ietf-pkt-eca-policy
HTML
ietf-pkt-eca-policy@2017-03-13
module ietf-pkt-eca-policy { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy"; prefix pkt-eca-policy; import ietf-routing { prefix rt; } import ietf-interfaces { prefix if; } import ietf-inet-types { prefix inet; } import ietf-i2rs-rib { prefix iir; } organization "IETF I2RS WG"; contact "email: shares@ndzh.com email: russ.white@riw.com email: linda.dunbar@huawei.com email: bill.wu@huawei.com"; description "This module describes a basic network policy model with filter per layer."; revision "2017-03-13" { description "third revision"; reference "draft-ietf-i2rs-pkt-eca-policy-dm-03"; } identity l2-header-match-type { base description " l2 header type for match "; } identity l2-802-1Q { base l2-header-match-type; description " l2 header type for 802.1Q match "; } identity l2-802-11 { base l2-header-match-type; description " l2 header type for 802.11 match "; } identity l2-802-15 { base l2-header-match-type; description " l2 header type for 802.15 match "; } identity l2-NVGRE { base l2-header-match-type; description " l2 header type for NVGRE match "; } identity l2-mpls { base l2-header-match-type; description " l2 header type for MPLS match "; } identity l2-VXLAN { base l2-header-match-type; description " l2 header type for VXLAN match "; } identity l3-header-match-type { base description " l3 header type for match "; } identity l3-ipv4-hdr { base l3-header-match-type; description " l3 header type for IPv4 match "; } identity l3-ipv6-hdr { base l3-header-match-type; description " l3 header type for IPv6 match "; } identity l3-gre-tunnel { base l3-header-match-type; description "l3 header r type for GRE tunnel match "; } identity l3-icmp-header { base l3-header-match-type; description "L3 header match for ICMP"; } identity l3-ipsec-ah-header { base l3-header-match-type; description "AH IPSEC header "; } identity l3-ipsec-esp-header { base l3-header-match-type; description "AH IPSEC header "; } identity l4-header-match-type { base description "L4 header match types. (TCP, UDP, SCTP, UDPLite, etc. )"; } identity l4-tcp-header { base l4-header-match-type; description "L4 header for TCP"; } identity l4-udp-header { base l4-header-match-type; description "L4 header match for UDP"; } identity l4-udplite { base l4-header-match-type; description "L4 header match for UDP lite"; } identity l4-sctp-header { base l4-header-match-type; description "L4 header match for SCTP"; } identity rule-status-type { base description "status values for rule: invalid (0), valid (1), valid and installed (2)"; } identity rule-status-invalid { base rule-status-type; description "invalid rule status."; } identity rule-status-valid { base rule-status-type; description "This status indicates a valid rule."; } identity rule-status-valid-installed { base rule-status-type; description "This status indicates an installed rule."; } identity rule-status-valid-inactive { base rule-status-type; description "This status indicates a valid ruled that is not installed."; } grouping interface-match { description "interface has name, description, type, enabled as potential matches"; leaf match-if-name { type if:interface-ref; description "match on interface name"; } } // grouping interface-match grouping interface-actions { description "interface action up/down and enable/disable"; leaf interface-up { type boolean; description "action to put interface up"; } leaf interface-down { type boolean; description "action to put interface down"; } leaf interface-enable { type boolean; description "action to enable interface"; } leaf interface-disable { type boolean; description "action to disable interface"; } } // grouping interface-actions grouping L2-802-1Q-header { description "This is short-term 802.1 header match which will be replaced by reference to IEEE yang when it arrives. Qtag 1 is 802.1Q Qtag2 is 802.1AD"; leaf vlan-present { type boolean; description " Include VLAN in header"; } leaf qtag1-present { type boolean; description " This flag value indicates inclusion of one 802.1Q tag in header"; } leaf qtag2-present { type boolean; description "This flag indicates the inclusion of second 802.1Q tag in header"; } leaf dest-mac { type uint64; description "IEEE destination MAC value from the header"; } leaf src-mac { type uint64; description "IEEE source MAC from the header"; } leaf vlan-tag { type uint16; description "IEEE VLAN Tag from the header"; } leaf qtag1 { type uint32; description "Qtag1 value from the header"; } leaf qtag2 { type uint32; description "Qtag1 value from the header"; } leaf L2-ethertype { type uint16; description "Ether type from the header"; } } // grouping L2-802-1Q-header grouping L2-VXLAN-header { description "This VXLAN header may be replaced by actual VXLAN yang module reference"; container vxlan-header { description " choices for L2-VLAN header matches. Outer-header only. Need to fix inner header. "; uses iir:ipv4-header; leaf vxlan-network-id { type uint32; description "VLAN network id"; } } // container vxlan-header } // grouping L2-VXLAN-header grouping L2-NVGRE-header { description "Grouping for L2 NVGRE header."; container nvgre-header { description "This NVGRE header may be replaced by actual NVGRE yang module reference"; uses L2-802-1Q-header; uses iir:ipv4-header; leaf gre-version { type uint8; description "L2-NVGRE GRE version"; } leaf gre-proto { type uint16; description "L2-NVGRE protocol value"; } leaf virtual-subnet-id { type uint32; description "L2-NVGRE subnet id value"; } leaf flow-id { type uint16; description "L2-NVGRE Flow id value"; } } // container nvgre-header } // grouping L2-NVGRE-header grouping L2-header-match { description " The layer 2 header match includes any reference to L2 technology"; choice l2-header-match-type { description "Choice of L2 headers for L2 match"; case l2-802-1Q { uses L2-802-1Q-header; } // case l2-802-1Q case l2-802-11 { } // case l2-802-11 case l2-802-15 { } // case l2-802-15 case l2-NVGRE { uses L2-NVGRE-header; } // case l2-NVGRE case l2-VXLAN-header { uses L2-VXLAN-header; } // case l2-VXLAN-header case l2-mpls-header { uses iir:mpls-header; } // case l2-mpls-header } // choice l2-header-match-type } // grouping L2-header-match grouping L2-NVGRE-mod-acts { description "L2-NVRE Actions"; leaf set-vsid { type boolean; description "Boolean flag to set VSID in packet"; } leaf set-flowid { type boolean; description "Boolean flag to set VSID in packet"; } leaf vsi { type uint32; description "VSID value to set in packet"; } leaf flow-id { type uint16; description "flow-id value to set in packet"; } } // grouping L2-NVGRE-mod-acts grouping L2-VXLAN-mod-acts { description "VXLAN header modification actions."; leaf set-network-id { type boolean; description "flag to set network id in packet"; } leaf network-id { type uint32; description "network id value to set in packet"; } } // grouping L2-VXLAN-mod-acts grouping L2-mpls-mod-acts { description "MPLS modify header actions"; leaf pop { type boolean; description "Boolean flag to pop mpls header"; } leaf push { type boolean; description "Boolean flag to push value into mpls header"; } leaf mpls-label { type uint32; description "mpls label to push in header"; } } // grouping L2-mpls-mod-acts grouping l2-header-mod-actions { description " The layer 2 header match includes any reference to L2 technology"; leaf l2-802-1Q { type uint8; description "actions for 802.1Q"; } leaf l2-802-11 { type uint8; description "actions for 802.11"; } leaf l2-802-15 { type uint8; description "ations for 802.15"; } uses L2-NVGRE-mod-acts; uses L2-VXLAN-mod-acts; uses L2-mpls-mod-acts; } // grouping l2-header-mod-actions grouping L3-header-match { description "match for L3 headers"; choice L3-header-match-type { description "match for L3 headers for IPv4, IPv6, and GRE tunnels"; case l3-ipv4-hdr { uses iir:ipv4-header; } // case l3-ipv4-hdr case l3-ipv6-hdr { uses iir:ipv6-header; } // case l3-ipv6-hdr case L3-gre-tunnel { uses iir:gre-header; } // case L3-gre-tunnel } // choice L3-header-match-type } // grouping L3-header-match grouping ipv4-encapsulate-gre { description "encapsulation actions for IPv4 headers"; leaf encapsulate { type boolean; description "flag to encapsulate headers"; } leaf ipv4-dest-address { type inet:ipv4-address; description "Destination Address for GRE header"; } leaf ipv4-source-address { type inet:ipv4-address; description "Source Address for GRE header"; } } // grouping ipv4-encapsulate-gre grouping L3-header-actions { description "actions to be performed on L3 header"; choice l3-header-act-type { description "actions that can be performed on L3 header"; case l3-ipv4-hdr { leaf set-ttl { type boolean; description "flag to set TTL"; } leaf set-dscp { type boolean; description "flag to set DSCP"; } leaf ttl-value { type uint8; description "TTL value to set"; } leaf dscp-val { type uint8; description "dscp value to set"; } } // case l3-ipv4-hdr case l3-ipv6-hdr { leaf set-next-header { type boolean; description "flag to set next routing header in IPv6 header"; } leaf set-traffic-class { type boolean; description "flag to set traffic class in IPv6 header"; } leaf set-flow-label { type boolean; description "flag to set flow label in IPv6 header"; } leaf set-hop-limit { type boolean; description "flag to set hop limit in L3 packet"; } leaf ipv6-next-header { type uint8; description "value to set in next IPv6 header"; } leaf ipv6-traffic-class { type uint8; description "value to set in traffic class"; } leaf ipv6-flow-label { type uint16; description "value to set in IPOv6 flow label"; } leaf ipv6-hop-limit { type uint8; description "value to set in hop count"; } } // case l3-ipv6-hdr case L3-gre-tunnel { description "GRE tunnel actions"; leaf decapsulate { type boolean; description "flag to decapsulate GRE packet"; } } // case L3-gre-tunnel } // choice l3-header-act-type } // grouping L3-header-actions grouping tcp-header-match { description "match for TCP header"; leaf tcp-src-port { type uint16; description "source port match value"; } leaf tcp-dst-port { type uint16; description "dest port value to match"; } leaf sequence-number { type uint32; description "sequence number value to match"; } leaf ack-number { type uint32; description "action value to match"; } } // grouping tcp-header-match grouping tcp-header-action { description "Actions to modify TCP header"; leaf set-tcp-src-port { type boolean; description "flag to set source port value"; } leaf set-tcp-dst-port { type boolean; description "flag to set source port value"; } leaf tcp-s-port { type uint16; description "source port match value"; } leaf tcp-d-port { type uint16; description "dest port value to match"; } leaf seq-num { type uint32; description "sequence number value to match"; } leaf ack-num { type uint32; description "action value to match"; } } // grouping tcp-header-action grouping udp-header-match { description "match values for UDP header"; leaf udp-src-port { type uint16; description "UDP source port match value"; } leaf udp-dst-port { type uint16; description "UDP Destination port match value"; } } // grouping udp-header-match grouping udp-header-action { description "actions to set values in UDP header"; leaf set-udp-src-port { type boolean; description "flag to set UDP source port match value"; } leaf set-udp-dst-port { type boolean; description "flag to set UDP destination port match value"; } leaf udp-s-port { type uint16; description "UDP source port match value"; } leaf udp-d-port { type uint16; description "UDP Destination port match value"; } } // grouping udp-header-action grouping sctp-chunk { description "sctp chunck header match fields"; leaf chunk-type { type uint8; description "sctp chunk type value"; } leaf chunk-flag { type uint8; description "sctp chunk type flag value"; } leaf chunk-length { type uint16; description "sctp chunk length"; } leaf chunk-data-byte-zero { type uint32; description "byte zero of stcp chunk data"; } } // grouping sctp-chunk grouping sctp-header-match { description "SCTP header match values"; uses sctp-chunk; leaf stcp-src-port { type uint16; description "sctp header match source port value"; } leaf sctp-dst-port { type uint16; description "sctp header match destination port value"; } leaf sctp-verify-tag { type uint32; description "sctp header match verification tag value"; } } // grouping sctp-header-match grouping sctp-header-action { description "sctp qos actions"; leaf set-stcp-src-port { type boolean; description "set source port in sctp header"; } leaf set-stcp-dst-port { type boolean; description "set destination port in sctp header"; } leaf set-stcp-chunk1 { type boolean; description "set chunk value in sctp header"; } leaf chunk-type-value { type uint8; description "sctp chunk type value"; } leaf chunk-flag-value { type uint8; description "sctp chunk type flag value"; } leaf chunk-len { type uint16; description "sctp chunk length"; } leaf chunk-data-bzero { type uint32; description "byte zero of stcp chunk data"; } } // grouping sctp-header-action grouping L4-header-match { description "L4 header match type"; choice l4-header-match-type { description "L4 match header choices"; case l4-tcp-header { uses tcp-header-match; } // case l4-tcp-header case l4-udp-header { uses udp-header-match; } // case l4-udp-header case l4-sctp { uses sctp-header-match; } // case l4-sctp } // choice l4-header-match-type } // grouping L4-header-match grouping L4-header-actions { description "L4 header matches"; uses tcp-header-action; uses udp-header-action; uses sctp-header-action; } // grouping L4-header-actions grouping rule_status { description "rule operational status"; leaf rule-status { type string; description "status information free form string."; } leaf rule-inactive-reason { type string; description "description of why rule is inactive"; } leaf rule-install-reason { type string; description "response on rule installed"; } leaf rule-installer { type string; description "client id of installer"; } leaf refcnt { type uint16; description "reference count on rule. "; } } // grouping rule_status grouping groups-status { description "group to rules list"; list group_opstate { key "grp-name"; description "group operational status"; leaf grp-name { type string; description "eca group name"; } leaf rules-installed { type uint32; description "rules in group installed"; } list rules_status { key "rule-name"; description "rules per group"; leaf rule-name { type string; description "name of rule "; } leaf rule-order { type uint32; description "rule-order"; } } // list rules_status } // list group_opstate } // grouping groups-status grouping rule-group-link { description "rule-name to group link"; list rule-group { key "rule-name"; description "link between group and link"; leaf rule-name { type string; description "rule name"; } leaf group-name { type string; description "group name"; } } // list rule-group } // grouping rule-group-link grouping rules_opstate { description "rules operational state"; list rules_status { key "rule-order rule-name"; description "eca rule list"; leaf rule-order { type uint32; description "order of rules"; } leaf rule-name { type string; description "rule name"; } uses rule_status; } // list rules_status } // grouping rules_opstate grouping rules_opstats { description "statistics on packet filter matches, and based on matches on many were modified and/or forwarded"; list rule-stat { key "rule-order rule-name"; description "list of operational statistics for each rule."; leaf rule-order { type uint32; description "order of rules"; } leaf rule-name { type string; description "name of rule"; } leaf pkts-matched { type uint64; description "number of packets that matched filter"; } leaf pkts-modified { type uint64; description "number of packets that filter caused to be modified"; } leaf pkts-dropped { type uint64; description "number of packets that filter caused to be modified"; } leaf bytes-dropped { type uint64; description "number of packets that filter caused to be modified"; } leaf pkts-forwarded { type uint64; description "number of packets that filter caused to be forwarded."; } leaf bytes-forwarded { type uint64; description "number of packets that filter caused to be forwarded."; } } // list rule-stat } // grouping rules_opstats grouping packet-size-match { description "packet size by layer only non-zero values are matched"; leaf l2-size-match { type uint32; description "L2 packet match size."; } leaf l3-size-match { type uint32; description "L3 packet match size."; } leaf l4-size-match { type uint32; description "L4 packet match size."; } } // grouping packet-size-match grouping time-day-match { description "matches for time of day."; leaf hour { type uint8; description "hour of day in 24 hours. (add range)"; } leaf minute { type uint8; description "minute in day."; } leaf second { type uint8; description "second in day."; } } // grouping time-day-match grouping eca-event-matches { description "matches for events which include: time of day."; uses time-day-match; } // grouping eca-event-matches grouping eca-pkt-matches { description "ECA matches"; uses interface-match; uses L2-header-match; uses L3-header-match; uses L4-header-match; uses packet-size-match; } // grouping eca-pkt-matches grouping user-status-matches { description "user status matches - region, target, location"; leaf user { type string; description "user"; } leaf region { type string; description "region"; } leaf state { type string; description "state"; } leaf user-status { type string; description "status of user"; } } // grouping user-status-matches grouping eca-condition-matches { description "pkt and user status matches"; uses eca-pkt-matches; uses user-status-matches; } // grouping eca-condition-matches grouping eca-qos-actions { description "eca- qos actions"; leaf cnt-actions { type uint32; description "count of ECA actions"; } list qos-actions { key "action-id"; description "ECA set or change packet Actions. Actions may be added here for interface, L2, L3, and L4 headers."; leaf action-id { type uint32; description "action id"; } uses interface-actions; uses l2-header-mod-actions; uses L3-header-actions; uses L4-header-actions; } // list qos-actions } // grouping eca-qos-actions grouping ip-next-fwd { description "ECA set or change packet Actions"; leaf rib-name { type string; description "name of RIB"; } leaf next-hop-name { type string; description "name of next hop"; } } // grouping ip-next-fwd grouping eca-ingress-actions { description "ingress eca match"; leaf permit { type boolean; description "permit ingress traffic. False means to deny."; } leaf mirror { type boolean; description "copy bytes ingressed to mirror port"; } } // grouping eca-ingress-actions grouping eca-fwd-actions { description "ECA forwarding actions"; leaf interface-fwd { type if:interface-ref; description "name of interface to forward on"; } uses iir:nexthop; uses ip-next-fwd; leaf drop-packet { type boolean; description "drop packet flag"; } } // grouping eca-fwd-actions grouping eca-security-actions { description "content actions for security. Needs more description."; leaf actions-exist { type boolean; description "existance of eca security actions"; } } // grouping eca-security-actions grouping eca-egress-actions { description "packet security actions"; leaf packet-rate { type uint32; description "maximum packet-rate"; } leaf byte-rate { type uint64; description "maximum byte-rate "; } } // grouping eca-egress-actions grouping policy-conflict-resolution { description "policy conflict resolution strategies"; list resolution-strategy { key "strategy-id"; description "list of strategies"; leaf strategy-id { type uint32; description "Id for strategy"; } leaf stategy-name { type string; description "name of strategy"; } leaf filter-strategy { type string; description "type of resolution"; } leaf global-strategy { type boolean; description "global strategy"; } leaf mandatory-strategy { type boolean; description "required strategy"; } leaf local-strategy { type boolean; description "local strategy"; } leaf resolution-fcn { type uint64; description "resolution function id "; } leaf resolution-value { type uint64; description "resolution value"; } leaf resolution-info { type string; description "resolution info"; } list associate-ext-data { key "ext-data-id"; description "linked external data"; leaf ext-data-id { type uint64; description "ID of external data"; } leaf ext-data { type string; description "external data"; } } // list associate-ext-data } // list resolution-strategy } // grouping policy-conflict-resolution grouping cfg-external-data { description "external data list"; list cfg-ext-data { key "cfg-ext-data-id"; description "external data"; leaf cfg-ext-data-id { type uint64; description "id for external data"; } leaf data-type { type uint32; description "external data type ID"; } leaf priority { type uint64; description "priority of data"; } leaf other-data { type string; description "string external data"; } } // list cfg-ext-data } // grouping cfg-external-data grouping pkt-eca-policy-set { description "Policy sets."; list groups { key "group-name"; description "pkt eca rule groups"; leaf group-name { type string; description "name of group of rules"; } leaf vrf-name { type string; description "VRF name"; } uses rt:address-family; list group-rule-list { key "rule-name"; description "rules per group"; leaf rule-name { type string; description "name of rule"; } leaf rule-order-id { type uint16; description "rule-order-id"; } } // list group-rule-list } // list groups list eca-rules { key "order-id"; ordered-by user; description "ECA rules"; leaf order-id { type uint16; description "Number of order in ordered list (ascending)"; } leaf eca-rule-name { type string; description "name of rule"; } leaf installer { type string; description "Id of I2RS client that installs this rule."; } uses eca-event-matches; uses eca-ingress-actions; uses eca-qos-actions; uses eca-security-actions; uses eca-fwd-actions; uses eca-egress-actions; uses cfg-external-data; uses policy-conflict-resolution; } // list eca-rules } // grouping pkt-eca-policy-set grouping pkt-eca-opstate { description "pkt eca policy op-state main"; uses groups-status; uses rule-group-link; uses rules_opstate; uses rules_opstats; } // grouping pkt-eca-opstate container pkt-eca-policy-opstate { config false; description "operational state"; uses pkt-eca-opstate; } // container pkt-eca-policy-opstate } // module ietf-pkt-eca-policy
Summary
| Organization | IETF I2RS WG |
| Module | ietf-pkt-eca-policy |
| Version | 2017-03-13 |
| File | ietf-pkt-eca-policy@2017-03-13.yang |
| Prefix | pkt-eca-policy |
| Namespace | urn:ietf:params:xml:ns:yang:ietf-pkt-eca-policy |
| Cooked | /cookedmodules/ietf-pkt-eca-policy/2017-03-13 |
| YANG | /src/ietf-pkt-eca-policy@2017-03-13.yang |
| XSD | /xsd/ietf-pkt-eca-policy@2017-03-13.xsd |
| Abstract | This module describes a basic network policy model with filter per layer. |
| Contact | email: shares@ndzh.com
email: russ.white@riw.com
email: linda.dunbar@huawei.com
email: bill.wu@huawei.com |
Description
This module describes a basic network policy model with filter per layer. |
Groupings
| Grouping | Objects | Abstract |
| cfg-external-data | cfg-ext-data | external data list |
| eca-condition-matches | match-if-name l2-header-match-type L3-header-match-type l4-header-match-type l2-size-match l3-size-match l4-size-matchuser region state user-status | pkt and user status matches |
| eca-egress-actions | packet-rate byte-rate | packet security actions |
| eca-event-matches | hour minute second | matches for events which include: time of day. |
| eca-fwd-actions | interface-fwd nexthop-id sharing-flag nexthop-typerib-name next-hop-namedrop-packet | ECA forwarding actions |
| eca-ingress-actions | permit mirror | ingress eca match |
| eca-pkt-matches | match-if-namel2-header-match-typeL3-header-match-typel4-header-match-typel2-size-match l3-size-match l4-size-match | ECA matches |
| eca-qos-actions | cnt-actions qos-actions | eca- qos actions |
| eca-security-actions | actions-exist | content actions for security. Needs more description. |
| groups-status | group_opstate | group to rules list |
| interface-actions | interface-up interface-down interface-enable interface-disable | interface action up/down and enable/disable |
| interface-match | match-if-name | interface has name, description, type, enabled as potential matches |
| ip-next-fwd | rib-name next-hop-name | ECA set or change packet Actions |
| ipv4-encapsulate-gre | encapsulate ipv4-dest-address ipv4-source-address | encapsulation actions for IPv4 headers |
| L2-802-1Q-header | vlan-present qtag1-present qtag2-present dest-mac src-mac vlan-tag qtag1 qtag2 L2-ethertype | This is short-term 802.1 header match which will be replaced by reference to IEEE yang when it arrives. Qtag 1 is 802.1Q Qtag2 is 802.1AD |
| L2-header-match | l2-header-match-type | The layer 2 header match includes any reference to L2 technology |
| l2-header-mod-actions | l2-802-1Q l2-802-11 l2-802-15 set-vsid set-flowid vsi flow-idset-network-id network-idpop push mpls-label | The layer 2 header match includes any reference to L2 technology |
| L2-mpls-mod-acts | pop push mpls-label | MPLS modify header actions |
| L2-NVGRE-header | nvgre-header | Grouping for L2 NVGRE header. |
| L2-NVGRE-mod-acts | set-vsid set-flowid vsi flow-id | L2-NVRE Actions |
| L2-VXLAN-header | vxlan-header | This VXLAN header may be replaced by actual VXLAN yang module reference |
| L2-VXLAN-mod-acts | set-network-id network-id | VXLAN header modification actions. |
| L3-header-actions | l3-header-act-type | actions to be performed on L3 header |
| L3-header-match | L3-header-match-type | match for L3 headers |
| L4-header-actions | set-tcp-src-port set-tcp-dst-port tcp-s-port tcp-d-port seq-num ack-numset-udp-src-port set-udp-dst-port udp-s-port udp-d-portset-stcp-src-port set-stcp-dst-port set-stcp-chunk1 chunk-type-value chunk-flag-value chunk-len chunk-data-bzero | L4 header matches |
| L4-header-match | l4-header-match-type | L4 header match type |
| packet-size-match | l2-size-match l3-size-match l4-size-match | packet size by layer only non-zero values are matched |
| pkt-eca-opstate | group_opstaterule-grouprules_statusrule-stat | pkt eca policy op-state main |
| pkt-eca-policy-set | groups eca-rules | Policy sets. |
| policy-conflict-resolution | resolution-strategy | policy conflict resolution strategies |
| rule-group-link | rule-group | rule-name to group link |
| rules_opstate | rules_status | rules operational state |
| rules_opstats | rule-stat | statistics on packet filter matches, and based on matches on many were modified and/or forwarded |
| rule_status | rule-status rule-inactive-reason rule-install-reason rule-installer refcnt | rule operational status |
| sctp-chunk | chunk-type chunk-flag chunk-length chunk-data-byte-zero | sctp chunck header match fields |
| sctp-header-action | set-stcp-src-port set-stcp-dst-port set-stcp-chunk1 chunk-type-value chunk-flag-value chunk-len chunk-data-bzero | sctp qos actions |
| sctp-header-match | chunk-type chunk-flag chunk-length chunk-data-byte-zerostcp-src-port sctp-dst-port sctp-verify-tag | SCTP header match values |
| tcp-header-action | set-tcp-src-port set-tcp-dst-port tcp-s-port tcp-d-port seq-num ack-num | Actions to modify TCP header |
| tcp-header-match | tcp-src-port tcp-dst-port sequence-number ack-number | match for TCP header |
| time-day-match | hour minute second | matches for time of day. |
| udp-header-action | set-udp-src-port set-udp-dst-port udp-s-port udp-d-port | actions to set values in UDP header |
| udp-header-match | udp-src-port udp-dst-port | match values for UDP header |
| user-status-matches | user region state user-status | user status matches - region, target, location |
Objects
| Type Key |
| Mandatory config |
| Optional config |
| Not config |
| Object | Type | Abstract |
| pkt-eca-policy-opstate | container | operational state |
| group_opstate | list | group operational status |
| grp-name | leaf | eca group name |
| rules-installed | leaf | rules in group installed |
| rules_status | list | rules per group |
| rule-name | leaf | name of rule |
| rule-order | leaf | rule-order |
| rule-group | list | link between group and link |
| group-name | leaf | group name |
| rule-name | leaf | rule name |
| rule-stat | list | list of operational statistics for each rule. |
| bytes-dropped | leaf | number of packets that filter caused to be modified |
| bytes-forwarded | leaf | number of packets that filter caused to be forwarded. |
| pkts-dropped | leaf | number of packets that filter caused to be modified |
| pkts-forwarded | leaf | number of packets that filter caused to be forwarded. |
| pkts-matched | leaf | number of packets that matched filter |
| pkts-modified | leaf | number of packets that filter caused to be modified |
| rule-name | leaf | name of rule |
| rule-order | leaf | order of rules |
| rules_status | list | eca rule list |
| refcnt | leaf | reference count on rule. |
| rule-inactive-reason | leaf | description of why rule is inactive |
| rule-install-reason | leaf | response on rule installed |
| rule-installer | leaf | client id of installer |
| rule-name | leaf | rule name |
| rule-order | leaf | order of rules |
| rule-status | leaf | status information free form string. |