huawei-host-defend

Host Defend.

  • Version: 2019-11-17

    huawei-host-defend@2019-11-17


    
      module huawei-host-defend {
    
        yang-version 1;
    
        namespace
          "urn:huawei:yang:huawei-host-defend";
    
        prefix host-defend;
    
        import huawei-extension {
          prefix ext;
        }
        import huawei-ifm {
          prefix ifm;
        }
        import huawei-devm {
          prefix devm;
        }
        import huawei-acl {
          prefix acl;
        }
        import ietf-yang-types {
          prefix yang;
        }
        import huawei-vlan {
          prefix vlan;
        }
    
        organization
          "Huawei Technologies Co., Ltd.";
    
        contact
          "Huawei Industrial Base
        Bantian, Longgang
        Shenzhen 518129
        People's Republic of China
        Website: http://www.huawei.com
        Email: support@huawei.com";
    
        description "Host Defend.";
    
        revision "2019-11-17" {
          description "Initial revision.";
          reference
            "Huawei private.";
    
        }
    
        ext:task-name "ip-stack";
    
        typedef management-plane-defend-action {
          type enumeration {
            enum "default" {
              value 0;
              description
                "Not configured, the default is to permit packet sending.";
            }
            enum "deny" {
              value 1;
              description
                "To deny packet sending.";
            }
            enum "permit" {
              value 2;
              description
                "To permit packet sending.";
            }
          }
          description
            "Action for global management and service plane protection.";
        }
    
        typedef gtsm-protocol {
          type enumeration {
            enum "bgp" {
              value 0;
              description "BGP protocol.";
            }
            enum "bgpv6" {
              value 1;
              description "BGPv6 protocol.";
            }
            enum "ospf" {
              value 2;
              description "OSPF protocol.";
            }
            enum "ldp" {
              value 3;
              description "LDP protocol.";
            }
            enum "ospfv3" {
              value 4;
              description "OSPFv3 protocol.";
            }
            enum "rip" {
              value 5;
              description "RIP protocol.";
            }
          }
          description "GTSM protocol.";
        }
    
        typedef isolate-status {
          type enumeration {
            enum "disable" {
              value 0;
              description "Disable isolate.";
            }
            enum "enable" {
              value 1;
              description "Enable isolate.";
            }
          }
          description "Isolate status.";
        }
    
        typedef host-defend-status {
          type enumeration {
            enum "disable" {
              value 0;
              description "Disable isolate.";
            }
            enum "enable" {
              value 1;
              description "Enable isolate.";
            }
          }
          description "Isolate status.";
        }
    
        typedef gtsm-action {
          type enumeration {
            enum "pass" {
              value 0;
              description "Pass.";
            }
            enum "drop" {
              value 1;
              description "Drop.";
            }
          }
          description "GTSM action.";
        }
    
        typedef protocol-type {
          type enumeration {
            enum "arp" {
              value 1;
              description "ARP protocol.";
            }
            enum "stp" {
              value 2;
              description "STP protocol.";
            }
            enum "lacp" {
              value 3;
              description "LACP protocol.";
            }
            enum "lldp" {
              value 4;
              description "LLDP protocol.";
            }
            enum "isis" {
              value 5;
              description "ISIS protocol.";
            }
            enum "link-other" {
              value 6;
              description "Other link protocol.";
            }
            enum "icmp" {
              value 7;
              description "ICMP protocol.";
            }
            enum "ospf" {
              value 8;
              description "OSPF protocol.";
            }
            enum "pim" {
              value 9;
              description "PIM protocol.";
            }
            enum "igmp" {
              value 10;
              description "IGMP protocol.";
            }
            enum "vrrp" {
              value 11;
              description "VRRP protocol.";
            }
            enum "rawip-other" {
              value 12;
              description
                "Other RAWIP protocol.";
            }
            enum "snmp" {
              value 13;
              description "SNMP protocol.";
            }
            enum "dhcp" {
              value 14;
              description "DHCP protocol.";
            }
            enum "udp-other" {
              value 15;
              description "Other UDP protocol.";
            }
            enum "bgp" {
              value 16;
              description "BGP protocol.";
            }
            enum "ldp" {
              value 17;
              description "LDP protocol.";
            }
            enum "tcp-other" {
              value 18;
              description "Other TCP protocol.";
            }
            enum "icmpv6" {
              value 19;
              description "ICMPV6 protocol.";
            }
            enum "ospfv3" {
              value 20;
              description "OSPFV3 protocol.";
            }
            enum "ipv6-pim" {
              value 21;
              description "IPv6 PIM protocol.";
            }
            enum "mld" {
              value 22;
              description "MLD protocol.";
            }
            enum "ipv6-vrrp" {
              value 23;
              description "IPv6 VRRP protocol.";
            }
            enum "ipv6-rawip-other" {
              value 24;
              description
                "Other IPv6 RAWIP protocol.";
            }
            enum "ipv6-snmp" {
              value 25;
              description "IPv6 SNMP protocol.";
            }
            enum "ipv6-dhcp" {
              value 26;
              description "IPv6 DHCP protocol.";
            }
            enum "ipv6-udp-other" {
              value 27;
              description
                "Other IPv6 UDP protocol.";
            }
            enum "bgp4-plus" {
              value 28;
              description "BGP4 plus protocol.";
            }
            enum "ipv6-ldp" {
              value 29;
              description "IPv6 ldp protocol.";
            }
            enum "ipv6-tcp-other" {
              value 30;
              description
                "Other IPv6 TCP protocol.";
            }
            enum "all" {
              value 31;
              description "All protocol.";
            }
          }
          description "Protocal type.";
        }
    
        typedef service-security-rule-action {
          type enumeration {
            enum "permit" {
              value 0;
              description "Permit packet.";
            }
            enum "deny" {
              value 1;
              description "Deny packet.";
            }
          }
          description
            "Service security rule action.";
        }
    
        typedef service-security-protocol-family {
          type enumeration {
            enum "ipv4" {
              value 1;
              description "IPv4 protocol.";
            }
            enum "ipv6" {
              value 2;
              description "IPv6 protocol.";
            }
          }
          description
            "Service security protocol family.";
        }
    
        typedef service-security-protocol-type {
          type enumeration {
            enum "number" {
              value 1;
              description "IP protocol number.";
            }
            enum "name" {
              value 2;
              description "Protocol name.";
            }
            enum "extension-head" {
              value 3;
              description
                "Routing extension header.";
            }
          }
          description
            "Service security protocol type.";
        }
    
        typedef service-security-protocol-name-type {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Not configure protocol.";
            }
            enum "bgp" {
              value 1;
              description "BGP protocol.";
            }
            enum "ospf" {
              value 2;
              description "OSPF protocol.";
            }
            enum "rsvp" {
              value 3;
              description "RSVP protocol.";
            }
            enum "pim" {
              value 4;
              description "PIM protocol.";
            }
            enum "tcp" {
              value 5;
              description "All TCP protocol.";
            }
            enum "udp" {
              value 6;
              description "All UDP protocol.";
            }
            enum "dhcp-client" {
              value 8;
              description
                "Dhcp-client protocol.";
            }
            enum "dhcp-server" {
              value 9;
              description
                "Dhcp-server protocol.";
            }
            enum "ftp" {
              value 10;
              description "FTP protocol.";
            }
            enum "ldp" {
              value 11;
              description "LDP protocol.";
            }
            enum "lsp-ping" {
              value 12;
              description "Lsp-ping protocol.";
            }
            enum "ntp" {
              value 13;
              description "NTP protocol.";
            }
            enum "rip" {
              value 14;
              description "RIP protocol.";
            }
            enum "snmp" {
              value 15;
              description "SNMP protocol.";
            }
            enum "ssh" {
              value 16;
              description "SSH protocol.";
            }
            enum "telnet" {
              value 17;
              description "TELNET protocol.";
            }
            enum "tftp" {
              value 18;
              description "TFTP protocol.";
            }
            enum "igmp" {
              value 19;
              description "IGMP Protocol.";
            }
            enum "isis" {
              value 20;
              description "ISIS protocol.";
            }
            enum "any" {
              value 21;
              description
                "All protocol, include ISIS and all IP protocol.";
            }
          }
          description
            "Service security protocol name type.";
        }
    
        typedef service-security-extern-header-type {
          type enumeration {
            enum "none" {
              value 65535;
              description
                "Not configure protocol.";
            }
            enum "srh" {
              value 4;
              description "SRH header.";
            }
          }
          description
            "MPAC extension header type.";
        }
    
        typedef protocol-layer-type {
          type enumeration {
            enum "link" {
              value 1;
              description "Link protocol.";
            }
            enum "rawip" {
              value 2;
              description "RAWIP protocol.";
            }
            enum "udp" {
              value 3;
              description "IPv4 UDP protocol.";
            }
            enum "tcp" {
              value 4;
              description "IPv4 tcp protocol.";
            }
            enum "ipv6-rawip" {
              value 5;
              description "IPv6 RAWIP protocol.";
            }
            enum "ipv6-udp" {
              value 6;
              description "IPv6 UDP protocol.";
            }
            enum "ipv6-tcp" {
              value 7;
              description "IPv6 TCP protocol.";
            }
          }
          description "Layer type.";
        }
    
        typedef anti-attack-type {
          type enumeration {
            enum "abnormal" {
              value 1;
              description "Abnormal packet.";
            }
            enum "fragment" {
              value 2;
              description "Fragment packet.";
            }
            enum "tcp-synchronize" {
              value 4;
              description
                "Tcp synchronize packet.";
            }
            enum "udp-flood" {
              value 5;
              description "Udp flood packet.";
            }
            enum "icmp-flood" {
              value 3;
              description "Icmp flood packet.";
            }
          }
          description "Anti attack type.";
        }
    
        typedef management-plane-defend-protocol {
          type enumeration {
            enum "ftp-server" {
              value 1;
              description "FTP server protocol.";
            }
            enum "ssh-server" {
              value 2;
              description "SSH server protocol.";
            }
            enum "snmp" {
              value 3;
              description "SNMP protocol.";
            }
            enum "telnet-server" {
              value 4;
              description
                "TELNET server protocol.";
            }
            enum "tftp" {
              value 5;
              description "TFTP protocol.";
            }
            enum "bgp" {
              value 6;
              description "BGP protocol.";
            }
            enum "ldp" {
              value 7;
              description "LDP protocol.";
            }
            enum "rsvp" {
              value 8;
              description "RSVP protocol.";
            }
            enum "ospf" {
              value 9;
              description "OSPF protocol.";
            }
            enum "rip" {
              value 10;
              description "RIP protocol.";
            }
            enum "isis" {
              value 11;
              description "ISIS protocol.";
            }
            enum "pim" {
              value 12;
              description "PIM protocol.";
            }
            enum "bgp4-plus" {
              value 13;
              description "BGP4 plus protocol.";
            }
            enum "ipv6-ftp-server" {
              value 14;
              description
                "IPv6 FTP server protocol.";
            }
            enum "ospfv3" {
              value 15;
              description "OSPFv3 protocol.";
            }
            enum "ipv6-pim" {
              value 16;
              description "IPv6 PIM protocol.";
            }
            enum "ipv6-ssh-server" {
              value 17;
              description
                "IPv6 SSH server protocol.";
            }
            enum "ipv6-telnet-server" {
              value 18;
              description
                "IPv6 TELNET server protocol.";
            }
          }
          description
            "Management plane defend protocol.";
        }
    
        typedef packet-header-link-type {
          type enumeration {
            enum "ethernet" {
              value 1;
              description
                "Ethernet of link type.";
            }
            enum "ppp" {
              value 2;
              description
                "PPP protocol of link type.";
            }
            enum "hdlc" {
              value 3;
              description
                "HDLC protocol of link type.";
            }
            enum "atm" {
              value 4;
              description "ATM of link type.";
            }
          }
          description "Packet header link type.";
        }
    
        typedef packet-header-link-type-show {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Interface of linktype.";
            }
            enum "ethernet" {
              value 1;
              description
                "Ethernet of link type.";
            }
            enum "ppp" {
              value 2;
              description
                "PPP protocol of link type.";
            }
            enum "hdlc" {
              value 3;
              description
                "HDLC protocol of link type.";
            }
            enum "atm" {
              value 4;
              description "ATM of link type.";
            }
          }
          description "Packet header link type.";
        }
    
        typedef packet-header-status {
          type enumeration {
            enum "stopped" {
              value 0;
              description "Stop.";
            }
            enum "running" {
              value 1;
              description "Running.";
            }
          }
          description
            "Packet header instance status.";
        }
    
        typedef l2-protocol-type {
          type enumeration {
            enum "unknow" {
              value 0;
              description "Unknow protocol.";
            }
            enum "ethernet" {
              value 1;
              description "Ethernet protocol.";
            }
            enum "ppp" {
              value 2;
              description "PPP protocol.";
            }
            enum "hdlc" {
              value 3;
              description "HDLC protocol.";
            }
            enum "atm" {
              value 4;
              description "ATM protocol.";
            }
            enum "tag" {
              value 5;
              description "TAG protocol.";
            }
          }
          description "L2 protocol type.";
        }
    
        typedef l3-protocol-type {
          type enumeration {
            enum "unknow" {
              value 0;
              description "Unknow protocol.";
            }
            enum "ipv4" {
              value 1;
              description "IPv4 protocol.";
            }
            enum "ipv6" {
              value 2;
              description "IPv6 protocol.";
            }
          }
          description "L3 protocol type.";
        }
    
        typedef l4-protocol-type {
          type enumeration {
            enum "unknow" {
              value 0;
              description "Unknow protocol.";
            }
            enum "tcp" {
              value 1;
              description "TCP protocol.";
            }
            enum "udp" {
              value 2;
              description "UDP protocol.";
            }
            enum "icmp" {
              value 3;
              description "ICMP protocol.";
            }
            enum "icmp6" {
              value 4;
              description "ICMP6 protocol.";
            }
            enum "igmp" {
              value 5;
              description "IGMP protocol.";
            }
          }
          description "L4 protocol type.";
        }
    
        container host-defend {
          description
            "Configure host packet security attack defense configuration.";
          container global-management-plane-defend {
            description
              "Configure policy for global management and service plane protection.";
            leaf enable {
              type boolean;
              default "false";
              description
                "Enable/disable the function of global management and service plane protection.";
            }
    
            leaf bgp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending BGP packets.";
            }
    
            leaf ftp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending FTP protocol packets.";
            }
    
            leaf ldp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending LDP protocol packets.";
            }
    
            leaf ospf-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending OSPF protocol packets.";
            }
    
            leaf rip-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending RIP protocol packets.";
            }
    
            leaf rsvp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending RSVP protocol packets.";
            }
    
            leaf snmp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending SNMP protocol packets.";
            }
    
            leaf ssh-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending SSH protocol packets.";
            }
    
            leaf telnet-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending Telnet protocol packets.";
            }
    
            leaf tftp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending TFTP protocol packets.";
            }
    
            leaf isis-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending IS-IS protocol packets.";
            }
    
            leaf pim-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending PIM protocol packets.";
            }
    
            leaf bgp4-plus-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending BGP4Plus packets.";
            }
    
            leaf ipv6-ftp-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending IPv6 FTP protocol packets.";
            }
    
            leaf ospfv3-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending OSPFv3 protocol packets.";
            }
    
            leaf ipv6-pim-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending IPv6 PIM protocol packets.";
            }
    
            leaf ipv6-ssh-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending IPv6 SSH protocol packets.";
            }
    
            leaf ipv6-telnet-action {
              type management-plane-defend-action;
              default "default";
              description
                "Policy for sending IPv6 Telnet protocol packets.";
            }
          }  // container global-management-plane-defend
    
          container management-plane-defend {
            description
              "Configure management and service plane protection.";
            container slot-plys {
              description
                "List of slot-based policies for management and service plane protection.";
              list slot-ply {
                key "policy-id";
                description
                  "Configure slot-based policy for management and service plane protection.";
                leaf policy-id {
                  type uint32 {
                    range "1..16";
                  }
                  description
                    "ID of a slot-based policy for management and service plane protection.";
                }
    
                leaf bgp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending BGP packets.";
                }
    
                leaf ftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending FTP packets.";
                }
    
                leaf ldp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending LDP packets.";
                }
    
                leaf ospf-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending OSPF packets.";
                }
    
                leaf rip-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending RIP packets.";
                }
    
                leaf rsvp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending RSVP packets.";
                }
    
                leaf snmp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending SNMP packets.";
                }
    
                leaf ssh-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending SSH packets.";
                }
    
                leaf telnet-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending Telnet packets.";
                }
    
                leaf tftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending TFTP packets.";
                }
    
                leaf isis-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IS-IS packets.";
                }
    
                leaf pim-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending PIM SM packets.";
                }
    
                leaf bgp4-plus-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending BGP4Plus packets.";
                }
    
                leaf ipv6-ftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 FTP protocol packets.";
                }
    
                leaf ospfv3-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending OSPFv3 protocol packets.";
                }
    
                leaf ipv6-pim-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 PIM protocol packets.";
                }
    
                leaf ipv6-ssh-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 SSH protocol packets.";
                }
    
                leaf ipv6-telnet-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 Telnet protocol packets.";
                }
              }  // list slot-ply
            }  // container slot-plys
    
            container if-plys {
              description
                "List of interface-level policies for management and service plane protection.";
              list if-ply {
                key "policy-id";
                description
                  "Configure interface-level policy for management and service plane protection.";
                leaf policy-id {
                  type uint32 {
                    range "1..64";
                  }
                  description
                    "ID of an interface-level policy for management and service plane protection.";
                }
    
                leaf bgp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending BGP packets.";
                }
    
                leaf ftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending FTP packets.";
                }
    
                leaf ldp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending LDP packets.";
                }
    
                leaf ospf-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending OSPF packets.";
                }
    
                leaf rip-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending RIP packets.";
                }
    
                leaf rsvp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending RSVP packets.";
                }
    
                leaf snmp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending SNMP packets.";
                }
    
                leaf ssh-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending SSH packets.";
                }
    
                leaf telnet-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending Telnet packets.";
                }
    
                leaf tftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending TFTP packets.";
                }
    
                leaf isis-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IS-IS packets.";
                }
    
                leaf pim-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending PIM SM packets.";
                }
    
                leaf bgp4-plus-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending BGP4Plus packets.";
                }
    
                leaf ipv6-ftp-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 FTP protocol packets.";
                }
    
                leaf ospfv3-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending OSPFv3 protocol packets.";
                }
    
                leaf ipv6-pim-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 PIM protocol packets.";
                }
    
                leaf ipv6-ssh-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 SSH protocol packets.";
                }
    
                leaf ipv6-telnet-action {
                  type management-plane-defend-action;
                  default "default";
                  description
                    "Policy for sending IPv6 Telnet protocol packets.";
                }
              }  // list if-ply
            }  // container if-plys
    
            container slot-stats {
              config false;
              description
                "List of management plane defend slot policy statistics.";
              list slot-stat {
                key "slot-id protocol-type";
                description
                  "Configure management plane defend slot policy statistics.";
                leaf slot-id {
                  type string {
                    length "0..32";
                  }
                  description "Slot number.";
                }
    
                leaf protocol-type {
                  type management-plane-defend-protocol;
                  description "Protocol number.";
                }
    
                leaf recv-total-pkt-num {
                  type uint64;
                  description
                    "Total packet number of management plane defend.";
                }
    
                leaf pass-pkt-num {
                  type uint64;
                  description
                    "Packet number passed by management plane defend.";
                }
    
                leaf drop-pkt-num {
                  type uint64;
                  description
                    "Packet number discarded by management plane defend.";
                }
              }  // list slot-stat
            }  // container slot-stats
    
            container if-stats {
              config false;
              description
                "List of management plane defend interface policy statistics.";
              list if-stat {
                key "if-name protocol-type";
                description
                  "Configure management plane defend interface policy statistics.";
                leaf if-name {
                  type leafref {
                    path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name";
                  }
                  description
                    "Name of the interface when obtain packet headers.";
                }
    
                leaf protocol-type {
                  type management-plane-defend-protocol;
                  description "Protocol number.";
                }
    
                leaf recv-total-pkt-num {
                  type uint64;
                  description
                    "Total packet number of management plane defend.";
                }
    
                leaf pass-pkt-num {
                  type uint64;
                  description
                    "Packet number passed by management plane defend.";
                }
    
                leaf drop-pkt-num {
                  type uint64;
                  description
                    "Packet number discarded by management plane defend.";
                }
              }  // list if-stat
            }  // container if-stats
          }  // container management-plane-defend
    
          container gtsm {
            description
              "Configure statistics function about GTSM.";
            leaf gtsm-policy-action {
              type gtsm-action;
              default "pass";
              description "GTSM policy.";
            }
    
            container gtsm-stats {
              config false;
              description
                "List of statistics about GTSM.";
              list gtsm-stat {
                key "slot-id protocol";
                description
                  "Statistics of GTSM.";
                leaf slot-id {
                  type string {
                    length "1..31";
                  }
                  description "Slot number.";
                }
    
                leaf protocol {
                  type gtsm-protocol;
                  description "Protocol number.";
                }
    
                leaf total-count {
                  type uint64;
                  description "Total counters.";
                }
    
                leaf drop-count {
                  type uint64;
                  description "Drop counters.";
                }
    
                leaf pass-count {
                  type uint64;
                  description "Pass counters.";
                }
              }  // list gtsm-stat
            }  // container gtsm-stats
          }  // container gtsm
    
          container fragment-car-stats {
            config false;
            description
              "List of statistics about fragment CAR.";
            list fragment-car-stat {
              key "slot-id";
              description
                "Statistics of fragment CAR.";
              leaf slot-id {
                type string {
                  length "1..31";
                }
                description "Slot number.";
              }
    
              leaf total-pkt-num {
                type uint64;
                description
                  "Total packet number of fragment CAR.";
              }
    
              leaf drop-pkt-num {
                type uint64;
                description
                  "Fragment packet number discarded by CAR.";
              }
    
              leaf pass-pkt-num {
                type uint64;
                description
                  "Fragment packet number passed by CAR.";
              }
            }  // list fragment-car-stat
          }  // container fragment-car-stats
    
          container host-packet-header-obtains {
            config false;
            description
              "List of obtain packet headers instance table.";
            list host-packet-header-obtain {
              key "instance-id";
              description
                "Operational data of obtain packet headers instance.";
              leaf instance-id {
                type uint8 {
                  range "1..8";
                }
                description "Instance ID.";
              }
    
              leaf status {
                type packet-header-status;
                description
                  "Obtain packet headers status.";
              }
    
              leaf timeout {
                type uint32 {
                  range "1..86400";
                }
                units "s";
                description "Timeout.";
              }
    
              leaf remain-time {
                type uint32 {
                  range "1..86400";
                }
                units "s";
                description "Remain time.";
              }
    
              leaf record-packet-number {
                type uint32 {
                  range "1..6000";
                }
                description
                  "Record packet number.";
              }
    
              leaf file-length {
                type uint8;
                units "Mbit";
                description "File length.";
              }
    
              leaf total-memory-size {
                type uint32;
                units "Mbit";
                description
                  "Record packet size.";
              }
    
              leaf obtain-packet-number {
                type uint32;
                description
                  "Obtain packet number.";
              }
    
              leaf obtain-packet-size {
                type uint32;
                units "Byte";
                description
                  "Obtain packet size.";
              }
    
              leaf saved-packet-number {
                type uint32;
                description
                  "Saved packet number.";
              }
    
              leaf saved-packet-size {
                type uint32;
                units "Byte";
                description "Saved packet size.";
              }
    
              leaf delete-packet-number {
                type uint32;
                description
                  "Delete packet number.";
              }
    
              leaf delete-packet-size {
                type uint32;
                units "Byte";
                description
                  "Delete packet size.";
              }
    
              leaf first-packet-time {
                type yang:date-and-time;
                description "First packet time.";
              }
    
              leaf last-packet-time {
                type yang:date-and-time;
                description "Last packet time.";
              }
    
              leaf acl {
                type string {
                  length "1..64";
                }
                description
                  "Acl number or name.";
              }
    
              leaf memory-packet-number {
                type uint32;
                description
                  "Memory packet number.";
              }
    
              leaf remain-time-delete {
                type uint32 {
                  range "1..86400";
                }
                units "s";
                description "Remain time.";
              }
    
              leaf packet-device-name {
                type string {
                  length "5..64";
                }
                description
                  "Packet device name.";
              }
    
              leaf file-name {
                type string {
                  length "5..64";
                }
                description "File name.";
              }
    
              leaf link-type {
                type packet-header-link-type-show;
                description "Link type.";
              }
    
              leaf if-name {
                type leafref {
                  path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name";
                }
                description "Interface name.";
              }
    
              leaf inner-protocol {
                type string {
                  length "1..64";
                }
                description
                  "Protocol type of the host packet headers to be obtained.";
              }
            }  // list host-packet-header-obtain
          }  // container host-packet-header-obtains
        }  // container host-defend
    
        rpc start-packet-header-obtain {
          description
            "To start packet header obtain.";
          input {
            leaf inner-protocol {
              type uint16 {
                ext:value-meaning {
                  ext:item "0" {
                    ext:meaning "ftp-server";
                  }
                  ext:item "1" {
                    ext:meaning "ssh-server";
                  }
                  ext:item "2" {
                    ext:meaning "snmp";
                  }
                  ext:item "3" {
                    ext:meaning "telnet-server";
                  }
                  ext:item "4" {
                    ext:meaning "tftp";
                  }
                  ext:item "5" {
                    ext:meaning "bgp";
                  }
                  ext:item "6" {
                    ext:meaning "ldp";
                  }
                  ext:item "7" {
                    ext:meaning "rsvp";
                  }
                  ext:item "8" {
                    ext:meaning "ospf";
                  }
                  ext:item "9" {
                    ext:meaning "rip";
                  }
                  ext:item "10" {
                    ext:meaning "isis";
                  }
                  ext:item "11" {
                    ext:meaning "sftp-server";
                  }
                  ext:item "12" {
                    ext:meaning "icmp";
                  }
                  ext:item "13" {
                    ext:meaning "msdp";
                  }
                  ext:item "14" {
                    ext:meaning "pim";
                  }
                  ext:item "15" {
                    ext:meaning "arp";
                  }
                  ext:item "17" {
                    ext:meaning "dhcp";
                  }
                  ext:item "18" {
                    ext:meaning "lacp";
                  }
                  ext:item "19" {
                    ext:meaning "ntp";
                  }
                  ext:item "20" {
                    ext:meaning "radius";
                  }
                  ext:item "21" {
                    ext:meaning "hwtacacs";
                  }
                  ext:item "22" {
                    ext:meaning "lspping";
                  }
                  ext:item "23" {
                    ext:meaning "igmp";
                  }
                  ext:item "24" {
                    ext:meaning "vgmp";
                  }
                  ext:item "25" {
                    ext:meaning "rrpp";
                  }
                  ext:item "26" {
                    ext:meaning "vrrp";
                  }
                  ext:item "27" {
                    ext:meaning "bfd";
                  }
                  ext:item "28" {
                    ext:meaning "mplsoam";
                  }
                  ext:item "29" {
                    ext:meaning "ieee-8021ag";
                  }
                  ext:item "30" {
                    ext:meaning "ftp-client";
                  }
                  ext:item "31" {
                    ext:meaning "telnet-client";
                  }
                  ext:item "32" {
                    ext:meaning "ssh-client";
                  }
                  ext:item "33" {
                    ext:meaning "sftp-client";
                  }
                  ext:item "34" {
                    ext:meaning "dns-client";
                  }
                  ext:item "48" {
                    ext:meaning "tcp-syn";
                  }
                  ext:item "164" {
                    ext:meaning "eapol";
                  }
                  ext:item "567" {
                    ext:meaning "esmc";
                  }
                }
                range "0..1658";
              }
              description
                "Protocol type of the host packet headers to be obtained.";
            }
    
            choice interface-or-link-type {
              mandatory true;
              description
                "Physical type of packet header obtaining: interface-based or link type-based packet header obtaining.";
              case interface-based {
                description
                  "Parameters for the interface of packet header obtain.";
                leaf interface-name {
                  type leafref {
                    path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name";
                  }
                  mandatory true;
                  description
                    "Parameters for the interface of packet header obtain.";
                }
    
                choice vlan {
                  description
                    "Parameters for the VLAN of packet header obtain.";
                  case single {
                    description
                      "Parameters for the single VLAN of packet header obtain.";
                    leaf begin-vlan-id {
                      type vlan:vlan-id;
                      mandatory true;
                      description
                        "Parameters for the begin VLAN value of packet header obtain.";
                    }
    
                    leaf end-vlan-id {
                      type vlan:vlan-id;
                      description
                        "Parameters for the end VLAN value of packet header obtain.";
                    }
                  }  // case single
    
                  case double {
                    description
                      "Parameters for the double VLAN of packet header obtain.";
                    leaf pe-begin-vlan-id {
                      type vlan:vlan-id;
                      mandatory true;
                      description
                        "Parameters for the begin VLAN value of packet header obtain.";
                    }
    
                    leaf pe-end-vlan-id {
                      type vlan:vlan-id;
                      description
                        "Parameters for the end VLAN value of packet header obtain.";
                    }
    
                    leaf ce-begin-vlan-id {
                      type vlan:vlan-id;
                      mandatory true;
                      description
                        "Parameters for the end VLAN value of packet header obtain.";
                    }
    
                    leaf ce-end-vlan-id {
                      type vlan:vlan-id;
                      description
                        "Parameters for the end VLAN value of packet header obtain.";
                    }
                  }  // case double
                }  // choice vlan
              }  // case interface-based
    
              case link-type-based {
                description
                  "Parameters for the link-type of packet header obtain.";
                leaf link-type {
                  type packet-header-link-type;
                  description
                    "Parameters for link type of obtain packet headers.";
                }
              }  // case link-type-based
            }  // choice interface-or-link-type
    
            choice acl-type {
              description
                "Parameters for the acl of packet header obtain.";
              case acl4 {
                description
                  "Parameters for the v4 acl of packet header obtain.";
                leaf acl-v4 {
                  type leafref {
                    path "/acl:acl/acl:groups/acl:group/acl:identity";
                  }
                  mandatory true;
                  description
                    "Parameters for the acl4 value of packet header obtain.";
                }
              }  // case acl4
    
              case acl6 {
                description
                  "Parameters for the v6 acl of packet header obtain.";
                leaf acl-v6 {
                  type leafref {
                    path "/acl:acl/acl:group6s/acl:group6/acl:identity";
                  }
                  mandatory true;
                  description
                    "Parameters for the acl6 value of packet header obtain.";
                }
              }  // case acl6
            }  // choice acl-type
    
            choice destination {
              description
                "Parameters for the destination of packet header obtain.";
              case file {
                description
                  "Save packet information to file.";
                leaf file-name {
                  type string {
                    length "5..64";
                  }
                  mandatory true;
                  description "File name.";
                }
    
                leaf file-size {
                  type uint8 {
                    range "1..10";
                  }
                  units "MB";
                  default "2";
                  description "File size.";
                }
              }  // case file
    
              case buffer {
                description
                  "Save packet information to buffer only.";
                leaf buffer-only {
                  type empty;
                  mandatory true;
                  description
                    "Type buffer only.";
                }
              }  // case buffer
            }  // choice destination
    
            leaf packet-number {
              type uint32 {
                range "1..6000";
              }
              default "10";
              description
                "Parameters for the number of packet header obtain.";
            }
    
            leaf packet-length {
              type uint16 {
                range "20..64";
              }
              default "20";
              description
                "Parameters for the lenth of packet header obtain.";
            }
    
            leaf timeout {
              type uint32 {
                range "1..86400";
              }
              units "s";
              default "15";
              description
                "Parameters for the timer of packet header obtain.";
            }
    
            leaf overwrite {
              type boolean;
              description
                "Overwrite the buffer.";
            }
          }
        }  // rpc start-packet-header-obtain
    
        rpc stop-packet-header-obtain {
          description
            "To stop packet header obtain.";
          input {
            choice type {
              description
                "The type of stop for packet header obtaining: instance-based or condition-based.";
              case instance-base {
                description
                  "Parameters for the instance type of packet header obtain.";
                leaf instance-id {
                  type uint8 {
                    range "1..8";
                  }
                  description
                    "Parameters for the instance id of packet header obtain.";
                }
              }  // case instance-base
    
              case condition-based {
                description
                  "Parameters for the conditio-type of packet header obtain.";
                leaf inner-protocol {
                  type uint32 {
                    ext:value-meaning {
                      ext:item "0" {
                        ext:meaning "ftp-server";
                      }
                      ext:item "1" {
                        ext:meaning "ssh-server";
                      }
                      ext:item "2" {
                        ext:meaning "snmp";
                      }
                      ext:item "3" {
                        ext:meaning "telnet-server";
                      }
                      ext:item "4" {
                        ext:meaning "tftp";
                      }
                      ext:item "5" {
                        ext:meaning "bgp";
                      }
                      ext:item "6" {
                        ext:meaning "ldp";
                      }
                      ext:item "7" {
                        ext:meaning "rsvp";
                      }
                      ext:item "8" {
                        ext:meaning "ospf";
                      }
                      ext:item "9" {
                        ext:meaning "rip";
                      }
                      ext:item "10" {
                        ext:meaning "isis";
                      }
                      ext:item "11" {
                        ext:meaning "sftp-server";
                      }
                      ext:item "12" {
                        ext:meaning "icmp";
                      }
                      ext:item "13" {
                        ext:meaning "msdp";
                      }
                      ext:item "14" {
                        ext:meaning "pim";
                      }
                      ext:item "15" {
                        ext:meaning "arp";
                      }
                      ext:item "17" {
                        ext:meaning "dhcp";
                      }
                      ext:item "18" {
                        ext:meaning "lacp";
                      }
                      ext:item "19" {
                        ext:meaning "ntp";
                      }
                      ext:item "20" {
                        ext:meaning "radius";
                      }
                      ext:item "21" {
                        ext:meaning "hwtacacs";
                      }
                      ext:item "22" {
                        ext:meaning "lspping";
                      }
                      ext:item "23" {
                        ext:meaning "igmp";
                      }
                      ext:item "24" {
                        ext:meaning "vgmp";
                      }
                      ext:item "25" {
                        ext:meaning "rrpp";
                      }
                      ext:item "26" {
                        ext:meaning "vrrp";
                      }
                      ext:item "27" {
                        ext:meaning "bfd";
                      }
                      ext:item "28" {
                        ext:meaning "mplsoam";
                      }
                      ext:item "29" {
                        ext:meaning "ieee-8021ag";
                      }
                      ext:item "30" {
                        ext:meaning "ftp-client";
                      }
                      ext:item "31" {
                        ext:meaning "telnet-client";
                      }
                      ext:item "32" {
                        ext:meaning "ssh-client";
                      }
                      ext:item "33" {
                        ext:meaning "sftp-client";
                      }
                      ext:item "34" {
                        ext:meaning "dns-client";
                      }
                      ext:item "48" {
                        ext:meaning "tcp-syn";
                      }
                      ext:item "164" {
                        ext:meaning "eapol";
                      }
                      ext:item "567" {
                        ext:meaning "esmc";
                      }
                    }
                    range "0..1658";
                  }
                  description
                    "Protocol type of the host packet headers to be obtained.";
                }
    
                choice interface-or-link-type {
                  mandatory true;
                  description
                    "Physical type of packet header obtaining: interface-based or link type-based packet header obtaining.";
                  case interface-based {
                    description
                      "Parameters for the interface of packet header obtain.";
                    leaf interface-name {
                      type leafref {
                        path "/ifm:ifm/ifm:interfaces/ifm:interface/ifm:name";
                      }
                      mandatory true;
                      description
                        "Parameters for the interface of packet header obtain.";
                    }
    
                    choice vlan {
                      description
                        "Parameters for the VLAN of packet header obtain.";
                      case single {
                        description
                          "Parameters for the single VLAN of packet header obtain.";
                        leaf begin-vlan-id {
                          type vlan:vlan-id;
                          mandatory true;
                          description
                            "Parameters for the begin VLAN value of packet header obtain.";
                        }
    
                        leaf end-vlan-id {
                          type vlan:vlan-id;
                          description
                            "Parameters for the end VLAN value of packet header obtain.";
                        }
                      }  // case single
    
                      case double {
                        description
                          "Parameters for the double VLAN of packet header obtain.";
                        leaf pe-begin-vlan-id {
                          type vlan:vlan-id;
                          mandatory true;
                          description
                            "Parameters for the begin VLAN value of packet header obtain.";
                        }
    
                        leaf pe-end-vlan-id {
                          type vlan:vlan-id;
                          description
                            "Parameters for the end VLAN value of packet header obtain.";
                        }
    
                        leaf ce-begin-vlan-id {
                          type vlan:vlan-id;
                          mandatory true;
                          description
                            "Parameters for the end VLAN value of packet header obtain.";
                        }
    
                        leaf ce-end-vlan-id {
                          type vlan:vlan-id;
                          description
                            "Parameters for the end VLAN value of packet header obtain.";
                        }
                      }  // case double
                    }  // choice vlan
                  }  // case interface-based
    
                  case link-type-based {
                    description
                      "Parameters for the link-type of packet header obtain.";
                    leaf link-type {
                      type packet-header-link-type;
                      description
                        "Link type of obtain packet headers.";
                    }
                  }  // case link-type-based
                }  // choice interface-or-link-type
    
                choice acl-type {
                  description
                    "Parameters for the acl of packet header obtain.";
                  case acl4 {
                    description
                      "Parameters for the v4 acl of packet header obtain.";
                    leaf acl-v4 {
                      type leafref {
                        path "/acl:acl/acl:groups/acl:group/acl:identity";
                      }
                      mandatory true;
                      description
                        "Parameters for the acl4 value of packet header obtain.";
                    }
                  }  // case acl4
    
                  case acl6 {
                    description
                      "Parameters for the v6 acl of packet header obtain.";
                    leaf acl-v6 {
                      type leafref {
                        path "/acl:acl/acl:group6s/acl:group6/acl:identity";
                      }
                      mandatory true;
                      description
                        "Parameters for the acl6 value of packet header obtain.";
                    }
                  }  // case acl6
                }  // choice acl-type
              }  // case condition-based
            }  // choice type
          }
        }  // rpc stop-packet-header-obtain
    
        rpc free-packet-header-obtain {
          description
            "To free packet header obtain.";
          input {
            leaf instance-id {
              type uint8 {
                range "1..8";
              }
              description
                "Parameters for the instance id of packet header obtain.";
            }
          }
        }  // rpc free-packet-header-obtain
    
        augment /ifm:ifm/ifm:interfaces/ifm:interface {
          description
            "All configurations of the host defend under the interface.";
          container if-8021p-priority {
            when
              "../ifm:type='Ethernet' or ../ifm:type='GigabitEthernet' or ../ifm:type='100GE' or ../ifm:type='40GE' or ../ifm:type='25GE' or ../ifm:type='4x10GE' or ../ifm:type='10x10GE' or ../ifm:type='3x40GE' or ../ifm:type='4x25GE' or ../ifm:type='200GE' or ../ifm:type='FlexE' or ../ifm:type='50GE' or ../ifm:type='50|100GE' or ../ifm:type='10GE' or ../ifm:type='MultiGE' or ../ifm:type='400GE' or ../ifm:type='Vlanif' or ../ifm:type='XGigabitEthernet' or ../ifm:type='Eth-Trunk' or ../ifm:type='PW-VE' or ../ifm:type='Cellular' or ../ifm:type='Virtual-Ethernet' or ../ifm:class='sub-interface'";
            presence
              "Present if 8021p priority function.";
            description
              "Configure 8021p priority under the interface.";
            leaf value {
              type uint32 {
                range "0..7";
              }
              mandatory true;
              description "8021p value.";
            }
          }  // container if-8021p-priority
    
          container management-plane-defend-if {
            when
              "../ifm:type='Ethernet' or ../ifm:type='GigabitEthernet' or ../ifm:type='GEBrief' or ../ifm:type='10GE' or ../ifm:type='MultiGE' or ../ifm:type='40GE' or ../ifm:type='100GE' or ../ifm:type='25GE' or ../ifm:type='400GE' or ../ifm:type='XGigabitEthernet' or ../ifm:type='200GE' or ../ifm:type='50GE' or ../ifm:type='50|100GE' or ../ifm:type='ATM' or ../ifm:type='Pos' or ../ifm:type='Cellular'";
            presence
              "Present if management plane defend function.";
            description
              "Configure applications of interface-level policies for management and service plane protection.";
            leaf policy-id {
              type leafref {
                path "/host-defend:host-defend/host-defend:management-plane-defend/host-defend:if-plys/host-defend:if-ply/host-defend:policy-id";
              }
              mandatory true;
              description
                "ID of an interface-level policy for management and service plane protection.";
            }
          }  // container management-plane-defend-if
        }
    
        augment /devm:devm/devm:mpu-boards/devm:mpu-board {
          description
            "All configurations of the host defend under the mpu-board.";
          container management-plane-defend-slot {
            presence
              "Present slot management plane defend function.";
            description
              "Configure applications of slot-based policies for management and service plane protection.";
            leaf slot-policy-id {
              type leafref {
                path "/host-defend:host-defend/host-defend:management-plane-defend/host-defend:slot-plys/host-defend:slot-ply/host-defend:policy-id";
              }
              mandatory true;
              description
                "ID of a slot-based policy for management and service plane protection.";
            }
          }  // container management-plane-defend-slot
        }
    
        augment /devm:devm/devm:lpu-boards/devm:lpu-board {
          description
            "All configurations of the host defend under the lpu-board.";
          container management-plane-defend-slot {
            presence
              "Present slot management plane defend function.";
            description
              "Configure applications of slot-based policies for management and service plane protection.";
            leaf slot-policy-id {
              type leafref {
                path "/host-defend:host-defend/host-defend:management-plane-defend/host-defend:slot-plys/host-defend:slot-ply/host-defend:policy-id";
              }
              mandatory true;
              description
                "ID of a slot-based policy for management and service plane protection.";
            }
          }  // container management-plane-defend-slot
        }
      }  // module huawei-host-defend
    

© 2023 YumaWorks, Inc. All rights reserved.