-- ================================================================== -- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. -- -- Description: ACFP MIB -- Reference: -- Version: V1.5 -- History: -- V1.0 2006-07-04 Created by Wang Haidong -- V1.1 2007-03-23 Modified by Hao Chunbo -- Delete the default value of hpnicfAcfpPolicyAdminStatus. -- V1.2 2007-07-03 Modified by Hao Chunbo -- Add a new trap node for hpnicfAcfpPolicyLifetime. -- V1.3 2007-11-07 Modified by Li Yugang -- Modify the value of hpnicfAcfpServerCurContextType. -- Destroy the node of hpnicfAcfpRuleEstablish. -- Add a new node for HpnicfAcfpPolicyDestIfFailAction. -- Add a new node for HpnicfAcfpPolicyPriority. -- Add a new node for hpnicfAcfpRuleTCPFlag. -- V1.4 2007-12-19 Modified by Li Yugang -- Modify the description of hpnicfAcfpPolicyRowStatus. -- Modify the description of hpnicfAcfpRuleRowStatus. -- Modify the status of hpnicfAcfpRuleEstablish. -- Modify the value of hpnicfAcfpRuleTCPFlag. -- V1.5 2009-11-30 Modified by Zhu Dengfeng -- Add a new node for hpnicfAcfpRuleSrcIPV6Address -- Add a new node for hpnicfAcfpRuleSrcPrefixLen -- Add a new node for hpnicfAcfpRuleDstIPV6Address -- Add a new node for hpnicfAcfpRuleDstPrefixLen -- Add a new node for hpnicfAcfpRuleTrafficType -- Add a new node for hpnicfAcfpRuleTypeOrLen -- ================================================================== HPN-ICF-ACFP-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress, DisplayString FROM SNMPv2-TC Ipv6Address FROM IPV6-TC InetAddressPrefixLength FROM INET-ADDRESS-MIB hpnicfCommon FROM HPN-ICF-OID-MIB; -- -- Node definitions -- hpnicfAcfp MODULE-IDENTITY LAST-UPDATED "200607041936Z" ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "This MIB module defines a set of basic objects for configuring switches and routers to enable ACFP." REVISION "200607041936Z" DESCRIPTION "Initial version" ::= { hpnicfCommon 74 } hpnicfAcfpObjects OBJECT IDENTIFIER ::= { hpnicfAcfp 1 } hpnicfAcfpOAP OBJECT IDENTIFIER ::= { hpnicfAcfpObjects 1 } -- ACFP server information -- ACFP server should create this object and -- advertise its capability hpnicfAcfpServer OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 1 } hpnicfAcfpServerInfo OBJECT-TYPE SYNTAX BITS { ipserver(0), redirect(1), mirror(2), passThrough(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns a set of bits indicating the capabilities (or configuration) of the switch or router. The set bit is indication that a router or switch can support the action for security rule." ::= { hpnicfAcfpServer 1 } hpnicfAcfpServerMaxLifetime OBJECT-TYPE SYNTAX Integer32(0..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns the maximum lifetime in seconds, that this router or switch allows policy rules to have." ::= { hpnicfAcfpServer 2 } hpnicfAcfpServerPersistentRules OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When retrieved, this object returns true(1) if the ACFP MIB implementation can store policy rules persistently. Otherwise, it returns false(2)." ::= { hpnicfAcfpServer 3 } hpnicfAcfpServerCurContextType OBJECT-TYPE SYNTAX INTEGER { no-context(1), context-VLANID(2), context-HG(3), context-FlowID(4), context-HGPlus(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "In some circumstances, it's necessary that packets go to ACFP client with context from ACFP server. However, the context perhaps is different. hpnicfAcfpServerCurContextType is used to distinguish this difference, ACFP client may process distinctively." ::= { hpnicfAcfpServer 4 } -- ACFP client Information. -- This object is used for network management purpose. hpnicfAcfpClientInfo OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 2 } hpnicfAcfpClientInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfAcfpClientInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the basic information about ACFP client." ::= { hpnicfAcfpClientInfo 1 } hpnicfAcfpClientInfoEntry OBJECT-TYPE SYNTAX HpnicfAcfpClientInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This list contains the basic information about ACFP client." INDEX { hpnicfAcfpClientID } ::= { hpnicfAcfpClientInfoTable 1 } HpnicfAcfpClientInfoEntry ::= SEQUENCE { hpnicfAcfpClientID Integer32, hpnicfAcfpClientDescription DisplayString, hpnicfAcfpClientHwVersion DisplayString, hpnicfAcfpClientOSVersion DisplayString, hpnicfAcfpClientAppVersion DisplayString, hpnicfAcfpClientIP IpAddress, hpnicfAcfpClientMode BITS, hpnicfAcfpClientRowStatus RowStatus } hpnicfAcfpClientID OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of ACFP client." ::= { hpnicfAcfpClientInfoEntry 1 } hpnicfAcfpClientDescription OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Description of the application that is running on ACFP client, eg. IPS, VCX." ::= { hpnicfAcfpClientInfoEntry 2 } hpnicfAcfpClientHwVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The hardware revision of ACFP client." ::= { hpnicfAcfpClientInfoEntry 3 } hpnicfAcfpClientOSVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The operating system version running ACFP client." ::= { hpnicfAcfpClientInfoEntry 4 } hpnicfAcfpClientAppVersion OBJECT-TYPE SYNTAX DisplayString(SIZE(0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The application version running on ACFP client" ::= { hpnicfAcfpClientInfoEntry 5 } hpnicfAcfpClientIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "IP address of ACFP client." ::= { hpnicfAcfpClientInfoEntry 6 } hpnicfAcfpClientMode OBJECT-TYPE SYNTAX BITS { ipserver(0), redirect(1), mirror(2), passThrough(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "ACFP client informs Router or switch which mode it is operating. Router or switch checks hpnicfAcfpServerInfo to see whether it is capable of fulfilling this function. If not, router or switch generates a trap informing ACFP client such OAP mode is not supported." DEFVAL { 0 } ::= { hpnicfAcfpClientInfoEntry 7 } hpnicfAcfpClientRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: Node hpnicfAcfpClientMode must be bound while creating a row. It is optional for other nodes. ACFP module must be enabled for the server while creating a row. The number of rows created must not exceed upper limit. Modification Operation Restriction: Nodes that do not support modification: hpnicfAcfpClientMode. Nodes that support modification: hpnicfAcfpClientDescription, hpnicfAcfpClientHwVersion, hpnicfAcfpClientOSVersion, hpnicfAcfpClientAppVersion and hpnicfAcfpClientIP. If the row to be modified does not exist, error returns directly. Deletion Operation Restriction: If the row to be deleted does not exist, success returns directly. " ::= { hpnicfAcfpClientInfoEntry 8 } -- Policy Information applied to Router or switch hpnicfAcfpPolicy OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 3 } hpnicfAcfpPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfAcfpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all current policies for ACFP client(s). Entries in this table are created or removed implicitly when entries in the hpnicfAcfpRuleTable are created or removed, respectively. A policy entry in this table only exists as long as there is rule of this policy in the hpnicfAcfpRuleTable. The table serves for listing the existing policies and their remaining lifetimes and for changing lifetimes of policies and implicitly of all policy members and all their member policy rules can be deleted by setting hpnicfAcfpPolicyLifetime to 0." ::= { hpnicfAcfpPolicy 1 } hpnicfAcfpPolicyEntry OBJECT-TYPE SYNTAX HpnicfAcfpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list contains basic information of ACFP Policy." INDEX { hpnicfAcfpClientID, hpnicfAcfpPolicyIndex } ::= { hpnicfAcfpPolicyTable 1 } HpnicfAcfpPolicyEntry ::= SEQUENCE { hpnicfAcfpPolicyIndex Integer32, hpnicfAcfpPolicyInIfIndex Integer32, hpnicfAcfpPolicyOutIfIndex Integer32, hpnicfAcfpPolicyDestIfIndex Integer32, hpnicfAcfpPolicyContextID Integer32, hpnicfAcfpPolicyAdminStatus INTEGER, hpnicfAcfpPolicyLifetime Integer32, hpnicfAcfpPolicyTimeStart OCTET STRING, hpnicfAcfpPolicyTimeEnd OCTET STRING, hpnicfAcfpPolicyRowStatus RowStatus, hpnicfAcfpPolicyDestIfFailAction INTEGER, hpnicfAcfpPolicyPriority INTEGER } hpnicfAcfpPolicyIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of the Policy of ACFP client" ::= { hpnicfAcfpPolicyEntry 1 } hpnicfAcfpPolicyInIfIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Packet is received from this interface. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hpnicfAcfpPolicyEntry 2} hpnicfAcfpPolicyOutIfIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Packet is sent to this interface. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hpnicfAcfpPolicyEntry 3 } hpnicfAcfpPolicyDestIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Through this interface, packet go to ACFP client from ACFP server. The value of this object contains the same value of ifIndex of ifTable." DEFVAL {0} ::= { hpnicfAcfpPolicyEntry 4 } hpnicfAcfpPolicyContextID OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "Internal id ACFP server allocated used to map to the interface. ACFP server may send packet with this hpnicfAcfpPolicyContextID to ACFP client, ACFP client can make use of this hpnicfAcfpPolicyContextID and find the policy. " ::= { hpnicfAcfpPolicyEntry 5 } hpnicfAcfpPolicyAdminStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), -- policy is applied disable(2) -- policy is not applied } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the desired status of the policy." ::= { hpnicfAcfpPolicyEntry 6 } hpnicfAcfpPolicyLifetime OBJECT-TYPE SYNTAX Integer32(0..2147483647) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "When retrieved, this object delivers the maximum lifetime (seconds) of all the rules of this, i.e., of all the rows in hpnicfAcfpRuleTable that have the same values of hpnicfAcfpRulePolicyIndex and hpnicfAcfpClientID. Successfully writing to this object modifies the lifetime of all the rules of this. Successfully writing a value of 0 terminates all the rules and implicitly deletes this as soon as all member entries are removed from the hpnicfAcfpRuleTable. Note that after a lifetime expired, all the corresponding entry in the hpnicfAcfpRuleTable will be removed and this will be deleted implicitly. Writing to this object is processed by the ACFP MIB implementation by choosing a lifetime value that is greater than or equal to zero and less than or equal to the minimum of the requested value and the value specified by object hpnicfAcfpServerMaxLifetime: 0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum) whereas: lt_granted is the actually granted lifetime by the ACFP MIB implementation. lt_requested is the requested lifetime of the ACFP client. lt_maximum is the value of object hpnicfAcfpServerMaxLifetime. SNMP set requests to this object may be rejected or the value of the object after an accepted set operation may be less than the value that was contained in the SNMP set request." DEFVAL{ hpnicfAcfpServerMaxLifetime } ::= { hpnicfAcfpPolicyEntry 7 } hpnicfAcfpPolicyTimeStart OBJECT-TYPE SYNTAX OCTET STRING(SIZE(8)) MAX-ACCESS read-create STATUS current DESCRIPTION "Beginning time of this policy every day. Eg. HH:MM:SS" ::= { hpnicfAcfpPolicyEntry 8 } hpnicfAcfpPolicyTimeEnd OBJECT-TYPE SYNTAX OCTET STRING(SIZE(8)) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending time of this policy every day. Eg. HH:MM:SS" ::= { hpnicfAcfpPolicyEntry 9 } hpnicfAcfpPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: The client corresponding to the index hpnicfAcfpClientID must exist while creating a row. Nodes hpnicfAcfpPolicyTimeStart and hpnicfAcfpPolicyTimeEnd are bound together, and hpnicfAcfpPolicyTimeEnd must be greater than hpnicfAcfpPolicyTimeStart. The number of rows created on an incoming/outgoing interface cannot exceed the upper limit. The number of rows created cannot exceed the upper limit for each client. A packet matches a policy in the following order: - It first matches the policy with the highest priority. - For two policies with the same priority, it matches the one with the smallest client index. - For two policies with the same client index, it matches the one with the smallest policy index. Modification Operation Restriction: Nodes that do not support modification: hpnicfAcfpPolicyInIfIndex, hpnicfAcfpPolicyOutIfIndex, hpnicfAcfpPolicyDestIfIndex, hpnicfAcfpPolicyDestIfFailAction, hpnicfAcfpPolicyPriority. Nodes that support modification: hpnicfAcfpPolicyAdminStatus, hpnicfAcfpPolicyLifetime, hpnicfAcfpPolicyTimeStart and hpnicfAcfpPolicyTimeEnd. While modifying a row, if the row corresponding to the index configured does not exist, error returns directly. While modifying a node, the restriction over hpnicfAcfpPolicyTimeStart and hpnicfAcfpPolicyTimeEnd is the same as creating a node. Deletion Operation Restriction: If the row to be deleted does not exist, success returns directly. " ::= { hpnicfAcfpPolicyEntry 10 } hpnicfAcfpPolicyDestIfFailAction OBJECT-TYPE SYNTAX INTEGER { delete(1), -- delete all rules of the policy from driver reserve(2) -- reserve all rules of the policy in driver } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the action of the policy when the destination interface failed." DEFVAL { 1 } ::= { hpnicfAcfpPolicyEntry 11 } hpnicfAcfpPolicyPriority OBJECT-TYPE SYNTAX INTEGER { priority1(1), -- Priority 1 (MIN) priority2(2), -- Priority 2 priority3(3), -- Priority 3 priority4(4), -- Priority 4 priority5(5), -- Priority 5 priority6(6), -- Priority 6 priority7(7), -- Priority 7 priority8(8) -- Priority 8 (MAX) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates the priority of the policy. Priority8 is maximal priority. Priority1 is minimal priority." DEFVAL { 4 } ::= { hpnicfAcfpPolicyEntry 12 } -- Individual Rule policy Information applied to Router or switch hpnicfAcfpRule OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 4 } hpnicfAcfpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfAcfpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all the rules. It is indexed by hpnicfAcfpClientID, hpnicfAcfpRulePolicyIndex and hpnicfAcfpRuleIndex. Entries can be deleted by writing hpnicfAcfpPolicyLifetime to 0." ::= { hpnicfAcfpRule 1 } hpnicfAcfpRuleEntry OBJECT-TYPE SYNTAX HpnicfAcfpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list contains basic information of the rule." INDEX { hpnicfAcfpClientID, hpnicfAcfpPolicyIndex, hpnicfAcfpRuleIndex } ::= { hpnicfAcfpRuleTable 1 } HpnicfAcfpRuleEntry ::= SEQUENCE { hpnicfAcfpRuleIndex Integer32, hpnicfAcfpRuleOperStatus INTEGER, hpnicfAcfpRuleAction INTEGER, hpnicfAcfpRuleAll TruthValue, hpnicfAcfpRuleSrcMAC MacAddress, hpnicfAcfpRuleDstMAC MacAddress, hpnicfAcfpRuleVlanStart Integer32, hpnicfAcfpRuleVlanEnd Integer32, hpnicfAcfpRuleProtocol Integer32, hpnicfAcfpRuleSrcIP IpAddress, hpnicfAcfpRuleSrcIPMask IpAddress, hpnicfAcfpRuleSrcOp INTEGER, hpnicfAcfpRuleSrcStartPort Integer32, hpnicfAcfpRuleSrcEndPort Integer32, hpnicfAcfpRuleDstIP IpAddress, hpnicfAcfpRuleDstIPMask IpAddress, hpnicfAcfpRuleDstOp INTEGER, hpnicfAcfpRuleDstStartPort Integer32, hpnicfAcfpRuleDstEndPort Integer32, hpnicfAcfpRulePrecedence Integer32, hpnicfAcfpRuleTos Integer32, hpnicfAcfpRuleDscp Integer32, hpnicfAcfpRuleEstablish TruthValue, hpnicfAcfpRuleFragment TruthValue, hpnicfAcfpRulePacketRate Integer32, hpnicfAcfpRuleRowStatus RowStatus, hpnicfAcfpRuleTCPFlag Integer32, hpnicfAcfpRuleSrcIPV6Address Ipv6Address, hpnicfAcfpRuleSrcPrefixLen InetAddressPrefixLength, hpnicfAcfpRuleDstIPV6Address Ipv6Address, hpnicfAcfpRuleDstPrefixLen InetAddressPrefixLength, hpnicfAcfpRuleTrafficType BITS, hpnicfAcfpRuleTypeOrLen Integer32 } hpnicfAcfpRuleIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of the rules which have the same hpnicfAcfpPolicyIndex and hpnicfAcfpClientID.hpnicfAcfpRuleIndex indicates rule sequence in the same policy." ::= { hpnicfAcfpRuleEntry 1 } hpnicfAcfpRuleOperStatus OBJECT-TYPE SYNTAX INTEGER { success(1), -- rule applied successfully to interface fail(2) -- rule failed to apply to interface } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object indicates the status of a rule. success : Applied rule to interface successfully. fail : Failed to apply rule to interface. " DEFVAL { fail } ::= { hpnicfAcfpRuleEntry 2 } hpnicfAcfpRuleAction OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2), redirect(3), mirror(4), rate(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of this rule." ::= { hpnicfAcfpRuleEntry 3 } hpnicfAcfpRuleAll OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The rule match all packet or does not. true : all false : not all " DEFVAL { false } ::= { hpnicfAcfpRuleEntry 4 } hpnicfAcfpRuleSrcMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source MAC of this rule." ::= { hpnicfAcfpRuleEntry 5 } hpnicfAcfpRuleDstMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination MAC of this rule." ::= { hpnicfAcfpRuleEntry 6 } hpnicfAcfpRuleVlanStart OBJECT-TYPE SYNTAX Integer32(0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting VLAN id of this rule. 0 : Invalid value" DEFVAL { 0 } ::= { hpnicfAcfpRuleEntry 7 } hpnicfAcfpRuleVlanEnd OBJECT-TYPE SYNTAX Integer32(0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending VLAN id of this rule. 0 : Invalid value" DEFVAL { 0 } ::= { hpnicfAcfpRuleEntry 8 } hpnicfAcfpRuleProtocol OBJECT-TYPE SYNTAX Integer32(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol-type of this rule. <0-255> Protocol number gre GRE tunneling(47) icmp Internet Control Message Protocol(1) igmp Internet Management Protocol(2) ip Any IP protocol(0) ipinip IP in IP tunneling(4) ospf OSPF routing protocol(89) tcp Transmission Control Protocol (6) udp User Datagram Protocol (17) " DEFVAL { 0 } ::= { hpnicfAcfpRuleEntry 9 } hpnicfAcfpRuleSrcIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP address of this rule." ::= { hpnicfAcfpRuleEntry 10 } hpnicfAcfpRuleSrcIPMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address wild of this rule. Eg. 0.0.0.255." ::= { hpnicfAcfpRuleEntry 11 } hpnicfAcfpRuleSrcOp OBJECT-TYPE SYNTAX INTEGER { equal(1), notEqual(2), lessThan(3), greaterThan(4), range(5), invalid(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "Source Port operation for this rule" DEFVAL { invalid } ::= { hpnicfAcfpRuleEntry 12 } hpnicfAcfpRuleSrcStartPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting UDP/TCP Source Port number of this rule." ::= { hpnicfAcfpRuleEntry 13 } hpnicfAcfpRuleSrcEndPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending UDP/TCP Source Port of this rule." ::= { hpnicfAcfpRuleEntry 14 } hpnicfAcfpRuleDstIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP address of this rule." ::= { hpnicfAcfpRuleEntry 15 } hpnicfAcfpRuleDstIPMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address wild of this rule. Eg. 0.0.0.255" ::= { hpnicfAcfpRuleEntry 16 } hpnicfAcfpRuleDstOp OBJECT-TYPE SYNTAX INTEGER { equal(1), nonEqual(2), lessThan(3), greaterThan(4), range(5), invalid(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "Destination Port operation for this rule" DEFVAL { invalid } ::= { hpnicfAcfpRuleEntry 17 } hpnicfAcfpRuleDstStartPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Starting UDP/TCP Destination Port number of this rule." ::= { hpnicfAcfpRuleEntry 18 } hpnicfAcfpRuleDstEndPort OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Ending UDP/TCP Destination Port of this rule." ::= { hpnicfAcfpRuleEntry 19 } hpnicfAcfpRulePrecedence OBJECT-TYPE SYNTAX Integer32(0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of precedence field in IP header. <255> Invalid value <0-7> value of precedence routine(0) Routine precedence priority(1) Priority precedence immediate(2) Immediate precedence flash(3) Flash precedence flash-override(4) Flash Override precedence critical(5) Critical precedence internet(6) Network Control precedence network(7) Internetwork Control precedence " DEFVAL { 255 } ::= { hpnicfAcfpRuleEntry 20 } hpnicfAcfpRuleTos OBJECT-TYPE SYNTAX Integer32(0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of TOS field in IP header. <255> Invalid value <0-15> value of ToS (Type of Service) Normal(0) normal service min-monetary-cost(1) minimum monetary cost max-reliability(2) maximum reliability max-throughput(4) maximum throughput min-delay(8) minimum delay " DEFVAL { 255 } ::= { hpnicfAcfpRuleEntry 21 } hpnicfAcfpRuleDscp OBJECT-TYPE SYNTAX Integer32(0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of DSCP. <255> Invalid value <0-63> value of DSCP Be(0) best effort af11(10) assured forwarding 11 service af12(12) assured forwarding 12 service af13(14) assured forwarding 13 service af21(18) assured forwarding 18 service af22(20) assured forwarding 20 service af23(22) assured forwarding 22 service af31(26) assured forwarding 31 service af32(28) assured forwarding 32 service af33(30) assured forwarding 33 service af41(34) assured forwarding 41 service af42(36) assured forwarding 42 service af43(38) assured forwarding 43 service cs1(8) class selector 1 service cs2(16) class selector 2 service cs3(24) class selector 3 service cs4(32) class selector 4 service cs5(40) class selector 5 service cs6(48) class selector 6 service cs7(56) class selector 7 service ef(46) expedited forwarding service " DEFVAL { 255 } ::= { hpnicfAcfpRuleEntry 22 } hpnicfAcfpRuleEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS deprecated DESCRIPTION "Establish Flag. Matches the TCP packets with the ACK and/or RST flag, including the TCP packets of these types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK." DEFVAL { false } ::= { hpnicfAcfpRuleEntry 23 } hpnicfAcfpRuleFragment OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packet." DEFVAL { false } ::= { hpnicfAcfpRuleEntry 24 } hpnicfAcfpRulePacketRate OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Packet rate (Kbps) of this rule." ::= { hpnicfAcfpRuleEntry 25 } hpnicfAcfpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, supports three states: createAndGo, active, destroy. Creation Operation Restriction: Node hpnicfAcfpRuleAction must be bound while creating a line. Nodes hpnicfAcfpRuleAll and hpnicfAcfpRuleProtocol, hpnicfAcfpRuleSrcIP, hpnicfAcfpRuleSrcIPMask, hpnicfAcfpRuleDstIP, hpnicfAcfpRuleSrcOp, hpnicfAcfpRuleSrcStartPort, hpnicfAcfpRuleSrcEndPort, hpnicfAcfpRuleDstIP, hpnicfAcfpRuleDstIPMask, hpnicfAcfpRuleDstOp, hpnicfAcfpRuleDstStartPort, hpnicfAcfpRuleDstEndPort, hpnicfAcfpRulePrecedence, hpnicfAcfpRuleTos, hpnicfAcfpRuleDscp, hpnicfAcfpRuleTCPFlag, hpnicfAcfpRuleFragment are mutually exclusive. Nodes hpnicfAcfpRuleSrcIP and hpnicfAcfpRuleSrcIPMask are bound together, otherwise, the source IP address is neglected. The restriction over hpnicfAcfpRuleDstIP and hpnicfAcfpRuleDstIPMask is the same as hpnicfAcfpRuleSrcIP and hpnicfAcfpRuleSrcIPMask. Nodes hpnicfAcfpRuleDscp and hpnicfAcfpRulePrecedence, hpnicfAcfpRuleTos are mutually exclusive. If the node hpnicfAcfpRuleSrcOp is bound to range(5), hpnicfAcfpRuleSrcStartPort and hpnicfAcfpRuleSrcEndPort must be bound together, and hpnicfAcfpRuleSrcEndPort must be greater than hpnicfAcfpRuleSrcStartPort. If the node hpnicfAcfpRuleSrcOp is bound to equal(1), notEqual(2), lessThan(3) or greaterThan(4), hpnicfAcfpRuleSrcStartPort must be bound together, and hpnicfAcfpRuleSrcEndPort is neglected. The restriction over hpnicfAcfpRuleDstOp, hpnicfAcfpRuleDstStartPort and hpnicfAcfpRuleDstEndPort is the same as hpnicfAcfpRuleSrcOp, hpnicfAcfpRuleSrcStartPort and hpnicfAcfpRuleSrcEndPort. If the node hpnicfAcfpRuleAction is bound to redirect(3) or mirror(4), the destination interfaces of the policy the rule belonging to must exist; The number of rows created cannot exceed the upper limit for each policy, each inbound interface and each outbound interface. Modification Operation Restriction: The row does not support modification. Deletion Operation Restriction If the row to be deleted does not exist, success returns directly. " ::= { hpnicfAcfpRuleEntry 26 } hpnicfAcfpRuleTCPFlag OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "TCP Flag. <0> don't care for TCP flag to match packets <1-65535> care for TCP flag to match packets, the value is combination of next list. URG_VALID (1 << 13) URG_SET (1 << 5) ACK_VALID (1 << 12) ACK_SET (1 << 4) PSH_VALID (1 << 11) PSH_SET (1 << 3) RST_VALID (1 << 10) RST_SET (1 << 2) SYN_VALID (1 << 9) SYN_SET (1 << 1) FIN_VALID (1 << 8) FIN_SET 1 Matches the TCP packets with the URG and/or ACK and/or PSH and/or RST and/or SYN and/or FIN flag, including the TCP packets of these types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK." DEFVAL { 0 } ::= { hpnicfAcfpRuleEntry 27 } hpnicfAcfpRuleSrcIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv6 address of this rule." ::= { hpnicfAcfpRuleEntry 28 } hpnicfAcfpRuleSrcPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv6 address prefix length of this rule. Eg. 64." ::= { hpnicfAcfpRuleEntry 29 } hpnicfAcfpRuleDstIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv6 address of this rule." ::= { hpnicfAcfpRuleEntry 30 } hpnicfAcfpRuleDstPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv6 address prefix length of this rule. Eg. 64." ::= { hpnicfAcfpRuleEntry 31 } hpnicfAcfpRuleTrafficType OBJECT-TYPE SYNTAX BITS { unicast(0), multicast(1), broadcast(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Traffic type of this rule. When retrieved, this object returns a set of bits indicating the traffic type." ::= { hpnicfAcfpRuleEntry 32 } hpnicfAcfpRuleTypeOrLen OBJECT-TYPE SYNTAX Integer32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The type or length of ethernet packet. For Ethernet II encapsulation, it stands for packet type. For 802.3 encapsulation, it stands for packet length." ::= { hpnicfAcfpRuleEntry 33 } -- Notifications. The definition of hpnicfAcfpNotifications makes notification -- registrations reversible (see STD 58, RFC 2578, section 8.5). hpnicfAcfpNotifications OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 5 } hpnicfAcfpCurContextChanged NOTIFICATION-TYPE OBJECTS { hpnicfAcfpServerCurContextType } STATUS current DESCRIPTION "This notification is sent when router or switch changed hpnicfAcfpServerCurContextType." ::= { hpnicfAcfpNotifications 1 } hpnicfAcfpClientRegister NOTIFICATION-TYPE OBJECTS { hpnicfAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is registered." ::= { hpnicfAcfpNotifications 2 } hpnicfAcfpClientUnRegister NOTIFICATION-TYPE OBJECTS { hpnicfAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is unregistered." ::= { hpnicfAcfpNotifications 3 } hpnicfAcfpClientDead NOTIFICATION-TYPE OBJECTS { hpnicfAcfpClientID } STATUS current DESCRIPTION "This notification is sent when the ACFP client is not responding." ::= { hpnicfAcfpNotifications 4 } hpnicfAcfpNotSupportedOAPMode NOTIFICATION-TYPE OBJECTS { hpnicfAcfpClientID, hpnicfAcfpClientMode, hpnicfAcfpServerInfo } STATUS current DESCRIPTION "This notification is sent when router or switch cannot support OAP mode that ACFP client wants to operate on." ::= { hpnicfAcfpNotifications 5 } hpnicfAcfpLifetimeChangeEvent NOTIFICATION-TYPE OBJECTS { hpnicfAcfpPolicyLifetime } STATUS current DESCRIPTION "This notification can be generated for indicating that The lifetime of all member rules of the was changed by successfully writing to object hpnicfAcfpPolicyLifetime. Note that this notification is only sent if the lifetime of a policy was changed by successfully writing to object hpnicfAcfpPolicyLifetime." ::= { hpnicfAcfpNotifications 6 } hpnicfAcfpRuleCreatedEvent NOTIFICATION-TYPE OBJECTS { hpnicfAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when a new rule is created." ::= { hpnicfAcfpNotifications 7 } hpnicfAcfpRuleDeletedEvent NOTIFICATION-TYPE OBJECTS { hpnicfAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when a rule is deleted." ::= { hpnicfAcfpNotifications 8 } hpnicfAcfpRuleErrorEvent NOTIFICATION-TYPE OBJECTS { hpnicfAcfpRuleIndex } STATUS current DESCRIPTION "This notification is sent when rule cannot be applied." ::= { hpnicfAcfpNotifications 9 } hpnicfAcfpLifetimeExpireEvent NOTIFICATION-TYPE OBJECTS { hpnicfAcfpPolicyLifetime } STATUS current DESCRIPTION "This notification is sent when the time of the policy existed exceeds its lifetime." ::= { hpnicfAcfpNotifications 10 } END