersion has a value
		of ipv4(2), then a value > 127 indicates no wildcarding
		at all.  A MIDCOM-MIB implementation that does not
		support IP address wildcarding MUST implement this object
		as read-only with a value of 128.  A MIDCOM that does
		not support wildcarding based on prefix length MAY
		restrict allowed values for this object to 0 and 128.

		This object is used as input to a request for establishing





		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1), setting(2), or reserved(7), then this
		object can be written by a manager in order to specify the
		prefix length of the external IP address for which an
		enable policy rule is requested to be established.
		Writing to this object in any state other than
		newEntry(1), setting(2), or reserved(7) will always fail
		with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value enabled(8), then this object will have the value
		that it had before the transition to this state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 128 }
	-- 1.3.6.1.2.1.171.1.1.3.1.20
	::= { midcomRuleEntry 20 }


midcomRuleExternalPort OBJECT-TYPE
	SYNTAX  InetPortNumber
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The external port number.  A value of 0 is a wildcard.

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.  It is relevant to the
		operation of the MIDCOM-MIB implementation only if the
		value of object midcomTransportProtocol in the same entry
		has a value other than 0.

		If object midcomRuleOperStatus of the same entry has the
		value newEntry(1), setting(2) or reserved(7), then this
		object can be written by a manager in order to specify the
		external port number for which an enable policy rule is
		requested to be established.  Writing to this object in
		any state other than newEntry(1), setting(2) or reserved(7)
		will always fail with an 'inconsistentValue' error.





		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has the
		value enabled(8), then this object will have the value
		which it had before the transition to this state.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7) or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 0 }
	-- 1.3.6.1.2.1.171.1.1.3.1.21
	::= { midcomRuleEntry 21 }


midcomRuleInsideIpAddr OBJECT-TYPE
	SYNTAX  InetAddress
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The inside IP address at the middlebox (A1).

		The value of this object is relevant only if
		object midcomRuleOperStatus of the same entry has
		a value of either reserved(7) or enabled(8)."
	-- 1.3.6.1.2.1.171.1.1.3.1.22
	::= { midcomRuleEntry 22 }


midcomRuleInsidePort OBJECT-TYPE
	SYNTAX  InetPortNumber
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The inside port number at the middlebox.
		A value of 0 is a wildcard.

		The value of this object is relevant only if
		object midcomRuleOperStatus of the same entry has
		a value of either reserved(7) or enabled(8)."
	-- 1.3.6.1.2.1.171.1.1.3.1.23
	::= { midcomRuleEntry 23 }


midcomRuleOutsideIpAddr OBJECT-TYPE
	SYNTAX  InetAddress
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The outside IP address at the middlebox (A2).

		The value of this object is relevant only if





		object midcomRuleOperStatus of the same entry has
		a value of either reserved(7) or enabled(8)."
	-- 1.3.6.1.2.1.171.1.1.3.1.24
	::= { midcomRuleEntry 24 }


midcomRuleOutsidePort OBJECT-TYPE
	SYNTAX  InetPortNumber
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The outside port number at the middlebox.
		A value of 0 is a wildcard.

		The value of this object is relevant only if
		object midcomRuleOperStatus of the same entry has
		a value of either reserved(7) or enabled(8)."
	-- 1.3.6.1.2.1.171.1.1.3.1.25
	::= { midcomRuleEntry 25 }


midcomRuleLifetime OBJECT-TYPE
	SYNTAX  Unsigned32
	UNITS	"seconds"
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"The remaining lifetime in seconds of this policy rule.

		Lifetime of a policy rule starts when object
		midcomRuleOperStatus in the same entry enters either
		state reserved(7) or state enabled(8).

		This object is used as input to a request for establishing
		a policy rule as well as for indicating the properties of
		an established policy rule.

		If object midcomRuleOperStatus of the same entry has a
		value of either newEntry(1) or setting(2), then this
		object can be written by a manager in order to specify
		the requested lifetime of a policy rule to be established.

		If object midcomRuleOperStatus of the same entry has a
		value of either reserved(7) or enabled(8), then this
		object indicates the (continuously decreasing) remaining
		lifetime of the established policy rule.  Note that when
		entering state reserved(7) or enabled(8), the MIDCOM-MIB
		implementation can choose a lifetime shorter than the one
		requested.

		Unlike other parameters of the policy rule, this parameter
		can still be written in state reserved(7) and enabled(8).





		Writing to this object is processed by the MIDCOM-MIB
		implementation by choosing a lifetime value that is
		greater than 0 and less than or equal to the minimum of
		the requested value and the value specified by object
		midcomConfigMaxLifetime:

		 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)

		where:
		   - lt_granted is the actually granted lifetime by the
		     MIDCOM-MIB implementation
		   - lt_requested is the requested lifetime of the MIDCOM
		     client
		   - lt_maximum is the value of object
		     midcomConfigMaxLifetime

		SNMP SET requests to this object may be rejected or the
		value of the object after an accepted SET operation may be
		less than the value that was contained in the SNMP SET
		request.

		Successfully writing a value of 0 terminates the policy
		rule.  Note that after a policy rule is terminated, still
		the entry will exist as long as indicated by the value of
		midcomRuleStorageTime.

		Writing to this object in any state other than
		newEntry(1), setting(2), reserved(7), or enabled(7)
		will always fail with an 'inconsistentValue' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		If object midcomRuleOperStatus of the same entry has a
		value other than newEntry(1), setting(2), reserved(7), or
		enabled(8), then the value of this object is irrelevant."
	DEFVAL { 180 }
	-- 1.3.6.1.2.1.171.1.1.3.1.26
	::= { midcomRuleEntry 26 }


midcomRuleRowStatus OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS read-create
	STATUS  current
	DESCRIPTION
		"A control that allows entries to be added and removed from
		this table.





		Entries can also be removed from this table by setting
		objects midcomRuleLifetime and midcomRuleStorageTime of
		an entry to 0.

		Attempts to set a row notInService(2) where the value
		of the midcomRuleStorageType object is permanent(4) or
		readOnly(5) will result in an 'notWritable' error.

		Note that this error code is SNMP specific.  If the MIB
		module is used with other protocols than SNMP, errors with
		similar semantics specific to those protocols should be
		returned.

		The value of this object has no effect on whether other
		objects in this conceptual row can be modified."
	-- 1.3.6.1.2.1.171.1.1.3.1.27
	::= { midcomRuleEntry 27 }


--
-- Policy rule group subtree
--
-- The midcomGroupTable lists all current policy rule groups.
--

midcomGroupTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF MidcomGroupEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table lists all current policy rule groups.

		Entries in this table are created or removed
		implicitly when entries in the midcomRuleTable are
		created or removed, respectively.  A group entry
		in this table only exists as long as there are
		member rules of this group in the midcomRuleTable.

		The table serves for listing the existing groups and
		their remaining lifetimes and for changing lifetimes
		of groups and implicitly of all group members.
		Groups and all their member policy rules can only be
		deleted by deleting all member policies in the
		midcomRuleTable.

		Setting midcomGroupLifetime will result in setting
		the lifetime of all policy members to the same value."
	-- 1.3.6.1.2.1.171.1.1.4
	::= { midcomTransaction 4 }


midcomGroupEntry OBJECT-TYPE
	SYNTAX  MidcomGroupEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry describing properties of a particular
		MIDCOM policy rule group."
	INDEX {
		midcomRuleOwner,
		midcomGroupIndex }
	-- 1.3.6.1.2.1.171.1.1.4.1
	::= { midcomGroupTable 1 }


MidcomGroupEntry ::= SEQUENCE {

	midcomGroupIndex    Unsigned32,
	midcomGroupLifetime Unsigned32 }


midcomGroupIndex OBJECT-TYPE
	SYNTAX  Unsigned32 (1..4294967295)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The index of this group for the midcomRuleOwner.
		A group is identified by the combination of
		midcomRuleOwner and midcomGroupIndex.

		The value of this index must be unique per
		midcomRuleOwner."
	-- 1.3.6.1.2.1.171.1.1.4.1.2
	::= { midcomGroupEntry 2 }


midcomGroupLifetime OBJECT-TYPE
	SYNTAX  Unsigned32
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"When retrieved, this object delivers the maximum
		lifetime in seconds of all member rules of this group,
		i.e., of all rows in the midcomRuleTable that have the
		same values for midcomRuleOwner and midcomGroupIndex.

		Successfully writing to this object modifies the
		lifetime of all member policies.  Successfully
		writing a value of 0 terminates all member policies
		and implicitly deletes the group as soon as all member
		entries are removed from the midcomRuleTable.

		Note that after a group's lifetime is expired or is
		set to 0, still the corresponding entry in the
		midcomGroupTable will exist as long as terminated
		member policy rules are stored as entries in the





		midcomRuleTable.

		Writing to this object is processed by the MIDCOM-MIB
		implementation by choosing a lifetime value that is
		greater than 0 and less than or equal to the minimum of
		the requested value and the value specified by object
		midcomConfigMaxLifetime:

		 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)

		where:
		   - lt_granted is the actually granted lifetime by the
		     MIDCOM-MIB implementation
		   - lt_requested is the requested lifetime of the MIDCOM
		     client
		   - lt_maximum is the value of object
		     midcomConfigMaxLifetime

		SNMP SET requests to this object may be rejected or the
		value of the object after an accepted SET operation may be
		less than the value that was contained in the SNMP SET
		request."
	-- 1.3.6.1.2.1.171.1.1.4.1.3
	::= { midcomGroupEntry 3 }


--
-- Configuration Objects
--
--  Configuration objects that can be used for retrieving
--  middlebox capability information (mandatory) and for
--  setting parameters of the implementation of transaction
--  objects (optional).
--
--  Note that typically configuration objects are not intended
--  to be written by MIDCOM clients.  In general, write access
--  to these objects needs to be restricted more strictly than
--  write access to transaction objects.
--
--
-- Capabilities subtree
--
-- This subtree contains objects to which MIDCOM clients should
-- have read access.
--

midcomConfigMaxLifetime OBJECT-TYPE
	SYNTAX  Unsigned32
	UNITS	"seconds"
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"When retrieved, this object returns the maximum lifetime,
		in seconds, that this middlebox allows policy rules to
		have."
	-- 1.3.6.1.2.1.171.1.2.1
	::= { midcomConfig 1 }


midcomConfigPersistentRules OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"When retrieved, this object returns true(1) if the
		MIDCOM-MIB implementation can store policy rules
		persistently.  Otherwise, it returns false(2).

		A value of true(1) indicates that there may be
		entries in the midcomRuleTable with object
		midcomRuleStorageType set to value nonVolatile(3)."
	-- 1.3.6.1.2.1.171.1.2.2
	::= { midcomConfig 2 }


midcomConfigIfTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF MidcomConfigIfEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table indicates capabilities of the MIDCOM-MIB
		implementation per IP interface.

		The table is indexed by the object midcomConfigIfIndex.

		For indexing a single interface, this object contains
		the value of the ifIndex object that is associated
		with the interface.  If an entry with
		midcomConfigIfIndex = 0 occurs, then bits set in
		objects of this entry apply to all interfaces for which
		there is no entry in this table with the interface's
		index."
	-- 1.3.6.1.2.1.171.1.2.3
	::= { midcomConfig 3 }


midcomConfigIfEntry OBJECT-TYPE
	SYNTAX  MidcomConfigIfEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry describing the capabilities of a middlebox
		with respect to the indexed IP interface."
	INDEX {
		midcomConfigIfIndex }
	-- 1.3.6.1.2.1.171.1.2.3.1
	::= { midcomConfigIfTable 1 }


MidcomConfigIfEntry ::= SEQUENCE {

	midcomConfigIfIndex   InterfaceIndexOrZero,
	midcomConfigIfBits    BITS,
	midcomConfigIfEnabled TruthValue }


midcomConfigIfIndex OBJECT-TYPE
	SYNTAX  InterfaceIndexOrZero
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The index of an entry in the midcomConfigIfTable.

		For values different from zero, this object
		identifies an IP interface by containing the same
		value as the ifIndex object associated with the
		interface.

		Note that the index of a particular interface in the
		ifTable may change after a re-initialization of the
		middlebox, for example, after adding another interface to
		it.  In such a case, the value of this object may change,
		but the interface referred to by the MIDCOM-MIB MUST still
		be the same.  If, after a re-initialization of the
		middlebox, the interface referred to before
		re-initialization cannot be uniquely mapped anymore to a
		particular entry in the ifTable, then the value of object
		midcomConfigIfEnabled of the same entry MUST be changed to
		false(2).

		If the object has a value of 0, then values
		specified by further objects of the same entry
		apply to all interfaces for which there is no
		explicit entry in the midcomConfigIfTable."
	-- 1.3.6.1.2.1.171.1.2.3.1.1
	::= { midcomConfigIfEntry 1 }


midcomConfigIfBits OBJECT-TYPE
	SYNTAX  BITS {
			ipv4(0),
			ipv6(1),
			addressWildcards(2),
			portWildcards(3),
			firewall(4),
			nat(5),
			portTranslation(6),
			protocolTranslation(7),
			twiceNat(8),
			inside(9) }
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"When retrieved, this object returns a set of bits
		indicating the capabilities (or configuration) of
		the middlebox with respect to the referenced IP interface.
		If the index equals 0, then all set bits apply to all
		interfaces.

		If the ipv4(0) bit is set, then the middlebox supports
		IPv4 at the indexed IP interface.

		If the ipv6(1) bit is set, then the middlebox supports
		IPv6 at the indexed IP interface.

		If the addressWildcards(2) bit is set, then the
		middlebox supports IP address wildcarding at the indexed
		IP interface.

		If the portWildcards(3) bit is set, then the
		middlebox supports port wildcarding at the indexed
		IP interface.

		If the firewall(4) bit is set, then the middlebox offers
		firewall functionality at the indexed interface.

		If the nat(5) bit is set, then the middlebox offers
		network address translation service at the indexed
		interface.

		If the portTranslation(6) bit is set, then the middlebox
		offers port translation service at the indexed interface.
		This bit is only relevant if nat(5) is set.

		If the protocolTranslation(7) bit is set, then the
		middlebox offers protocol translation service between
		IPv4 and IPv6 at the indexed interface.  This bit is only
		relevant if nat(5) is set.

		If the twiceNat(8) bit is set, then the middlebox offers
		twice network address translation service at the indexed
		interface.  This bit is only relevant if nat(5) is set.

		If the inside(9) bit is set, then the indexed interface is





		an inside interface with respect to NAT functionality.
		Otherwise, it is an outside interface.  This bit is only
		relevant if nat(5) is set.  An SNMP agent supporting both
		the MIDCOM-MIB module and the NAT-MIB module SHOULD ensure
		that the value of this object is consistent with the values
		of corresponding objects in the NAT-MIB module."
	-- 1.3.6.1.2.1.171.1.2.3.1.2
	::= { midcomConfigIfEntry 2 }


midcomConfigIfEnabled OBJECT-TYPE
	SYNTAX  TruthValue
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The value of this object indicates the availability of
		the middlebox service described by midcomConfigIfBits
		at the indexed IP interface.

		By writing to this object, the MIDCOM support for the
		entire IP interface can be switched on or off.  Setting
		this object to false(2) immediately stops middlebox
		support at the indexed IP interface.  This implies that
		all policy rules that use NAT or firewall resources at
		the indexed IP interface are terminated immediately.
		In this case, the MIDCOM agent MUST send
		midcomUnsolicitedRuleEvent to all MIDCOM clients that
		have access to one of the terminated rules."
	DEFVAL { true }
	-- 1.3.6.1.2.1.171.1.2.3.1.3
	::= { midcomConfigIfEntry 3 }


--
-- Firewall subtree
--
-- This subtree contains the firewall configuration table
--

midcomConfigFirewallTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF MidcomConfigFirewallEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table lists the firewall configuration per IP interface.

		It can be used for configuring how policy rules created by
		MIDCOM clients are realized as firewall rules of a firewall
		implementation.  Particularly, the priority used for MIDCOM
		policy rules can be configured.  For a single firewall
		implementation at a particular IP interface, all MIDCOM
		policy rules are realized as firewall rules with the same





		priority.  Also, a firewall rule group name can be
		configured.

		The table is indexed by the object midcomConfigFirewallIndex.
		For indexing a single interface, this object contains the
		value of the ifIndex object that is associated with the
		interface.  If an entry with midcomConfigFirewallIndex = 0
		occurs, then bits set in objects of this entry apply to all
		interfaces for which there is no entry in this table for the
		interface's index."
	-- 1.3.6.1.2.1.171.1.2.4
	::= { midcomConfig 4 }


midcomConfigFirewallEntry OBJECT-TYPE
	SYNTAX  MidcomConfigFirewallEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry describing a particular set of
		firewall resources."
	INDEX {
		midcomConfigFirewallIndex }
	-- 1.3.6.1.2.1.171.1.2.4.1
	::= { midcomConfigFirewallTable 1 }


MidcomConfigFirewallEntry ::= SEQUENCE {

	midcomConfigFirewallIndex    InterfaceIndexOrZero,
	midcomConfigFirewallGroupId  SnmpAdminString,
	midcomConfigFirewallPriority Unsigned32 }


midcomConfigFirewallIndex OBJECT-TYPE
	SYNTAX  InterfaceIndexOrZero
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The index of an entry in the midcomConfigFirewallTable.

		For values different from 0, this object identifies an
		IP interface by containing the same value as the ifIndex
		object associated with the interface.

		Note that the index of a particular interface in the
		ifTable may change after a re-initialization of the
		middlebox, for example, after adding another interface to
		it.  In such a case, the value of this object may change,
		but the interface referred to by the MIDCOM-MIB MUST still
		be the same.  If, after a re-initialization of the
		middlebox, the interface referred to before
		re-initialization cannot be uniquely mapped anymore to a
		particular entry in the ifTable, then the entry in the





		midcomConfigFirewallTable MUST be deleted.

		If the object has a value of 0, then values specified by
		further objects of the same entry apply to all interfaces
		for which there is no explicit entry in the
		midcomConfigFirewallTable."
	-- 1.3.6.1.2.1.171.1.2.4.1.1
	::= { midcomConfigFirewallEntry 1 }


midcomConfigFirewallGroupId OBJECT-TYPE
	SYNTAX  SnmpAdminString
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The firewall rule group to which all firewall rules are
		assigned that the MIDCOM server creates for the interface
		indicated by object midcomConfigFirewallIndex.  If the
		value of object midcomConfigFirewallIndex is 0, then all
		firewall rules of the MIDCOM server that are created for
		interfaces with no specific entry in the
		midcomConfigFirewallTable are assigned to the firewall
		rule group indicated by the value of this object."
	-- 1.3.6.1.2.1.171.1.2.4.1.2
	::= { midcomConfigFirewallEntry 2 }


midcomConfigFirewallPriority OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"The priority assigned to all firewall rules that the
		MIDCOM server creates for the interface indicated by
		object midcomConfigFirewallIndex.  If the value of object
		midcomConfigFirewallIndex is 0, then this priority is
		assigned to all firewall rules of the MIDCOM server that
		are created for interfaces for which there is no specific
		entry in the midcomConfigFirewallTable."
	-- 1.3.6.1.2.1.171.1.2.4.1.3
	::= { midcomConfigFirewallEntry 3 }


--
-- Monitoring Objects
--
-- Monitoring objects are structured into two groups,
-- the midcomResourceGroup providing information about used
-- resources and the midcomStatisticsGroup providing information
-- about MIDCOM transaction statistics.
--
-- Resources subtree
--
-- The MIDCOM resources subtree contains a set of managed
-- objects describing the currently used resources of NAT
-- and firewall implementations.
--
--
-- Textual conventions for objects of the resource subtree
--

MidcomNatBindMode ::= TEXTUAL-CONVENTION
	STATUS  current
	DESCRIPTION
		"An indicator of the kind of NAT resources used by a policy
		rule.  This definition corresponds to the definition of
		NatBindMode in the NAT-MIB (RFC 4008).  Value none(3) can
		be used to indicate that the policy rule does not use
		any NAT binding.

		"
	SYNTAX INTEGER {
			addressBind(1),
			addressPortBind(2),
			none(3) }


MidcomNatSessionIdOrZero ::= TEXTUAL-CONVENTION
	DISPLAY-HINT "d"
	STATUS  current
	DESCRIPTION
		"A unique ID that is assigned to each NAT session by
		a NAT implementation.  This definition corresponds to
		the definition of NatSessionId in the NAT-MIB (RFC 4008).
		Value 0 can be used to indicate that the policy rule does
		not use any NAT binding."
	SYNTAX Unsigned32


--
-- The MIDCOM resource table
--

midcomResourceTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF MidcomResourceEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table lists all used middlebox resources per
		MIDCOM policy rule.

		The midcomResourceTable augments the





		midcomRuleTable."
	-- 1.3.6.1.2.1.171.1.3.1
	::= { midcomMonitoring 1 }


midcomResourceEntry OBJECT-TYPE
	SYNTAX  MidcomResourceEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry describing a particular set of middlebox
		resources."
	AUGMENTS {
		midcomRuleEntry }
	-- 1.3.6.1.2.1.171.1.3.1.1
	::= { midcomResourceTable 1 }


MidcomResourceEntry ::= SEQUENCE {

	midcomRscNatInternalAddrBindMode MidcomNatBindMode,
	midcomRscNatInternalAddrBindId   NatBindIdOrZero,
	midcomRscNatInsideAddrBindMode   MidcomNatBindMode,
	midcomRscNatInsideAddrBindId     NatBindIdOrZero,
	midcomRscNatSessionId1           MidcomNatSessionIdOrZero,
	midcomRscNatSessionId2           MidcomNatSessionIdOrZero,
	midcomRscFirewallRuleId          Unsigned32 }


midcomRscNatInternalAddrBindMode OBJECT-TYPE
	SYNTAX  MidcomNatBindMode
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"An indication of whether this policy rule uses an address
		NAT bind or an address-port NAT bind for binding the
		internal address.

		If the MIDCOM-MIB module is operated together with
		the NAT-MIB module (RFC 4008) then object
		midcomRscNatInternalAddrBindMode contains the same
		value as the corresponding object
		natSessionPrivateSrcEPBindMode of the NAT-MIB module."
	-- 1.3.6.1.2.1.171.1.3.1.1.4
	::= { midcomResourceEntry 4 }


midcomRscNatInternalAddrBindId OBJECT-TYPE
	SYNTAX  NatBindIdOrZero
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object references to the allocated internal NAT
		bind that is used by this policy rule.  A NAT bind
		describes the mapping of internal addresses to
		outside addresses.  MIDCOM-MIB implementations can





		read this object to learn the corresponding NAT bind
		resource for this particular policy rule.

		If the MIDCOM-MIB module is operated together with
		the NAT-MIB module (RFC 4008) then object
		midcomRscNatInternalAddrBindId contains the same
		value as the corresponding object
		natSessionPrivateSrcEPBindId of the NAT-MIB module."
	-- 1.3.6.1.2.1.171.1.3.1.1.5
	::= { midcomResourceEntry 5 }


midcomRscNatInsideAddrBindMode OBJECT-TYPE
	SYNTAX  MidcomNatBindMode
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"An indication of whether this policy rule uses an address
		NAT bind or an address-port NAT bind for binding the
		external address.

		If the MIDCOM-MIB module is operated together with
		the NAT-MIB module (RFC 4008), then object
		midcomRscNatInsideAddrBindMode contains the same
		value as the corresponding object
		natSessionPrivateDstEPBindMode of the NAT-MIB module."
	-- 1.3.6.1.2.1.171.1.3.1.1.6
	::= { midcomResourceEntry 6 }


midcomRscNatInsideAddrBindId OBJECT-TYPE
	SYNTAX  NatBindIdOrZero
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object refers to the allocated external NAT
		bind that is used by this policy rule.  A NAT bind
		describes the mapping of external addresses to
		inside addresses.  MIDCOM-MIB implementations can
		read this object to learn the corresponding NAT bind
		resource for this particular policy rule.

		If the MIDCOM-MIB module is operated together with the
		NAT-MIB module (RFC 4008), then object
		midcomRscNatInsideAddrBindId contains the same
		value as the corresponding object
		natSessionPrivateDstEPBindId of the NAT-MIB module."
	-- 1.3.6.1.2.1.171.1.3.1.1.7
	::= { midcomResourceEntry 7 }


midcomRscNatSessionId1 OBJECT-TYPE
	SYNTAX  MidcomNatSessionIdOrZero
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object refers to the first allocated NAT session for
		this policy rule.  MIDCOM-MIB implementations can read this
		object to learn whether or not a NAT session for a
		particular policy rule is used.  A value of 0 means that no
		NAT session is allocated for this policy rule.  A value
		other than 0 refers to the NAT session."
	-- 1.3.6.1.2.1.171.1.3.1.1.8
	::= { midcomResourceEntry 8 }


midcomRscNatSessionId2 OBJECT-TYPE
	SYNTAX  MidcomNatSessionIdOrZero
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object refers to the second allocated NAT session for
		this policy rule.  MIDCOM-MIB implementations can read this
		object to learn whether or not a NAT session for a
		particular policy rule is used.  A value of 0 means that no
		NAT session is allocated for this policy rule.  A value
		other than 0 refers to the NAT session."
	-- 1.3.6.1.2.1.171.1.3.1.1.9
	::= { midcomResourceEntry 9 }


midcomRscFirewallRuleId OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"This object refers to the allocated firewall
		rule in the firewall engine for this policy rule.
		MIDCOM-MIB implementations can read this value to
		learn whether a firewall rule for this particular
		policy rule is used or not.  A value of 0 means that
		no firewall rule is allocated for this policy rule.
		A value other than 0 refers to the firewall rule
		number within the firewall engine."
	-- 1.3.6.1.2.1.171.1.3.1.1.10
	::= { midcomResourceEntry 10 }


--
-- Statistics subtree
--
-- The MIDCOM statistics subtree contains a set of managed
-- objects providing statistics about the usage of transaction
-- objects.
--

midcomStatistics OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.1.3.2
	::= { midcomMonitoring 2 }

midcomCurrentOwners OBJECT-TYPE
	SYNTAX  Gauge32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The number of different values for midcomRuleOwner
		for all current entries in the midcomRuleTable."
	-- 1.3.6.1.2.1.171.1.3.2.1
	::= { midcomStatistics 1 }


midcomTotalRejectedRuleEntries OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of failed attempts to create an entry
		in the midcomRuleTable."
	-- 1.3.6.1.2.1.171.1.3.2.2
	::= { midcomStatistics 2 }


midcomCurrentRulesIncomplete OBJECT-TYPE
	SYNTAX  Gauge32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The current number of policy rules that are incomplete.

		Policy rules are loaded via row entries in the
		midcomRuleTable.  This object counts policy rules that are
		loaded but not fully specified, i.e., they are in state
		newEntry(1) or setting(2)."
	-- 1.3.6.1.2.1.171.1.3.2.3
	::= { midcomStatistics 3 }


midcomTotalIncorrectReserveRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy reserve rules that failed
		parameter check and entered state incorrectRequest(4)."
	-- 1.3.6.1.2.1.171.1.3.2.4
	::= { midcomStatistics 4 }


midcomTotalRejectedReserveRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy reserve rules that failed
		while being processed and entered state requestRejected(6)."
	-- 1.3.6.1.2.1.171.1.3.2.5
	::= { midcomStatistics 5 }


midcomCurrentActiveReserveRules OBJECT-TYPE
	SYNTAX  Gauge32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The number of currently active policy reserve rules."
	-- 1.3.6.1.2.1.171.1.3.2.6
	::= { midcomStatistics 6 }


midcomTotalExpiredReserveRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of expired policy reserve rules
		(entered termination state timedOut(9))."
	-- 1.3.6.1.2.1.171.1.3.2.7
	::= { midcomStatistics 7 }


midcomTotalTerminatedOnRqReserveRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy reserve rules that were
		terminated on request (entered termination state
		terminatedOnRequest(10))."
	-- 1.3.6.1.2.1.171.1.3.2.8
	::= { midcomStatistics 8 }


midcomTotalTerminatedReserveRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy reserve rules that were
		terminated, but not on request (entered termination state
		terminated(11))."
	-- 1.3.6.1.2.1.171.1.3.2.9
	::= { midcomStatistics 9 }


midcomTotalIncorrectEnableRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy enable rules that failed
		parameter check and entered state incorrectRequest(4)."
	-- 1.3.6.1.2.1.171.1.3.2.10
	::= { midcomStatistics 10 }


midcomTotalRejectedEnableRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy enable rules that failed
		while being processed and entered state requestRejected(6)."
	-- 1.3.6.1.2.1.171.1.3.2.11
	::= { midcomStatistics 11 }


midcomCurrentActiveEnableRules OBJECT-TYPE
	SYNTAX  Gauge32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The number of currently active policy enable rules."
	-- 1.3.6.1.2.1.171.1.3.2.12
	::= { midcomStatistics 12 }


midcomTotalExpiredEnableRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of expired policy enable rules
		(entered termination state timedOut(9))."
	-- 1.3.6.1.2.1.171.1.3.2.13
	::= { midcomStatistics 13 }


midcomTotalTerminatedOnRqEnableRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy enable rules that were
		terminated on request (entered termination state
		terminatedOnRequest(10))."
	-- 1.3.6.1.2.1.171.1.3.2.14
	::= { midcomStatistics 14 }


midcomTotalTerminatedEnableRules OBJECT-TYPE
	SYNTAX  Counter32
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The total number of policy enable rules that were
		terminated, but not on request (entered termination state
		terminated(11))."
	-- 1.3.6.1.2.1.171.1.3.2.15
	::= { midcomStatistics 15 }



--
-- Notifications.
--

midcomUnsolicitedRuleEvent NOTIFICATION-TYPE
	OBJECTS {
		midcomRuleOperStatus,
		midcomRuleLifetime}
	STATUS  current
	DESCRIPTION
		"This notification is generated whenever the value of
		midcomRuleOperStatus enters any error state or any
		termination state without an explicit trigger by a
		MIDCOM client."
	-- 1.3.6.1.2.1.171.0.1
	::= { midcomNotifications 1 }


midcomSolicitedRuleEvent NOTIFICATION-TYPE
	OBJECTS {
		midcomRuleOperStatus,
		midcomRuleLifetime}
	STATUS  current
	DESCRIPTION
		"This notification is generated whenever the value
		of midcomRuleOperStatus enters one of the states
		{reserved, enabled, any error state, any termination state}
		as a result of a MIDCOM agent writing successfully to
		object midcomRuleAdminStatus.

		In addition, it is generated when the lifetime of
		a rule was changed by successfully writing to object
		midcomRuleLifetime."
	-- 1.3.6.1.2.1.171.0.2
	::= { midcomNotifications 2 }


midcomSolicitedGroupEvent NOTIFICATION-TYPE
	OBJECTS {
		midcomGroupLifetime}
	STATUS  current
	DESCRIPTION
		"This notification is generated for indicating that the
		lifetime of all member rules of the group was changed by
		successfully writing to object midcomGroupLifetime.

		Note that this notification is only sent if the lifetime
		of a group was changed by successfully writing to object
		midcomGroupLifetime.  No notification is sent
		  - if a group's lifetime is changed by writing to object
		    midcomRuleLifetime of any of its member policies,
		  - if a group's lifetime expires (in this case,
		    notifications are sent for all member policies), or
		  - if the group is terminated by terminating the last
		    of its member policies without writing to object
		    midcomGroupLifetime."
	-- 1.3.6.1.2.1.171.0.3
	::= { midcomNotifications 3 }

--
-- Conformance information
--

midcomCompliances OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.2.1
	::= { midcomConformance 1 }

midcomGroups OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.171.2.2
	::= { midcomConformance 2 }


--
-- compliance statements
--
-- This is the MIDCOM compliance definition ...
--

midcomCompliance MODULE-COMPLIANCE
	STATUS  current
	DESCRIPTION
		"The compliance statement for implementations of the
		MIDCOM-MIB module.

		Note that compliance with this compliance
		statement requires compliance with the
		ifCompliance3 MODULE-COMPLIANCE statement of the
		IF-MIB [RFC2863]."

	MODULE 
	MANDATORY-GROUPS {
			midcomRuleGroup,
			midcomNotificationsGroup,
			midcomCapabilitiesGroup,
			midcomStatisticsGroup }

	GROUP midcomConfigFirewallGroup
	  DESCRIPTION
		"A compliant implementation does not have to implement
		the midcomConfigFirewallGroup."
	GROUP midcomResourceGroup
	  DESCRIPTION
		"A compliant implementation does not have to implement
		the midcomResourceGroup."
	OBJECT midcomRuleInternalIpPrefixLength
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required.  When write access is
		not supported, return 128 as the value of this object.
		A value of 128 means that the function represented by
		this option is not supported."
	OBJECT midcomRuleExternalIpPrefixLength
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required.  When write access is
		not supported, return 128 as the value of this object.





		A value of 128 means that the function represented by
		this option is not supported."
	OBJECT midcomRuleMaxIdleTime
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required.  When write access is
		not supported, return 0 as the value of this object.
		A value of 0 means that the function represented by
		this option is not supported."
	OBJECT midcomRuleInterface
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT midcomConfigMaxLifetime
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT midcomConfigPersistentRules
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT midcomConfigIfEnabled
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT midcomConfigFirewallGroupId
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	OBJECT midcomConfigFirewallPriority
	  MIN-ACCESS read-only
	  DESCRIPTION 
		"Write access is not required."
	-- 1.3.6.1.2.1.171.2.1.1
	::= { midcomCompliances 1 }

midcomRuleGroup OBJECT-GROUP
	OBJECTS {
		midcomRuleAdminStatus,
		midcomRuleOperStatus,
		midcomRuleStorageType,
		midcomRuleStorageTime,
		midcomRuleError,
		midcomRuleInterface,
		midcomRuleFlowDirection,
		midcomRuleMaxIdleTime,
		midcomRuleTransportProtocol,
		midcomRulePortRange,
		midcomRuleInternalIpVersion,
		midcomRuleExternalIpVersion,
		midcomRuleInternalIpAddr,
		midcomRuleInternalIpPrefixLength,
		midcomRuleInternalPort,
		midcomRuleExternalIpAddr,
		midcomRuleExternalIpPrefixLength,
		midcomRuleExternalPort,
		midcomRuleInsideIpAddr,
		midcomRuleInsidePort,
		midcomRuleOutsideIpAddr,
		midcomRuleOutsidePort,
		midcomRuleLifetime,
		midcomRuleRowStatus,
		midcomGroupLifetime }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		policy rules and policy rule groups."
	-- 1.3.6.1.2.1.171.2.2.1
	::= { midcomGroups 1 }

midcomCapabilitiesGroup OBJECT-GROUP
	OBJECTS {
		midcomConfigMaxLifetime,
		midcomConfigPersistentRules,
		midcomConfigIfBits,
		midcomConfigIfEnabled }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		the capabilities of a middlebox."
	-- 1.3.6.1.2.1.171.2.2.2
	::= { midcomGroups 2 }

midcomConfigFirewallGroup OBJECT-GROUP
	OBJECTS {
		midcomConfigFirewallGroupId,
		midcomConfigFirewallPriority }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		the firewall rule group and firewall rule priority to
		be used by firewalls loaded through MIDCOM."
	-- 1.3.6.1.2.1.171.2.2.3
	::= { midcomGroups 3 }

midcomResourceGroup OBJECT-GROUP
	OBJECTS {
		midcomRscNatInternalAddrBindMode,
		midcomRscNatInternalAddrBindId,
		midcomRscNatInsideAddrBindMode,
		midcomRscNatInsideAddrBindId,
		midcomRscNatSessionId1,
		midcomRscNatSessionId2,
		midcomRscFirewallRuleId }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing information about
		the used NAT and firewall resources."
	-- 1.3.6.1.2.1.171.2.2.4
	::= { midcomGroups 4 }

midcomStatisticsGroup OBJECT-GROUP
	OBJECTS {
		midcomCurrentOwners,
		midcomTotalRejectedRuleEntries,
		midcomCurrentRulesIncomplete,
		midcomTotalIncorrectReserveRules,
		midcomTotalRejectedReserveRules,
		midcomCurrentActiveReserveRules,
		midcomTotalExpiredReserveRules,
		midcomTotalTerminatedOnRqReserveRules,
		midcomTotalTerminatedReserveRules,
		midcomTotalIncorrectEnableRules,
		midcomTotalRejectedEnableRules,
		midcomCurrentActiveEnableRules,
		midcomTotalExpiredEnableRules,
		midcomTotalTerminatedOnRqEnableRules,
		midcomTotalTerminatedEnableRules }
	STATUS  current
	DESCRIPTION
		"A collection of objects providing statistical
		information about the MIDCOM server."
	-- 1.3.6.1.2.1.171.2.2.5
	::= { midcomGroups 5 }

midcomNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS {
		midcomUnsolicitedRuleEvent,
		midcomSolicitedRuleEvent,
		midcomSolicitedGroupEvent }
	STATUS  current
	DESCRIPTION
		"The notifications emitted by the midcomMIB."
	-- 1.3.6.1.2.1.171.2.2.6
	::= { midcomGroups 6 }

END
