Found 1 record.
Status: Verified (1)
RFC 4807, "IPsec Security Policy Database Configuration MIB", March 2007Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
Errata ID: 3046
Reported By: Paul Clark
Date Reported: 2011-12-08
Verifier Name: Sean Turner
Date Verified: 2012-08-15
Section 5 & 5.1.2 says:
s5: The filter section of the MIB module is composed of the different types of filters in the Policy Model. It is made up of the spdTrueFilter, spdCompoundFilterTable, spdSubfiltersTable, spdIpHeaderFilterTable, spdIpOffsetFilterTable, spdTimeFilterTable, spdIpsoHeaderFilterTable. s5.1.2, paragraph 9: SpdIpHeaderFilterEntry(spdIpHeadFiltName = "192.0.2.6") = (spdIpHeadFiltType = 0x80, -- sourceAddress spdIpHeadFiltIPVersion = 1, -- IPv4 spdIpHeadFiltSrcAddressBegin = 0xC0000206, -- 192.0.2.6 spdIpHeadFiltSrcAddressEnd = 0xC0000206, -- 192.0.2.6 spdIpHeadFiltRowStatus = 4) -- createAndGo
It should say:
s5: The filter section of the MIB module is composed of the different types of filters in the Policy Model. It is made up of the spdTrueFilter, spdCompoundFilterTable, spdSubfiltersTable, spdIpOffsetFilterTable, spdTimeFilterTable, and spdIpsoHeaderFilterTable. s5.1.2, paragraph 9: SpdIpOffsetHeaderFilterEntry(ipspIpOffFiltName = "192.0.2.6") = (spdIpOffFiltOffset = 0x0b -- sourceAddress spdIpOffFiltType = 1 -- valueMatch spdIpOffFiltValue = 0xb0000206 -- 192.0.2.6 spdIpOffFiltRowStatus = 4) -- createAndGo
The text quoted includes spdIpHeaderFitlerTable, but it does not exist in the MIB definition in Section 6. In addition, spdIpHeaderFilterTable is referenced in the tutorial of Section 5.1.2. This oversight is either a large editorial oversight in Section 5 or a large technical oversight in Section 6.
After discussions with the authors, spdIpHeaderFitlerEntry needs to be removed from s5 and the spdIpHeaderFitlerTable example in s5.1.2 needs to be amended.