faqs.org - Internet FAQ Archives

RFC 1023 - HEMS monitoring and control language


Or Display the document by number




Network Working Group                                          G. Trewitt
Request for Comments: 1023                                       Stanford
                                                             C. Partridge
                                                                 BBN/NNSC
                                                             October 1987

                  HEMS Monitoring and Control Language

   This RFC specifies the design of a general-purpose, yet efficient,
   monitoring and control language for managing network entities.  The
   data in the entity is modeled as a hierarchy and specific items are
   named by giving the path from the root of the tree.  Most items are
   read-only, but some can be "set" in order to perform control
   operations.  Both requests and responses are represented using the
   ISO ASN.1 data encoding rules.

STATUS OF THIS MEMO

   The purpose of this RFC is provide a specification for monitoring and
   control of network entities in the Internet.  This is an experimental
   specification and is intended for use in testing the ideas presented
   here.  No proposals in this memo are intended as standards for the
   Internet at this time.  After sufficient experimentation and
   discussion, this RFC will be redrafted, perhaps as a standard.
   Distribution of this memo is unlimited.

   This language is a component of the High-Level Entity Monitoring
   System (HEMS) described in RFC-1021 and RFC-1022.  Readers may want
   to consult these RFCs when reading this memo.  RFC-1024 contains
   detailed assignments of numbers and structures used in this system.
   This memo assumes a knowledge of the ISO data encoding standard,
   ASN.1.

OVERVIEW AND SCOPE

   The basic model of monitoring and control used in this proposal is
   that a query is sent to a monitored entity and the entity sends back
   a response.  The term query is used in the database sense -- it may
   request information, modify things, or both.  We will use gateway-
   oriented examples, but it should be understood that this query-
   response mechanism can be applied to other entities besides just
   gateways.

   In particular, there is no notion of an interactive "conversation" as
   in SMTP [RFC-821] or FTP [RFC-959].  A query is a complete request
   that stands on its own and elicits a complete response.

   It is not necessary for a monitored entity to be able to store the
   complete query.  It is quite possible for an implementation to
   process the query on the fly, producing portions of the response
   while the query is still being received.

   Other RFCs associated with HEMS are:  RFC-1021 -- Overview; RFC-1022
   -- transport protocol and message encapsulation; RFC-1024 -- precise
   data definitions.  These issues are not dealt with here.  It is
   assumed that there is some mechanism to transport a sequence of
   octets to a query processor within the monitored entity and that
   there is some mechanism to return a sequence of octets to the entity
   making the query.

ENCODING OF QUERIES AND RESPONSES

   Both queries and responses are encoded using the representation
   defined in ISO Standard ASN.1 (Abstract Syntax Notation 1).  ASN.1
   represents data as sequences of <tag,length,contents> triples that
   are encoded as a stream of octets.  The data tuples may be
   recursively nested to represent structured data such as arrays or
   records.  For a full description of this notation, see the ISO
   documents IS 8824 and IS 8825.  See the end of this memo for
   information about ordering these documents.

NOTATION USED IN THIS PROPOSAL

   The notation used in this memo is similar to that used in ASN.1, but
   less formal, smaller, and (hopefully) easier to read.  The most
   important difference is that, in this memo, we are not concerned with
   the length of the data items.

   ASN.1 data items may be either a "simple type" such as integer or
   octet string or a "structured type", a collection of data items.  The
   notation or a "structured type", a collection of data items.  The
   notation:
        ID(value)
   represents a simple data item whose tag is "ID" with the given value.
   A structured data item is represented as:
        ID { ... contents ... }
   where contents is a sequence of data items.  Remember that the
   contents may include both simple and structured types, so the
   structure is fully recursive.

   There are situations where it is desirable to specify a type but give
   no value, such as when there is no meaningful value for a particular
   measured parameter or when the entire contents of a structured type
   is being specified.  In this situation, the same notation is used,

   but with the value omitted:
          ID()
   or
          ID{}
   The representation of this is obvious -- the data item has zero for
   the length and no contents.

DATA MODEL

   Data in a monitored entity is modeled as a hierarchy.
   Implementations are not required to organize the data internally as a
   hierarchy, but they must provide this view of the data through the
   query language.  A hierarchy offers useful structure for the
   following operations:

   Organization     A hierarchy allows related data to be grouped
                    together in a natural way.

   Naming           The name of a piece of data is just the path from
                    the root to the data of interest.

   Mapping onto ASN.1
                    ASN.1 can easily represent a hierarchy by using
                    "constructor" types as an envelope for an entire
                    subtree.

   Efficient Representation
                    Hierarchical structures are quite compact and can
                    be traversed very quickly.

   Each node in the hierarchy must have names for its component parts.
   Although we would normally think of names as being ASCII strings such
   as "input errors", the actual name would just be an ASN.1 tag.  Such
   names would be small integers (typically, less than 100) and so could
   easily be mapped by the monitored entity onto its internal
   representation.

   We will use the term "dictionary" to represent an internal node in
   the hierarchy.  Here is a possible organization of the hierarchy in
   an entity that has several network interfaces and multiple processes.
   The exact organization of data in entities is specified in RFC-1024.

          system {
                  name                            -- host name
                  clock-msec                      -- msec since boot
                  interfaces                      -- # of interfaces
                  }
          interfaces {                    -- one per interface
                  interface { type, ip-addr, in-pkts, out-pkts, . . . }
                  interface { type, ip-addr, in-pkts, out-pkts, . . . }
                  interface { type, ip-addr, in-pkts, out-pkts, . . . }
                                  :
                  }
          processes {
                  process { name, stack, interrupts, . . . }
                  process { name, stack, interrupts, . . . }
                                  :
                  }
          route-table {
                  route-entry { dest, interface, nexthop, cost, . . . }
                  route-entry { dest, interface, nexthop, cost, . . . }
                                  :
                  }
          arp-table {
                  arp-entry { hard-addr, ip-addr, age }
                  arp-entry { hard-addr, ip-addr, age }
                                  :
                  }
          memory { }

   The "name" of the clock in this entity would be:
          system{ clock-msec }
   and the name of a route-entry's IP address would be:
          route-table{ route-entry{ ip-addr } }.
   Actually, this is the name of the IP addresses of ALL of the routing
   table entries.  This ambiguity is a problem in any situation where
   there are several instances of an item being monitored.  If there was
   a meaningful index for such tabular data (e.g., "routing table entry
   #1"), there would be no problem.  Unfortunately, there usually isn't
   such an index.  The solution to this problem requires that the data
   be accessed on the basis of some of its content.  More on this later.

   More than one piece of data can be named by a single ASN.1 object.
   The entire collection of system information is named by:
          system{ }
   and the name of a routing table's IP address and cost would be:
          route-table{ route-entry{ ip-addr, cost } }.

Arrays

   There is one sub-type of a dictionary that is used as the basis for
   tables of objects with identical types.  We call these dictionaries
   arrays.  In the example above, the dictionaries for interfaces,
   processes, routing tables, and ARP tables are all arrays.  In fact,
   we expect that most of the interesting data in an entity will be
   contained in arrays.

   The primary difference between arrays and plain dictionaries is that
   arrays may contain only one type of item, while dictionaries, in
   general, will contain many different types of items.  Arrays are
   usually accessed associatively using special operators in the
   language.

   The fact that these objects are viewed externally as arrays does not
   mean that they are represented in an implementation as linear lists
   of objects.  Any collection of same-typed objects is viewed as an
   array, even though it might be represented as, for example, a hash
   table.

REPRESENTATION OF A REPLY

   The data returned to the monitoring entity is a sequence of ASN.1
   data items.  Each of these corresponds to one the top-level
   dictionaries maintained by the monitored entity.  The tags for these
   data items will be in the "application-specific" class (e.g., if an
   entity has the above structure for its data, then the only top-level
   data items that will be returned will have tags corresponding to
   these groups).  If a query returned data from two of these, the
   representation might look like:
          interfaces{ . . . }  route-table{ . . . }
   which is just a stream of two ASN.1 objects (each of which may
   consist of many sub-objects).

   Data not in the root dictionary will have tags from the context-
   specific class.  Therefore, data must always be fully qualified.  For
   example, the name of the entity would always be returned encapsulated
   inside an ASN.1 object for "system".  If it were not, there would be
   no way to tell if the object that was returned were "name" inside the
   "system" dictionary or "dest" inside the "interfaces" dictionary
   (assuming in this case that "name" and "dest" were assigned the same
   ASN.1 tag).

   Having fully-qualified data simplifies decoding of the data at the
   receiving end and allows the tags to be locally chosen (e.g.,
   definitions for tags dealing with ARP tables can't conflict with
   definitions for tags dealing with interfaces).  Therefore, the people

   doing the name assignments are less constrained.  In addition, most
   of the identifiers will be fairly small integers.

   It will often be the case that requested data may not be available,
   either because the request was badly formed (asked for data that
   couldn't exist) or because the particular data item wasn't defined in
   a particular situation (time since last error, when there hasn't been
   an error).  In this situation, the returned data item will have the
   same tag as in the request, but will have zero-length data.
   Therefore, there can NEVER be an "undefined data" error.

   This allows completely generic queries to be composed without regard
   to whether the data is defined at all of the entities that will
   receive the request.  All of the available data will be returned,
   without generating errors that might otherwise terminate the
   processing of the query.

REPRESENTATION OF A REQUEST

   A request to a monitored entity is also a sequence of ASN.1 data
   items.  Each item will fit into one of the following categories:

   Template        These are objects with the same types as the
                   objects returned by a request.  The difference
                   is that a template only specifies the shape of
                   the data -- there are no values contained in
                   it.  Templates are used to select specific data
                   to be returned.  No ordering of returned data
                   is implied by the ordering in a template.  A
                   template may be either simple or structured,
                   depending upon what data it is naming.  The
                   representations of the simple data items in a
                   template all have a length of zero.

   Tag             A tag is a special case of a template that is a
                   simple (non-structured) type (i.e., it names
                   exactly one node in the dictionary tree).

   Opcodes         These objects tell the query interpreter to do
                   something.  They are described in detail later in
                   this report.  Opcodes are represented as an
                   application-specific type whose value determines
                   the operation.  These values are defined in
                   RFC-1024.

   Data            These are the same objects that are used to
                   represent information returned from an entity.
                   It is occasionally be necessary to send data as

                   part of a request.  For example, when requesting
                   information about the interface with IP address
                   "10.0.0.51", the address would be sent in the
                   same format in the request as it would be seen
                   in a reply.

   Data, Tags, and Templates are usually in either the context-specific
   class, except for items in the root dictionary and a few special
   cases, which are in the application-specific class.

QUERY LANGUAGE

   Although queries are formed in a flexible way using what we term a
   "language", this is not a programming language.  There are operations
   that operate on data, but most other features of programming
   languages are not present.  In particular:

         - Programs are not stored in the query processor.

         - The only form of temporary storage is a stack.

   In the current version of the query language:

         - There are no subroutines.

         - There are no control structures defined in the language.

         - There are no arithmetic or conditional operators.

   These features could be added to the language if needed.

   This language is designed with the goal of being expressive enough to
   write useful queries with, but to guarantee simplicity, both of query
   execution and language implementation.

   The central element of the language is the stack.  It may contain
   templates, (and therefore tags), data, or dictionaries (and therefore
   arrays) from the entity being monitored.  Initially, it contains one
   item, the root dictionary.

   The overall operation consists of reading ASN.1 objects from the
   input stream.  All objects that aren't opcodes are pushed onto the
   stack as soon as they are read.  Each opcode is executed immediately
   and may remove things from the stack and may generate ASN.1 objects
   and send them to the output stream.  Note that portions of the
   response may be generated while the query is still being received.

   The following opcodes are defined in the language.  This is a

   provisional list -- changes may need to be made to deal with
   additional needs.

   In the descriptions below, opcode names are in capital letters,
   preceded by the arguments used from the stack and followed by results
   left on the stack.  For example:

   OP          a b    OP    t
               means that the OP operator takes <a> and <b> off of the
               stack and leaves <t> on the stack.  Many of the operators
               below leave the first operand (<a> in this example) on
               the stack for future use.

   Here are the operators defined in the query language:

   GET         dict template    GET    dict
               Emit an ASN.1 object with the same "shape" as the given
               template.  Any items in the template that are not in
               <dictionary> (or its components) are represented as
               objects with a length of zero.  This handles requests for
               data that isn't available, either because it isn't
               defined or because it doesn't apply in this situation.

   or          dict    GET    dict
               If there is no template, get all of the items in the
               dictionary.  This is equivalent to providing a template
               that lists all of the items in the dictionary.

   BEGIN       dict1 tag    BEGIN     dict1 dict
               Pushes the value for dict{ tag } on the stack, which
               should be another dictionary.  At the same time, produce
               the beginning octets of an ASN.1 object corresponding to
               that dictionary.  It is up to the implementation to
               choose between using the "indefinite length"
               representation or going back and filling the length in
               later.

   END         dict    END    --
               Pop the dictionary off of the stack and terminate the
               currently open ASN.1 object.  Must be paired with a
               BEGIN.

Getting Items Based on Their Values

   One problem that has not been dealt with was alluded to earlier:
   When dealing with array data, how do you specify one or more entries
   based upon some value in the array entries?  Consider the situation
   where there are several interfaces.  The data might be organized as:

          interfaces {
                  interface { type, ip-addr, in-pkts, out-pkts, ...}
                  interface { type, ip-addr, in-pkts, out-pkts, ...}
                                  :
                                  :
                  }

   If you only want information about one interface (perhaps because
   there is an enormous amount of data about each), then you have to
   have some way to name it.  One possibility is to just number the
   interfaces and refer to the desired interface as:
          interfaces(3)
   for the third one.

   But this is probably not sufficient since interface numbers may
   change over time, perhaps from one reboot to the next.  This method
   is not sufficient at all for arrays with many elements, such as
   processes, routing tables, etc.  Large, changing arrays are probably
   the more common case, in fact.

   Because of the lack of utility of indexing in this context, there is
   no general mechanism in the language for indexing.

   A better scheme is to select objects based upon some value contained
   in them, such as the IP address or process name.  The GET-MATCH
   operator provides this functionality in a fairly general way.

   GET-MATCH   array value template    GET-MATCH    array
               <array> should be a array (dictionary containing only
               one type of item).  The first tag in <value> and
               <template> must match this type.  For each entry in
               <array>, match the <value> against the contents of
               the entry.  If there is a match, emit the entry based
               upon <template>, just as in a GET operation.

   If there are several leaf items in the value to be matched against,
   as in:
          route-entry{ interface(1), cost(3) }
   all of them must match an array entry for it to be emitted.

   Here is an example of how this operator would be used to obtain the
   input and output packet counts for the interface with ip-address
   10.0.0.51.

          interfaces BEGIN                    -- get dictionary
          interface{ ip-addr(10.0.0.51) }     -- value to match
          interface{ in-pkts out-pkts }       -- data template to get
          GET-MATCH
          END                                 -- finished with dict

   The exact meaning of a "match" is dependent upon the characteristics
   of the entities being compared.  In almost all cases, it is a
   comparison for exact equality.  However, it is quite reasonable to
   define values that allow matches to do interesting things.  For
   example, one might define three different flavors of "ip-addr":  one
   that has only the IP net number, one with the IP net+subnet, and the
   whole IP address.  Another possibility is to allow for wildcards in
   IP addresses (e.g., if the "host" part of an IP address was all ones,
   then that would match against any IP address with the same net
   number).

   So, for all data items defined, the behavior of the match operation
   must be defined if it is not simple equality.

   Implementations don't have to provide the ability to use all items in
   an object to match against.  It is expected that some data structures
   that provide for efficient lookup for one item may be very
   inefficient for matching against others.  (For instance, routing
   tables are designed for lookup with IP addresses.  It may be very
   difficult to search the routing table, matching against costs.)

   NOTE:  It would be desirable to provide a general-purpose filtering
   capability, rather than just "equality" as provided by GET-MATCH.
   However, because of the potential complexity of such a facility, lack
   of a widely-accepted representation for filter expressions, and time
   pressure, we are not defining this mechanism now.

   However, if a generalized filtering mechanism is devised, the GET-
   MATCH operator will disappear.

Data Attributes

   Although ASN.1 data is self-describing as far as the structure goes,
   it gives no information about what the data means (e.g., By looking
   at the raw data, it is possible to tell that an item is of type
   [context 5] and 4 octets long).  That does not tell how to interpret
   the data (is this an integer, an IP address, or a 4-character
   string?), or what the data means (IP address of what?).

   Most of the time, this information will come from RFC-1024, which
   defines all of the ASN.1 tags and their precise meaning.  When
   extensions have been made, it may not be possible to get

   documentation on the extensions.  (See the section about extensions,
   page 15.)

   The query language provides a set of operators parallel to the GET
   and GET-MATCH operators that return a set of attributes describing
   the data.  This information should be sufficient to let a human
   understand the meaning of the data and to let a sophisticated
   application treat the data appropriately.  The information is
   sufficient to let an application format the information on a display
   and decide whether or not to subtract one sample from another.

   Some of the attributes are textual descriptions to help a human
   understand the nature of the data and provide meaningful labels for
   it.  Extensive descriptions of standard data are optional, since they
   are defined in RFC-1024.  Complete descriptions of extensions must be
   available, even if they are documented in a user's manual.  Network
   firefighters may not have the manual handy when the network is
   broken.

   The format of the attributes is not as simple as the format of the
   data itself.  It isn't possible to use the data's tag, since that
   would just look exactly like the data itself.  The format is:

          Attributes ::= [APPLICATION 2] IMPLICIT SEQUENCE {
                  tagASN1       [0] IMPLICIT INTEGER,
                  valueFormat   [1] IMPLICIT INTEGER,
                  longDesc      [2] IMPLICIT IA5String OPTIONAL,
                  shortDesc     [3] IMPLICIT IA5String OPTIONAL,
                  unitsDesc     [4] IMPLICIT IA5String OPTIONAL,
                  precision     [5] IMPLICIT INTEGER OPTIONAL,
                  properties    [6] IMPLICIT BITSTRING OPTIONAL,
          }

   For example, the attributes for
       system{ name, clock-msec }
   might be:
       system{
               Attributes{
                       tagASN1(name), valueFormat(IA5String),
                       longDesc("The name of the host"),
                       shortDesc("hostname")
               },
               Attributes{
                       tagASN1(clock-msec), valueFormat(Integer),
                       longDesc("milliseconds since boot"),
                       shortDesc("uptime"), unitsDesc("ms")
                       precision(4294967296),
                       properties(1)

               }
   Note that in this example <name> and <clock-msec> are integer values
   for the ASN.1 tags for the two data items.  A complete definition of
   the contents of the Attributes type is in RFC-1024.

   Note that there will be exactly as many Attributes items in the
   result as there are objects in the template.  Attributes objects for
   items which do not exist in the entity will have a valueFormat of
   NULL and none of the optional elements will appear.

   GET-ATTRIBUTES
               dict template    GET-ATTRIBUTES    dict
               Emit ASN.1 Attributes objects that for the objects named
               in <template>.  Any items in the template that are not
               in <dictionary> (or its components), elicit an
               Attributes object with no.

   or          dict    GET-ATTRIBUTES    dict
               If there is no template, emit Attribute objects for all
               of the items in the dictionary.  This is equivalent to
               providing a template that lists all of the items in the
               dictionary.  This allows a complete list of a
               dictionary's contents to be obtained.

   GET-ATTRIBUTES-MATCH
               dict value template GET-ATTRIBUTES-MATCH dict <array>
               should be an array (dictionary containing only one
               type of item).  The first tag in <value> and
               <template> must match this type.  For each entry in
               <array>, match the <value> against the contents of the
               entry.  If there is a match, emit the atributes based
               upon <template>, just as in a GET-ATTRIBUTES operation.

   GET-ATTRIBUTES-MATCH is necessary because there will be situations
   where the contents of the elements of an array may differ, even
   though the array elements themselves are of the same type.  The most
   obvious example of this is the situation where several network
   interfaces exist and are of different types, with different data
   collected for each type.

   NOTE:  The GET-ATTRIBUTES-MATCH operator will disappear if a
   generalized filtering mechanism is devised.

   ADDITIONAL NOTE:  A much cleaner method would be to store the
   attributes as sub-components of the data item of interest.  For
   example, requesting:
          system{ clock-msec() }  GET
   would normally just get the value of the data.  Asking for an

   additional layer down the tree would now get its attributes:
          system{ clock-msec{ shortDesc, unitsDesc }  GET
   would get the named attributes.  (The attributes would be named with
   application-specific tags.)  Unfortunately, ASN.1 doesn't provide an
   obvious notation to describe this type of organization.  So, we're
   stuck with the GET-ATTRIBUTES operator.  However, if this cleaner
   organization becomes possible, this decision may be re-thought.

Examining Memory

   Even with the ability to symbolically access all of this information
   in an entity, there will still be times when it is necessary to get
   to very low levels and examine memory, as in remote debugging
   operations.  The building blocks outlined so far can easily be
   extended to allow memory to be examined.

   Memory is modeled as an array, with an ASN.1 representation of
   OctetString.  Because of the variety of addressing architectures in
   existence, the conversion between the OctetString and "memory" is
   very machine-dependent.  The only simple case is for byte-addressed
   machines with 8 bits per byte.

   Each address space in an entity is represented by one dictionary.  In
   a one-address-space situation, this dictionary will be at the top
   level.  If each process has its own address space, then one "memory"
   dictionary may exist for each process.

   The GET-RANGE operator is provided for the primary purpose of
   retrieving the contents of memory, but can be used on any array.  It
   is only useful in these other contexts if the array index is
   meaningful.

   GET-RANGE   array start length    GET-RANGE    dict
               Get <length> elements of <array> starting at <start>.
               <start> and <length> are both ASN.1 INTEGER type.

   The returned data may not be <length> octets long, since it may take
   more than one octet to represent one memory location.

   Memory is special in that it will not automatically be returned as
   part of a request for an entire dictionary (e.g., If memory is part
   of the "system" dictionary, then requesting:
          system{}
   will emit the entire contents of the system dictionary, but not the
   memory item).

   NOTE:  The GET-RANGE operator may disappear if a generalized
   filtering mechanism is devised.

Controlling Things

   All of the operators defined so far only allow data in an entity to
   be retrieved.  By replacing the "template" arguments used in the GET
   operators with values, data in the entity can be changed.

   There are many control operations that do not correspond to simply
   changing the value of a piece of data, such as bringing an interface
   "down" or "up".  In these cases, a special data item associated with
   the component being controlled (e.g., each interface), would be
   defined.  Control operations then consist of "setting" this item to
   an appropriate command code.

   SET         dict value    SET    dict
               Set the value(s) of data in the entity to the value(s)
               given in <value>.

   SET-MATCH   array mvalue svalue    SET-MATCH    dict
               <array> should be a array (dictionary containing only one
               type of item).  The first tag in <mvalue> and <svalue>
               must match this type.  For each entry in <array>, match
               the <mvalue> against the contents of the entry.  If there
               is a match, set value(s) in the entity to the value(s) in
               <svalue>, just as in SET.

   CREATE      array value    SET    dict
               Insert a new entry into <array>.  Depending upon the
               context, there may be severe restrictions about what
               constitutes a valid <value>.

   DELETE      array value    SET    dict
               Delete the entry(s) in <array> that have values that
               match <value>.

   If there are several leaf items in the matched value, as in
          route-entry{ interface(1), cost(3) }
   all of them must match an array entry for any values to be changed.

   Here is an example of how this operator would be used to shut down
   the interface with ip-address 10.0.0.51 changing its status to
   "down".

          interfaces BEGIN                    -- get dictionary
          interface{ ip-addr(10.0.0.51) }     -- value to match
          interface{ status(down) }           -- value to set
          SET-MATCH
          END                                 -- finished with dict

   Delete the routing table entry for 36.0.0.0.

          route-table BEGIN                   -- get dictionary
          route-entry{ ip-addr(36.0.0.0) }    -- value to match
          DELETE
          END                                 -- finished with dict

   Note that this BEGIN/END pair ends up sending an empty ASN.1 item.
   We don't regard this as a problem, as it is likely that there will be
   some get operations executed in the same context.  In addition, the
   "open" ASN.1 item provides the correct context for reporting errors.
   (See page 14.)

   NOTE:  The SET-MATCH operator will disappear and the DELETE operator
   will change if a generalized filtering mechanism is devised.

Atomic Operations

   Atomic operations can be provided if desired by allowing the stack to
   contain a fragment of a query.  A new operation would take a query
   fragment and verify its executability and execute it, atomically.

   This is mentioned as a possibility, but it may be difficult to
   implement.  More study is needed.

ERRORS

   If some particular information is requested but is not available for
   any reason (e.g., it doesn't apply to this implementation, isn't
   collected, etc.), it can ALWAYS be returned as "no-value" by giving
   the ASN.1 length as 0.

   When there is any other kind of error, such as having improper
   arguments on the top of the stack or trying to execute BEGIN when the
   tag doesn't refer to a dictionary, an ERROR object be emitted.  The
   contents of this object identify the exact nature of the error and
   are discussed in RFC-1024.

   Since there may be several unterminated ASN.1 objects in progress at
   the time the error occurs, each one must be terminated.  Each
   unterminated object will be closed with a copy of the ERROR object.
   Depending upon the type of length encoding used for this object, this
   will involve filling the value for the length (definite length form)
   or emitting two zero octets (indefinite length form).  After all
   objects are terminated, a final copy of the ERROR object will be
   emitted.  This structure guarantees that the error will be noticed at
   every level of interpretation on the receiving end.

   If there was an error before any ASN.1 objects were generated, then
   the result would simply be:
          error(details)

   If a couple of ASN.1 objects were unterminated, the result might look
   like:

          interfaces{
               interface { name(...) type(...) error(details) }
               error(details)
               }
          error{details}

EXTENDING THE SET OF VALUES

   There are two ways to extend the set of values understood by the
   query language.  The first is to register the data and its meaning
   and get an ASN.1 tag assigned for it.  This is the preferred method
   because it makes that data specification available for everyone to
   use.

   The second method is to use the VendorSpecific application type to
   "wrap" the vendor-specific data.  Wherever an implementation defines
   data that is not in RFC-1024, the "VendorSpecific" tag should be used
   to label a dictionary containing the vendor-specific data.  For
   example, if a vendor had some data associated with interfaces that
   was too strange to get standard numbers assigned for, they could,
   instead represent the data like this:

          interfaces {
                  interface {
                          in-pkts, out-pkts, ...
                          VendorSpecific { ephemeris, declination }
                          }
                  }

   In this case, ephemeris and declination are two context-dependent
   tags assigned by the vendor for its non-standard data.

   If the vendor-specific method is chosen, the private data MUST have
   descriptions available through the GET-ATTRIBUTES and GET-
   ATTRIBUTESMATCH operators.  Even with this descriptive ability, the
   preferred method is to get standard numbers assigned if possible.

IMPLEMENTATION

   Although it is not normally in the spirit of RFCs to define an
   implementation, the authors feel that some suggestions will be useful

   to early implementors of the query language.  This list is not meant
   to be complete, but merely to give some hints about how the authors
   imagine that the query processor might be implemented efficiently.

         - The stack is an abstraction -- it should be implemented
           with pointers, not by copying dictionaries, etc.

         - An object-oriented approach should make initial
           implementation fairly easy.  Changes to the "shape" if the
           data items (which will certainly occur, early on) will also
           be easier to make.

         - Only a few "messages" need to be understood by objects.

         - Most interesting objects are dictionaries, each of which
           can be implemented using pointers to the data and procedure
           "hooks" to perform specific operations such as GET, MATCH,
           SET, etc.

         - The hardest part is actually extracting the data from an
           existing TCP/IP implementions that weren't designed with
           detailed monitoring in mind.  This should be less of a
           problem if a system is designed with easy monitoring as a
           goal.

OBTAINING A COPY OF THE ASN.1 SPECIFICATION

   Copies of ISO Standard ASN.1 (Abstract Syntax Notation 1) are
   available from the following source.  It comes in two parts; both are
   needed:

          IS 8824 -- Specification (meaning, notation)
          IS 8825 -- Encoding Rules (representation)

   They are available from:

          Omnicom Inc.
          115 Park St, S.E.          (new address as of March, 1987)
          Vienna, VA  22180
          (703) 281-1135

 

User Contributions:

Comment about this RFC, ask questions, or add new information about this topic: