Device security.
Version: 2020-05-08
module huawei-cpudefend { yang-version 1; namespace "urn:huawei:yang:huawei-cpudefend"; prefix cpudefend; import huawei-ifm { prefix ifm; } import huawei-devm { prefix devm; } import huawei-extension { prefix ext; } import huawei-acl { prefix acl; } import ietf-yang-types { prefix yang; } import ietf-inet-types { prefix inet; } import huawei-pub-type { prefix pub-type; } import huawei-devm-vnf { prefix devm-vnf; } organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "Device security."; revision "2020-05-08" { description "Initial revision."; reference "Huawei private."; } ext:task-name "cpu-defend"; typedef protocol-name { type enumeration { enum "1588acr" { value 0; description "1588ACR protocol."; } enum "802dot1ag" { value 1; description "802.1AG protocol."; } enum "802dot3ah" { value 2; description "802.3AH protocol."; } enum "arp" { value 3; description "ARP protocol."; } enum "arp-miss" { value 4; description "ARP miss protocol."; } enum "atm-inarp" { value 5; description "ATM inARP protocol."; } enum "bfd" { value 6; description "BFD protocol."; } enum "bgp" { value 7; description "BGP protocol."; } enum "bgpv6" { value 8; description "BGPv6 protocol."; } enum "blacklist" { value 9; description "Blacklist."; } enum "bpdu" { value 10; description "BPDU protocol."; } enum "dcn" { value 11; description "DCN protocol."; } enum "default" { value 12; description "Default CAR."; } enum "default-tcp" { value 13; description "Default CAR of tcp."; } enum "default-udp" { value 14; description "Default CAR of udp."; } enum "dhcp" { value 15; description "DHCP protocol."; } enum "dhcpv6" { value 16; description "DHCPv6 protocol."; } enum "diameter" { value 17; description "Diameter protocol."; } enum "dns-client" { value 18; description "DNS client protocol."; } enum "dnsv6" { value 19; description "DNSv6 protocol."; } enum "eapol" { value 20; description "EAPOL protocol."; } enum "fragment" { value 21; description "Fragment protocol."; } enum "ftp-client" { value 22; description "FTP client protocol."; } enum "ftp-server" { value 23; description "FTP server protocol."; } enum "ftpv6-client" { value 24; description "FTPv6 client protocol."; } enum "ftpv6-server" { value 25; description "FTPv6 server protocol."; } enum "hop-by-hop" { value 26; description "IPv6 hop-by-hop protocol."; } enum "http-redirect-chasten" { value 27; description "Http-redirect packet of chasten user."; } enum "hwtacacs" { value 28; description "HWTACACS protocol."; } enum "icmp" { value 29; description "ICMP protocol."; } enum "icmp-broadcast-address-echo" { value 30; description "Broadcast ICMP echo request packets."; } enum "icmp-nd" { value 31; description "ICMPv6-ND protocol."; } enum "icmp-noreach" { value 32; description "IPv6 ND miss."; } enum "icmpv6" { value 33; description "ICMPv6 protocol."; } enum "icmpv6-na" { value 34; description "ICMPv6-NA protocol."; } enum "icmpv6-ns" { value 35; description "ICMPv6-NS protocol."; } enum "icmpv6-ra" { value 36; description "ICMPv6-RA protocol."; } enum "icmpv6-rs" { value 37; description "ICMPv6-RS protocol."; } enum "igmp" { value 38; description "IGMP protocol."; } enum "ipfpm" { value 39; description "IPFPM protocol."; } enum "iptv" { value 40; description "IPTV protocol."; } enum "ipv4-fib-miss" { value 41; description "IPv4 FIB miss."; } enum "ipv4-multicast-fib-miss" { value 42; description "IPv4 multicast FIB miss."; } enum "ipv4-ttl-expire" { value 43; description "IPv4 TTL expires packets."; } enum "ipv6-fib-miss" { value 44; description "IPv6 FIB miss."; } enum "ipv6-ndh-miss" { value 45; description "IPv6 NDH miss."; } enum "ipv6-nd-miss" { value 46; description "IPv6 ND miss."; } enum "ipv6-ttl-expire" { value 47; description "IPv6 TTL expires packets."; } enum "isis" { value 48; description "ISIS protocol."; } enum "lacp" { value 49; description "LACP protocol."; } enum "ldp" { value 50; description "LDP protocol."; } enum "lldp" { value 51; description "LLDP protocol."; } enum "lspping" { value 52; description "LSPPING protocol."; } enum "mka" { value 53; description "MKA protocol."; } enum "mld" { value 54; description "IPv6 MLD protocol."; } enum "mpls-arp-miss" { value 55; description "MPLS ARP miss."; } enum "mpls-router-alert" { value 56; description "MPLS router alert packets."; } enum "mpls-trace-route" { value 57; description "MPLS trace route packets."; } enum "mpls-ttl-expire" { value 58; description "MPLS ttl expires packets."; } enum "msdp" { value 59; description "MSDP protocol."; } enum "mtuv6" { value 60; description "MTUv6 protocol."; } enum "netstream" { value 61; description "NetStream protocol."; } enum "ntp" { value 62; description "NTP protocol."; } enum "openflow" { value 63; description "Open-Flow protocol."; } enum "ospf" { value 64; description "OSPF protocol."; } enum "ospfv3" { value 65; description "OSPFv3 protocol."; } enum "pim" { value 66; description "PIM protocol."; } enum "pimv6" { value 67; description "PIMv6 protocol."; } enum "portal" { value 68; description "Portal protocol."; } enum "ppp" { value 69; description "PPP protocol."; } enum "radius" { value 70; description "Radius protocol."; } enum "rip" { value 71; description "RIP protocol."; } enum "rrpp" { value 72; description "RRPP protocol."; } enum "rsvp" { value 73; description "RSVP protocol."; } enum "snmp" { value 74; description "SNMP protocol."; } enum "snmpv6" { value 75; description "SNMPv6 protocol."; } enum "soft-gre" { value 76; description "Soft GRE protocol."; } enum "ssh-client" { value 77; description "SSH client protocol."; } enum "ssh-server" { value 78; description "SSH server protocol."; } enum "sshv6-server" { value 79; description "SSHv6 server protocol."; } enum "syslog" { value 80; description "SYSLOG protocol."; } enum "tcpsyn" { value 81; description "TCP SYN protocol."; } enum "telnet-client" { value 82; description "TELNET client protocol."; } enum "telnet-server" { value 83; description "TELNET server protocol."; } enum "telnetv6-client" { value 84; description "TELNETv6 client protocol."; } enum "telnetv6-server" { value 85; description "TELNETv6 server protocol."; } enum "tftp" { value 86; description "TFTP protocol."; } enum "tftpv6-client" { value 87; description "TFTPv6 client protocol."; } enum "traffic-behavior-log" { value 88; description "Traffic Behavior Log."; } enum "unicast-vrrp" { value 89; description "Unicast VRRP protocol."; } enum "user-defined-flow-1" { value 90; description "User defined flow 1."; } enum "user-defined-flow-2" { value 91; description "User defined flow 2."; } enum "user-defined-flow-3" { value 92; description "User defined flow 3."; } enum "user-defined-flow-4" { value 93; description "User defined flow 4."; } enum "user-defined-flow-5" { value 94; description "User defined flow 5."; } enum "user-defined-flow-6" { value 95; description "User defined flow 6."; } enum "user-defined-flow-7" { value 96; description "User defined flow 7."; } enum "user-defined-flow-8" { value 97; description "User defined flow 8."; } enum "user-defined-flow-9" { value 98; description "User defined flow 9."; } enum "user-defined-flow-10" { value 99; description "User defined flow 10."; } enum "user-defined-flow-11" { value 100; description "User defined flow 11."; } enum "user-defined-flow-12" { value 101; description "User defined flow 12."; } enum "user-defined-flow-13" { value 102; description "User defined flow 13."; } enum "user-defined-flow-14" { value 103; description "User defined flow 14."; } enum "user-defined-flow-15" { value 104; description "User defined flow 15."; } enum "user-defined-flow-16" { value 105; description "User defined flow 16."; } enum "user-defined-flow-17" { value 106; description "User defined flow 17."; } enum "user-defined-flow-18" { value 107; description "User defined flow 18."; } enum "user-defined-flow-19" { value 108; description "User defined flow 19."; } enum "user-defined-flow-20" { value 109; description "User defined flow 20."; } enum "user-defined-flow-21" { value 110; description "User defined flow 21."; } enum "user-defined-flow-22" { value 111; description "User defined flow 22."; } enum "user-defined-flow-23" { value 112; description "User defined flow 23."; } enum "user-defined-flow-24" { value 113; description "User defined flow 24."; } enum "user-defined-flow-25" { value 114; description "User defined flow 25."; } enum "user-defined-flow-26" { value 115; description "User defined flow 26."; } enum "user-defined-flow-27" { value 116; description "User defined flow 27."; } enum "user-defined-flow-28" { value 117; description "User defined flow 28."; } enum "user-defined-flow-29" { value 118; description "User defined flow 29."; } enum "user-defined-flow-30" { value 119; description "User defined flow 30."; } enum "user-defined-flow-31" { value 120; description "User defined flow 31."; } enum "user-defined-flow-32" { value 121; description "User defined flow 32."; } enum "user-defined-flow-33" { value 122; description "User defined flow 33."; } enum "user-defined-flow-34" { value 123; description "User defined flow 34."; } enum "user-defined-flow-35" { value 124; description "User defined flow 35."; } enum "user-defined-flow-36" { value 125; description "User defined flow 36."; } enum "user-defined-flow-37" { value 126; description "User defined flow 37."; } enum "user-defined-flow-38" { value 127; description "User defined flow 38."; } enum "user-defined-flow-39" { value 128; description "User defined flow 39."; } enum "user-defined-flow-40" { value 129; description "User defined flow 40."; } enum "user-defined-flow-41" { value 130; description "User defined flow 41."; } enum "user-defined-flow-42" { value 131; description "User defined flow 42."; } enum "user-defined-flow-43" { value 132; description "User defined flow 43."; } enum "user-defined-flow-44" { value 133; description "User defined flow 44."; } enum "user-defined-flow-45" { value 134; description "User defined flow 45."; } enum "user-defined-flow-46" { value 135; description "User defined flow 46."; } enum "user-defined-flow-47" { value 136; description "User defined flow 47."; } enum "user-defined-flow-48" { value 137; description "User defined flow 48."; } enum "user-defined-flow-49" { value 138; description "User defined flow 49."; } enum "user-defined-flow-50" { value 139; description "User defined flow 50."; } enum "user-defined-flow-51" { value 140; description "User defined flow 51."; } enum "user-defined-flow-52" { value 141; description "User defined flow 52."; } enum "user-defined-flow-53" { value 142; description "User defined flow 53."; } enum "user-defined-flow-54" { value 143; description "User defined flow 54."; } enum "user-defined-flow-55" { value 144; description "User defined flow 55."; } enum "user-defined-flow-56" { value 145; description "User defined flow 56."; } enum "user-defined-flow-57" { value 146; description "User defined flow 57."; } enum "user-defined-flow-58" { value 147; description "User defined flow 58."; } enum "user-defined-flow-59" { value 148; description "User defined flow 59."; } enum "user-defined-flow-60" { value 149; description "User defined flow 60."; } enum "user-defined-flow-61" { value 150; description "User defined flow 61."; } enum "user-defined-flow-62" { value 151; description "User defined flow 62."; } enum "user-defined-flow-63" { value 152; description "User defined flow 63."; } enum "user-defined-flow-64" { value 153; description "User defined flow 64."; } enum "vrrp" { value 154; description "VRRP protocol."; } enum "web" { value 155; description "Web protocol."; } enum "web-auth-server" { value 156; description "Web authentication server protocol."; } enum "whitelist" { value 157; description "Whitelist."; } enum "whitelist-bgp" { value 158; description "Whitelist of BGP protocol."; } enum "whitelist-isis" { value 159; description "Whitelist of ISIS protocol."; } enum "whitelist-ldp" { value 160; description "Whitelist of LDP protocol."; } enum "whitelist-ospf" { value 161; description "Whitelist of OSPF protocol."; } enum "whitelist-radius" { value 162; description "Whitelist of Radius protocol."; } enum "whitelist-rsvp" { value 163; description "Whitelist of RSVP protocol."; } enum "whitelistv6" { value 164; description "IPv6 whitelist."; } enum "whitelistv6-bgpv6" { value 165; description "IPv6 whitelist of BGPv6 protocol."; } enum "whitelistv6-ospfv3" { value 166; description "IPv6 whitelist of OSPFv3 protocol."; } enum "hwtacacsv6" { value 167; description "HWTACACSv6 protocol."; } enum "lsppingv6" { value 168; description "Lsppingv6 packet."; } enum "pcep" { value 169; description "Pcep packet."; } enum "radiusv6" { value 170; description "Radiusv6 packet."; } enum "syslogv6" { value 171; description "Syslogv6 packet."; } enum "vrrpv6" { value 172; description "Vrrpv6 packet."; } enum "web-auth-serverv6" { value 173; description "Web-auth-serverv6 packet."; } enum "others" { value 174; description "Others packet."; } enum "total-packet" { value 175; description "Total-packet."; } } description "Protocol name."; } typedef protocol-name-reset { type enumeration { enum "1588acr" { value 0; description "1588ACR protocol."; } enum "802dot1ag" { value 1; description "802.1AG protocol."; } enum "802dot3ah" { value 2; description "802.3AH protocol."; } enum "arp" { value 3; description "ARP protocol."; } enum "arp-miss" { value 4; description "ARP miss protocol."; } enum "atm-inarp" { value 5; description "ATM inARP protocol."; } enum "bfd" { value 6; description "BFD protocol."; } enum "bgp" { value 7; description "BGP protocol."; } enum "bgpv6" { value 8; description "BGPv6 protocol."; } enum "bpdu" { value 9; description "BPDU protocol."; } enum "dcn" { value 10; description "DCN protocol."; } enum "default" { value 11; description "Default CAR."; } enum "default-tcp" { value 12; description "Default CAR of tcp."; } enum "default-udp" { value 13; description "Default CAR of udp."; } enum "dhcp" { value 14; description "DHCP protocol."; } enum "dhcpv6" { value 15; description "DHCPv6 protocol."; } enum "diameter" { value 16; description "Diameter protocol."; } enum "dns-client" { value 17; description "DNS client protocol."; } enum "dnsv6" { value 18; description "DNSv6 protocol."; } enum "eapol" { value 19; description "EAPOL protocol."; } enum "ftp-client" { value 20; description "FTP client protocol."; } enum "ftp-server" { value 21; description "FTP server protocol."; } enum "ftpv6-client" { value 22; description "FTPv6 client protocol."; } enum "ftpv6-server" { value 23; description "FTPv6 server protocol."; } enum "hop-by-hop" { value 24; description "IPv6 hop-by-hop protocol."; } enum "http-redirect-chasten" { value 25; description "Http-redirect packet of chasten user."; } enum "hwtacacs" { value 26; description "HWTACACS protocol."; } enum "icmp" { value 27; description "ICMP protocol."; } enum "icmp-broadcast-address-echo" { value 28; description "Broadcast ICMP echo request packets."; } enum "icmp-nd" { value 29; description "ICMPv6-ND protocol."; } enum "icmp-noreach" { value 30; description "IPv6 ND miss."; } enum "icmpv6" { value 31; description "ICMPv6 protocol."; } enum "icmpv6-na" { value 32; description "ICMPv6-NA protocol."; } enum "icmpv6-ns" { value 33; description "ICMPv6-NS protocol."; } enum "icmpv6-ra" { value 34; description "ICMPv6-RA protocol."; } enum "icmpv6-rs" { value 35; description "ICMPv6-RS protocol."; } enum "igmp" { value 36; description "IGMP protocol."; } enum "ipfpm" { value 37; description "IPFPM protocol."; } enum "iptv" { value 38; description "IPTV protocol."; } enum "ipv4-fib-miss" { value 39; description "IPv4 FIB miss."; } enum "ipv4-multicast-fib-miss" { value 40; description "IPv4 multicast FIB miss."; } enum "ipv4-ttl-expire" { value 41; description "IPv4 TTL expires packets."; } enum "ipv6-fib-miss" { value 42; description "IPv6 FIB miss."; } enum "ipv6-ndh-miss" { value 43; description "IPv6 NDH miss."; } enum "ipv6-nd-miss" { value 44; description "IPv6 ND miss."; } enum "ipv6-ttl-expire" { value 45; description "IPv6 TTL expires packets."; } enum "isis" { value 46; description "ISIS protocol."; } enum "lacp" { value 47; description "LACP protocol."; } enum "ldp" { value 48; description "LDP protocol."; } enum "lldp" { value 49; description "LLDP protocol."; } enum "lspping" { value 50; description "LSPPING protocol."; } enum "mka" { value 51; description "MKA protocol."; } enum "mld" { value 52; description "IPv6 MLD protocol."; } enum "mpls-arp-miss" { value 53; description "MPLS ARP miss."; } enum "mpls-router-alert" { value 54; description "MPLS router alert packets."; } enum "mpls-trace-route" { value 55; description "MPLS trace route packets."; } enum "mpls-ttl-expire" { value 56; description "MPLS ttl expires packets."; } enum "msdp" { value 57; description "MSDP protocol."; } enum "mtuv6" { value 58; description "MTUv6 protocol."; } enum "netstream" { value 59; description "NetStream protocol."; } enum "ntp" { value 60; description "NTP protocol."; } enum "openflow" { value 61; description "Open-Flow protocol."; } enum "ospf" { value 62; description "OSPF protocol."; } enum "ospfv3" { value 63; description "OSPFv3 protocol."; } enum "pim" { value 64; description "PIM protocol."; } enum "pimv6" { value 65; description "PIMv6 protocol."; } enum "portal" { value 66; description "Portal protocol."; } enum "ppp" { value 67; description "PPP protocol."; } enum "radius" { value 68; description "Radius protocol."; } enum "rip" { value 69; description "RIP protocol."; } enum "rrpp" { value 70; description "RRPP protocol."; } enum "rsvp" { value 71; description "RSVP protocol."; } enum "snmp" { value 72; description "SNMP protocol."; } enum "snmpv6" { value 73; description "SNMPv6 protocol."; } enum "soft-gre" { value 74; description "Soft GRE protocol."; } enum "ssh-client" { value 75; description "SSH client protocol."; } enum "ssh-server" { value 76; description "SSH server protocol."; } enum "sshv6-server" { value 77; description "SSHv6 server protocol."; } enum "syslog" { value 78; description "SYSLOG protocol."; } enum "telnet-client" { value 79; description "TELNET client protocol."; } enum "telnet-server" { value 80; description "TELNET server protocol."; } enum "telnetv6-client" { value 81; description "TELNETv6 client protocol."; } enum "telnetv6-server" { value 82; description "TELNETv6 server protocol."; } enum "tftp" { value 83; description "TFTP protocol."; } enum "tftpv6-client" { value 84; description "TFTPv6 client protocol."; } enum "traffic-behavior-log" { value 85; description "Traffic Behavior Log."; } enum "unicast-vrrp" { value 86; description "Unicast VRRP protocol."; } enum "vrrp" { value 87; description "VRRP protocol."; } enum "web" { value 88; description "Web protocol."; } enum "web-auth-server" { value 89; description "Web authentication server protocol."; } enum "hwtacacsv6" { value 90; description "HWTACACSv6 protocol."; } enum "lsppingv6" { value 91; description "Lsppingv6 packet."; } enum "pcep" { value 92; description "Pcep packet."; } enum "radiusv6" { value 93; description "Radiusv6 packet."; } enum "syslogv6" { value 94; description "Syslogv6 packet."; } enum "vrrpv6" { value 95; description "Vrrpv6 packet."; } enum "web-auth-serverv6" { value 96; description "Web-auth-serverv6 packet."; } enum "others" { value 97; description "Others packet."; } enum "total-packet" { value 98; description "Total-packet."; } enum "fragment" { value 99; description "FRAGMENT packet."; } } description "Protocol name."; } typedef alarm-protocol-name { type enumeration { enum "1588acr" { value 0; description "1588ACR protocol."; } enum "802dot1ag" { value 1; description "802.1AG protocol."; } enum "802dot3ah" { value 2; description "802.3AH protocol."; } enum "arp" { value 3; description "ARP protocol."; } enum "arp-miss" { value 4; description "ARP miss protocol."; } enum "bfd" { value 6; description "BFD protocol."; } enum "bgp" { value 7; description "BGP protocol."; } enum "bgpv6" { value 8; description "BGPv6 protocol."; } enum "bpdu" { value 10; description "BPDU protocol."; } enum "dcn" { value 11; description "DCN protocol."; } enum "default-tcp" { value 13; description "Default CAR of tcp."; } enum "default-udp" { value 14; description "Default CAR of udp."; } enum "dhcp" { value 15; description "DHCP protocol."; } enum "dhcpv6" { value 16; description "DHCPv6 protocol."; } enum "dns-client" { value 18; description "DNS client protocol."; } enum "dnsv6" { value 19; description "DNSv6 protocol."; } enum "eapol" { value 20; description "EAPOL protocol."; } enum "ftp-client" { value 22; description "FTP client protocol."; } enum "ftp-server" { value 23; description "FTP server protocol."; } enum "ftpv6-client" { value 24; description "FTPv6 client protocol."; } enum "ftpv6-server" { value 25; description "FTPv6 server protocol."; } enum "hop-by-hop" { value 26; description "IPv6 hop-by-hop protocol."; } enum "hwtacacs" { value 28; description "HWTACACS protocol."; } enum "icmp" { value 29; description "ICMP protocol."; } enum "icmp-broadcast-address-echo" { value 30; description "Broadcast ICMP echo request packets."; } enum "icmp-nd" { value 31; description "ICMPv6-ND protocol."; } enum "icmp-noreach" { value 32; description "IPv6 ND miss."; } enum "icmpv6" { value 33; description "ICMPv6 protocol."; } enum "icmpv6-na" { value 34; description "ICMPv6-NA protocol."; } enum "icmpv6-ra" { value 36; description "ICMPv6-RA protocol."; } enum "icmpv6-rs" { value 37; description "ICMPv6-RS protocol."; } enum "igmp" { value 38; description "IGMP protocol."; } enum "ipfpm" { value 39; description "IPFPM protocol."; } enum "ipv6-fib-miss" { value 44; description "IPv6 FIB miss."; } enum "ipv6-ndh-miss" { value 45; description "IPv6 NDH miss."; } enum "ipv6-nd-miss" { value 46; description "IPv6 ND miss."; } enum "ipv6-ttl-expire" { value 47; description "IPv6 TTL expires packets."; } enum "isis" { value 48; description "ISIS protocol."; } enum "lacp" { value 49; description "LACP protocol."; } enum "ldp" { value 50; description "LDP protocol."; } enum "lldp" { value 51; description "LLDP protocol."; } enum "lspping" { value 52; description "LSPPING protocol."; } enum "mka" { value 53; description "MKA protocol."; } enum "mld" { value 54; description "IPv6 MLD protocol."; } enum "mpls-router-alert" { value 56; description "MPLS router alert packets."; } enum "mpls-trace-route" { value 57; description "MPLS trace route packets."; } enum "msdp" { value 59; description "MSDP protocol."; } enum "mtuv6" { value 60; description "MTUv6 protocol."; } enum "ntp" { value 62; description "NTP protocol."; } enum "ospf" { value 64; description "OSPF protocol."; } enum "ospfv3" { value 65; description "OSPFv3 protocol."; } enum "pim" { value 66; description "PIM protocol."; } enum "pimv6" { value 67; description "PIMv6 protocol."; } enum "ppp" { value 69; description "PPP protocol."; } enum "radius" { value 70; description "Radius protocol."; } enum "rip" { value 71; description "RIP protocol."; } enum "rsvp" { value 73; description "RSVP protocol."; } enum "snmp" { value 74; description "SNMP protocol."; } enum "ssh-client" { value 77; description "SSH client protocol."; } enum "ssh-server" { value 78; description "SSH server protocol."; } enum "sshv6-server" { value 79; description "SSHv6 server protocol."; } enum "telnet-client" { value 82; description "TELNET client protocol."; } enum "telnet-server" { value 83; description "TELNET server protocol."; } enum "telnetv6-client" { value 84; description "TELNETv6 client protocol."; } enum "telnetv6-server" { value 85; description "TELNETv6 server protocol."; } enum "tftp" { value 86; description "TFTP protocol."; } enum "traffic-behavior-log" { value 88; description "Traffic Behavior Log."; } enum "vrrp" { value 154; description "VRRP protocol."; } enum "hwtacacsv6" { value 167; description "HWTACACSv6 protocol."; } enum "lsppingv6" { value 168; description "Lsppingv6 packet."; } enum "pcep" { value 169; description "Pcep packet."; } enum "radiusv6" { value 170; description "Radiusv6 packet."; } enum "syslogv6" { value 171; description "Syslogv6 packet."; } enum "vrrpv6" { value 172; description "Vrrpv6 packet."; } enum "web-auth-serverv6" { value 173; description "Web-auth-serverv6 packet."; } enum "others" { value 174; description "Others packet."; } enum "total-packet" { value 175; description "Total-packet."; } } description "Alarm protocol name."; } typedef urpf-mode { type enumeration { enum "strict" { value 0; description "URPF strict check."; } enum "loose" { value 1; description "URPF loose check."; } } description "URPF check mode."; } typedef host-car-type { type enumeration { enum "host-car" { value 1; description "HOST-CAR."; } enum "http-host-car" { value 2; description "HTTP-HOST-CAR."; } enum "vlan-host-car" { value 3; description "VLAN-HOST-CAR."; } } description "HOST CAR type."; } typedef sequence-priority { type enumeration { enum "first" { value 1; description "First matching priority."; } enum "second" { value 2; description "Second matching priority."; } enum "third" { value 3; description "Third matching priority."; } enum "fourth" { value 4; description "Fourth matching priority."; } enum "fifth" { value 5; description "Fifth matching priority."; } enum "sixth" { value 6; description "Sixth matching priority."; } enum "seventh" { value 7; description "Seventh matching priority."; } } description "The matching priority of packets to be sent to the CPU."; } typedef cpcar-priority-query { type enumeration { enum "low" { value 1; description "A queue of a low priority."; } enum "middle" { value 2; description "A queue of a middle priority."; } enum "high" { value 3; description "A queue of a high priority."; } enum "be" { value 4; description "The BE queue of a low priority."; } enum "af1" { value 5; description "The AF1 queue of a middle priority."; } enum "af2" { value 6; description "The AF2 queue of a middle priority."; } enum "af3" { value 7; description "The AF3 queue of a middle priority."; } enum "af4" { value 8; description "The AF4 queue of a middle priority."; } enum "ef" { value 9; description "The EF queue of a middle priority."; } enum "cs6" { value 10; description "The CS6 queue of a high priority."; } enum "cs7" { value 11; description "The CS7 queue of a high priority."; } } description "A priority for sending packets to the CPU."; } typedef cpcar-priority { type enumeration { enum "low" { value 1; description "A queue of a low priority."; } enum "middle" { value 2; description "A queue of a middle priority."; } enum "high" { value 3; description "A queue of a high priority."; } enum "be" { value 4; description "The BE queue of a low priority."; } enum "af1" { value 5; description "The AF1 queue of a middle priority."; } enum "af2" { value 6; description "The AF2 queue of a middle priority."; } enum "af3" { value 7; description "The AF3 queue of a middle priority."; } enum "af4" { value 8; description "The AF4 queue of a middle priority."; } enum "ef" { value 9; description "The EF queue of a middle priority."; } enum "cs6" { value 10; description "The CS6 queue of a high priority."; } enum "cs7" { value 11; description "The CS7 queue of a high priority."; } } description "A priority for sending packets to the CPU."; } typedef arp-check-type { type enumeration { enum "check-destination-ip" { value 0; description "Check ARP packets with invalid destination IP addresses."; } enum "check-valid" { value 1; description "Check invalid ARP packets."; } } description "The type for checking invalid ARP packets."; } typedef port-car-packet { type enumeration { enum "arp" { value 1; description "ARP packet."; } enum "dhcp" { value 2; description "DHCP packet."; } enum "snmp" { value 3; description "SNMP packet."; } enum "telnet" { value 4; description "TELNET packet."; } enum "icmp" { value 5; description "ICMP packet."; } enum "ssh" { value 6; description "SSH packet."; } enum "icmp-nd" { value 7; description "ICMPv6 ND packet."; } enum "icmpv6" { value 8; description "ICMPv6 packet."; } enum "port" { value 9; description "Other packet types."; } } description "Indicates the packet type of the rate limit on the interface."; } typedef tcpip-defend-type { type enumeration { enum "abnormal-packet-defend" { value 1; description "Defense against malformed packet attacks."; } enum "udp-packet-defend" { value 2; description "Defense against UDP packet attacks."; } enum "tcpsyn-flood" { value 3; description "Defense against TCP SYN flooding attacks."; } enum "fragment-flood" { value 4; description "Defense against fragmented packet attacks."; } } description "TCP/IP attack defense type."; } typedef tcpip-defend-v6-type { type enumeration { enum "abnormal-packet-defend" { value 1; description "Defense against malformed packet attacks."; } enum "udp-packet-defend" { value 2; description "Defense against UDP packet attacks."; } enum "tcpsyn-flood" { value 3; description "Defense against TCP SYN flooding attacks."; } } description "TCP/IPv6 attack defense type."; } typedef protocol-group { type enumeration { enum "whitelist" { value 1; description "Whitelist."; } enum "user-defined-flow" { value 2; description "Flow user definded."; } enum "management" { value 3; description "Packet belong to management protocol."; } enum "route" { value 4; description "Packet belong to route protocol."; } enum "multicast" { value 5; description "Packet belong to multicast protocol."; } enum "arp" { value 6; description "Packet belong to ARP protocol."; } enum "mpls" { value 7; description "Packet belong to MPLS."; } enum "access-user" { value 8; description "Protocol for user access."; } enum "link-layer" { value 9; description "Packet belong to link layer protocol."; } enum "network-layer" { value 10; description "Packet belong to network layer protocol."; } enum "system-message" { value 12; description "Packet belong to system message protocol."; } enum "blacklist" { value 13; description "Packet belong to blacklist protocol."; } enum "check-failed" { value 14; description "Packet belong to check failed protocol."; } enum "fwddata-to-cp" { value 15; description "Packet belong to foward-data-to-cp protocol."; } enum "oam-check" { value 16; description "Protocol for OAM check."; } enum "clock" { value 17; description "Protocol for clock."; } enum "heartbeat" { value 18; description "Protocol for heartbeat."; } } description "Protocol group into which the protocol packets sent to the CPU are classified."; } typedef protocol-group-reset { type enumeration { enum "whitelist" { value 1; description "Whitelist."; } enum "user-defined-flow" { value 2; description "Flow user definded."; } enum "management" { value 3; description "Packet belong to management protocol."; } enum "route" { value 4; description "Packet belong to route protocol."; } enum "multicast" { value 5; description "Packet belong to multicast protocol."; } enum "arp" { value 6; description "Packet belong to ARP protocol."; } enum "mpls" { value 7; description "Packet belong to MPLS."; } enum "access-user" { value 8; description "Protocol for user access."; } enum "link-layer" { value 9; description "Packet belong to link layer protocol."; } enum "network-layer" { value 10; description "Packet belong to network layer protocol."; } enum "all" { value 11; description "All protocol group."; } enum "system-message" { value 12; description "Packet belong to system message protocol."; } enum "blacklist" { value 13; description "Packet belong to blacklist protocol."; } enum "check-failed" { value 14; description "Packet belong to check failed protocol."; } enum "fwddata-to-cp" { value 15; description "Packet belong to foward-data-to-cp protocol."; } } description "Protocol group which needs to reset the statistics."; } typedef protocol-queue { type enumeration { enum "whitelist-bgp" { value 1; description "Whitelist of BGP protocol."; } enum "whitelist-ldp" { value 2; description "Whitelist of LDP protocol."; } enum "whitelist-management" { value 3; description "Whitelist of management protocol."; } enum "whitelist-multicast" { value 4; description "Whitelist of multicast protocol."; } enum "whitelist-reserve" { value 5; description "Whitelist of reserve protocol."; } enum "user-define-flow-1" { value 6; description "User defined flow 1."; } enum "user-define-flow-2" { value 7; description "User defined flow 2."; } enum "user-define-flow-3" { value 8; description "User defined flow 3."; } enum "user-define-flow-4" { value 9; description "User defined flow 4."; } enum "user-define-flow-5" { value 10; description "User defined flow 5."; } enum "user-define-flow-6" { value 11; description "User defined flow 6."; } enum "user-define-flow-7" { value 12; description "User defined flow 7."; } enum "user-define-flow-8" { value 13; description "User defined flow 8."; } enum "dcn" { value 14; description "DCN protocol."; } enum "ftp" { value 15; description "FTP protocol."; } enum "ntp" { value 16; description "NTP protocol."; } enum "snmp" { value 17; description "SNMP protocol."; } enum "ssh" { value 18; description "SSH protocol."; } enum "sshv6" { value 19; description "SSHv6 protocol."; } enum "syslog" { value 20; description "Syslog protocol."; } enum "telnet" { value 21; description "Telnet protocol."; } enum "bgp" { value 22; description "BGP protocol."; } enum "bgpv6" { value 23; description "BGPv6 protocol."; } enum "isis" { value 24; description "ISIS protocol."; } enum "ospf" { value 25; description "OSPF protocol."; } enum "ospfv3" { value 26; description "OSPFv3 protocol."; } enum "rip" { value 27; description "RIP protocol."; } enum "igmp" { value 28; description "IGMP protocol."; } enum "multicast-reserve" { value 29; description "Multicast reserve protocol."; } enum "msdp" { value 30; description "MSDP protocol."; } enum "pim" { value 31; description "PIM protocol."; } enum "arp" { value 32; description "ARP protocol."; } enum "nd" { value 33; description "ND protocol."; } enum "ldp" { value 34; description "LDP protocol."; } enum "oam-ping" { value 35; description "OAM ping protocol."; } enum "rsvp" { value 36; description "RSVP protocol."; } enum "vxlan" { value 37; description "VXLAN protocol."; } enum "bas-arp" { value 38; description "BAS ARP protocol."; } enum "bas-igmp" { value 39; description "BAS IGMP protocol."; } enum "bas-nd" { value 40; description "BAS ND protocol."; } enum "bas-trigger" { value 41; description "BAS trigger protocol."; } enum "dhcp" { value 42; description "DHCP protocol."; } enum "dhcpv6" { value 43; description "DHCPv6 protocol."; } enum "eapol" { value 44; description "EAPol protocol."; } enum "l2tp" { value 45; description "L2TP protocol."; } enum "lldp" { value 46; description "LLDP protocol."; } enum "ppp" { value 47; description "PPP protocol."; } enum "vbas-reserve" { value 48; description "VBAS reserve protocol."; } enum "web" { value 49; description "Web protocol."; } enum "3ah" { value 50; description "3ah protocol."; } enum "bfd" { value 51; description "BFD protocol."; } enum "link-detect" { value 52; description "Link detect protocol."; } enum "trunk" { value 53; description "Trunk protocol."; } enum "y1731" { value 54; description "Y1731 protocol."; } enum "interface-rdi" { value 55; description "Interface rdi."; } enum "lag-check" { value 56; description "Lag check."; } enum "lag-ping-trace" { value 57; description "Lag ping trace."; } enum "mac-vlan" { value 58; description "MAC VLAN."; } enum "clock" { value 59; description "Clock."; } enum "default" { value 60; description "Default."; } enum "dns" { value 61; description "DNS protocol."; } enum "fragment" { value 62; description "Fragment protocol."; } enum "gre" { value 63; description "GRE protocol."; } enum "hwtacacs" { value 64; description "Hwtacacs protocol."; } enum "icmp" { value 65; description "ICMP protocol."; } enum "icmpv6" { value 66; description "ICMPv6 protocol."; } enum "ipv4-reserve" { value 67; description "IPv4 reserve."; } enum "ipv6-option" { value 68; description "IPv6 option."; } enum "nhrp" { value 69; description "NHRP."; } enum "vrrp" { value 70; description "VRRP protocol."; } enum "radius-diameter" { value 71; description "Radius diameter protocol."; } enum "system-message" { value 72; description "System message protocol."; } enum "blacklist" { value 73; description "Blacklist."; } enum "check-failed" { value 74; description "Check failed."; } enum "forward-data" { value 75; description "Forward data."; } } description "Protocol queue."; } typedef acl-type { type enumeration { enum "tcpsyn-flood" { value 1; description "Tcpsyn-flood defense ACL."; } enum "fragment-flood" { value 2; description "Fragment-flood defense ACL."; } enum "dynamic-link-protection" { value 3; description "Dynamic-link-protection ACL."; } enum "whitelist" { value 4; description "Whitelist ACL."; } enum "blacklist" { value 5; description "Blacklist ACL."; } enum "user-defined-flow" { value 6; description "User-defined-flow ACL."; } enum "management-acl" { value 7; description "Management protocol ACL."; } } description "Acl type for local attack defense."; } typedef application-apperceive-action { type enumeration { enum "drop" { value 1; description "Drops the packets to be sent to the CPU."; } enum "min-to-cp" { value 2; description "Sends packets to the CPU at the minimum rate."; } } description "A default action to be taken on the protocol packets to be sent to the CPU when the upper-layer protocols supporting application layer association are disabled."; } typedef attack-source-trace-sample-rate { type enumeration { enum "1" { value 1; description "The sampling ratios of 1:1."; } enum "10" { value 2; description "The sampling ratios of 10:1."; } enum "100" { value 3; description "The sampling ratios of 100:1."; } enum "1000" { value 4; description "The sampling ratios of 1000:1."; } } description "The sampling ratio for the packets that are recorded by attack source tracing."; } typedef application-apperceive-protocol { type enumeration { enum "ftp-server" { value 1; description "FTP server protocol."; } enum "ssh-server" { value 2; description "SSH server protocol."; } enum "snmp" { value 3; description "SNMP protocol."; } enum "telnet-server" { value 4; description "TELNET server protocol."; } enum "tftp" { value 5; description "TFTP protocol."; } enum "bgp" { value 6; description "BGP protocol."; } enum "ldp" { value 7; description "LDP protocol."; } enum "rsvp" { value 8; description "RSVP protocol."; } enum "ospf" { value 9; description "OSPF protocol."; } enum "rip" { value 10; description "RIP protocol."; } enum "msdp" { value 11; description "MSDP protocol."; } enum "pim" { value 12; description "PIM protocol."; } enum "igmp" { value 13; description "IGMP protocol."; } enum "isis" { value 14; description "ISIS client protocol."; } enum "ftp-client" { value 15; description "FTP client protocol."; } enum "telnet-client" { value 16; description "TELNET client protocol."; } enum "ssh-client" { value 17; description "SSH client protocol."; } enum "ntp" { value 18; description "NTP protocol."; } enum "radius" { value 19; description "Radius protocol."; } enum "hwtacacs" { value 20; description "HWTACACS protocol."; } enum "lspping" { value 21; description "LSPPING protocol."; } enum "icmp" { value 22; description "ICMP protocol."; } enum "vrrp" { value 23; description "VRRP protocol."; } enum "dhcp" { value 24; description "DHCP protocol."; } enum "dns-client" { value 25; description "DNS client protocol."; } enum "syslog" { value 26; description "SYSLOG protocol."; } enum "802.1ag" { value 27; description "802.1AG protocol."; } enum "bfd" { value 28; description "BFD protocol."; } enum "lacp" { value 29; description "LACP protocol."; } enum "bgpv6" { value 30; description "BGPv6 protocol."; } enum "ospfv3" { value 31; description "OSPFv3 protocol."; } enum "ftpv6-server" { value 32; description "FTPv6 server protocol."; } enum "ftpv6-client" { value 33; description "FTPv6 client protocol."; } enum "icmpv6" { value 34; description "ICMPv6 protocol."; } enum "pimv6" { value 35; description "PIMv6 protocol."; } enum "sshv6-server" { value 36; description "SSHv6 server protocol."; } enum "telnetv6-client" { value 37; description "TELNETv6 client protocol."; } enum "telnetv6-server" { value 38; description "TELNETv6 server protocol."; } enum "dns-v6" { value 39; description "DNSv6 protocol."; } enum "web-auth-server" { value 40; description "Web authentication server protocol."; } enum "diameter" { value 41; description "Diameter protocol."; } enum "open-flow" { value 42; description "Open-Flow protocol."; } enum "unicast-vrrp" { value 43; description "Unicast VRRP protocol."; } enum "igpmu" { value 44; description "IGPMU protocol."; } enum "ipfpm" { value 45; description "IPFPM protocol."; } enum "hwtacacsv6" { value 46; description "HWTACACSv6 protocol."; } enum "lsppingv6" { value 47; description "Lsppingv6 packet."; } enum "pcep" { value 48; description "Pcep packet."; } enum "radiusv6" { value 49; description "Radiusv6 packet."; } enum "syslogv6" { value 50; description "Syslogv6 packet."; } enum "vrrpv6" { value 51; description "Vrrpv6 packet."; } enum "web-auth-serverv6" { value 52; description "Web-auth-serverv6 packet."; } } description "The protocol type that support application-apperceive."; } typedef protocol-state { type enumeration { enum "closed" { value 0; description "Protocol disabled."; } enum "open" { value 1; description "Protocol enabled."; } } description "Protocol status, open or closed."; } typedef total-car-rate-level { type enumeration { enum "low" { value 1; description "The rate of packets sent to the CPU at a high level."; } enum "middle" { value 2; description "The rate of packets sent to the CPU at a middle level."; } enum "high" { value 3; description "The rate of packets sent to the CPU at a low level."; } } description "The rate level at which packets are sent to the CPU."; } typedef fq-type { type enumeration { enum "be" { value 0; description "BE."; } enum "af1" { value 1; description "AF1."; } enum "af2" { value 2; description "AF2."; } enum "af3" { value 3; description "AF3."; } enum "af4" { value 4; description "AF4."; } enum "ef" { value 5; description "EF."; } enum "cs6" { value 6; description "CS6."; } enum "cs7" { value 7; description "CS7."; } } description "FQ type."; } typedef spu-car-type { type enumeration { enum "icmp" { value 1; description "ICMP protocol."; } enum "tcp" { value 2; description "TCP protocol."; } enum "udp" { value 3; description "UDP protocol."; } enum "gre" { value 4; description "GRE protocol."; } enum "bgp" { value 5; description "BGP protocol."; } enum "default" { value 6; description "Other protocol."; } enum "total" { value 7; description "All protocol."; } enum "ike-total-car" { value 8; description "The total CAR for the IKE protocol."; } enum "ike-tunnel-car" { value 9; description "The tunnel CAR for the IKE protocol."; } enum "plain-sa-miss" { value 10; description "Plain SA miss messages."; } enum "cipher-sa-miss" { value 11; description "Cipher SA miss messages."; } enum "ipsec-rekey" { value 12; description "IPSEC rekey messages."; } enum "ike-dpd" { value 13; description "IKE DPD messages."; } enum "fast-channel" { value 14; description "Fast channel protocol."; } enum "bfd-down" { value 15; description "BFD down protocol."; } enum "pst" { value 16; description "PST protocol."; } enum "dslite-private-ipv4" { value 17; description "Ds-lite private IPv4 protocol."; } enum "ip-option" { value 18; description "IP OPTION protocol packets."; } enum "mtu-exceed" { value 19; description "MTU exceed protocol packets."; } enum "cgn-icmp" { value 20; description "CGN ICMP protocol."; } enum "cgn-icmpv6" { value 21; description "CGN ICMPv6 protocol."; } enum "cgn-ipv4-other" { value 22; description "CGN IPv4 other protocol packets."; } enum "cgn-ipv6-other" { value 23; description "CGN IPv6 other protocol packets."; } enum "cgn-ipv6-raw" { value 24; description "CGN IPv6 RAW packets."; } enum "cgn-total" { value 25; description "The total bandwidth of packets to be sent to the CPU on a CGN board."; } } description "CAR for packets on a service board."; } typedef user-status { type enumeration { enum "online" { value 1; description "Indicates that the user is online."; } enum "online-fail" { value 2; description "Indicates that the user fails to go online."; } enum "offline-normal" { value 3; description "Indicates that the user goes offline normally."; } enum "offline-abnormal" { value 4; description "Indicates that the user goes offline abnormally."; } } description "Online status of a user."; } typedef cp-rate-limit-protocol { type enumeration { enum "dhcp" { value 17; description "DHCP packet."; } enum "dhcpv6" { value 259; description "DHCPv6 packet."; } enum "icmp" { value 12; description "ICMP packet."; } enum "icmpv6" { value 675; description "ICMPv6 packet."; } enum "ldp-hello" { value 171; description "LDP-hello packet."; } enum "rsvp" { value 7; description "RSVP packet."; } enum "ospf" { value 8; description "OSPF packet."; } enum "rip" { value 9; description "RIP packet."; } enum "pim" { value 14; description "PIM packet."; } enum "isis" { value 10; description "ISIS packet."; } enum "vrrp" { value 26; description "VRRP packet."; } enum "ripng" { value 437; description "RIPNG packet."; } enum "ospfv3" { value 671; description "OSPFv3 packet."; } enum "pimv6" { value 677; description "PIMv6 packet."; } enum "vrrpv6" { value 1097; description "VRRPv6 packet."; } } description "Indicates the packet type of the rate limit on the interface."; } typedef cp-rate-limit-states-protocol { type enumeration { enum "port" { value 0; description "PORT packet."; } enum "dhcp" { value 17; description "DHCP packet."; } enum "dhcpv6" { value 259; description "DHCPv6 packet."; } enum "icmp" { value 12; description "ICMP packet."; } enum "icmpv6" { value 675; description "ICMPv6 packet."; } enum "ldp-hello" { value 171; description "LDP-hello packet."; } enum "rsvp" { value 7; description "RSVP packet."; } enum "ospf" { value 8; description "OSPF packet."; } enum "rip" { value 9; description "RIP packet."; } enum "pim" { value 14; description "PIM packet."; } enum "isis" { value 10; description "ISIS packet."; } enum "igmp" { value 23; description "IGMP packet."; } enum "vrrp" { value 26; description "VRRP packet."; } enum "ripng" { value 437; description "RIPNG packet."; } enum "ospfv3" { value 671; description "OSPFv3 packet."; } enum "pimv6" { value 677; description "PIMv6 packet."; } enum "vrrpv6" { value 1097; description "VRRPv6 packet."; } } description "Indicates the packet type of the rate limit on the interface."; } typedef cp-rate-limit-enhance-stat-protocol { type enumeration { enum "port" { value 0; description "PORT packet."; } enum "dhcp" { value 1; description "DHCP packet."; } enum "dhcpv6" { value 2; description "DHCPv6 packet."; } enum "icmp" { value 3; description "ICMP packet."; } enum "icmpv6" { value 4; description "ICMPv6 packet."; } } description "Indicates the packet type of the overall rate limit on the interface and its sub-interfaces."; } typedef cp-rate-limit-enhance-protocol { type enumeration { enum "dhcp" { value 1; description "DHCP packet."; } enum "dhcpv6" { value 2; description "DHCPv6 packet."; } enum "icmp" { value 3; description "ICMP packet."; } enum "icmpv6" { value 4; description "ICMPv6 packet."; } } description "Indicates the packet type of the overall rate limit on the interface and its sub-interfaces."; } typedef nd-protocol-type { type enumeration { enum "na" { value 1; description "NA."; } enum "ns-unicast" { value 2; description "NS-UNICAST."; } enum "ns-multicast" { value 3; description "NS-MULTICAST."; } } description "ND protocol types for ND VLAN CAR."; } typedef session-car-whitelist { type enumeration { enum "bgp" { value 1; description "Bgp protocol."; } enum "ospf" { value 3; description "Ospf protocol."; } enum "ldp-tcp" { value 5; description "Ldp-tcp protocol."; } enum "rsvp-te" { value 7; description "Rsvp-TE protocol."; } enum "pcep" { value 8; description "Pcep protocol."; } enum "web-auth-server" { value 9; description "WEB-AUTH-SERVER packet."; } enum "radius" { value 11; description "Radius protocol."; } enum "dhcp" { value 13; description "Dhcp protocol."; } enum "grpc" { value 15; description "Grpc packet."; } enum "cusp" { value 17; description "Cusp protocol."; } enum "etrunk" { value 18; description "ETRUNK protocol."; } enum "rbs" { value 25; description "RBS protocol."; } enum "self-ping" { value 28; description "SELF-PING protocol."; } enum "pim" { value 31; description "PIM protocol."; } enum "disaster-recovery" { value 33; description "DISASTER-RECOVERY protocol."; } enum "ldp-udp-remote" { value 34; description "LDP-UDP-REMOTE protocol."; } enum "ssh" { value 36; description "SSH protocol."; } enum "telnet" { value 38; description "TELNET protocol."; } enum "ftp" { value 40; description "FTP protocol."; } enum "dhcp-server" { value 44; description "DHCP-SERVER protocol."; } enum "ldp-udp-local" { value 46; description "LDP-UDP-LOCAL protocol."; } enum "ssh-client" { value 47; description "SSH-CLIENT protocol."; } } description "Whitelist protocol types for SESSION CAR."; } typedef session-car-whitelist-v6 { type enumeration { enum "bgpv6" { value 2; description "Bgpv6 protocol."; } enum "ospfv3" { value 4; description "Ospfv3 protocol."; } enum "web-auth-serverv6" { value 10; description "WEB-AUTH-SERVERV6 protocol."; } enum "radiusv6" { value 12; description "Radiusv6 protocol."; } enum "dhcpv6" { value 14; description "Dhcpv6 protocol."; } enum "grpcv6" { value 16; description "Grpcv6 packet."; } enum "pimv6" { value 32; description "PIMV6 protocol."; } enum "sshv6" { value 37; description "SSHV6 protocol."; } enum "telnetv6" { value 39; description "TELNETV6 protocol."; } enum "ftpv6" { value 41; description "FTPV6 protocol."; } enum "dhcpv6-server" { value 45; description "DHCPV6-SERVER protocol."; } enum "rbsv6" { value 49; description "RBSV6 protocol."; } enum "etrunkv6" { value 50; description "ETRUNKV6 protocol."; } } description "Whitelist-v6 protocol types for SESSION CAR."; } typedef session-car-whitelist-l2 { type enumeration { enum "isis" { value 6; description "ISIS protocol."; } enum "vrrp" { value 20; description "VRRP protocol."; } enum "vrrpv6" { value 21; description "VRRPv6 protocol."; } } description "Whitelist-l2 protocol types for SESSION CAR."; } typedef session-car-type { type enumeration { enum "app-default" { value 0; description "App default."; } enum "cir-configure" { value 1; description "Cir-configure."; } enum "cbs-configure" { value 2; description "Cbs-configure."; } enum "pir-configure" { value 4; description "Pir-configure."; } enum "pbs-configure" { value 8; description "Pbs-configure."; } } description "Session car configured types for SESSION CAR."; } typedef ip-type { type enumeration { enum "ip" { value 0; description "IP."; } enum "ipv6" { value 1; description "IPv6."; } } description "IP type."; } typedef acl-family { type enumeration { enum "acl" { value 0; description "ACL IPv4."; } enum "acl-ipv6" { value 1; description "ACL IPv6."; } } description "ACL family."; } typedef hostcar-reset-type { type enumeration { enum "all" { value 2; description "All HOST-CAR."; } enum "auto-adjust" { value 3; description "Automatically adjusted HOST-CAR."; } enum "dropped" { value 4; description "HOST-CAR in which some bytes are dropped."; } enum "non-dropped" { value 5; description "HOST-CAR in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; } } description "HOSTCAR reset tpye."; } typedef rate-limit-protocol { type enumeration { enum "arp" { value 1; description "ARP packet."; } enum "snmp" { value 2; description "SNMP Protocol."; } enum "dhcp" { value 3; description "DHCP Protocol."; } enum "telnet" { value 4; description "TELNET Protocol."; } enum "icmp" { value 5; description "ICMP Protocol."; } enum "ssh" { value 6; description "SSH Protocol."; } enum "icmp-nd" { value 7; description "ICMP-ND Protocol."; } enum "icmpv6" { value 8; description "ICMPv6 Protocol."; } enum "port-car" { value 9; description "PORT-CAR Protocol."; } } description "Rate limit protocol."; } typedef car-whitelist-protocol { type enumeration { enum "bgp" { value 3; description "BGP Protocol."; } enum "isis" { value 12; description "ISIS Protocol."; } enum "ldp" { value 14; description "LDP Protocol."; } enum "ospf" { value 19; description "OSPF Protocol."; } enum "radius" { value 21; description "RADIUS Protocol."; } enum "rsvp" { value 24; description "RSVP Protocol."; } } description "CAR whitelist protocol."; } typedef car-whitelist-v6-protocol { type enumeration { enum "bgpv6" { value 46; description "BGPv6 Protocol."; } enum "ospfv3" { value 47; description "OSPFv3 Protocol."; } } description "CAR whitelist-v6 protocol."; } typedef link-type { type enumeration { enum "ethernet" { value 1; description "ETHERNET Protocol."; } enum "ppp" { value 2; description "PPP Protocol."; } enum "hdlc" { value 3; description "HDLC Protocol."; } enum "atm" { value 4; description "ATM Protocol."; } } description "Link type."; } typedef layer-2-type { type enumeration { enum "atm" { value 2; description "ATM protocol."; } enum "ppp" { value 4; description "PPP protocol."; } enum "chdlc" { value 5; description "CHDLC protocol."; } enum "ethernet" { value 6; description "Ethernet protocol."; } enum "unknown" { value 0; description "Unknown type."; } enum "x.25" { value 1; description "X.25 protocol."; } enum "fr" { value 3; description "FR protocol."; } enum "arp" { value 8; description "ARP protocol."; } enum "mpls" { value 9; description "MPLS protocol."; } enum "ipv4" { value 10; description "IPv4 protocol."; } enum "ipv6" { value 11; description "IPv6 protocol."; } enum "tcp" { value 12; description "TCP protocol."; } enum "udp" { value 13; description "UDP protocol."; } enum "icmp" { value 14; description "ICMP protocol."; } enum "icmpv6" { value 15; description "ICMPv6 protocol."; } enum "igmp" { value 16; description "IGMP protocol."; } } description "Layer 2 Protocol type."; } typedef layer-2dot5-type { type enumeration { enum "arp" { value 8; description "ARP protocol."; } enum "mpls" { value 9; description "MPLS protocol."; } enum "unknown" { value 0; description "Unknown type."; } } description "Layer 2.5 Protocol type."; } typedef layer-3-type { type enumeration { enum "ip" { value 10; description "IPv4 protocol."; } enum "ipv6" { value 11; description "IPv6 protocol."; } enum "unknown" { value 0; description "Unknown type."; } } description "Layer 3 Protocol type."; } typedef layer-4-type { type enumeration { enum "tcp" { value 12; description "TCP protocol."; } enum "udp" { value 13; description "UDP protocol."; } enum "icmp" { value 14; description "ICMP protocol."; } enum "icmpv6" { value 15; description "ICMPv6 protocol."; } enum "igmp" { value 16; description "IGMP protocol."; } enum "unknown" { value 0; description "Unknown type."; } } description "Layer 4 Protocol type."; } typedef arp-type { type enumeration { enum "arp-request" { value 1; description "Arp request packet."; } enum "arp-reply" { value 2; description "Arp reply packet."; } } description "Type of ARP packet."; } typedef attack-type { type enumeration { enum "application-apperceive" { value 1; description "The application layer association."; } enum "car" { value 2; description "The CPCAR defense."; } enum "totalcar" { value 3; description "The total-CAR defense."; } enum "tcpip-defend" { value 4; description "The TCP/IP attack defense."; } enum "ma-defend" { value 5; description "The management/control plane protection."; } } description "Local attack type."; } typedef layer-link-type { type enumeration { enum "ip" { value 2048; description "ICMP protocol."; } enum "arp" { value 2054; description "IGMP protocol."; } enum "rarp" { value 32821; description "TCP protocol."; } enum "8021q" { value 33024; description "UDP protocol."; } enum "ipv6" { value 34525; description "IPv6 protocol."; } enum "mpls" { value 34887; description "MPLS protocol."; } enum "pppoe" { value 34915; description "PPPOE protocol."; } enum "8021x" { value 34958; description "8021x protocol."; } enum "8021ad" { value 34984; description "8021ad protocol."; } enum "8021ag" { value 35704; description "8021ag protocol."; } } description "Protocol type of link-layer data."; } typedef overwrite-flag { type enumeration { enum "no" { value 0; description "Overwrite flag is no."; } enum "yes" { value 1; description "Overwrite flag is yes."; } } description "Overwrite flag."; } typedef acl-ip-type { type enumeration { enum "ipv4" { value 0; description "IPv4 ACL."; } enum "ipv6" { value 1; description "IPv6 ACL."; } } description "Type of acl IP type."; } typedef management-type { type enumeration { enum "ftp" { value 0; description "FTP deny packets."; } enum "ssh" { value 1; description "SSH deny packets."; } enum "snmp" { value 2; description "SNMP deny packets."; } enum "telnet" { value 3; description "TELNET deny packets."; } } description "Type of ACL deny matching packets info."; } container cpudefend { description "Policies for global management and service plane protection."; container policys { description "List of attack defense policies."; list policy { key "id"; max-elements 30; description "Configure attack defense policy."; leaf id { type uint32 { range "1..30"; } description "ID of an attack defense policy."; } leaf description { type string { length "1..64"; } description "Description about an attack defense policy."; } leaf enable { type boolean; default "false"; description "Enable/disable defense policy."; } leaf icmp-broadcast-echo-enable { type boolean; default "false"; description "Enable/disable the device to receive broadcast ICMP echo request packets."; } container cpcar-protocol-names { description "List of configure the Committed Access Rate (CAR) function for packets by protocol name."; list cpcar-protocol-name { key "protocol-name"; description "Configure the Committed Access Rate (CAR) function for packets by protocol name."; leaf protocol-name { type protocol-name; description "The packet name of the protocol packets."; } leaf cir { type uint32 { range "0..1000000"; } units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32 { range "0..9000000"; } units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32 { range "64..9600"; } units "Byte"; must "(../protocol-name='diameter') or (../protocol-name='portal') or (../protocol-name='radius') or (../protocol-name='web')"; description "Minimum packet length for compensation."; } leaf priority { type cpcar-priority; must "(../protocol-name!='whitelist-bgp') and (../protocol-name!='whitelist-isis') and (../protocol-name!='whitelist-ldp')"; must "(../protocol-name!='whitelist-ospf') and (../protocol-name!='whitelist-radius') and (../protocol-name!='whitelist-rsvp')"; must "(../protocol-name!='whitelistv6-bgpv6') and (../protocol-name!='whitelistv6-ospfv3')"; description "Set a priority for sending packets to the CPU."; } } // list cpcar-protocol-name } // container cpcar-protocol-names container cpcar-protocol-ids { description "List of configure the Committed Access Rate (CAR) function for packets by protocol id."; list cpcar-protocol-id { key "protocol-id"; description "Configure the Committed Access Rate (CAR) function for packets by protocol id."; leaf protocol-id { type uint32 { range "35..1658"; } description "The packet index of the protocol packets. Some indexes cannot be configured. You can get the support indexes by the node:/cpudefend/cpcar/protocol-id-statisticss."; } leaf cir { type uint32 { range "0..1000000"; } units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32 { range "0..9000000"; } units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32 { range "64..9600"; } units "Byte"; must "(../protocol-id=36) or (../protocol-id=101) or (../protocol-id=282) or (../protocol-id=290) or (../protocol-id=1106)"; description "Minimum packet length for compensation."; } leaf priority { type cpcar-priority; description "Set a priority for sending packets to the CPU."; } } // list cpcar-protocol-id } // container cpcar-protocol-ids container alarm-protocol-ids { description "List of configure the the alarm function for the packets that are dropped before they are sent to the CPU."; list alarm-protocol-id { key "protocol-id"; description "Configure the the alarm function for the packets that are dropped before they are sent to the CPU."; leaf protocol-id { type uint32 { range "35..1658"; } description "Enables the alarm function for the dropped packets with the specified index. Some indexes cannot be configured. You can get the support indexes by the node:/cpudefend/cpcar/protocol-id-statisticss."; } leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { ext:dynamic-default { ext:default-value "1000000" { when "../protocol-id=39"; description "The default value is 1000000 when protocol-id is 39."; } ext:default-value "30000" { description "The default value is 30000."; } } type uint32 { range "1..1000000"; } description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { ext:dynamic-default { ext:default-value "300" { when "../protocol-id=39"; description "The default value is 300 when protocol-id is 39."; } ext:default-value "600" { description "The default value is 600."; } } type uint32 { range "60..3600"; } description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { ext:dynamic-default { ext:default-value "0" { when "../protocol-id=39"; description "The default value is 0 when protocol-id is 39."; } ext:default-value "300" { description "The default value is 300."; } } type uint32 { range "0..1000000"; } units "1/60 pps"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // list alarm-protocol-id } // container alarm-protocol-ids container ttl-expired-loop { description "Configure the TTL-timeout-based loop detection."; container alarm-drop-rate { description "Configure the TTL-timeout-based loop detection alarm function."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..100"; } units "%"; default "10"; description "Specifies a TTL timeout loop detection alarm threshold."; } leaf interval { type uint32 { range "5..3600"; } units "s"; default "60"; description "Specifies the interval at which the TTL timeout loop detection is implemented."; } leaf resume-cycles { type uint32 { range "1..65535"; } default "3"; description "Specifies the number of cycles."; } } // container alarm-drop-rate } // container ttl-expired-loop container alarm-protocol-names { description "List of configure the the alarm function for the packets that are dropped before they are sent to the CPU."; list alarm-protocol-name { key "protocol-name"; description "Configure the the alarm function for the packets that are dropped before they are sent to the CPU."; leaf protocol-name { type alarm-protocol-name; description "The packet name of the protocol packets."; } leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // list alarm-protocol-name } // container alarm-protocol-names container ma-defend { description "Configure the management/control plane protection."; container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "1000000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "300"; description "Specifies the interval for counting the number of dropped packets."; } } // container alarm-drop-rate } // container ma-defend container tcpip-defend { description "Configure TCP/IP attack defense protects a device against malformed or typical TCP/IP packets."; leaf abnormal-packet-defend-enable { type boolean; default "true"; description "Enable/disable defense against malformed packet attacks."; } leaf udp-packet-defend-enable { type boolean; default "true"; description "Enable/disable defense against UDP packet attacks."; } leaf tcpsyn-flood-enable { type boolean; default "true"; description "Enable/disable defense against TCP SYN flooding attacks."; } leaf fragment-flood-enable { type boolean; default "true"; description "Enable/disable defense against fragmented packet attacks."; } container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container tcpip-defend container ipv6-tcpip-defend { description "Configure IPv6 TCP/IP attack defense protects a device against malformed or typical TCP/IP packets."; leaf abnormal-packet-defend-enable { type boolean; default "true"; description "Enable/disable defense against malformed packet attacks."; } leaf udp-packet-defend-enable { type boolean; default "true"; description "Enable/disable defense against UDP packet attacks."; } leaf tcpsyn-flood-enable { type boolean; default "true"; description "Enable/disable defense against TCP SYN flooding attacks."; } container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container ipv6-tcpip-defend container total-car { description "Configure the rate limit of the packets sent to the CPU."; container cpu-defend-total-car { description "Configure the rate limit of the packets sent to the CPU."; choice rate-limit { description "A total rate for sending packets to the CPU."; case value { description "Specifies the rate value for sending packets to the CPU."; leaf value { type uint32 { range "800..50000"; } description "Specifies the rate value for sending packets to the CPU."; } } // case value case level { description "Specifies the rate level for sending packets to the CPU."; leaf level { type total-car-rate-level; description "Indicates the rate level at which packets are sent to the CPU."; } } // case level } // choice rate-limit } // container cpu-defend-total-car container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "1000000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "300"; description "Specifies the interval for counting the number of dropped packets."; } } // container alarm-drop-rate } // container total-car container urpf { description "Configure local URPF check on an board."; container cpu-defend-urpf { presence "config local urpf"; description "Enable/disable local URPF check on an board."; leaf mode { type urpf-mode; mandatory true; description "Indicates URPF check mode, such as strict or loose."; } leaf default-route { when "../mode='strict'"; type boolean; default "false"; description "Enable/disable indicates that URPF is implemented for packets matching the default route."; } } // container cpu-defend-urpf container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container urpf container dynamic-link-protection { description "Configure when the dynamic link protection function is enabled, after a protocol session is established, sufficient bandwidth can be allocated to ensure uninterrupted protocol sessions."; leaf enable { type boolean; default "true"; description "Enable/disable the dynamic link protection function."; } } // container dynamic-link-protection container cross-board-car { presence "config cross board car"; description "Configure implement rate limiting for inter-board trunk packets and inter-board packets on a dumb terminal."; leaf cir { type uint32 { range "0..10000000"; } units "kbit/s"; mandatory true; description "Committed information rate."; } leaf cbs { type uint32 { range "1000..19200000"; } units "Byte"; description "Committed burst size."; } } // container cross-board-car container process-sequence { description "Configure the match sequence of packets to be sent to the CPU. By default, packets to be sent to the CPU comply with the following match sequence: TCPSYN packets -> packet fragments -> dynamic link protection -> management protocol ACL -> whitelist -> blacklist -> user-defined flow."; leaf tcpsyn-flood { type sequence-priority; must "(../tcpsyn-flood != ../fragment-flood) and (../tcpsyn-flood != ../dynamic-link-protection) and (../tcpsyn-flood != ../management-acl) and (../tcpsyn-flood != ../whitelist) and (../tcpsyn-flood != ../blacklist) and (../tcpsyn-flood != ../user-defined-flow)"; default "first"; description "Matching order of tcpsyn flood packets. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf fragment-flood { type sequence-priority; must "(../fragment-flood != ../tcpsyn-flood) and (../fragment-flood != ../dynamic-link-protection) and (../fragment-flood != ../management-acl) and (../fragment-flood != ../whitelist) and (../fragment-flood != ../blacklist) and (../fragment-flood != ../user-defined-flow)"; default "second"; description "Matching order of fragment flood packets. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf dynamic-link-protection { type sequence-priority; must "(../dynamic-link-protection != ../tcpsyn-flood) and (../dynamic-link-protection != ../fragment-flood) and (../dynamic-link-protection != ../management-acl) and (../dynamic-link-protection != ../whitelist) and (../dynamic-link-protection != ../blacklist) and (../dynamic-link-protection != ../user-defined-flow)"; default "third"; description "Matching order of packets in the dynamic link protection. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf management-acl { type sequence-priority; must "(../management-acl != ../tcpsyn-flood) and (../management-acl != ../fragment-flood) and (../management-acl != ../dynamic-link-protection) and (../management-acl != ../whitelist) and (../management-acl != ../blacklist) and (../management-acl != ../user-defined-flow)"; default "fourth"; description "Matching order of packets in the management acl. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf whitelist { type sequence-priority; must "(../whitelist != ../tcpsyn-flood) and (../whitelist != ../fragment-flood) and (../whitelist != ../dynamic-link-protection) and (../whitelist != ../management-acl) and (../whitelist != ../blacklist) and (../whitelist != ../user-defined-flow)"; default "fifth"; description "Matching order of packets in the whitelist. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf blacklist { type sequence-priority; must "(../blacklist != ../tcpsyn-flood) and (../blacklist != ../fragment-flood) and (../blacklist != ../dynamic-link-protection) and (../blacklist != ../management-acl) and (../blacklist != ../whitelist) and (../blacklist != ../user-defined-flow)"; default "sixth"; description "Matching order of packets in the blacklist. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } leaf user-defined-flow { type sequence-priority; must "(../user-defined-flow != ../tcpsyn-flood) and (../user-defined-flow != ../fragment-flood) and (../user-defined-flow != ../dynamic-link-protection) and (../user-defined-flow != ../management-acl) and (../user-defined-flow != ../whitelist) and (../user-defined-flow != ../blacklist)"; default "seventh"; description "Matching order of packets in the user-defined flow. The value ranges from 1 to 7 and cannot be the same as the priority order of other parameters."; } } // container process-sequence container application-apperceive { description "Configure application-apperceive function associates the enabled and disabled status of control protocols and the status of the forwarding engine at the lower layer."; leaf default-action { type application-apperceive-action; default "min-to-cp"; description "Set a default action to be taken on the protocol packets to be sent to the CPU when the upper-layer protocols supporting application-apperceive are disabled."; } leaf enable { type boolean; default "true"; description "Enable/disable application-apperceive function."; } container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container application-apperceive container attack-source-trace { description "Configure attack source tracing function."; leaf enable { type boolean; default "true"; description "Enable/disable main switch of attack source tracing function. If the switch is disabled, all attack source tracing functions are disabled."; } leaf cpcar-enable { type boolean; default "true"; description "Enable/disable the switch of cpcar attack source tracking function."; } leaf tcpip-defend-enable { type boolean; default "true"; description "Enable/disable the switch of tcpip-defend attack source tracking function."; } leaf application-apperceive-enable { type boolean; default "true"; description "Enable/disable the switch of application-apperceive attack source tracking function."; } leaf ma-defend-enable { type boolean; default "true"; description "Enable/disable the switch of ma-defend attack source tracking function."; } leaf totalcar-enable { type boolean; default "true"; description "Enable/disable the switch of totalcar attack source tracking function."; } leaf sample-rate { type attack-source-trace-sample-rate; default "1000"; description "Set the sampling ratio for the packets that are recorded by attack source tracing."; } } // container attack-source-trace container cpu-defend-acl { description "Configure ACLs applied to an attack defense policy."; leaf ip-pool-enable { type boolean; default "false"; description "Enable/disable the address pool function for an attack defense policy."; } leaf vpn-instance-enable { type boolean; default "false"; description "Enable/disable configure the VPN field in the ACL of a whitelist, blacklist, or user-defined flow that is applied to an attack defense policy to take effect."; } leaf ipv6-enhance-enable { type boolean; default "false"; description "Enable/disable IPv6-enhance-enable matches IPv6 packets to be sent to the CPU against the whitelist, blacklist, or user-defined flow. The IPv6 packets include the IPv6, NA, BAS NA, QVCT MISS DHCPv6, QVCT MISS ND, PPPoE DHCPv6, NS, BAS NS, BAS LINKLOCAL, BAS reserved multicast, BAS DHCPv6 packets sent from L2TP users."; } leaf dhcp-discover-enable { type boolean; default "false"; description "Enable/disable DHCP-DISCOVER packets from matching against ACLs in the blacklist, whitelist, or user-defined flow."; } leaf ipv4-multicast-fib-miss-enable { type boolean; default "false"; description "Enable/disable IPv4 MFIB-MISS packets to match against ACLs in the blacklist, whitelist, or user-defined flow."; } leaf management-acl-enable { type boolean; default "true"; description "Enable/disable the management protocol ACL delivering function to filter out invalid management protocol packets to be sent to the CPU using hardware."; } } // container cpu-defend-acl container tm-scheduling { description "Configure TM scheduling allows high-priority packets to be preferentially sent to the CPU in the case of attacks."; container protocol-group-settings { description "List of configure the CIR and weight of the packets to be sent to the CPU in specific protocol groups."; list protocol-group-setting { key "group"; description "Configure the CIR and weight of the packets to be sent to the CPU in specific protocol groups."; leaf group { type protocol-group; description "Protocol group into which the protocol packets sent to the CPU are classified."; } leaf cir { ext:dynamic-default { ext:default-value "1024" { when "../group = 'whitelist'"; description "The default value is 1024 when type is whitelist."; } ext:default-value "100" { when "../group = 'system-message'"; description "The default value is 100 when type is system-message."; } ext:default-value "0" { description "The default value is 0 when type is others."; } } type uint32 { range "0..51200"; } units "kbit/s"; description "Committed information rate. Protocol-group with different protocol-group-type have different dynamic default values."; } leaf weight { type uint32 { range "1..63"; } description "Weight. Protocol-group with different protocol-group-type have different dynamic default values."; } } // list protocol-group-setting } // container protocol-group-settings container protocol-queue-settings { description "List of protocol queues with weight."; list protocol-queue-setting { key "queue"; description "Configure weight of protocol queue."; leaf queue { type protocol-queue; description "Protocol queue."; } leaf weight { type uint32 { range "1..16"; } mandatory true; description "Weight."; } } // list protocol-queue-setting } // container protocol-queue-settings container protocol-queue-prioritys { description "List of protocol queue prioritys with weight."; list protocol-queue-priority { key "queue priority"; description "Configure weight of protocol queue priority."; leaf queue { type protocol-queue; description "Protocol queue."; } leaf priority { type fq-type; description "Priority."; } leaf weight { type uint32 { range "1..16"; } mandatory true; description "Weight."; } } // list protocol-queue-priority } // container protocol-queue-prioritys } // container tm-scheduling container blacklist { description "Configure a blacklist stores a group of invalid users. You can define a blacklist using ACLs. Attackers are added to the blacklist. Then, packets that match the blacklist are discarded or sent to the CPU with a lower priority."; leaf enable { type boolean; default "true"; description "Enable/disable the blacklist function."; } choice ipv4-acl-type { description "IPv4 ACL number or name. An ACL number ranges from 2000 to 3999. An ACL name is a string of 1 to 64 characters, which begins with a-z or A-Z. IPv4 ACL dentity is a number or number must exist, otherwise it does not support delivery."; case by-identity { description "IPv4 ACL identity."; leaf ipv4-acl { type leafref { path "/acl:acl/acl:groups/acl:group/acl:identity"; } must "/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'"; description "IPv4 ACL identity."; } } // case by-identity case by-number { description "IPv4 ACL number."; leaf ipv4-acl-number { type leafref { path "/acl:acl/acl:groups/acl:group/acl:number"; } must "/acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='advance'"; description "IPv4 ACL number."; } } // case by-number } // choice ipv4-acl-type leaf ipv6-acl { type leafref { path "/acl:acl/acl:group6s/acl:group6/acl:identity"; } must "/acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='advance'"; description "IPv6 ACL number or name. An ACL number ranges from 2000 to 3999. An ACL name is a string of 1 to 64 characters, which begins with a-z or A-Z."; } container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "1000000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "300"; description "Specifies the interval for counting the number of dropped packets."; } } // container alarm-drop-rate } // container blacklist container user-defined-flows { description "List of user-defined-flow."; list user-defined-flow { ext:generated-by "system"; ext:operation-exclude "create"; key "flow-id"; description "Configure user-defined-flow parameters."; leaf flow-id { type uint32 { range "1..64"; } description "Specifies the number of a user-defined flow."; } choice acl-type { description "Acl type for user-defined-flow."; case ipv4-identity { description "IPv4 ACL identity."; leaf ipv4-acl { type leafref { path "/acl:acl/acl:groups/acl:group/acl:identity"; } must "/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'"; mandatory true; description "IPv4 ACL identity."; } leaf prior { type boolean; default "false"; description "Enable/disable configure the highest priority for a user-defined flow in the whitelist, blacklist, and user-defined flows."; } } // case ipv4-identity case ipv4-number { description "IPv4 ACL number."; leaf ipv4-acl-number { type leafref { path "/acl:acl/acl:groups/acl:group/acl:number"; } must "/acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='advance'"; mandatory true; description "IPv4 ACL number."; } leaf acl-number-prior { type boolean; default "false"; description "Enable/disable configure the highest priority for a user-defined flow in the whitelist, blacklist, and user-defined flows."; } } // case ipv4-number case ipv6 { description "IPv6 user-defined flow."; leaf ipv6-acl { type leafref { path "/acl:acl/acl:group6s/acl:group6/acl:identity"; } must "/acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='advance'"; mandatory true; description "ACL number or name. An ACL number ranges from 2000 to 3999. An ACL name is a string of 1 to 64 characters, which begins with a-z or A-Z."; } } // case ipv6 } // choice acl-type container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // list user-defined-flow } // container user-defined-flows container whitelist-enable { description "Configure the IPv4 and IPv6 whitelist function."; leaf enable { type boolean; default "true"; description "Enable/disable the IPv4 whitelist and IPv6 whitelist function."; } } // container whitelist-enable container whitelist { description "Configure a whitelist stores a group of valid users or users with high priorities. By configuring the whitelist, you can enable the system to protect existing services or user services with high priorities."; leaf enable { type boolean; default "true"; status deprecated; description "Enable/disable the whitelist function. The leaf enable is deprecated. You are advised to use the leaf '/cpudefend:cpudefend/cpudefend:policys/cpudefend:policy/cpudefend:whitelist-enable/cpudefend:enable'."; } choice acl-type { description "IPv4 ACL number or name. An ACL number ranges from 2000 to 3999. An ACL name is a string of 1 to 64 characters, which begins with a-z or A-Z. IPv4 ACL dentity is a number or number must exist, otherwise it does not support delivery."; case by-identity { description "IPv4 ACL identity."; leaf acl { type leafref { path "/acl:acl/acl:groups/acl:group/acl:identity"; } must "/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'"; description "IPv4 ACL identity."; } } // case by-identity case by-number { description "IPv4 ACL number."; leaf acl-number { type leafref { path "/acl:acl/acl:groups/acl:group/acl:number"; } must "/acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:number=current()]/acl:type='advance'"; description "IPv4 ACL number."; } } // case by-number } // choice acl-type container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container whitelist container ipv6-whitelist { description "Configure a whitelist stores a group of valid users or users with high priorities. By configuring the whitelist, you can enable the system to protect existing services or user services with high priorities."; leaf enable { type boolean; default "true"; status deprecated; description "Enable/disable the IPv6 whitelist function. The leaf enable is deprecated. You are advised to use the leaf '/cpudefend:cpudefend/cpudefend:policys/cpudefend:policy/cpudefend:whitelist-enable/cpudefend:enable'."; } leaf acl { type leafref { path "/acl:acl/acl:group6s/acl:group6/acl:identity"; } must "/acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='advance'"; description "ACL number or name. An ACL number ranges from 2000 to 3999. An ACL name is a string of 1 to 64 characters, which begins with a-z or A-Z."; } container alarm-drop-rate { description "Configure alarm parameters for the dropped packets before they are sent to the CPU."; leaf enable { type boolean; default "true"; description "Enable/disable the alarm function for the packets that are dropped before they are sent to the CPU."; } leaf threshold { type uint32 { range "1..1000000"; } default "30000"; description "Specifies an upper threshold of the packets dropped within a specified time period."; } leaf interval { type uint32 { range "60..3600"; } default "600"; description "Specifies the interval for counting the number of dropped packets."; } leaf speed-threshold { type uint32 { range "0..1000000"; } units "1/60 pps"; default "300"; description "Specifies the alarm threshold for the rate at which packets are dropped."; } } // container alarm-drop-rate } // container ipv6-whitelist } // list policy } // container policys container host-car-defense { config false; description "Statistics of HOST-CAR is used to perform rate limit for packets that the user side sends to the CPU."; container statistics { description "Displays statistics for the packets of the HOST-CAR."; container host-car { description "Displays statistics for the packets of the HOST-CAR."; container alls { description "List of displays statistics for the packets of the HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; list all { key "slot car-id"; description "Displays statistics for the packets of the HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..32767"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list all } // container alls container auto-adjusts { description "List of displays statistics for the packets of the HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; list auto-adjust { key "slot car-id"; description "Displays statistics for the packets of the HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..32767"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list auto-adjust } // container auto-adjusts container droppeds { description "List of displays statistics for the packets of the HOST-CAR. Displays statistics about packets in which some bytes are dropped."; list dropped { key "slot car-id"; description "Displays statistics for the packets of the HOST-CAR. Displays statistics about packets in which some bytes are dropped."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..32767"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list dropped } // container droppeds container non-droppeds { description "List of displays statistics for the packets of the HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; list non-dropped { key "slot car-id"; description "Displays statistics for the packets of the HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..32767"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list non-dropped } // container non-droppeds } // container host-car container http-host-car { description "Displays statistics for the packets of the HTTP-HOST-CAR."; container alls { description "List of displays statistics for the packets of the HTTP-HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; list all { key "slot car-id"; description "Displays statistics for the packets of the HTTP-HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list all } // container alls container auto-adjusts { description "List of displays statistics for the packets of the HTTP-HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; list auto-adjust { key "slot car-id"; description "Displays statistics for the packets of the HTTP-HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list auto-adjust } // container auto-adjusts container droppeds { description "List of displays statistics for the packets of the HTTP-HOST-CAR. Displays statistics about packets in which some bytes are dropped."; list dropped { key "slot car-id"; description "Displays statistics for the packets of the HTTP-HOST-CAR. Displays statistics about packets in which some bytes are dropped."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list dropped } // container droppeds container non-droppeds { description "List of displays statistics for the packets of the HTTP-HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; list non-dropped { key "slot car-id"; description "Displays statistics for the packets of the HTTP-HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list non-dropped } // container non-droppeds } // container http-host-car container vlan-host-car { description "Displays statistics for the packets of the VLAN-HOST-CAR."; container alls { description "List of displays statistics for the packets of the VLAN-HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; list all { key "slot car-id"; description "Displays statistics for the packets of the VLAN-HOST-CAR. If the CAR-ID is not specified, the record with the packet count of 0 is not displayed."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list all } // container alls container auto-adjusts { description "List of displays statistics for the packets of the VLAN-HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; list auto-adjust { key "slot car-id"; description "Displays statistics for the packets of the VLAN-HOST-CAR. Displays the IDs of CAR rules in which the bandwidth values are automatically adjusted."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list auto-adjust } // container auto-adjusts container droppeds { description "List of displays statistics for the packets of the VLAN-HOST-CAR. Displays statistics about packets in which some bytes are dropped."; list dropped { key "slot car-id"; description "Displays statistics for the packets of the VLAN-HOST-CAR. Displays statistics about packets in which some bytes are dropped."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list dropped } // container droppeds container non-droppeds { description "List of displays statistics for the packets of the VLAN-HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; list non-dropped { key "slot car-id"; description "Displays statistics for the packets of the VLAN-HOST-CAR. Displays statistics in which the passed packet traffic is not 0 and the discarded packet traffic is 0."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-id { type uint32 { range "0..4095"; } description "CAR index."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets dropped."; } } // list non-dropped } // container non-droppeds } // container vlan-host-car } // container statistics container host-car-parameters { description "List of displays the default and actual CAR parameter values for HOST-CAR."; list host-car-parameter { key "slot type"; description "Operational data of displays the default and actual CAR for HOST-CAR."; leaf slot { type string { length "1..32"; } description "Slot ID."; } leaf type { type host-car-type; description "HOST-CAR type, such as HOST-CAR, HTTP-HOST-CAR, VLAN-HOST-CAR."; } leaf default-cir { type uint32; units "kbit/s"; description "CIR default value."; } leaf default-cbs { type uint32; units "Byte"; description "CBS default value."; } leaf default-pir { type uint32; units "kbit/s"; description "PIR default value."; } leaf default-pbs { type uint32; units "Byte"; description "PBS default value."; } leaf default-auto-adjust { type boolean; description "Automatic bandwidth adjustment function default value."; } leaf default-logging-interval { type uint32; description "Logging-interval default value."; } leaf default-logging-discard-threshold { type uint32; description "Logging-discard-threshold default value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } leaf actual-pir { type uint32; units "kbit/s"; description "PIR actual value."; } leaf actual-pbs { type uint32; units "Byte"; description "PBS actual value."; } leaf actual-auto-adjust { type boolean; description "Automatic bandwidth adjustment function actual value."; } leaf actual-logging-interval { type uint32; description "Logging-interval actual value."; } leaf actual-logging-discard-threshold { type uint32; description "Logging-discard-threshold actual value."; } } // list host-car-parameter } // container host-car-parameters container host-car-user-states { description "List of displays information about the access users limited by the HOST-CAR, such as the MAC address, IP address, and user status."; list host-car-user-state { key "slot car-id user-id"; description "Statistics of displays information about the access users limited by the HOST-CAR, such as the MAC address, IP address, and user status."; leaf slot { type string { length "0..32"; } description "Slot Number."; } leaf car-id { type uint32 { range "0..32767"; } description "CAR ID."; } leaf user-id { type uint32; description "Access user ID."; } leaf mac-address { type pub-type:mac-address; description "User MAC."; } leaf ipv4-address { type inet:ipv4-address-no-zone; description "User IPv4 address."; } leaf ipv6-address { type inet:ipv6-address-no-zone; description "User IPv6 address."; } leaf outer-vlan { type uint16; description "User PE VLAN ID."; } leaf inner-vlan { type uint16; description "User CE VLAN ID."; } leaf user-name { type string { length "0..254"; } description "User name."; } leaf user-status { type user-status; description "Online status of a user."; } } // list host-car-user-state } // container host-car-user-states } // container host-car-defense container nd-attack-defense { description "Configure ND packet attack defense."; leaf packet-filter { type boolean; default "false"; description "Enable/disable invalid ND packet attack defense to filter out six types of invalid ND packets (NS/NA/RS/RA/Redirect/CPS)."; } container packet-filter-statisticss { config false; description "List of displays statistics about invalid ND packet attack defense."; list packet-filter-statistics { key "slot"; description "Statistics of displays statistics about invalid ND packet attack defense."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf discard-packets { type uint64; description "The number of discarded packets."; } } // list packet-filter-statistics } // container packet-filter-statisticss container nd-attack-currents { config false; description "List of current ND VLAN CAR attack information."; list nd-attack-current { key "number type slot"; description "Operational data of current ND VLAN CAR attack information."; leaf number { type uint32; description "The ordinal number of the attack record."; } leaf type { type nd-protocol-type; description "ND protocol type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf physical-interface { ext:support-filter "true"; type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Physical interface name."; } leaf logical-interface { type pub-type:if-name; description "Logical interface name."; } leaf vlan-id { ext:support-filter "true"; type uint32; description "VLAN-ID."; } leaf pe-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "PE-VLAN-ID."; } leaf ce-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "CE-VLAN-ID."; } leaf passed-packets { type uint64; description "The number of all packets passed."; } leaf dropped-packets { type uint64; description "The number of all packets dropped."; } leaf defend-start-time { type yang:date-and-time; description "ND VLAN CAR attack defense start time."; } } // list nd-attack-current } // container nd-attack-currents container nd-attack-historys { config false; description "List of board-based ND VLAN CAR attack information."; list nd-attack-history { key "number type slot"; description "Operational data of board-based ND VLAN CAR attack information."; leaf number { type uint32; description "The ordinal number of the attack record."; } leaf type { type nd-protocol-type; description "ND protocol type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf physical-interface { ext:support-filter "true"; type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Physical interface name."; } leaf logical-interface { type pub-type:if-name; description "Logical interface name."; } leaf vlan-id { ext:support-filter "true"; type uint32; description "VLAN-ID."; } leaf pe-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "PE-VLAN-ID."; } leaf ce-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "CE-VLAN-ID."; } leaf passed-packets { type uint64; description "The number of all packets passed."; } leaf dropped-packets { type uint64; description "The number of all packets dropped."; } leaf defend-start-time { type yang:date-and-time; description "ND VLAN CAR attack defense start time."; } leaf defend-end-time { type yang:date-and-time; description "ND VLAN CAR attack defense end time."; } } // list nd-attack-history } // container nd-attack-historys container nd-attack-board-baseds { config false; description "List of ND VLAN CAR attack information on a specific board."; list nd-attack-board-based { key "slot type"; description "Operational data of ND VLAN CAR attack information on a specific board."; leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf type { type nd-protocol-type; description "ND protocol type."; } leaf passed-packets { type uint64; description "The number of all packets passed."; } leaf dropped-packets { type uint64; description "The number of all packets dropped."; } } // list nd-attack-board-based } // container nd-attack-board-baseds } // container nd-attack-defense container cross-board-car { config false; description "Implement rate limiting statistics for inter-board trunk packets and inter-board packets on a dumb terminal."; container statisticss { description "List of displays cross-board CAR information on a specific board."; list statistics { key "slot"; description "Displays statistics for cross-board CAR on a specific board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf configured-cir { type uint32; units "kbit/s"; description "CIR configuration value."; } leaf configured-cbs { type uint32; units "Byte"; description "CBS configuration value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } } // list statistics } // container statisticss } // container cross-board-car container dynamic-link-protection { config false; description "Statistics of dynamic link protection. When the dynamic link protection function is enabled, after a protocol session is established, sufficient bandwidth can be allocated to ensure uninterrupted protocol sessions."; container session-car { description "Statistics of whitelist session-CAR. After the whitelist session-CAR function is enabled, protocol session-specific rate limiting is applied to packets matching the whitelist."; container whitelists { description "List of display whitelist session-CAR statistics on a specified board."; list whitelist { key "number"; description "Statistics of display whitelist session-CAR statistics on a specified board."; leaf number { type uint32; description "The ordinal number of statistics records."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot number."; } leaf protocol { ext:support-filter "true"; type session-car-whitelist; description "The whitelist protocol that supports the session-CAR function."; } leaf source-ip { type inet:ipv4-address-no-zone; description "IP source address."; } leaf source-port { type uint16; description "Source port."; } leaf destination-ip { type inet:ipv4-address-no-zone; description "IP destination address."; } leaf destination-port { type uint16; description "Destination port."; } leaf vs-id { type uint32; description "Index of VS (Virtual System)."; } leaf green-packets { type uint64; description "Statistics about packets colored green."; } leaf yellow-packets { type uint64; description "Statistics about packets colored yellow."; } leaf red-packets { type uint64; description "Statistics about packets colored red."; } leaf configured-cir { type uint32; units "kbit/s"; description "Configured cir."; } leaf configured-cbs { type uint32; units "Byte"; description "Configured cbs."; } leaf configured-pir { type uint32; units "kbit/s"; description "Configured pir."; } leaf configured-pbs { type uint32; units "Byte"; description "Configured pbs."; } leaf actual-cir { type uint32; units "kbit/s"; description "Actual cir."; } leaf actual-cbs { type uint32; units "Byte"; description "Actual cbs."; } leaf actual-pir { type uint32; units "kbit/s"; description "Actual pir."; } leaf actual-pbs { type uint32; units "Byte"; description "Actual pbs."; } leaf fixed-packet-length { type uint16; description "Fixed packet length."; } leaf cir-configured-type { type session-car-type; description "Cir configured type."; } leaf cbs-configured-type { type session-car-type; description "Cbs configured type."; } leaf pir-configured-type { type session-car-type; description "Pir configured type."; } leaf pbs-configured-type { type session-car-type; description "Pbs configured type."; } } // list whitelist } // container whitelists container whitelist-v6s { description "List of display whitelist-v6 session-CAR statistics on a specified board."; list whitelist-v6 { key "number"; description "Statistics of display whitelist-v6 session-CAR statistics on a specified board."; leaf number { type uint32; description "The ordinal number of statistics records."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot number."; } leaf protocol { ext:support-filter "true"; type session-car-whitelist-v6; description "The whitelist-v6 protocol that supports the session-CAR function."; } leaf source-ipv6 { type inet:ipv6-address-no-zone; description "IPv6 source address."; } leaf source-port { type uint16; description "Source port."; } leaf destination-ipv6 { type inet:ipv6-address-no-zone; description "IPv6 destination address."; } leaf destination-port { type uint16; description "Destination port."; } leaf vs-id { type uint32; description "Index of VS (Virtual System)."; } leaf green-packets { type uint64; description "Statistics about packets colored green."; } leaf yellow-packets { type uint64; description "Statistics about packets colored yellow."; } leaf red-packets { type uint64; description "Statistics about packets colored red."; } leaf configured-cir { type uint32; units "kbit/s"; description "Configured cir."; } leaf configured-cbs { type uint32; units "Byte"; description "Configured cbs."; } leaf configured-pir { type uint32; units "kbit/s"; description "Configured pir."; } leaf configured-pbs { type uint32; units "Byte"; description "Configured pbs."; } leaf actual-cir { type uint32; units "kbit/s"; description "Actual cir."; } leaf actual-cbs { type uint32; units "Byte"; description "Actual cbs."; } leaf actual-pir { type uint32; units "kbit/s"; description "Actual pir."; } leaf actual-pbs { type uint32; units "Byte"; description "Actual pbs."; } leaf fixed-packet-length { type uint16; description "Fixed packet length."; } leaf cir-configured-type { type session-car-type; description "Cir configured type."; } leaf cbs-configured-type { type session-car-type; description "Cbs configured type."; } leaf pir-configured-type { type session-car-type; description "Pir configured type."; } leaf pbs-configured-type { type session-car-type; description "Pbs configured type."; } } // list whitelist-v6 } // container whitelist-v6s container whitelist-l2s { description "List of display whitelist-l2 session-CAR statistics on a specified board."; list whitelist-l2 { key "number"; description "Statistics of display whitelist-l2 session-CAR statistics on a specified board."; leaf number { type uint32; description "The ordinal number of statistics records."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot number."; } leaf protocol { ext:support-filter "true"; type session-car-whitelist-l2; description "The whitelist-l2 protocol that supports the session-CAR function."; } leaf if-index { type uint32; description "Interface index."; } leaf source-mac { type pub-type:mac-address; description "Source mac."; } leaf source-port { type uint16; description "Source port."; } leaf destination-mac { type pub-type:mac-address; description "Destination mac."; } leaf destination-port { type uint16; description "Destination port."; } leaf vs-id { type uint32; description "Index of VS (Virtual System)."; } leaf green-packets { type uint64; description "Statistics about packets colored green."; } leaf yellow-packets { type uint64; description "Statistics about packets colored yellow."; } leaf red-packets { type uint64; description "Statistics about packets colored red."; } leaf configured-cir { type uint32; units "kbit/s"; description "Configured cir."; } leaf configured-cbs { type uint32; units "Byte"; description "Configured cbs."; } leaf configured-pir { type uint32; units "kbit/s"; description "Configured pir."; } leaf configured-pbs { type uint32; units "Byte"; description "Configured pbs."; } leaf actual-cir { type uint32; units "kbit/s"; description "Actual cir."; } leaf actual-cbs { type uint32; units "Byte"; description "Actual cbs."; } leaf actual-pir { type uint32; units "kbit/s"; description "Actual pir."; } leaf actual-pbs { type uint32; units "Byte"; description "Actual pbs."; } leaf fixed-packet-length { type uint16; description "Fixed packet length."; } leaf cir-configured-type { type session-car-type; description "Cir configured type."; } leaf cbs-configured-type { type session-car-type; description "Cbs configured type."; } leaf pir-configured-type { type session-car-type; description "Pir configured type."; } leaf pbs-configured-type { type session-car-type; description "Pbs configured type."; } } // list whitelist-l2 } // container whitelist-l2s } // container session-car } // container dynamic-link-protection container protocol-port-car { config false; description "Statistics of the rate limit of packets on an interface."; container statisticss { description "List of displays statistics about packet rate limit on an interface."; list statistics { key "interface protocol"; description "Displays statistics for the packet rate limit on an interface."; leaf interface { type pub-type:if-name; description "Logical interface name."; } leaf protocol { type port-car-packet; description "Indicates the packet type of the rate limit on the interface."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list statistics } // container statisticss } // container protocol-port-car container arp-attack-defense { config false; description "Statistics of ARP packet attack defense."; container arp-check-statisticss { description "List of displays statistics about discarded invalid ARP packets on a specific board."; list arp-check-statistics { key "slot type"; description "Displays statistics for discarded invalid ARP packets on a specific board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf type { type arp-check-type; description "The type for checking invalid ARP packets."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list arp-check-statistics } // container arp-check-statisticss container arp-safeguard-statisticss { description "List of displays ARP bidirectional isolation statistics."; list arp-safeguard-statistics { key "slot"; description "Displays ARP bidirectional isolation statistics."; leaf slot { type string { length "1..32"; } description "Slot ID."; } leaf arp-request-packets { type uint64; description "The number of ARP-request packets."; } leaf arp-reply-packets { type uint64; description "The number of ARP-reply packets."; } leaf arp-tocpu-packets { type uint64; description "The number of ARP packets sent to the CPU."; } leaf arp-dropped-packets { type uint64; description "The number of ARP packets dropped."; } } // list arp-safeguard-statistics } // container arp-safeguard-statisticss container arp-attack-currents { description "List of displays current ARP attack information."; list arp-attack-current { key "number"; description "Displays current ARP attack statistics."; leaf number { type uint32; description "The ordinal number of the attack record."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Attacked board."; } leaf physical-interface { ext:support-filter "true"; type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Physical interface name."; } leaf logical-interface { type pub-type:if-name; description "Logical interface name."; } leaf vlan-id { ext:support-filter "true"; type uint32 { range "0..4094"; } description "VLAN-ID."; } leaf pe-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "PE-VLAN-ID."; } leaf ce-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "CE-VLAN-ID."; } leaf enable-arp-car { type boolean; description "Enable/disable ARP CAR."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf passed-packets { type uint64; description "The number of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-packets { type uint64; description "The number of all packets dropped."; } leaf defend-start-time { type yang:date-and-time; description "ARP attack defense start time."; } } // list arp-attack-current } // container arp-attack-currents container arp-attack-historys { description "List of displays historical ARP attack information."; list arp-attack-history { key "number"; description "Displays historical ARP attack statistics."; leaf number { type uint32; description "The ordinal number of the attack record."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Attacked board."; } leaf physical-interface { ext:support-filter "true"; type leafref { path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name"; } description "Physical interface name."; } leaf logical-interface { type pub-type:if-name; description "Logical interface name."; } leaf vlan-id { ext:support-filter "true"; type uint32 { range "0..4094"; } description "VLAN-ID."; } leaf pe-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "PE-VLAN-ID."; } leaf ce-vid { ext:support-filter "true"; type uint32 { range "0..4094"; } description "CE-VLAN-ID."; } leaf enable-arp-car { type boolean; description "Enable/disable ARP CAR."; } leaf passed-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf passed-packets { type uint64; description "The number of all packets passed."; } leaf dropped-bytes { type uint64; units "Byte"; description "The number of bytes of all packets passed."; } leaf dropped-packets { type uint64; description "The number of all packets dropped."; } leaf defend-start-time { type yang:date-and-time; description "ARP attack defense start time."; } leaf defend-end-time { type yang:date-and-time; description "ARP attack defense end time."; } } // list arp-attack-history } // container arp-attack-historys container arp-attack-board-baseds { description "List of displays board-based ARP attack information statistics."; list arp-attack-board-based { key "slot"; description "Displays board-based ARP attack statistics."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf passed-bytes { type uint64; units "Byte"; description "Number of passed bytes."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-bytes { type uint64; units "Byte"; description "Number of dropped bytes."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list arp-attack-board-based } // container arp-attack-board-baseds } // container arp-attack-defense container application-apperceive { config false; description "Statistics of displays application-apperceive on a specified board."; container board-based-states { description "List of displays board-based application-apperceive state."; list board-based-state { key "slot"; description "Displays board-based application-apperceive state."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf application-switch { type protocol-state; description "Open/close application-apperceive function."; } leaf default-action { type application-apperceive-action; description "Set a default action to be taken on the protocol packets to be sent to the CPU when the upper-layer protocols supporting application-apperceive are disabled."; } } // list board-based-state } // container board-based-states container protocol-states { description "List of displays protocol state on a specified board."; list protocol-state { key "slot protocol"; description "Operational state of displays protocol on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type application-apperceive-protocol; description "Name of the protocols supporting application layer association."; } leaf state { type protocol-state; description "Protocol status, open or closed."; } } // list protocol-state } // container protocol-states container ap-protocol-states { description "List of displays protocol state on a specified board of an AP."; list ap-protocol-state { key "ap-id slot protocol"; description "Operational state of displays protocol state on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type application-apperceive-protocol; description "Name of the protocols supporting application layer association."; } leaf state { type protocol-state; description "Protocol status, open or closed."; } } // list ap-protocol-state } // container ap-protocol-states container protocol-statisticss { description "List of displays statistics about protocol packets on a specified board."; list protocol-statistics { key "slot protocol"; description "Displays statistics for protocol packets on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type application-apperceive-protocol; description "Name of the protocols supporting application layer association."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list protocol-statistics } // container protocol-statisticss container ap-protocol-statisticss { description "List of displays statistics about protocol packets on a specified board of an AP."; list ap-protocol-statistics { key "ap-id slot protocol"; description "Operational state of displays statistics about protocol packets on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol { type application-apperceive-protocol; description "Name of the protocols supporting application layer association."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ap-protocol-statistics } // container ap-protocol-statisticss } // container application-apperceive container attack-source-trace { config false; description "Statistics of displays attack-source-trace information on a specified board."; container buffers { description "List of information about attack source tracing buffer."; list buffer { key "slot"; description "Operational state of information about attack source tracing buffer."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf buffer-size { type uint32; description "The size of the buffer for attack source tracing."; } leaf record-number { type uint32; description "The number of attack source trace records."; } leaf overwrite-flag { type overwrite-flag; description "Overwrite flag identifies whether the attack source trace records were overwritten."; } } // list buffer } // container buffers container verboses { description "List of verbose information about attack source tracing."; list verbose { key "slot packet-number"; description "Operational state of verbose information about attack source tracing."; leaf slot { type string { length "0..32"; } description "The slot ID of the interface board."; } leaf packet-number { type uint32; description "Packet number."; } leaf interface-name { type pub-type:if-name; description "Interface name."; } leaf car-index { ext:support-filter "true"; type uint32 { range "0..1699"; } description "Car-index."; } leaf attack-type { ext:support-filter "true"; type attack-type; description "The type of attack packets recorded by attack source tracing."; } leaf start-time { type yang:date-and-time; description "Attack start time."; } leaf pe-vlan-id { type uint16; description "PE VLAN-ID."; } leaf ce-vlan-id { type uint16; description "CE VLAN-ID."; } leaf layer-2-type { type layer-2-type; description "Layer 2 type of the attack packet."; } leaf source-mac { ext:support-filter "true"; type pub-type:mac-address; description "Source MAC address."; } leaf destination-mac { ext:support-filter "true"; type pub-type:mac-address; description "Destination MAC address."; } leaf protocol-number { type uint16; description "Protocol number of link-layer data."; } leaf protocol-type { type layer-link-type; description "Protocol type of link-layer data."; } leaf atm-vpi { type uint16; description "ATM VPI."; } leaf atm-vci { type uint16; description "ATM VCI."; } leaf layer-2dot5-type { type layer-2dot5-type; description "Layer 2.5 type of the attack packet."; } leaf arp-type { type arp-type; description "Arp packet type, such as ARP-request, ARP-reply."; } leaf source-ip { type inet:ipv4-address-no-zone; description "IP Address of Sender."; } leaf destination-ip { type inet:ipv4-address-no-zone; description "IP Address of Destination."; } leaf mpls-lable-1 { type uint32; description "Layer 1 MPLS label."; } leaf mpls-lable-2 { type uint32; description "Layer 2 MPLS label."; } leaf mpls-lable-3 { type uint32; description "Layer 3 MPLS label."; } leaf mpls-lable-4 { type uint32; description "Layer 4 MPLS label."; } leaf mpls-lable-5 { type uint32; description "Layer 5 MPLS label."; } leaf layer-3-type { type layer-3-type; description "Layer 3 type of the attack packet."; } leaf ip-version { type uint8; description "IP version."; } leaf ip-header-length { type uint8; description "IP header length."; } leaf ip-type-of-service { type uint8; description "Type of service."; } leaf ip-total-length { type uint16; description "IP packet length."; } leaf ip-identification { type uint16; description "ID of IP packet."; } leaf ip-fragment-offset { type uint16; description "Fragment Offset."; } leaf ip-ttl { type uint8; description "Time to Live."; } leaf ip-protocol-number { ext:support-filter "true"; type uint8; description "IP protocol number."; } leaf ip-checksum { type uint16; description "Header checksum."; } leaf ipv6-traffic-class { type uint8; description "Traffic class."; } leaf ipv6-flow-label { type uint32; description "Flow Label."; } leaf ipv6-payload-length { type uint16; description "Payload length."; } leaf ipv6-next-header { ext:support-filter "true"; type uint8; description "Next header."; } leaf ipv6-hop-limit { type uint8; description "Hop limit."; } leaf ipv6-source-address { type inet:ipv6-address-no-zone; description "IPv6 source address."; } leaf ipv6-destination-address { type inet:ipv6-address-no-zone; description "IPv6 destination address."; } leaf layer-4-type { type layer-4-type; description "Layer 4 type of the attack packet."; } leaf source-port { ext:support-filter "true"; type uint16; description "Source port."; } leaf destination-port { ext:support-filter "true"; type uint16; description "Destination port."; } leaf tcp-sequence-num { type uint32; description "Sequence number."; } leaf tcp-acknowledgement-num { type uint32; description "Acknowledgment number."; } leaf tcp-flags { type uint8; description "Tcp flags."; } leaf tcp-win-size { type uint16; description "TCP window size."; } leaf udp-length { type uint16; description "UDP header plus UDP data bytes."; } leaf icmp-or-igmp-type { type uint8; description "Icmp or igmp type."; } leaf icmp-or-igmp-code { type uint8; description "Icmp or igmp code."; } leaf checksum { type uint16; description "Checksum."; } leaf igmp-group-address { type inet:ipv4-address-no-zone; description "Igmp group address."; } leaf attack-trace-data { type string { length "0..5000"; } description "Data of attack source tracing."; } } // list verbose } // container verboses } // container attack-source-trace container cpcar { config false; description "CAR for packets sent to the CPU statistics."; container default-states { description "List of displays the default cpcar information."; list default-state { key "slot protocol-id"; description "Displays the default cpcar statistics."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32 { range "0..65535"; } description "The packet index of the protocol packets."; } leaf cir { type uint32; units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32; units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32; units "Byte"; description "Minimum packet length for compensation."; } leaf fixed-packet-length { type uint32; units "Byte"; description "Fixed packet length for compensation."; } leaf priority { type cpcar-priority-query; description "Priority for sending packets to the CPU."; } leaf description { type string { length "0..127"; } description "Description."; } } // list default-state } // container default-states container ap-default-states { description "List of displays the default cpcar information on a specified board of an AP."; list ap-default-state { key "ap-id slot protocol-id"; description "Operational state of displays the default cpcar information on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32; description "The packet index of the protocol packets."; } leaf cir { type uint32; units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32; units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32; units "Byte"; description "Minimum packet length for compensation."; } leaf fixed-packet-length { type uint32; units "Byte"; description "Fixed packet length for compensation."; } leaf priority { type cpcar-priority-query; description "Priority for sending packets to the CPU."; } leaf description { type string { length "0..127"; } description "Description."; } } // list ap-default-state } // container ap-default-states container current-states { description "List of displays the current cpcar information."; list current-state { key "slot protocol-id"; description "Displays the current cpcar statistics."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32 { range "0..65535"; } description "The packet index of the protocol packets."; } leaf cir { type uint32; units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32; units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32; units "Byte"; description "Minimum packet length for compensation."; } leaf fixed-packet-length { type uint32; units "Byte"; description "Fixed packet length for compensation."; } leaf priority { type cpcar-priority-query; description "Priority for sending packets to the CPU."; } leaf description { type string { length "0..127"; } description "Description."; } } // list current-state } // container current-states container ap-current-states { description "List of displays the current cpcar information on a specified board of an AP."; list ap-current-state { key "ap-id slot protocol-id"; description "Operational state of displays the current cpcar information on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32; description "The packet index of the protocol packets."; } leaf cir { type uint32; units "kbit/s"; description "Committed information rate."; } leaf cbs { type uint32; units "Byte"; description "Committed burst size."; } leaf min-packet-length { type uint32; units "Byte"; description "Minimum packet length for compensation."; } leaf fixed-packet-length { type uint32; units "Byte"; description "Fixed packet length for compensation."; } leaf priority { type cpcar-priority-query; description "Priority for sending packets to the CPU."; } leaf description { type string { length "0..127"; } description "Description."; } } // list ap-current-state } // container ap-current-states container protocol-name-statisticss { description "List of displays information about the attack defense on a specified board."; list protocol-name-statistics { key "slot protocol-name"; description "Displays statistics for the attack defense on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-name { type protocol-name; description "The packet name of the protocol packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf acl-denied-packets { type uint64; description "Number of packets that hit ACL deny rules."; } leaf configured-cir { type uint32; units "kbit/s"; description "CIR configuration value."; } leaf configured-cbs { type uint32; units "Byte"; description "CBS configuration value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } leaf priority { type cpcar-priority-query; description "Priority."; } leaf min-packet-length { type uint32; description "Length for smallest packet compensation."; } leaf fixed-packet-length { type uint32; description "Length for fixed packet compensation."; } leaf last-drop-start-time { type yang:date-and-time; description "Start time for the last continuous packet loss."; } leaf last-drop-end-time { type yang:date-and-time; description "End time for the last continuous packet loss."; } leaf last-drop-rate { type uint64; units "pps"; description "Average packet loss rate during the last continuous packet loss."; } leaf last-drop-packets { type uint64; description "Total number of packets dropped during the last continuous packet loss."; } leaf peak-rate-time { type yang:date-and-time; description "Time when the packet rate reaches the peak rate in the month."; } leaf peak-rate { type uint64; units "pps"; description "Peak rate of all packets in the month."; } } // list protocol-name-statistics } // container protocol-name-statisticss container ap-protocol-name-statisticss { description "List of displays information about the attack defense on a specified board of an AP."; list ap-protocol-name-statistics { key "ap-id slot protocol-name"; description "Operational state of displays information about the attack defense on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-name { type protocol-name; description "The packet name of the protocol packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf acl-denied-packets { type uint64; description "Number of packets that hit ACL deny rules."; } leaf configured-cir { type uint32; units "kbit/s"; description "CIR configuration value."; } leaf configured-cbs { type uint32; units "Byte"; description "CBS configuration value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } leaf priority { type cpcar-priority-query; description "Priority."; } leaf min-packet-length { type uint32; description "Length for smallest packet compensation."; } leaf fixed-packet-length { type uint32; description "Length for fixed packet compensation."; } leaf last-drop-start-time { type yang:date-and-time; description "Start time for the last continuous packet loss."; } leaf last-drop-end-time { type yang:date-and-time; description "End time for the last continuous packet loss."; } leaf last-drop-rate { type uint64; units "pps"; description "Average packet loss rate during the last continuous packet loss."; } leaf last-drop-packets { type uint64; description "Total number of packets dropped during the last continuous packet loss."; } leaf peak-rate-time { type yang:date-and-time; description "Time when the packet rate reaches the peak rate in the month."; } leaf peak-rate { type uint64; units "pps"; description "Peak rate of all packets in the month."; } } // list ap-protocol-name-statistics } // container ap-protocol-name-statisticss container protocol-id-statisticss { description "List of displays information about the attack defense on a specified board."; list protocol-id-statistics { key "slot protocol-id"; description "Displays statistics for the attack defense on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32 { range "35..1658"; } description "The packet index of the protocol packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf acl-denied-packets { type uint64; description "Number of packets that hit ACL deny rules."; } leaf configured-cir { type uint32; units "kbit/s"; description "CIR configuration value."; } leaf configured-cbs { type uint32; units "Byte"; description "CBS configuration value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } leaf priority { type cpcar-priority-query; description "Priority."; } leaf min-packet-length { type uint32; description "Length for smallest packet compensation."; } leaf fixed-packet-length { type uint32; description "Length for fixed packet compensation."; } leaf last-drop-start-time { type yang:date-and-time; description "Start time for the last continuous packet loss."; } leaf last-drop-end-time { type yang:date-and-time; description "End time for the last continuous packet loss."; } leaf last-drop-rate { type uint64; units "pps"; description "Average packet loss rate during the last continuous packet loss."; } leaf last-drop-packets { type uint64; description "Total number of packets dropped during the last continuous packet loss."; } leaf peak-rate-time { type yang:date-and-time; description "Time when the packet rate reaches the peak rate in the month."; } leaf peak-rate { type uint64; units "pps"; description "Peak rate of all packets in the month."; } } // list protocol-id-statistics } // container protocol-id-statisticss container ap-protocol-id-statisticss { description "List of displays information about the attack defense on a specified board of an AP."; list ap-protocol-id-statistics { key "ap-id slot protocol-id"; description "Operational state of displays information about the attack defense on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf protocol-id { type uint32 { range "35..1658"; } description "The packet index of the protocol packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf acl-denied-packets { type uint64; description "Number of packets that hit ACL deny rules."; } leaf configured-cir { type uint32; units "kbit/s"; description "CIR configuration value."; } leaf configured-cbs { type uint32; units "Byte"; description "CBS configuration value."; } leaf actual-cir { type uint32; units "kbit/s"; description "CIR actual value."; } leaf actual-cbs { type uint32; units "Byte"; description "CBS actual value."; } leaf priority { type cpcar-priority-query; description "Priority."; } leaf min-packet-length { type uint32; description "Length for smallest packet compensation."; } leaf fixed-packet-length { type uint32; description "Length for fixed packet compensation."; } leaf last-drop-start-time { type yang:date-and-time; description "Start time for the last continuous packet loss."; } leaf last-drop-end-time { type yang:date-and-time; description "End time for the last continuous packet loss."; } leaf last-drop-rate { type uint64; units "pps"; description "Average packet loss rate during the last continuous packet loss."; } leaf last-drop-packets { type uint64; description "Total number of packets dropped during the last continuous packet loss."; } leaf peak-rate-time { type yang:date-and-time; description "Time when the packet rate reaches the peak rate in the month."; } leaf peak-rate { type uint64; units "pps"; description "Peak rate of all packets in the month."; } } // list ap-protocol-id-statistics } // container ap-protocol-id-statisticss } // container cpcar container cp-rate-limit { config false; description "Statistics of restricts the rate at which packets on the interface are sent to the CPU."; container enhance-statisticss { description "List of displays statistics about all protocol or specific protocol attack packets on an interface and its sub-interfaces."; list enhance-statistics { key "slot interface protocol"; description "Statistics of displays statistics about all protocol or specific protocol attack packets on an interface and its sub-interfaces."; leaf slot { type string { length "1..32"; } description "Slot Number."; } leaf interface { type string { length "1..50"; } description "Interface name."; } leaf protocol { type cp-rate-limit-enhance-stat-protocol; description "Protocol type."; } leaf passed-bytes { type uint64; units "Byte"; description "Number of passed bytes."; } leaf passed-byte-rate { type uint64; units "kbit/s"; description "Rate of passed bytes."; } leaf dropped-bytes { type uint64; units "Byte"; description "Number of dropped bytes."; } leaf dropped-byte-rate { type uint64; units "kbit/s"; description "Rate of dropped bytes."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf passed-packet-rate { type uint64; units "pps"; description "Rate of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf dropped-packet-rate { type uint64; units "pps"; description "Rate of dropped packets."; } } // list enhance-statistics } // container enhance-statisticss container port-statisticss { description "List of displays statistics about all protocol or specific protocol attack packets on an interface."; list port-statistics { key "record-number"; description "Statistics of displays statistics about all protocol or specific protocol attack packets on an interface."; leaf record-number { type uint32; description "The number of statistics records."; } leaf slot { ext:support-filter "true"; type string { length "1..32"; } description "Slot Number."; } leaf interface { ext:support-filter "true"; type string { length "1..50"; } description "Interface name."; } leaf protocol { ext:support-filter "true"; type cp-rate-limit-states-protocol; description "Protocol type."; } leaf outer-vlan { type uint16; description "Outer VLAN ID."; } leaf inner-vlan { type uint16; description "Inner VLAN ID."; } leaf passed-bytes { type uint64; units "Byte"; description "Number of passed bytes."; } leaf passed-byte-rate { type uint64; units "kbit/s"; description "Rate of passed bytes."; } leaf dropped-bytes { type uint64; units "Byte"; description "Number of dropped bytes."; } leaf dropped-byte-rate { type uint64; units "kbit/s"; description "Rate of dropped bytes."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf passed-packet-rate { type uint64; units "pps"; description "Rate of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } leaf dropped-packet-rate { type uint64; units "pps"; description "Rate of dropped packets."; } } // list port-statistics } // container port-statisticss } // container cp-rate-limit container tcpip-defend { config false; description "Statistics of TCP/IP attack defense protects a device against malformed or typical TCP/IP packets."; container ipv4-statisticss { description "List of displays information about tcpip-defend on a specified board."; list ipv4-statistics { key "slot type"; description "Displays statistics for tcpip-defend on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf type { type tcpip-defend-type; description "TCP/IP attack defense type."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ipv4-statistics } // container ipv4-statisticss container ap-ipv4-statisticss { description "List of displays information about tcpip-defend on a specified board of an AP."; list ap-ipv4-statistics { key "ap-id slot type"; description "Statistics of displays information about tcpip-defend on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf type { type tcpip-defend-type; description "TCP/IP attack defense type."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ap-ipv4-statistics } // container ap-ipv4-statisticss container ipv6-statisticss { description "List of displays information about tcpip-defend-v6 on a specified board."; list ipv6-statistics { key "slot type"; description "Displays statistics for tcpip-defend-v6 on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf type { type tcpip-defend-v6-type; description "TCP/IPv6 attack defense type."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ipv6-statistics } // container ipv6-statisticss container ap-ipv6-statisticss { description "List of displays information about tcpip-defend-v6 on a specified board of an AP."; list ap-ipv6-statistics { key "ap-id slot type"; description "Statistics of displays information about tcpip-defend-v6 on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf type { type tcpip-defend-v6-type; description "TCP/IPv6 attack defense type."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ap-ipv6-statistics } // container ap-ipv6-statisticss } // container tcpip-defend container urpf { description "Configure Statistics of Unicast Reverse Path Forwarding (URPF)."; container ipv4-statisticss { config false; description "List of displays statistics about IPv4 URPF on a specified board."; list ipv4-statistics { key "slot"; description "Displays statistics for IPv4 URPF on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf discard-packets { type uint64; description "Number of packets dropped on the interface board due to URPF check failure."; } } // list ipv4-statistics } // container ipv4-statisticss container ipv6-statisticss { config false; description "List of displays statistics about IPv6 URPF on a specified board."; list ipv6-statistics { key "slot"; description "Displays statistics for IPv6 URPF on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf discard-packets { type uint64; description "Number of packets dropped on the interface board due to URPF check failure."; } } // list ipv6-statistics } // container ipv6-statisticss container cpu-defend-urpf { config false; description "Statistics of local URPF on an interface board."; container statisticss { description "List of displays information about CPU defend URPF on a specified board."; list statistics { key "slot"; description "Displays statistics for CPU defend URPF on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list statistics } // container statisticss container ap-statisticss { description "List of displays information about CPU defend URPF on a specified board of an AP."; list ap-statistics { key "ap-id slot"; description "Statistics of displays information about CPU defend URPF on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ap-statistics } // container ap-statisticss } // container cpu-defend-urpf container interface-discards { config false; description "List of displays statistics about URPF on a interface."; list interface-discard { key "interface"; description "Displays statistics for IPv4/IPv6 URPF on a interface."; leaf interface { type string { length "1..50"; } description "Interface name."; } leaf ipv4-discard-packets { type uint64; description "Number of packets dropped on the interface due to IPv4 URPF check failure."; } leaf ipv6-discard-packets { type uint64; description "Number of packets dropped on the interface due to IPv6 URPF check failure."; } } // list interface-discard } // container interface-discards container global-urpf { presence "config global urpf"; description "Enable/disable global URPF check."; leaf mode { type urpf-mode; mandatory true; description "Indicates URPF check mode, such as strict or loose."; } leaf default-route { type boolean; default "true"; description "Enable/disable indicates that URPF is implemented for packets matching the default route."; } } // container global-urpf } // container urpf container total-car { config false; description "Statistics of the rate limit of the packets sent to the CPU."; container statisticss { description "List of displays information about total-packet on a specified board."; list statistics { key "slot"; description "Displays statistics for total-packet on a specified board."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list statistics } // container statisticss container ap-statisticss { description "List of displays information about total-packet on a specified board of an AP."; list ap-statistics { key "ap-id slot"; description "Statistics of displays information about total-packet on a specified board of an AP."; leaf ap-id { type uint32 { range "1024..8191"; } description "AP ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf total-packets { type uint64; description "Total number of packets."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list ap-statistics } // container ap-statisticss } // container total-car container tm-scheduling { config false; description "Statistics of TM scheduling allows high-priority packets to be preferentially sent to the CPU in the case of attacks."; container protocol-group-statisticss { description "List of displays statistics about the packets to be sent to the CPU in protocol groups."; list protocol-group-statistics { key "slot group"; description "Displays statistics for the packets to be sent to the CPU in protocol groups."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf group { type protocol-group; description "Protocol group into which the protocol packets sent to the CPU are classified."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } container queue-statistics { description "List of displays statistics about the packets to be sent to the CPU in flow queues of a protocol group."; list queue-statistic { key "queue"; description "Displays statistics for the packets to be sent to the CPU in flow queues of a protocol group."; leaf queue { type protocol-queue; description "FQ type. Protocol packets with different priorities within a protocol group are scheduled into eight flow queues (FQs)."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list queue-statistic } // container queue-statistics } // list protocol-group-statistics } // container protocol-group-statisticss container protocol-group-states { description "List of displays the bandwidth and weight of the packets to be sent to the CPU in protocol groups."; list protocol-group-state { key "slot group"; description "Displays statistics for the bandwidth and weight of the packets to be sent to the CPU in protocol groups."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf group { type protocol-group; description "Protocol group into which the protocol packets sent to the CPU are classified."; } leaf cir-configured { type uint32 { range "0..51200"; } units "kbit/s"; description "Configured CIR."; } leaf cir-default { type uint32 { range "0..51200"; } units "kbit/s"; description "Default CIR."; } leaf weight-configured { type uint32 { range "1..63"; } description "Configured weight."; } leaf weight-default { type uint32 { range "1..63"; } description "Default weight."; } container queue-states { description "List of queue states."; list queue-state { key "queue"; description "Statistics of queue states."; leaf queue { type protocol-queue; description "FQ type. Protocol packets with different priorities within a protocol group are scheduled into eight flow queues (FQs)."; } leaf weight-configured { type uint32 { range "1..16"; } description "Configured weight."; } leaf weight-default { type uint32 { range "1..16"; } description "Default weight."; } } // list queue-state } // container queue-states container fq-states { description "List of FQ weight."; list fq-state { key "fq-type"; description "Statistics of FQ weight."; leaf fq-type { type fq-type; description "FQ type."; } leaf weight-configured { type uint32; description "Configured weight."; } } // list fq-state } // container fq-states } // list protocol-group-state } // container protocol-group-states container protocol-queue-states { description "List of protocol group queue state."; list protocol-queue-state { key "slot queue"; description "Statistics of protocol group queue."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf queue { type protocol-queue; description "The queue name of protocol-group."; } leaf weight-configured { type uint32; description "Configured weight."; } leaf weight-default { type uint32; description "Default weight."; } container fq-states { description "List of FQ weight."; list fq-state { key "fq-type"; description "Statistics of FQ weight."; leaf fq-type { type fq-type; description "FQ type."; } leaf weight-configured { type uint32; description "Configured weight."; } leaf weight-default { type uint32; description "Default weight."; } } // list fq-state } // container fq-states } // list protocol-queue-state } // container protocol-queue-states } // container tm-scheduling container port-mac-filter { config false; description "Statistics of the MAC-based blacklist or whitelist function."; container statistics { description "Displays statistics for packets dropped by the MAC-based blacklist or whitelist function."; leaf whitelist-packets { type uint64; description "The number of dropped packets that are not in the whitelist."; } leaf blacklist-packets { type uint64; description "The number of dropped packets that are in the blacklist."; } } // container statistics } // container port-mac-filter container spu-car { config false; description "Statistics of CAR for packets on a service board."; container statisticss { description "List of displays SPU-CAR statistics."; list statistics { key "slot car-type"; description "Displays SPU-CAR statistics."; leaf slot { type string { length "1..32"; } description "Slot number."; } leaf car-type { type spu-car-type; description "CAR type."; } leaf passed-packets { type uint64; description "Number of passed packets."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list statistics } // container statisticss } // container spu-car container acl-statistics { config false; description "Statistics of ACL deny packets of a board in a specified slot."; container management-statistics { description "List of management ACL deny packet statistics of a board in a specified slot."; list management-statistic { key "management-type slot"; description "Statistics of management ACL deny packet in a specified slot."; leaf management-type { type management-type; description "Management acl type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf packet-info { type string { length "1..40"; } description "Packet info."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list management-statistic } // container management-statistics container blacklist-statistics { description "List of blacklist ACL deny packet statistics of a board in a specified slot."; list blacklist-statistic { key "acl-ip-type slot"; description "Statistics of blacklist ACL deny packet in a specified slot."; leaf acl-ip-type { type acl-ip-type; description "ACL IP type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf packet-info { type string { length "1..40"; } description "Packet info."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list blacklist-statistic } // container blacklist-statistics container whitelist-statistics { description "List of whitelist ACL deny packet statistics of a board in a specified slot."; list whitelist-statistic { key "acl-ip-type slot"; description "Statistics of whitelist ACL deny packet in a specified slot."; leaf acl-ip-type { type acl-ip-type; description "ACL IP type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf packet-info { type string { length "1..40"; } description "Packet info."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list whitelist-statistic } // container whitelist-statistics container user-defined-flow-statistics { description "List of user-defined-flow ACL deny packet statistics of a board in a specified slot."; list user-defined-flow-statistic { key "flow-id acl-ip-type slot"; description "Statistics of user-defined-flow ACL deny packet in a specified slot."; leaf flow-id { type uint32 { range "1..64"; } description "Specifies the number of a user-defined flow."; } leaf acl-ip-type { type acl-ip-type; description "ACL IP type."; } leaf slot { type string { length "1..32"; } description "Attacked board."; } leaf packet-info { type string { length "1..40"; } description "Packet info."; } leaf dropped-packets { type uint64; description "Number of dropped packets."; } } // list user-defined-flow-statistic } // container user-defined-flow-statistics } // container acl-statistics } // container cpudefend rpc reset-arp-attack-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-attack-currents"; ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-attack-historys"; ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-attack-board-baseds"; description "Reset ARP attack statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number. Type 'all' will reset the statistics on all slots."; } } } // rpc reset-arp-attack-statistics rpc reset-arp-attack-interface-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-attack-currents"; ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-attack-historys"; description "Reset ARP attack statistics on interface."; input { leaf interface { type pub-type:if-name; mandatory true; description "Interface name."; } } } // rpc reset-arp-attack-interface-statistics rpc reset-arp-check-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-check-statisticss"; description "Reset ARP check statistics on slot."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf type { type arp-check-type; mandatory true; description "ARP check type."; } } } // rpc reset-arp-check-statistics rpc reset-arp-safeguard-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:arp-attack-defense/cpudefend:arp-safeguard-statisticss"; description "Reset ARP safeguard statistics on slot."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } } } // rpc reset-arp-safeguard-statistics rpc reset-cp-rate-limit-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cp-rate-limit/cpudefend:port-statisticss"; description "Reset cp-rate-limit statistics."; input { leaf protocol { type cp-rate-limit-states-protocol; mandatory true; description "Cp-rate-limit protocol."; } leaf slot { type string { length "1..32"; } must "not(../interface)"; description "Slot number."; } leaf interface { type pub-type:if-name; description "Interface name."; } } } // rpc reset-cp-rate-limit-statistics rpc reset-cp-rate-limit-enhance-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cp-rate-limit/cpudefend:enhance-statisticss"; description "Reset cp-rate-limit enhance statistics."; input { leaf protocol { type cp-rate-limit-enhance-stat-protocol; mandatory true; description "Cp-rate-limit enhance protocol."; } leaf slot { type string { length "1..32"; } must "not(../interface)"; description "Slot number."; } leaf interface { type pub-type:if-name; description "Interface name."; } } } // rpc reset-cp-rate-limit-enhance-statistics rpc reset-cp-rate-limit-dot1q-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cp-rate-limit/cpudefend:port-statisticss"; description "Reset cp-rate-limit dot1q statistics."; input { leaf protocol { type cp-rate-limit-states-protocol; mandatory true; description "Cp-rate-limit protocol."; } leaf interface { type pub-type:if-name; mandatory true; description "Interface name."; } leaf vlan-id { type uint32 { range "1..4094"; } mandatory true; description "VLAN ID."; } } } // rpc reset-cp-rate-limit-dot1q-statistics rpc reset-cp-rate-limit-qinq-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cp-rate-limit/cpudefend:port-statisticss"; description "Reset cp-rate-limit qinq statistics."; input { leaf protocol { type cp-rate-limit-states-protocol; mandatory true; description "Cp-rate-limit protocol."; } leaf interface { type pub-type:if-name; mandatory true; description "Interface name."; } leaf pe-vid { type uint32 { range "1..4094"; } mandatory true; description "PE VLAN ID."; } leaf ce-vid { type uint32 { range "1..4094"; } mandatory true; description "CE VLAN ID."; } } } // rpc reset-cp-rate-limit-qinq-statistics rpc reset-acl-statistics { description "Reset CPU defend ACL statistics."; input { leaf acl-family { type acl-family; mandatory true; description "ACL or ACL-IPv6."; } } } // rpc reset-acl-statistics rpc reset-hostcar-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:host-car/cpudefend:alls"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:host-car/cpudefend:auto-adjusts"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:host-car/cpudefend:droppeds"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:host-car/cpudefend:non-droppeds"; description "Reset CPU defend HOSTCAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } choice method { mandatory true; description "Reset method."; case car-id { description "Reset one CAR index."; leaf car-id { type uint32 { range "0..32767"; } description "Reset one CAR index."; } } // case car-id case type { description "Reset multiple CAR indexs by a type."; leaf type { type hostcar-reset-type; description "Reset multiple CAR indexs by a type."; } } // case type } // choice method } } // rpc reset-hostcar-statistics rpc reset-http-hostcar-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:http-host-car/cpudefend:alls"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:http-host-car/cpudefend:auto-adjusts"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:http-host-car/cpudefend:droppeds"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:http-host-car/cpudefend:non-droppeds"; description "Reset CPU defend HTTP-HOSTCAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } choice method { mandatory true; description "Reset method."; case car-id { description "Reset one CAR index."; leaf car-id { type uint32 { range "0..4095"; } description "Reset one CAR index."; } } // case car-id case type { description "Reset multiple CAR indexs by a type."; leaf type { type hostcar-reset-type; description "Reset multiple CAR indexs by a type."; } } // case type } // choice method } } // rpc reset-http-hostcar-statistics rpc reset-vlan-hostcar-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:vlan-host-car/cpudefend:alls"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:vlan-host-car/cpudefend:auto-adjusts"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:vlan-host-car/cpudefend:droppeds"; ext:node-ref "/cpudefend:cpudefend/cpudefend:host-car-defense/cpudefend:statistics/cpudefend:vlan-host-car/cpudefend:non-droppeds"; description "Reset CPU defend VLAN-HOSTCAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } choice method { mandatory true; description "Reset method."; case car-id { description "Reset one CAR index."; leaf car-id { type uint32 { range "0..4095"; } description "Reset one CAR index."; } } // case car-id case type { description "Reset multiple CAR indexs by a type."; leaf type { type hostcar-reset-type; description "Reset multiple CAR indexs by a type."; } } // case type } // choice method } } // rpc reset-vlan-hostcar-statistics rpc reset-ip-urpf-discard-statistic { ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:ipv4-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:ipv6-statisticss"; description "Reset IP URPF and IPv6 URPF discard statistics on slot."; input { leaf ip-type { type ip-type; mandatory true; description "IP or IPv6."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-ip-urpf-discard-statistic rpc reset-ip-urpf-discard-interface-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:interface-discards"; description "Reset IP URPF discard statistics on interface."; input { leaf interface { type pub-type:if-name; mandatory true; description "Interface name."; } } } // rpc reset-ip-urpf-discard-interface-statistics rpc reset-ipv6-nd-attack-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:nd-attack-defense/cpudefend:nd-attack-currents"; ext:node-ref "/cpudefend:cpudefend/cpudefend:nd-attack-defense/cpudefend:nd-attack-historys"; ext:node-ref "/cpudefend:cpudefend/cpudefend:nd-attack-defense/cpudefend:nd-attack-board-baseds"; description "Reset IPv6 nd attack statistics."; input { leaf type { type nd-protocol-type; mandatory true; description "ND protocol."; } choice method { mandatory true; description "Reset method."; case slot { description "Reset the statistics on slot."; leaf slot { type string { length "1..32"; } description "Slot number. Type 'all' will reset the statistics on all slots."; } } // case slot case interface { description "Reset the statistics on interface."; leaf interface { type pub-type:if-name; description "Interface name."; } } // case interface } // choice method } } // rpc reset-ipv6-nd-attack-statistics rpc reset-nd-packet-filter-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:nd-attack-defense/cpudefend:packet-filter-statisticss"; description "Reset nd packet filter statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-nd-packet-filter-statistics rpc reset-rate-limit-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:protocol-port-car/cpudefend:statisticss"; description "Reset rate-limit statistics."; input { leaf protocol { type rate-limit-protocol; mandatory true; description "Rate limit protocol."; } } } // rpc reset-rate-limit-statistics rpc reset-port-car-rate-limit-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:protocol-port-car/cpudefend:statisticss"; description "Reset port-car rate-limit statistics."; input { leaf interface { type pub-type:if-name; mandatory true; description "Interface name."; } } } // rpc reset-port-car-rate-limit-statistics rpc reset-port-mac-filter-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:port-mac-filter/cpudefend:statistics"; description "Reset port MAC filter statistics."; } // rpc reset-port-mac-filter-statistics rpc reset-protocol-group-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:tm-scheduling/cpudefend:protocol-group-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tm-scheduling/cpudefend:protocol-group-states"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tm-scheduling/cpudefend:protocol-queue-states"; description "Reset statistics of the protocol group."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf protocol-group { type protocol-group-reset; mandatory true; description "The protocol group that needs to reset the statistics."; } } } // rpc reset-protocol-group-statistics rpc reset-all-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:application-apperceive/cpudefend:protocol-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ipv4-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ipv6-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:cpu-defend-urpf/cpudefend:statisticss"; description "Reset CPU defend all statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-all-statistics rpc reset-all-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:application-apperceive/cpudefend:ap-protocol-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ap-ipv4-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ap-ipv6-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:cpu-defend-urpf/cpudefend:ap-statisticss"; description "Reset CPU defend all statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-all-ap-statistics rpc reset-application-apperceive-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:application-apperceive/cpudefend:protocol-statisticss"; description "Reset CPU defend application-apperceive statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-application-apperceive-statistics rpc reset-application-apperceive-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:application-apperceive/cpudefend:ap-protocol-statisticss"; description "Reset CPU defend application-apperceive statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-application-apperceive-ap-statistics rpc reset-tcpip-defend-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ipv4-statisticss"; description "Reset CPU defend tcpip-defend statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-tcpip-defend-statistics rpc reset-tcpip-defend-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ap-ipv4-statisticss"; description "Reset CPU defend tcpip-defend statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-tcpip-defend-ap-statistics rpc reset-tcpip-defend-v6-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ipv6-statisticss"; description "Reset CPU defend tcpip-defend-v6 statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-tcpip-defend-v6-statistics rpc reset-tcpip-defend-v6-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:tcpip-defend/cpudefend:ap-ipv6-statisticss"; description "Reset CPU defend tcpip-defend-v6 statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-tcpip-defend-v6-ap-statistics rpc reset-cpudefend-urpf-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:cpu-defend-urpf/cpudefend:statisticss"; description "Reset CPU defend URPF statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-cpudefend-urpf-statistics rpc reset-cpudefend-urpf-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:urpf/cpudefend:cpu-defend-urpf/cpudefend:ap-statisticss"; description "Reset CPU defend URPF statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-cpudefend-urpf-ap-statistics rpc reset-cpcar-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-id-statisticss"; description "Reset CPU defend CAR statistics."; } // rpc reset-cpcar-statistics rpc reset-car-cross-board-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cross-board-car/cpudefend:statisticss"; description "Reset CPU defend CAR cross-board statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } } } // rpc reset-car-cross-board-statistics rpc reset-car-blacklist-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR blacklist statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-blacklist-statistics rpc reset-car-blacklist-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR blacklist statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-blacklist-ap-statistics rpc reset-car-fragment-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR fragment statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-fragment-statistics rpc reset-car-fragment-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR fragment statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-fragment-ap-statistics rpc reset-car-tcpsyn-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR tcpsyn statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-tcpsyn-statistics rpc reset-car-tcpsyn-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR tcpsyn statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-tcpsyn-ap-statistics rpc reset-car-user-defined-flow-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR user-defined-flow statistics."; input { leaf flow-id { type uint32 { range "1..64"; } mandatory true; description "User defined flow ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-user-defined-flow-statistics rpc reset-car-user-defined-flow-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR user-defined-flow statistics of an AP."; input { leaf flow-id { type uint32 { range "1..64"; } mandatory true; description "User defined flow ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-user-defined-flow-ap-statistics rpc reset-car-whitelist-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR whitelist statistics."; input { leaf protocol { type car-whitelist-protocol; description "Whitelist protocol."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-whitelist-statistics rpc reset-car-whitelist-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR whitelist statistics of an AP."; input { leaf protocol { type car-whitelist-protocol; description "Whitelist protocol."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-whitelist-ap-statistics rpc reset-car-whitelist-v6-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR whitelist-v6 statistics."; input { leaf protocol { type car-whitelist-v6-protocol; description "Whitelist-v6 protocol."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-whitelist-v6-statistics rpc reset-car-whitelist-v6-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR whitelist-v6 statistics of an AP."; input { leaf protocol { type car-whitelist-v6-protocol; description "Whitelist-v6 protocol."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-whitelist-v6-ap-statistics rpc reset-car-protocol-name-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-name-statisticss"; description "Reset CPU defend CAR protocol name statistics."; input { leaf protocol-name { type protocol-name-reset; mandatory true; description "Configurable CAR Name."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-protocol-name-statistics rpc reset-car-protocol-name-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-name-statisticss"; description "Reset CPU defend CAR protocol name statistics of an AP."; input { leaf protocol-name { type protocol-name-reset; mandatory true; description "Configurable CAR Name."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-protocol-name-ap-statistics rpc reset-car-protocol-id-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:protocol-id-statisticss"; description "Reset CPU defend CAR protocol ID statistics."; input { leaf protocol-id { type uint32 { range "35..1658"; } mandatory true; description "Configurable CAR ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-car-protocol-id-statistics rpc reset-car-protocol-id-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:cpcar/cpudefend:ap-protocol-id-statisticss"; description "Reset CPU defend CAR protocol ID statistics of an AP."; input { leaf protocol-id { type uint32 { range "35..1658"; } mandatory true; description "Configurable CAR ID."; } leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-car-protocol-id-ap-statistics rpc reset-spu-car-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:spu-car/cpudefend:statisticss"; description "Reset CPU defend SPU CAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf car-type { type spu-car-type; mandatory true; description "SPU CAR type."; } } } // rpc reset-spu-car-statistics rpc reset-total-packet-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:total-car/cpudefend:statisticss"; description "Reset CPU defend total-packet statistics."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } } } // rpc reset-total-packet-statistics rpc reset-total-packet-ap-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:total-car/cpudefend:ap-statisticss"; description "Reset CPU defend total-packet statistics of an AP."; input { leaf slot { type string { length "1..32"; } description "Slot number."; } leaf ap-id { type uint32 { range "1024..8191"; } mandatory true; description "AP ID."; } } } // rpc reset-total-packet-ap-statistics rpc reset-whitelist-session-car-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:dynamic-link-protection/cpudefend:session-car/cpudefend:whitelists"; description "Reset whitelist session-CAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf protocol { type session-car-whitelist; mandatory true; description "The whitelist protocol that supports the session-CAR function."; } } } // rpc reset-whitelist-session-car-statistics rpc reset-whitelist-v6-session-car-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:dynamic-link-protection/cpudefend:session-car/cpudefend:whitelist-v6s"; description "Reset whitelist-v6 session-CAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf protocol { type session-car-whitelist-v6; mandatory true; description "The whitelist-v6 protocol that supports the session-CAR function."; } } } // rpc reset-whitelist-v6-session-car-statistics rpc reset-whitelist-l2-session-car-statistics { ext:node-ref "/cpudefend:cpudefend/cpudefend:dynamic-link-protection/cpudefend:session-car/cpudefend:whitelist-l2s"; description "Reset whitelist-l2 session-CAR statistics."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number."; } leaf protocol { type session-car-whitelist-l2; mandatory true; description "The whitelist-l2 protocol that supports the session-CAR function."; } } } // rpc reset-whitelist-l2-session-car-statistics rpc reset-attack-source-trace { ext:node-ref "/cpudefend:cpudefend/cpudefend:attack-source-trace/cpudefend:buffers"; ext:node-ref "/cpudefend:cpudefend/cpudefend:attack-source-trace/cpudefend:verboses"; description "Reset attack-source-trace."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number. Type 'all' will reset the statistics on all slots."; } } } // rpc reset-attack-source-trace rpc save-attack-source-trace { ext:node-ref "/cpudefend:cpudefend/cpudefend:attack-source-trace/cpudefend:buffers"; ext:node-ref "/cpudefend:cpudefend/cpudefend:attack-source-trace/cpudefend:verboses"; description "Save attack-source-trace as a file."; input { leaf slot { type string { length "1..32"; } mandatory true; description "Slot number. Type 'all' will save the statistics on all slots."; } leaf filename { type string { length "1..128"; } description "Save as file with a filename."; } leaf link-type { type link-type; mandatory true; description "Linktype protocol."; } } } // rpc save-attack-source-trace } // module huawei-cpudefend
© 2023 YumaWorks, Inc. All rights reserved.