6. The SNMPv3 Message Format

This section defines the SNMPv3 message format and the corresponding version-specific Message Processing Model (v3MP).

An SNMPv3 message is defined as follows:

SNMPv3Message ::= SEQUENCE {
    msgVersion INTEGER ( 0 .. 2147483647 ),
    msgGlobalData HeaderData,
    msgSecurityParameters OCTET STRING,
    msgData  ScopedPduData
}

HeaderData ::= SEQUENCE {
    msgID      INTEGER (0..2147483647),
    msgMaxSize INTEGER (484..2147483647),
    msgFlags   OCTET STRING (SIZE(1)),
    msgSecurityModel INTEGER (1..2147483647)
}

ScopedPduData ::= CHOICE {
    plaintext    ScopedPDU,
    encryptedPDU OCTET STRING  -- encrypted scopedPDU value
}

ScopedPDU ::= SEQUENCE {
    contextEngineID  OCTET STRING,
    contextName      OCTET STRING,
    data  ANY -- e.g., PDUs as defined in [RFC3416]
}

6.1. msgVersion

The msgVersion field is set to snmpv3(3) and identifies the message as an SNMP version 3 message.

The msgVersion field is used by the Dispatcher to select a Message Processing Model. Only one form of a message can be processed by a particular version of the Message Processing Model.

6.2. msgID

The msgID is used between two SNMP entities to coordinate request messages and responses, and by the v3MP to coordinate the processing of the message by different subsystem models within the architecture.

The range of this field is 0 through 2147483647. At the sending SNMP entity, the msgID values are selected by the Message Processing Model in such a way that they differ as much as possible from values used recently in an exchange. The msgID of a request message is used by the v3MP at the sending SNMP entity to coordinate the original request with the response message.

At the receiving SNMP entity, the msgID field of an incoming message is used to coordinate the processing of the message by different subsystem models within the architecture.

6.3. msgMaxSize

The msgMaxSize field of the message conveys the maximum message size supported by the sender of the message, with a minimum value of 484 octets. This field is used in the SNMPv3 architecture to determine the maximum message size that can be sent to the sender of this message.

The value of msgMaxSize does not convey any information about the amount of buffer space available for receiving messages at the sending SNMP entity.

6.4. msgFlags

The msgFlags field of the message contains several bit fields which control processing of the message:

+---------+---------+---------+
|  auth   |  priv   | reportable |
+---------+---------+---------+

The auth and priv fields are used to select the security level:

auth = 0 and priv = 0: noAuthNoPriv
auth = 1 and priv = 0: authNoPriv
auth = 1 and priv = 1: authPriv

The priv bit indicates whether or not the scopedPDU is encrypted. If the priv bit is set, then the encryptedPDU form of the scopedPduData is used in the message. If the priv bit is not set, then the plaintext form of the scopedPduData is used.

The reportable bit is a secondary aid to determining whether a Report PDU should be sent. It is only used in cases where the PDU portion of a message cannot be decoded (due to, for example, an incorrect encryption key). If the reportable bit is set, a Report PDU may be sent. If the reportable bit is not set, a Report PDU should not be sent.

The reportable bit should be set in a request message. The reportable bit should not be set in a response message.

All other bits in the msgFlags field are reserved, and MUST be set to zero when sending a message and SHOULD be ignored when receiving a message.

6.5. msgSecurityModel

The msgSecurityModel field in the message identifies which Security Model was used by the sender to generate the message. This Security Model should be used by the receiver to perform security processing for the message.

The msgSecurityModel value is also used by the Dispatcher to select a Security Model to process the message.

6.6. msgSecurityParameters

The msgSecurityParameters field of the message contains the security parameters. The contents and format of the data in this field is defined by the Security Model identified by the msgSecurityModel field.

6.7. scopedPduData

The scopedPduData field represents either a plaintext or encrypted ScopedPDU. The choice of plaintext or encrypted is determined by the priv bit in the msgFlags field.

If the priv bit is 0, then the scopedPduData is the plaintext ScopedPDU. If the priv bit is 1, then the scopedPduData is an OCTET STRING that contains the encrypted ScopedPDU.

6.8. scopedPDU

The scopedPDU contains information to identify a management context and PDU data.

6.8.1. contextEngineID

The contextEngineID field uniquely identifies an SNMP entity that may realize a particular context with a particular name.

The contextEngineID has the same format as the snmpEngineID defined in the SNMP-FRAMEWORK-MIB [RFC3411].

6.8.2. contextName

The contextName field in combination with the contextEngineID, identifies a particular context. A contextName is an OCTET STRING that has a meaning that is administratively defined. It is used to name a particular context at the SNMP entity identified by the contextEngineID.

6.8.3. data

The data field contains the PDU. The format of the PDU is determined by the SNMP version. SNMPv3 uses the PDU definitions from [RFC3416].

6.1. msgVersion​

6.2. msgID​

6.3. msgMaxSize​

6.4. msgFlags​

6.5. msgSecurityModel​

6.6. msgSecurityParameters​

6.7. scopedPduData​

6.8. scopedPDU​

6.8.1. contextEngineID​

6.8.2. contextName​

6.8.3. data​