-- ================================================================== -- Copyright (c) 2004-2010 New H3C Tech. Co., Ltd. All rights reserved. -- -- Description: ACFP MIB -- Reference: -- Version: V1.5 -- History: -- V1.0 2006-07-04 Created by Wang Haidong -- V1.1 2007-03-23 Modified by Hao Chunbo -- Delete the default value of hh3cAcfpPolicyAdminStatus. -- V1.2 2007-07-03 Modified by Hao Chunbo -- Add a new trap node for hh3cAcfpPolicyLifetime. -- V1.3 2007-11-07 Modified by Li Yugang -- Modify the value of hh3cAcfpServerCurContextType. -- Destroy the node of hh3cAcfpRuleEstablish. -- Add a new node for Hh3cAcfpPolicyDestIfFailAction. -- Add a new node for Hh3cAcfpPolicyPriority. -- Add a new node for hh3cAcfpRuleTCPFlag. -- V1.4 2007-12-19 Modified by Li Yugang -- Modify the description of hh3cAcfpPolicyRowStatus. -- Modify the description of hh3cAcfpRuleRowStatus. -- Modify the status of hh3cAcfpRuleEstablish. -- Modify the value of hh3cAcfpRuleTCPFlag. -- V1.5 2009-11-30 Modified by Zhu Dengfeng -- Add a new node for hh3cAcfpRuleSrcIPV6Address -- Add a new node for hh3cAcfpRuleSrcPrefixLen -- Add a new node for hh3cAcfpRuleDstIPV6Address -- Add a new node for hh3cAcfpRuleDstPrefixLen -- Add a new node for hh3cAcfpRuleTrafficType -- Add a new node for hh3cAcfpRuleTypeOrLen -- ================================================================== HH3C-ACFP-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress, DisplayString FROM SNMPv2-TC Ipv6Address FROM IPV6-TC InetAddressPrefixLength FROM INET-ADDRESS-MIB hh3cCommon FROM HH3C-OID-MIB; -- -- Node definitions -- hh3cAcfp MODULE-IDENTITY LAST-UPDATED "200607041936Z" ORGANIZATION "New H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team New H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China Http://www.h3c.com Zip:100085" DESCRIPTION "This MIB module defines a set of basic objects for configuring switches and routers to enable ACFP." REVISION "200607041936Z" DESCRIPTION "Initial version" ::= { hh3cCommon 74 } hh3cAcfpObjects OBJECT IDENTIFIER ::= { hh3cAcfp 1 } hh3cAcfpOAP OBJECT IDENTIFIER ::= { hh3cAcfpObjects 1 } -- ACFP server information -- ACFP server should create this object and -- advertise its capability hh3cAcfpServer OBJECT IDENTIFIER ::= { hh3cAcfpOAP 1 } hh3cAcfpServerInfo OBJECT-TYPE SYNTAX BITS { ipserver(0), redirect(1), mirror(2), passThrough(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns a set of bits indicating the capabilities (or configuration) of the switch or router. The set bit is indication that a router or switch can support the action for security rule." ::= { hh3cAcfpServer 1 } hh3cAcfpServerMaxLifetime OBJECT-TYPE SYNTAX Integer32(0..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns the maximum lifetime in seconds, that this router or switch allows policy rules to have." ::= { hh3cAcfpServer 2 } hh3cAcfpServerPersistentRules OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns true(1) if the ACFP MIB implementation can store policy rules persistently. Otherwise, it returns false(2)." ::= { hh3cAcfpServer 3 } hh3cAcfpServerCurContextType OBJECT-TYPE SYNTAX INTEGER { no-context(1), context-VLANID(2), context-HG(3), context-FlowID(4), context-HGPlus(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "In some circumstances, it's necessary that packets go to ACFP client with context from ACFP server. However, the context perhaps is different. hh3cAcfpServerCurContextType is used to distinguish this difference, ACFP client may process distinctively." ::= { hh3cAcfpServer 4 } -- ACFP client Information. -- This object is used for network management purpose. hh3cAcfpClientInfo OBJECT IDENTIFIER ::= { hh3cAcfpOAP 2 } hh3cAcfpClientInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF Hh3cAcfpClientInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the basic information about ACFP client." ::= { hh3cAcfpClientInfo 1 } hh3cAcfpClientInfoEntry OBJECT-TYPE SYNTAX Hh3cAcfpClientInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This list contains the basic information about ACFP client." INDEX { hh3cAcfpClientID } ::= { hh3cAcfpClientInfoTable 1 } Hh3cAcfpClientInfoEntry ::= SEQUENCE { hh3cAcfpClientID Integer32, hh3cAcfpClientDescription DisplayString, hh3cAcfpClientHwVersion DisplayString, hh3cAcfpClientOSVersion DisplayString, hh3cAcfpClientAppVersion DisplayString, hh3cAcfpClientIP IpAddress, hh3cAcfpClientMode BITS, hh3cAcfpClientRowStatus RowStatus } hh3cAcfpClientID OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of ACFP client." ::= { hh3cAcfpClientInfoEntry 1 } hh3cAcfpClientDescription OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Description of the application that is running on ACFP client, eg. IPS, VCX." ::= { hh3cAcfpClientInfoEntry 2 } hh3cAcfpClientHwVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The hardware revision of ACFP client." ::= { hh3cAcfpClientInfoEntry 3 } hh3cAcfpClientOSVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The operating system version running ACFP client." ::= { hh3cAcfpClientInfoEntry 4 } hh3cAcfpClientAppVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The application version running on ACFP client" ::= { hh3cAcfpClientInfoEntry 5 } hh3cAcfpClientIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "IP address of ACFP client." ::= { hh3cAcfpClientInfoEntry 6 } hh3cAcfpClientMode OBJECT-TYPE SYNTAX BITS { ipserver(0), redirect(1), mirror(2), passThrough(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "ACFP client informs Router or switch which mode it is operating. Router or switch checks hh3cAcfpServerInfo to see whether it is capable of fulfilling this function. If not, router or switch generates a trap informing ACFP client such OAP mode is not supported." DEFVAL { 0 } ::= { hh3cAcfpClientInfoEntry 7 } hh3cAcfpClientRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: Node hh3cAcfpClientMode must be bound while creating a row. It is optional for other nodes. ACFP module must be enabled for the server while creating a row. The number of rows created must not exceed upper limit. Modification Operation Restriction: Nodes that do not support modification: hh3cAcfpClientMode. Nodes that support modification: hh3cAcfpClientDescription, hh3cAcfpClientHwVersion, hh3cAcfpClientOSVersion, hh3cAcfpClientAppVersion and hh3cAcfpClientIP. If the row to be modified does not exist, error returns directly. Deletion Operation Restriction: If the row to be deleted does not exist, success returns directly. " ::= { hh3cAcfpClientInfoEntry 8 } -- Policy Information applied to Router or switch hh3cAcfpPolicy OBJECT IDENTIFIER ::= { hh3cAcfpOAP 3 } hh3cAcfpPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF Hh3cAcfpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all current policies for ACFP client(s). Entries in this table are created or removed implicitly when entries in the hh3cAcfpRuleTable are created or removed, respectively. A policy entry in this table only exists as long as there is rule of this policy in the hh3cAcfpRuleTable. The table serves for listing the existing policies and their remaining lifetimes and for changing lifetimes of policies and implicitly of all policy members and all their member policy rules can be deleted by setting hh3cAcfpPolicyLifetime to 0." ::= { hh3cAcfpPolicy 1 } hh3cAcfpPolicyEntry OBJECT-TYPE SYNTAX Hh3cAcfpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list contains basic information of ACFP Policy." INDEX { hh3cAcfpClientID, hh3cAcfpPolicyIndex } ::= { hh3cAcfpPolicyTable 1 } Hh3cAcfpPolicyEntry ::= SEQUENCE { hh3cAcfpPolicyIndex Integer32, hh3cAcfpPolicyInIfIndex Integer32, hh3cAcfpPolicyOutIfIndex Integer32, hh3cAcfpPolicyDestIfIndex Integer32, hh3cAcfpPolicyContextID Integer32, hh3cAcfpPolicyAdminStatus INTEGER, hh3cAcfpPolicyLifetime Integer32, hh3cAcfpPolicyTimeStart OCTET STRING, hh3cAcfpPolicyTimeEnd OCTET STRING, hh3cAcfpPolicyRowStatus RowStatus, hh3cAcfpPolicyDestIfFailAction INTEGER, hh3cAcfpPolicyPriority INTEGER } hh3cAcfpPolicyIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of the Policy of ACFP client" ::= { hh3cAcfpPolicyEntry 1 } hh3cAcfpPolicyInIfIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Packet is received from this interface. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hh3cAcfpPolicyEntry 2} hh3cAcfpPolicyOutIfIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Packet is sent to this interface. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hh3cAcfpPolicyEntry 3 } hh3cAcfpPolicyDestIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Through this interface, packet go to ACFP client from ACFP server. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hh3cAcfpPolicyEntry 4 } hh3cAcfpPolicyContextID OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "Internal id ACFP server allocated used to map to the interface. ACFP server may send packet with this hh3cAcfpPolicyContextID to ACFP client, ACFP client can make use of this hh3cAcfpPolicyContextID and find the policy. " ::= { hh3cAcfpPolicyEntry 5 } hh3cAcfpPolicyAdminStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), -- policy is applied disable(2) -- policy is not applied } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the desired status of the policy." ::= { hh3cAcfpPolicyEntry 6 } hh3cAcfpPolicyLifetime OBJECT-TYPE SYNTAX Integer32(0..2147483647) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "When retrieved, this object delivers the maximum lifetime (seconds) of all the rules of this, i.e., of all the rows in hh3cAcfpRuleTable that have the same values of hh3cAcfpRulePolicyIndex and hh3cAcfpClientID. Successfully writing to this object modifies the lifetime of all the rules of this. Successfully writing a value of 0 terminates all the rules and implicitly deletes this as soon as all member entries are removed from the hh3cAcfpRuleTable. Note that after a lifetime expired, all the corresponding entry in the hh3cAcfpRuleTable will be removed and this will be deleted implicitly. Writing to this object is processed by the ACFP MIB implementation by choosing a lifetime value that is greater than or equal to zero and less than or equal to the minimum of the requested value and the value specified by object hh3cAcfpServerMaxLifetime: 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum) whereas: lt_granted is the actually granted lifetime by the ACFP MIB implementation. lt_requested is the requested lifetime of the ACFP client. lt_maximum is the value of object hh3cAcfpServerMaxLifetime. SNMP set requests to this object may be rejected or the value of the object after an accepted set operation may be less than the value that was contained in the SNMP set request." DEFVAL{ hh3cAcfpServerMaxLifetime } ::= { hh3cAcfpPolicyEntry 7 } hh3cAcfpPolicyTimeStart OBJECT-TYPE SYNTAX OCTET STRING(SIZE(8)) MAX-ACCESS read-create STATUS current DESCRIPTION "Beginning time of this policy every day. Eg. HH:MM:SS" ::= { hh3cAcfpPolicyEntry 8 } hh3cAcfpPolicyTimeEnd OBJECT-TYPE SYNTAX OCTET STRING(SIZE(8)) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending time of this policy every day. Eg. HH:MM:SS" ::= { hh3cAcfpPolicyEntry 9 } hh3cAcfpPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: The client corresponding to the index hh3cAcfpClientID must exist while creating a row. Nodes hh3cAcfpPolicyTimeStart and hh3cAcfpPolicyTimeEnd are bound together, and hh3cAcfpPolicyTimeEnd must be greater than hh3cAcfpPolicyTimeStart. The number of rows created on an incoming/outgoing interface cannot exceed the upper limit. The number of rows created cannot exceed the upper limit for each client. A packet matches a policy in the following order: - It first matches the policy with the highest priority. - For two policies with the same priority, it matches the one with the smallest client index. - For two policies with the same client index, it matches the one with the smallest policy index. Modification Operation Restriction: Nodes that do not support modification: hh3cAcfpPolicyInIfIndex, hh3cAcfpPolicyOutIfIndex, hh3cAcfpPolicyDestIfIndex, hh3cAcfpPolicyDestIfFailAction, hh3cAcfpPolicyPriority. Nodes that support modification: hh3cAcfpPolicyAdminStatus, hh3cAcfpPolicyLifetime, hh3cAcfpPolicyTimeStart and hh3cAcfpPolicyTimeEnd. While modifying a row, if the row corresponding to the index configured does not exist, error returns directly. While modifying a node, the restriction over hh3cAcfpPolicyTimeStart and hh3cAcfpPolicyTimeEnd is the same as creating a node. Deletion Operation Restriction: If the row to be deleted does not exist, success returns directly. " ::= { hh3cAcfpPolicyEntry 10 } hh3cAcfpPolicyDestIfFailAction OBJECT-TYPE SYNTAX INTEGER { delete(1), -- delete all rules of the policy from driver reserve(2) -- reserve all rules of the policy in driver } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the action of the policy when the destination interface failed." DEFVAL { 1 } ::= { hh3cAcfpPolicyEntry 11 } hh3cAcfpPolicyPriority OBJECT-TYPE SYNTAX INTEGER { priority1(1), -- Priority 1 (MIN) priority2(2), -- Priority 2 priority3(3), -- Priority 3 priority4(4), -- Priority 4 priority5(5), -- Priority 5 priority6(6), -- Priority 6 priority7(7), -- Priority 7 priority8(8) -- Priority 8 (MAX) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the priority of the policy. Priority8 is maximal priority. Priority1 is minimal priority." DEFVAL { 4 } ::= { hh3cAcfpPolicyEntry 12 } -- Individual Rule policy Information applied to Router or switch hh3cAcfpRule OBJECT IDENTIFIER ::= { hh3cAcfpOAP 4 } hh3cAcfpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF Hh3cAcfpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all the rules. It is indexed by hh3cAcfpClientID, hh3cAcfpRulePolicyIndex and hh3cAcfpRuleIndex. Entries can be deleted by writing hh3cAcfpPolicyLifetime to 0." ::= { hh3cAcfpRule 1 } hh3cAcfpRuleEntry OBJECT-TYPE SYNTAX Hh3cAcfpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list contains basic information of the rule." INDEX { hh3cAcfpClientID, hh3cAcfpPolicyIndex, hh3cAcfpRuleIndex } ::= { hh3cAcfpRuleTable 1 } Hh3cAcfpRuleEntry ::= SEQUENCE { hh3cAcfpRuleIndex Integer32, hh3cAcfpRuleOperStatus INTEGER, hh3cAcfpRuleAction INTEGER, hh3cAcfpRuleAll TruthValue, hh3cAcfpRuleSrcMAC MacAddress, hh3cAcfpRuleDstMAC MacAddress, hh3cAcfpRuleVlanStart Integer32, hh3cAcfpRuleVlanEnd Integer32, hh3cAcfpRuleProtocol Integer32, hh3cAcfpRuleSrcIP IpAddress, hh3cAcfpRuleSrcIPMask IpAddress, hh3cAcfpRuleSrcOp INTEGER, hh3cAcfpRuleSrcStartPort Integer32, hh3cAcfpRuleSrcEndPort Integer32, hh3cAcfpRuleDstIP IpAddress, hh3cAcfpRuleDstIPMask IpAddress, hh3cAcfpRuleDstOp INTEGER, hh3cAcfpRuleDstStartPort Integer32, hh3cAcfpRuleDstEndPort Integer32, hh3cAcfpRulePrecedence Integer32, hh3cAcfpRuleTos Integer32, hh3cAcfpRuleDscp Integer32, hh3cAcfpRuleEstablish TruthValue, hh3cAcfpRuleFragment TruthValue, hh3cAcfpRulePacketRate Integer32, hh3cAcfpRuleRowStatus RowStatus, hh3cAcfpRuleTCPFlag Integer32, hh3cAcfpRuleSrcIPV6Address Ipv6Address, hh3cAcfpRuleSrcPrefixLen InetAddressPrefixLength, hh3cAcfpRuleDstIPV6Address Ipv6Address, hh3cAcfpRuleDstPrefixLen InetAddressPrefixLength, hh3cAcfpRuleTrafficType BITS, hh3cAcfpRuleTypeOrLen Integer32 } hh3cAcfpRuleIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of the rules which have the same hh3cAcfpPolicyIndex and hh3cAcfpClientID.hh3cAcfpRuleIndex indicates rule sequence in the same policy." ::= { hh3cAcfpRuleEntry 1 } hh3cAcfpRuleOperStatus OBJECT-TYPE SYNTAX INTEGER { success(1), -- rule applied successfully to interface fail(2) -- rule failed to apply to interface } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object indicates the status of a rule. success : Applied rule to interface successfully. fail : Failed to apply rule to interface. " DEFVAL { fail } ::= { hh3cAcfpRuleEntry 2 } hh3cAcfpRuleAction OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2), redirect(3), mirror(4), rate(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of this rule." ::= { hh3cAcfpRuleEntry 3 } hh3cAcfpRuleAll OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The rule match all packet or does not. true : all false : not all " DEFVAL { false } ::= { hh3cAcfpRuleEntry 4 } hh3cAcfpRuleSrcMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source MAC of this rule." ::= { hh3cAcfpRuleEntry 5 } hh3cAcfpRuleDstMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination MAC of this rule." ::= { hh3cAcfpRuleEntry 6 } hh3cAcfpRuleVlanStart OBJECT-TYPE SYNTAX Integer32(0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting VLAN id of this rule. 0 : Invalid value" DEFVAL { 0 } ::= { hh3cAcfpRuleEntry 7 } hh3cAcfpRuleVlanEnd OBJECT-TYPE SYNTAX Integer32(0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending VLAN id of this rule. 0 : Invalid value" DEFVAL { 0 } ::= { hh3cAcfpRuleEntry 8 } hh3cAcfpRuleProtocol OBJECT-TYPE SYNTAX Integer32(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol-type of this rule. <0-255> Protocol number gre GRE tunneling(47) icmp Internet Control Message Protocol(1) igmp Internet Management Protocol(2) ip Any IP protocol(0) ipinip IP in IP tunneling(4) ospf OSPF routing protocol(89) tcp Transmission Control Protocol (6) udp User Datagram Protocol (17) " DEFVAL { 0 } ::= { hh3cAcfpRuleEntry 9 } hh3cAcfpRuleSrcIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP address of this rule." ::= { hh3cAcfpRuleEntry 10 } hh3cAcfpRuleSrcIPMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address wild of this rule. Eg. 0.0.0.255." ::= { hh3cAcfpRuleEntry 11 } hh3cAcfpRuleSrcOp OBJECT-TYPE SYNTAX INTEGER { equal(1), notEqual(2), lessThan(3), greaterThan(4), range(5), invalid(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "Source Port operation for this rule" DEFVAL { invalid } ::= { hh3cAcfpRuleEntry 12 } hh3cAcfpRuleSrcStartPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting UDP/TCP Source Port number of this rule." ::= { hh3cAcfpRuleEntry 13 } hh3cAcfpRuleSrcEndPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending UDP/TCP Source Port of this rule." ::= { hh3cAcfpRuleEntry 14 } hh3cAcfpRuleDstIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP address of this rule." ::= { hh3cAcfpRuleEntry 15 } hh3cAcfpRuleDstIPMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address wild of this rule. Eg. 0.0.0.255" ::= { hh3cAcfpRuleEntry 16 } hh3cAcfpRuleDstOp OBJECT-TYPE SYNTAX INTEGER { equal(1), nonEqual(2), lessThan(3), greaterThan(4), range(5), invalid(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "Destination Port operation for this rule" DEFVAL { invalid } ::= { hh3cAcfpRuleEntry 17 } hh3cAcfpRuleDstStartPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting UDP/TCP Destination Port number of this rule." ::= { hh3cAcfpRuleEntry 18 } hh3cAcfpRuleDstEndPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending UDP/TCP Destination Port of this rule." ::= { hh3cAcfpRuleEntry 19 } hh3cAcfpRulePrecedence OBJECT-TYPE SYNTAX Integer32(0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of precedence field in IP header. <255> Invalid value <0-7> value of precedence routine(0) Routine precedence priority(1) Priority precedence immediate(2) Immediate precedence flash(3) Flash precedence flash-override(4) Flash Override precedence critical(5) Critical precedence internet(6) Network Control precedence network(7) Internetwork Control precedence " DEFVAL { 255 } ::= { hh3cAcfpRuleEntry 20 } hh3cAcfpRuleTos OBJECT-TYPE SYNTAX Integer32(0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of TOS field in IP header. <255> Invalid value <0-15> value of ToS (Type of Service) Normal(0) normal service min-monetary-cost(1) minimum monetary cost max-reliability(2) maximum reliability max-throughput(4) maximum throughput min-delay(8) minimum delay " DEFVAL { 255 } ::= { hh3cAcfpRuleEntry 21 } hh3cAcfpRuleDscp OBJECT-TYPE SYNTAX Integer32(0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of DSCP. <255> Invalid value <0-63> value of DSCP Be(0) best effort af11(10) assured forwarding 11 service af12(12) assured forwarding 12 service af13(14) assured forwarding 13 service af21(18) assured forwarding 18 service af22(20) assured forwarding 20 service af23(22) assured forwarding 22 service af31(26) assured forwarding 31 service af32(28) assured forwarding 32 service af33(30) assured forwarding 33 service af41(34) assured forwarding 41 service af42(36) assured forwarding 42 service af43(38) assured forwarding 43 service cs1(8) class selector 1 service cs2(16) class selector 2 service cs3(24) class selector 3 service cs4(32) class selector 4 service cs5(40) class selector 5 service cs6(48) class selector 6 service cs7(56) class selector 7 service ef(46) expedited forwarding service " DEFVAL { 255 } ::= { hh3cAcfpRuleEntry 22 } hh3cAcfpRuleEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS deprecated DESCRIPTION "Establish Flag. Matches the TCP packets with the ACK and/or RST flag, including the TCP packets of these types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK." DEFVAL { false } ::= { hh3cAcfpRuleEntry 23 } hh3cAcfpRuleFragment OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packet." DEFVAL { false } ::= { hh3cAcfpRuleEntry 24 } hh3cAcfpRulePacketRate OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Packet rate (Kbps) of this rule." ::= { hh3cAcfpRuleEntry 25 } hh3cAcfpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: Node hh3cAcfpRuleAction must be bound while creating a line. Nodes hh3cAcfpRuleAll and hh3cAcfpRuleProtocol, hh3cAcfpRuleSrcIP, hh3cAcfpRuleSrcIPMask, hh3cAcfpRuleDstIP, hh3cAcfpRuleSrcOp, hh3cAcfpRuleSrcStartPort, hh3cAcfpRuleSrcEndPort, hh3cAcfpRuleDstIP, hh3cAcfpRuleDstIPMask, hh3cAcfpRuleDstOp, hh3cAcfpRuleDstStartPort, hh3cAcfpRuleDstEndPort, hh3cAcfpRulePrecedence, hh3cAcfpRuleTos, hh3cAcfpRuleDscp, hh3cAcfpRuleTCPFlag, hh3cAcfpRuleFragment are mutually exclusive. Nodes hh3cAcfpRuleSrcIP and hh3cAcfpRuleSrcIPMask are bound together, otherwise, the source IP address is neglected. The restriction over hh3cAcfpRuleDstIP and hh3cAcfpRuleDstIPMask is the same as hh3cAcfpRuleSrcIP and hh3cAcfpRuleSrcIPMask. Nodes hh3cAcfpRuleDscp and hh3cAcfpRulePrecedence, hh3cAcfpRuleTos are mutually exclusive. If the node hh3cAcfpRuleSrcOp is bound to range(5), hh3cAcfpRuleSrcStartPort and hh3cAcfpRuleSrcEndPort must be bound together, and hh3cAcfpRuleSrcEndPort must be greater than hh3cAcfpRuleSrcStartPort. If the node hh3cAcfpRuleSrcOp is bound to equal(1), notEqual(2), lessThan(3) or greaterThan(4), hh3cAcfpRuleSrcStartPort must be bound together, and hh3cAcfpRuleSrcEndPort is neglected. The restriction over hh3cAcfpRuleDstOp, hh3cAcfpRuleDstStartPort and hh3cAcfpRuleDstEndPort is the same as hh3cAcfpRuleSrcOp, hh3cAcfpRuleSrcStartPort and hh3cAcfpRuleSrcEndPort. If the node hh3cAcfpRuleAction is bound to redirect(3) or mirror(4), the destination interfaces of the policy the rule belonging to must exist; The number of rows created cannot exceed the upper limit for each policy, each inbound interface and each outbound interface. Modification Operation Restriction: The row does not support modification. Deletion Operation Restriction If the row to be deleted does not exist, success returns directly. " ::= { hh3cAcfpRuleEntry 26 } hh3cAcfpRuleTCPFlag OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "TCP Flag. <0> don't care for TCP flag to match packets <1-65535> care for TCP flag to match packets, the value is combination of next list. URG_VALID (1 << 13) URG_SET (1 << 5) ACK_VALID (1 << 12) ACK_SET (1 << 4) PSH_VALID (1 << 11) PSH_SET (1 << 3) RST_VALID (1 << 10) RST_SET (1 << 2) SYN_VALID (1 << 9) SYN_SET (1 << 1) FIN_VALID (1 << 8) FIN_SET 1 Matches the TCP packets with the URG and/or ACK and/or PSH and/or RST and/or SYN and/or FIN flag, including the TCP packets of these types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK." DEFVAL { 0 } ::= { hh3cAcfpRuleEntry 27 } hh3cAcfpRuleSrcIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv6 address of this rule." ::= { hh3cAcfpRuleEntry 28 } hh3cAcfpRuleSrcPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv6 address prefix length of this rule. Eg. 64." ::= { hh3cAcfpRuleEntry 29 } hh3cAcfpRuleDstIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv6 address of this rule." ::= { hh3cAcfpRuleEntry 30 } hh3cAcfpRuleDstPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv6 address prefix length of this rule. Eg. 64." ::= { hh3cAcfpRuleEntry 31 } hh3cAcfpRuleTrafficType OBJECT-TYPE SYNTAX BITS { unicast(0), multicast(1), broadcast(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Traffic type of this rule. When retrieved, this object returns a set of bits indicating the traffic type." ::= { hh3cAcfpRuleEntry 32 } hh3cAcfpRuleTypeOrLen OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The type or length of ethernet packet. For Ethernet II encapsulation, it stands for packet type. For 802.3 encapsulation, it stands for packet length." ::= { hh3cAcfpRuleEntry 33 } -- Notifications. The definition of hh3cAcfpNotifications makes notification -- registrations reversible (see STD 58, RFC 2578, section 8.5). hh3cAcfpNotifications OBJECT IDENTIFIER ::= { hh3cAcfpOAP 5 } hh3cAcfpCurContextChanged NOTIFICATION-TYPE OBJECTS { hh3cAcfpServerCurContextType } STATUS current DESCRIPTION "This notification is sent when router or switch changed hh3cAcfpServerCurContextType." ::= { hh3cAcfpNotifications 1 } hh3cAcfpClientRegister NOTIFICATION-TYPE OBJECTS { hh3cAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is registered." ::= { hh3cAcfpNotifications 2 } hh3cAcfpClientUnRegister NOTIFICATION-TYPE OBJECTS { hh3cAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is unregistered." ::= { hh3cAcfpNotifications 3 } hh3cAcfpClientDead NOTIFICATION-TYPE OBJECTS { hh3cAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is not responding." ::= { hh3cAcfpNotifications 4 } hh3cAcfpNotSupportedOAPMode NOTIFICATION-TYPE OBJECTS { hh3cAcfpClientID, hh3cAcfpClientMode, hh3cAcfpServerInfo } STATUS current DESCRIPTION "This notification is sent when router or switch cannot support OAP mode that ACFP client wants to operate on." ::= { hh3cAcfpNotifications 5 } hh3cAcfpLifetimeChangeEvent NOTIFICATION-TYPE OBJECTS { hh3cAcfpPolicyLifetime } STATUS current DESCRIPTION "This notification can be generated for indicating that The lifetime of all member rules of the was changed by successfully writing to object hh3cAcfpPolicyLifetime. Note that this notification is only sent if the lifetime of a policy was changed by successfully writing to object hh3cAcfpPolicyLifetime." ::= { hh3cAcfpNotifications 6 } hh3cAcfpRuleCreatedEvent NOTIFICATION-TYPE OBJECTS { hh3cAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when a new rule is created." ::= { hh3cAcfpNotifications 7 } hh3cAcfpRuleDeletedEvent NOTIFICATION-TYPE OBJECTS { hh3cAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when a rule is deleted." ::= { hh3cAcfpNotifications 8 } hh3cAcfpRuleErrorEvent NOTIFICATION-TYPE OBJECTS { hh3cAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when rule cannot be applied." ::= { hh3cAcfpNotifications 9 } hh3cAcfpLifetimeExpireEvent NOTIFICATION-TYPE OBJECTS { hh3cAcfpPolicyLifetime } STATUS current DESCRIPTION "This notification is sent when the time of the policy existed exceeds its lifetime." ::= { hh3cAcfpNotifications 10 } END