module H3C-acl-config { namespace "http://www.h3c.com/netconf/config:1.0-ACL"; prefix "acl-config"; import comware-basetype { prefix "base"; } organization "NEW H3C Technologies Co., Ltd."; contact "Website: http://www.h3c.com"; description "The module entities for acl config."; revision 2023-11-02 { description "Synchronize the modification of the schema file to the YANG file."; } revision 2023-10-18 { description "Synchronize the modification of the schema file to the YANG file."; } revision 2021-11-03 { description "Initial revision."; } container ACL { container Groups { description "ACL groups table. This table supports creating rows."; list Group { description "ACL group row."; key "GroupType GroupID"; leaf GroupType { type enumeration { enum 1; enum 2; enum 3; enum 4; } description "Group type. 1: IPv4, 2: IPv6, 3: MAC, 4: User-defined."; } leaf GroupID { type base:Basetype_UnsignedInteger32 { range "2000..5999"; } description "Group ID. IPv4: 2000~5999, IPv6: 2000~3999."; } leaf MatchOrder { type enumeration { enum 1; enum 2; } description "Match order. 1: config, 2: auto. Default: config."; } leaf Step { type base:Basetype_UnsignedInteger32 { range "1..20"; } description "Step length, range from 1 to 20. Default: 5."; } leaf Name { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,62}"; } description "Name of the ACL group, a case-insensitive string of 1 to 63 characters."; } leaf Description { type base:Basetype_Text { length "1..127"; } description "Description of the ACL group, a string of 1 to 127 characters."; } } } container NamedGroups { description "ACL named groups table. This table supports creating rows."; list Group { description "ACL group row."; key "GroupType GroupCategory GroupIndex"; leaf GroupType { type enumeration { enum 1; enum 2; enum 3; enum 4; } description "Group type. 1: IPv4, 2: IPv6, 3: MAC, 4: User-defined."; } leaf GroupCategory { type enumeration { enum 0; enum 1; enum 2; } description "Group type. 0: invalid, 1: basic, 2: advanced."; } leaf GroupIndex { type base:Basetype_String { pattern "([2345][0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 2000 to 5999."; } leaf MatchOrder { type enumeration { enum 1; enum 2; } description "Match order. 1: config, 2: auto. Default: config."; } leaf Step { type base:Basetype_UnsignedInteger32 { range "1..20"; } description "Step length, range from 1 to 20. Default: 5."; } leaf Description { type base:Basetype_Text { length "1..127"; } description "Description of the ACL group, a string of 1 to 127 characters."; } leaf Name { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,62}"; } description "Name of the ACL group, a case-insensitive string of 1 to 63 characters."; } } } container IPv4BasicRules { description "Table of IPv4 basic ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "2000..2999"; } description "Group ID. Range from 2000 to 2999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any IP address."; } container SrcIPv4 { description "Source IP, including SrcIPv4Addr and SrcIPv4Wildcard."; leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IP address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IP wildcard."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container IPv4NamedBasicRules { description "Table of named IPv4 basic ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(2[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 2000 to 2999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any IP address."; } container SrcIPv4 { description "Source IP, including SrcIPv4Addr and SrcIPv4Wildcard."; leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IP address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IP wildcard."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container IPv6BasicRules { description "Table of IPv6 basic ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "2000..2999"; } description "Group ID. Range from 2000 to 2999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv6 address."; } container SrcIPv6 { description "Source IPv6, including SrcIPv6Address and SrcIPv6Prefix."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf RoutingTypeAny { type base:Basetype_Boolean; description "The flag of matching any routing header type."; } leaf RoutingTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of routing header type."; } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container IPv6NamedBasicRules { description "Table of named IPv6 basic ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(2[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 2000 to 2999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv6 address."; } container SrcIPv6 { description "Source IPv6, including SrcIPv6Address and SrcIPv6Prefix."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf RoutingTypeAny { type base:Basetype_Boolean; description "The flag of matching any routing header type."; } leaf RoutingTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of routing header type."; } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container IPv4AdvanceRules { description "Table of IPv4 advance ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "3000..3999"; } description "Group ID. Range from 3000 to 3999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv4 address."; } container SrcIPv4 { leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv4 address."; } container DstIPv4 { leaf DstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf DstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } leaf DstObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination object group name"; } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IP packet."; } container DSCPRange { leaf StartDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of the start DSCP of IP packet."; } leaf EndDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of the end DSCP of IP packet."; } } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf Precedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of IP packet's precedence."; } leaf TOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of IP packet's TOS."; } container SrcPort { description "Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } leaf SrcPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Source port object group name"; } container DstPort { description "Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf DstPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination port object group name"; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } container ICMP { leaf ICMPType { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The ICMP message type."; } leaf ICMPCode { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "The ICMP message code. 256 is invalid value."; } } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf QoSLocalID { type base:Basetype_UnsignedInteger32 { range "1..4095"; } } leaf EncapType { type enumeration { enum 1; enum 2; enum 3; } description "Encap Type. 1: VXLAN, 2: GRE-ENCAP, 3: IPINIP-ENCAP."; } leaf VxlanID { type base:Basetype_UnsignedInteger32 { range "0..16777215"; } } leaf InProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner protocol type of packets, 256 indicates IP family."; } leaf InSrcAny { type base:Basetype_Boolean; description "The flag of matching any inner-source IPv4 address."; } container InSrcIPv4 { leaf InSrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf InSrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } leaf InDstAny { type base:Basetype_Boolean; description "The flag of matching any inner-destination IPv4 address."; } container InDstIPv4 { leaf InDstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf InDstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } container InSrcPort { description "Inner-Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf InSrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InSrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf InSrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container InDstPort { description "Inner-Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf InDstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InDstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf InDstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf InEstablished { type base:Basetype_Boolean; description "The flags that indicating the established status of a Inner TCP connection."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } leaf UserGroup { type base:Basetype_String { length "1..32"; } description "Specifies a user group for the rule, a case-insensitive string of 1 to 32 characters."; } leaf FragmentType { type enumeration { enum 0; enum 1; enum 2; enum 3; } description "first-fragment | non-frag | non-or-first-frag | any-frag"; } leaf UserGroupAny { type base:Basetype_Boolean; description "Match any user group."; } container Ttl { description "TTL information, including TtlOp, TtlValue1 and TtlValue2."; leaf TtlOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Ttl operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf TtlValue1 { type base:Basetype_UnsignedInteger32 { range "1..255"; } description "The value of start ttl value."; } leaf TtlValue2 { type base:Basetype_UnsignedInteger32 { range "1..256"; } description "The value of end ttl value; 256 is invalid value."; } } container PktLength { description "PktLength information, including PktLengthOp, PktLengthValue1 and PktLengthValue2."; leaf PktLengthOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "PktLength operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf PktLengthValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of start PktLength value."; } leaf PktLengthValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of end PktLength value; 65536 is invalid value."; } } } } container IPv4NamedAdvanceRules { description "Table of named IPv4 advance ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(3[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 3000 to 3999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv4 address."; } container SrcIPv4 { leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv4 address."; } container DstIPv4 { leaf DstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf DstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } leaf DstObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination object group name"; } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IP packet."; } container DSCPRange { leaf StartDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of the start DSCP of IP packet."; } leaf EndDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of the end DSCP of IP packet."; } } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf Precedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of IP packet's precedence."; } leaf TOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of IP packet's TOS."; } container SrcPort { description "Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } leaf SrcPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Source port object group name"; } container DstPort { description "Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf DstPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination port object group name"; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } container ICMP { leaf ICMPType { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The ICMP message type."; } leaf ICMPCode { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "The ICMP message code. 256 is invalid value."; } } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf QoSLocalID { type base:Basetype_UnsignedInteger32 { range "1..4095"; } } leaf EncapType { type enumeration { enum 1; enum 2; enum 3; } description "Encap Type. 1: VXLAN, 2: GRE-ENCAP, 3: IPINIP-ENCAP."; } leaf VxlanID { type base:Basetype_UnsignedInteger32 { range "0..16777215"; } } leaf InProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner protocol type of packets, 256 indicates IP family."; } leaf InSrcAny { type base:Basetype_Boolean; description "The flag of matching any inner-source IPv4 address."; } container InSrcIPv4 { leaf InSrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf InSrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } leaf InDstAny { type base:Basetype_Boolean; description "The flag of matching any inner-destination IPv4 address."; } container InDstIPv4 { leaf InDstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf InDstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } container InSrcPort { description "Inner-Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf InSrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InSrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf InSrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container InDstPort { description "Inner-Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf InDstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InDstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf InDstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf InEstablished { type base:Basetype_Boolean; description "The flags that indicating the established status of a Inner TCP connection."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } leaf UserGroup { type base:Basetype_String { length "1..32"; } description "Specifies a user group for the rule, a case-insensitive string of 1 to 32 characters."; } leaf UserGroupAny { type base:Basetype_Boolean; description "Match any user group."; } leaf FragmentType { type enumeration { enum 0; enum 1; enum 2; enum 3; } description "first-fragment | non-frag | non-or-first-frag | any-frag"; } container Ttl { description "TTL information, including TtlOp, TtlValue1 and TtlValue2."; leaf TtlOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Ttl operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf TtlValue1 { type base:Basetype_UnsignedInteger32 { range "1..255"; } description "The value of start ttl value."; } leaf TtlValue2 { type base:Basetype_UnsignedInteger32 { range "1..256"; } description "The value of end ttl value; 256 is invalid value."; } } container PktLength { description "PktLength information, including PktLengthOp, PktLengthValue1 and PktLengthValue2."; leaf PktLengthOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "PktLength operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf PktLengthValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of start PktLength value."; } leaf PktLengthValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of end PktLength value; 65536 is invalid value."; } } } } container IPv6AdvanceRules { description "Table of IPv6 advance ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "3000..3999"; } description "Group ID. Range from 3000 to 3999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv6 address."; } container SrcIPv6 { description "Source IPv6."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv6 address."; } container DstIPv6 { description "Destination IPv6."; leaf DstIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Destination IPv6 address."; } leaf DstIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of destination IPv6 address."; } } leaf DstObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination object group name"; } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IPv6 packet."; } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf FlowLabel { type base:Basetype_UnsignedInteger32 { range "0..1048575"; } description "The value of flow label of IPv6 packet header."; } leaf RoutingTypeAny { type base:Basetype_Boolean; description "The flag of matching any routing header type."; } leaf RoutingTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of routing header type."; } container SrcPort { leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } leaf SrcPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Source port object group name"; } container DstPort { leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf DstPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination port object group name"; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } container ICMP6 { leaf ICMP6Type { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The ICMPv6 message type."; } leaf ICMP6Code { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "The ICMPv6 message code. 256 is invalid value."; } } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf HopTypeAny { type base:Basetype_Boolean; description "The flag of matching any hop type."; } leaf HopTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of hop type which is in the range of 0 to 255."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf QoSLocalID { type base:Basetype_UnsignedInteger32 { range "1..4095"; } } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } leaf UserGroup { type base:Basetype_String { length "1..32"; } description "Specifies a user group for the rule, a case-insensitive string of 1 to 32 characters."; } leaf UserGroupAny { type base:Basetype_Boolean; description "Match any user group."; } leaf FragmentType { type enumeration { enum 0; enum 1; enum 2; enum 3; } description "first-fragment | non-frag | non-or-first-frag | any-frag"; } container Ttl { description "TTL information, including TtlOp, TtlValue1 and TtlValue2."; leaf TtlOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Ttl operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf TtlValue1 { type base:Basetype_UnsignedInteger32 { range "1..255"; } description "The value of start ttl value."; } leaf TtlValue2 { type base:Basetype_UnsignedInteger32 { range "1..256"; } description "The value of end ttl value; 256 is invalid value."; } } container PktLength { description "PktLength information, including PktLengthOp, PktLengthValue1 and PktLengthValue2."; leaf PktLengthOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "PktLength operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf PktLengthValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of start PktLength value."; } leaf PktLengthValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of end PktLength value; 65536 is invalid value."; } } } } container IPv6NamedAdvanceRules { description "Table of named IPv6 advance ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(3[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 3000 to 3999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv6 address."; } container SrcIPv6 { description "Source IPv6."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcObjectGroup { type base:Basetype_String { length "0..63"; } description "Source object group name"; } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv6 address."; } container DstIPv6 { description "Destination IPv6."; leaf DstIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Destination IPv6 address."; } leaf DstIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of destination IPv6 address."; } } leaf DstObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination object group name"; } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IPv6 packet."; } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf FlowLabel { type base:Basetype_UnsignedInteger32 { range "0..1048575"; } description "The value of flow label of IPv6 packet header."; } leaf RoutingTypeAny { type base:Basetype_Boolean; description "The flag of matching any routing header type."; } leaf RoutingTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of routing header type."; } container SrcPort { leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } leaf SrcPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Source port object group name"; } container DstPort { leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf DstPortObjectGroup { type base:Basetype_String { length "0..63"; } description "Destination port object group name"; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } container ICMP6 { leaf ICMP6Type { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The ICMPv6 message type."; } leaf ICMP6Code { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "The ICMPv6 message code. 256 is invalid value."; } } leaf Fragment { type base:Basetype_Boolean; description "The flag of matching fragmented packet. 0: the rule applies to all fragments and non-fragments, 1: the rule applies to only non-first fragments."; } leaf HopTypeAny { type base:Basetype_Boolean; description "The flag of matching any hop type."; } leaf HopTypeValue { type base:Basetype_UnsignedInteger32 { range "0..255"; } description "The value of hop type which is in the range of 0 to 255."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } leaf QoSLocalID { type base:Basetype_UnsignedInteger32 { range "1..4095"; } } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Logging { type base:Basetype_Boolean; description "Logs matching packets."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } leaf UserGroup { type base:Basetype_String { length "1..32"; } description "Specifies a user group for the rule, a case-insensitive string of 1 to 32 characters."; } leaf UserGroupAny { type base:Basetype_Boolean; description "Match any user group."; } leaf FragmentType { type enumeration { enum 0; enum 1; enum 2; enum 3; } description "first-fragment | non-frag | non-or-first-frag | any-frag"; } container Ttl { description "TTL information, including TtlOp, TtlValue1 and TtlValue2."; leaf TtlOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Ttl operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf TtlValue1 { type base:Basetype_UnsignedInteger32 { range "1..255"; } description "The value of start ttl value."; } leaf TtlValue2 { type base:Basetype_UnsignedInteger32 { range "1..256"; } description "The value of end ttl value; 256 is invalid value."; } } container PktLength { description "PktLength information, including PktLengthOp, PktLengthValue1 and PktLengthValue2."; leaf PktLengthOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "PktLength operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf PktLengthValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of start PktLength value."; } leaf PktLengthValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of end PktLength value; 65536 is invalid value."; } } } } container MACRules { description "Table of MAC ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "4000..4999"; } description "Group ID. Range from 4000 to 4999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } container SrcMACAddr { leaf SrcMACAddress { type base:Basetype_MacAddress; } leaf SrcMACMask { type base:Basetype_MacAddress; } } container DstMACAddr { leaf DstMACAddress { type base:Basetype_MacAddress; } leaf DstMACMask { type base:Basetype_MacAddress; } } leaf COS { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "802.1p priority."; } container Protocol { description "Protocol in the Ethernet frame header."; leaf ProtocolType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of protocol in the Ethernet frame header."; } leaf ProtocolTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of protocol in the Ethernet frame header."; } } container LSAP { leaf LSAPType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of LSAP"; } leaf LSAPTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of LSAP."; } } leaf EncapType { type enumeration { enum 1; } description "Encap Type. 1: VXLAN"; } leaf VxlanID { type base:Basetype_UnsignedInteger32 { range "0..16777215"; } } container InSrcMACAddr { leaf InSrcMACAddress { type base:Basetype_MacAddress; } leaf InSrcMACMask { type base:Basetype_MacAddress; } } container InDstMACAddr { leaf InDstMACAddress { type base:Basetype_MacAddress; } leaf InDstMACMask { type base:Basetype_MacAddress; } } container InProtocol { description "Inner protocol in the Ethernet frame header."; leaf InProtocolType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of protocol in the Ethernet frame header."; } leaf InProtocolTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of protocol in the Ethernet frame header."; } } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container MACNamedRules { description "Table of named MAC ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(4[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 4000 to 4999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } container SrcMACAddr { leaf SrcMACAddress { type base:Basetype_MacAddress; } leaf SrcMACMask { type base:Basetype_MacAddress; } } container DstMACAddr { leaf DstMACAddress { type base:Basetype_MacAddress; } leaf DstMACMask { type base:Basetype_MacAddress; } } leaf COS { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "802.1p priority."; } container Protocol { description "Protocol in the Ethernet frame header."; leaf ProtocolType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of protocol in the Ethernet frame header."; } leaf ProtocolTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of protocol in the Ethernet frame header."; } } container LSAP { leaf LSAPType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of LSAP"; } leaf LSAPTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of LSAP."; } } leaf EncapType { type enumeration { enum 1; } description "Encap Type. 1: VXLAN"; } leaf VxlanID { type base:Basetype_UnsignedInteger32 { range "0..16777215"; } } container InSrcMACAddr { leaf InSrcMACAddress { type base:Basetype_MacAddress; } leaf InSrcMACMask { type base:Basetype_MacAddress; } } container InDstMACAddr { leaf InDstMACAddress { type base:Basetype_MacAddress; } leaf InDstMACMask { type base:Basetype_MacAddress; } } container InProtocol { description "Inner protocol in the Ethernet frame header."; leaf InProtocolType { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The type of protocol in the Ethernet frame header."; } leaf InProtocolTypeMask { type base:Basetype_String { pattern "[a-fA-F0-9]{1,4}"; } description "The mask of protocol in the Ethernet frame header."; } } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf Counting { type base:Basetype_Boolean; description "Counts times the ACL rule has been matched."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } } } container UserRules { description "Table of the user ACL rules. This table supports creating rows."; list Rule { key "GroupID RuleID"; leaf GroupID { type base:Basetype_UnsignedInteger32 { range "5000..5999"; } description "Group ID. Range from 5000 to 5999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } container L2Rule { description "Specifies that the offset is relative to the beginning of the Layer 2 frame header."; leaf L2RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L2RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L2Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container IPv4Rule { description "Specifies that the offset is relative to the beginning of the IPv4 header."; leaf IPv4RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf IPv4RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf IPv4Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container IPv6Rule { description "Specifies that the offset is relative to the beginning of the IPv6 header."; leaf IPv6RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf IPv6RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf IPv6Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container L4Rule { description "Specifies that the offset is relative to the beginning of the Layer 4 header."; leaf L4RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L4RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L4Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container L5Rule { description "Specifies that the offset is relative to the beginning of the Layer 5 header."; leaf L5RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L5RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L5Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } leaf UdfFormat { type enumeration { enum 1; enum 2; enum 3; } description "udf packet format type. 1: INT, 2:raw-ip."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf IPv6ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf DualStackProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf EncapType { type enumeration { enum 5; enum 6; enum 7; enum 8; } description "Encap Type. 5: srv6-l2vpn-be, 6: srv6-l2vpn-te, 7: srv6-l3vpn-be, 8: srv6-l3vpn-te."; } container SRv6 { leaf SegmentLeft { type base:Basetype_UnsignedInteger32; description "Segment left."; } leaf SegmentList { type base:Basetype_UnsignedInteger32; description "Segment list."; } } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv4 address."; } container SrcIPv4 { leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } container SrcIPv6 { description "Source IPv6."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv4 address."; } container DstIPv4 { leaf DstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf DstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } container DstIPv6 { description "Destination IPv6."; leaf DstIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Destination IPv6 address."; } leaf DstIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of destination IPv6 address."; } } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } container SrcPort { description "Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container DstPort { description "Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IP packet."; } leaf Precedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of IP packet's precedence."; } leaf TOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of IP packet's TOS."; } leaf InVlantag { type enumeration { enum 0; enum 1; enum 2; } description "Inner Vlan Tag. 0: none, 1: single, 2: double."; } leaf InServiceVlan { type base:Basetype_VlanRange; description "Inner Service Vlan."; } leaf InCustomVlan { type base:Basetype_VlanRange; description "Inner Custom Vlan."; } container InSrcMAC { leaf InSrcMAC { type base:Basetype_MacAddress; } leaf InSrcMACMask { type base:Basetype_MacAddress; } } container InDstMAC { leaf InDstMAC { type base:Basetype_MacAddress; } leaf InDstMACMask { type base:Basetype_MacAddress; } } leaf InProtocol { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner protocol type of packets, 256 indicates IP family."; } leaf InIPv6Protocol { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner Ipv6 protocol type of packets, 256 indicates IP family."; } container InSrcAddr { leaf InSrcAddr { type base:Basetype_IpAddress; } leaf InSrcMask { type base:Basetype_IpAddress; } } container InDstAddr { leaf InDstAddr { type base:Basetype_IpAddress; } leaf InDstMask { type base:Basetype_IpAddress; } } container InSrcPort { description "Inner-Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf InSrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InSrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf InSrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container InDstPort { description "Inner-Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf InDstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InDstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf InDstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf InECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of inner IP packet's ECN."; } leaf InDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of inner IP packet."; } leaf InPrecedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of inner IP packet's precedence."; } leaf InTOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of inner IP packet's TOS."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf Counting { type base:Basetype_Boolean; description "Counts the number of times the ACL rule has been matched."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } } } container UserNamedRules { description "Table of the named user ACL rules. This table supports creating rows."; list Rule { key "GroupIndex RuleID"; leaf GroupIndex { type base:Basetype_String { pattern "(5[0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 5000 to 5999."; } leaf RuleID { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "Rule ID. Range from 0 to 65535."; } leaf Action { type enumeration { enum 1; enum 2; } description "Action type. 1: deny, 2: permit."; } container L2Rule { description "Specifies that the offset is relative to the beginning of the Layer 2 frame header."; leaf L2RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L2RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L2Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container IPv4Rule { description "Specifies that the offset is relative to the beginning of the IPv4 header."; leaf IPv4RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf IPv4RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf IPv4Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container IPv6Rule { description "Specifies that the offset is relative to the beginning of the IPv6 header."; leaf IPv6RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf IPv6RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf IPv6Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container L4Rule { description "Specifies that the offset is relative to the beginning of the Layer 4 header."; leaf L4RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L4RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L4Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } container L5Rule { description "Specifies that the offset is relative to the beginning of the Layer 5 header."; leaf L5RuleString { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern in hexadecimal format. Its length must be a multiple of two. Range from 2 to 254."; } leaf L5RuleMask { type base:Basetype_String { pattern "([a-fA-F0-9]{2}){1,127}"; } description "Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. Range from 2 to 254."; } leaf L5Offset { type base:Basetype_UnsignedInteger32 { range "0..254"; } description "Specifies an offset in bytes after which the match operation begins."; } } leaf UdfFormat { type enumeration { enum 1; enum 2; enum 3; } description "udf packet format type. 1: INT, 2:raw-ip."; } leaf ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf IPv6ProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf DualStackProtocolType { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Protocol type of packets, 256 indicates IP family."; } leaf EncapType { type enumeration { enum 5; enum 6; enum 7; enum 8; } description "Encap Type. 5: srv6-l2vpn-be, 6: srv6-l2vpn-te, 7: srv6-l3vpn-be, 8: srv6-l3vpn-te."; } container SRv6 { leaf SegmentLeft { type base:Basetype_UnsignedInteger32; description "Segment left."; } leaf SegmentList { type base:Basetype_UnsignedInteger32; description "Segment list."; } } leaf SrcAny { type base:Basetype_Boolean; description "The flag of matching any source IPv4 address."; } container SrcIPv4 { leaf SrcIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address."; } leaf SrcIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Source IPv4 address wildcard."; } } container SrcIPv6 { description "Source IPv6."; leaf SrcIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Source IPv6 address."; } leaf SrcIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of source IPv6 address."; } } leaf SrcMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Source micseg group Id."; } leaf SrcMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Source micseg agg mask length."; } leaf DstAny { type base:Basetype_Boolean; description "The flag of matching any destination IPv4 address."; } container DstIPv4 { leaf DstIPv4Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address."; } leaf DstIPv4Wildcard { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv4Address; } description "Destination IPv4 address wildcard."; } } container DstIPv6 { description "Destination IPv6."; leaf DstIPv6Addr { type union { type base:Basetype_EmptyString; type base:Basetype_Ipv6Address; } description "Destination IPv6 address."; } leaf DstIPv6Prefix { type union { type base:Basetype_EmptyString; type base:Basetype_UnsignedInteger32 { range "1..128"; } } description "Prefix length of destination IPv6 address."; } } leaf DstMicsegGroup { type base:Basetype_UnsignedShort { range "0..65535"; } description "Destination micseg group Id."; } leaf DstMicsegMaskLength { type base:Basetype_UnsignedShort { range "1..15"; } description "Destination micseg agg mask length."; } container SrcPort { description "Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf SrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf SrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf SrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container DstPort { description "Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf DstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf DstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf DstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf ECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of IP packet's ECN."; } leaf DSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of IP packet."; } leaf Precedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of IP packet's precedence."; } leaf TOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of IP packet's TOS."; } leaf InVlantag { type enumeration { enum 0; enum 1; enum 2; } description "Inner Vlan Tag. 0: none, 1: single, 2: double."; } leaf InServiceVlan { type base:Basetype_VlanRange; description "Inner Service Vlan."; } leaf InCustomVlan { type base:Basetype_VlanRange; description "Inner Custom Vlan."; } container InSrcMAC { leaf InSrcMAC { type base:Basetype_MacAddress; } leaf InSrcMACMask { type base:Basetype_MacAddress; } } container InDstMAC { leaf InDstMAC { type base:Basetype_MacAddress; } leaf InDstMACMask { type base:Basetype_MacAddress; } } leaf InProtocol { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner protocol type of packets, 256 indicates IP family."; } leaf InIPv6Protocol { type base:Basetype_UnsignedInteger32 { range "0..256"; } description "Inner Ipv6 protocol type of packets, 256 indicates IP family."; } container InSrcAddr { leaf InSrcAddr { type base:Basetype_IpAddress; } leaf InSrcMask { type base:Basetype_IpAddress; } } container InDstAddr { leaf InDstAddr { type base:Basetype_IpAddress; } leaf InDstMask { type base:Basetype_IpAddress; } } container InSrcPort { description "Inner-Source port, including SrcPortOp, SrcPortValue1 and SrcPortValue2."; leaf InSrcPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Source port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InSrcPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first source port."; } leaf InSrcPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second source port; 65536 is invalid value."; } } container InDstPort { description "Inner-Destination port, including DstPortOp, DstPortValue1 and DstPortValue2."; leaf InDstPortOp { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "Destination port operator. 1: lt, 2: eq, 3: gt, 4: neq, 5: range."; } leaf InDstPortValue1 { type base:Basetype_UnsignedInteger32 { range "0..65535"; } description "The value of first destination port."; } leaf InDstPortValue2 { type base:Basetype_UnsignedInteger32 { range "0..65536"; } description "The value of second destination port; 65536 is invalid value."; } } leaf InECN { type base:Basetype_UnsignedInteger32 { range "0..3"; } description "The value of inner IP packet's ECN."; } leaf InDSCP { type base:Basetype_UnsignedInteger32 { range "0..63"; } description "The value of DSCP of inner IP packet."; } leaf InPrecedence { type base:Basetype_UnsignedInteger32 { range "0..7"; } description "The value of inner IP packet's precedence."; } leaf InTOS { type base:Basetype_UnsignedInteger32 { range "0..15"; } description "The value of inner IP packet's TOS."; } leaf TimeRange { type base:Basetype_String { pattern "[a-zA-Z][^? ]{0,31}"; } description "Specifies a time range for the rule, a case-insensitive string of 1 to 32 characters. It must start with an English letter."; } leaf Counting { type base:Basetype_Boolean; description "Counts the number of times the ACL rule has been matched."; } leaf Comment { type base:Basetype_Text { length "1..127"; } description "Rule comment, a case-sensitive string of 1 to 127 characters."; } container TcpFlag { leaf ACK { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP ACK flag."; } leaf FIN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP FIN flag."; } leaf PSH { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP PSH flag."; } leaf RST { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP RST flag."; } leaf SYN { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP SYN flag."; } leaf URG { type base:Basetype_UnsignedInteger32 { range "0..1"; } description "TCP URG flag."; } } leaf Established { type base:Basetype_Boolean; description "The flags that indicating the established status of a TCP connection."; } leaf VRF { type base:Basetype_String { length "1..31"; } description "Applies the rule to packets in a VRF instance."; } } } container Intervals { description "ACL intervals table. This table supports creating rows."; list Interval { description "ACL interval row."; key "IntervalType"; leaf IntervalType { type enumeration { enum 1; enum 2; } description "Interval Type. 1: logs, 2: trap."; } leaf IntervalValue { type base:Basetype_UnsignedInteger32 { range "5..1440"; } description "The value of Interval."; } } } container PfilterDefAction { description "Pfilter base information table"; leaf DefaultAction { type enumeration { enum 1; enum 2; } description "Default Action.1:Permit,2:Deny."; } } container PfilterIgnoreAction { description "Pfilter base information table"; leaf IgnoreAction { type base:Basetype_Boolean; description "Ignore permit action."; } } container PfilterApply { description "Pfilter apply table This table supports creating rows."; list Pfilter { description "Pfilter apply row"; key "AppObjType AppObjIndex AppDirection AppAclType AppAclGroup"; leaf AppObjType { type enumeration { enum 1; enum 2; enum 3; } description "Object type. 1: interface, 2: vlan, 3: global."; } leaf AppObjIndex { type base:Basetype_NameAndIndexUnion; description "Object Index."; } leaf AppDirection { type enumeration { enum 1; enum 2; } description "Apply Direction. 1: inbound, 2: outbound."; } leaf AppAclType { type enumeration { enum 1; enum 2; enum 3; enum 4; enum 5; } description "ACL Group type. 1: ipv4, 2: ipv6, 3:MAC, 4:user, 5:default."; } leaf AppAclGroup { type base:Basetype_String { pattern "(0)|([2345][0-9]{3})|([a-zA-Z][^? ]{0,62})"; } description "Acl Group Name of Index.If it's Index, range from 2000 to 5999, Default: 0."; } leaf HardCount { type enumeration { enum 1; enum 2; } description "Hardware count flag.1:true,2:false.Default:false."; } leaf InnerEncap { type enumeration { enum 0; enum 1; } description "Encap Type.0:none,1:vxlan."; } leaf ShareMode { type base:Basetype_Boolean; description "Enable share mode flag."; } } } } }