-- ***********************************************************************
-- Module:    hpicfUrpf.mib
-- 
-- Copyright (C) 2016 Hewlett Packard Enterprise Development LP
-- All Rights Reserved.
--  
-- The contents of this software are proprietary and confidential to
-- the Hewlett Packard Enterprise Development LP. No part of this
-- program may be photocopied, reproduced, or translated into another
-- programming language without prior written consent of the
-- Hewlett Packard Enterprise Development LP.
--
-- Purpose: This file contains MIB definition of HP-ICF-URPF-MIB 
--
-- ***********************************************************************

HP-ICF-URPF-MIB DEFINITIONS ::= BEGIN

  IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Counter64, Integer32
      FROM SNMPv2-SMI
    MODULE-COMPLIANCE, OBJECT-GROUP
      FROM SNMPv2-CONF
    InterfaceIndex
      FROM IF-MIB
    InetAddressType
      FROM INET-ADDRESS-MIB
    SnmpAdminString
      FROM SNMP-FRAMEWORK-MIB
    TruthValue
      FROM SNMPv2-TC
    hpSwitch
      FROM HP-ICF-OID;

  hpicfUrpfMIB MODULE-IDENTITY
    LAST-UPDATED "202106100000Z"     -- June 10, 2021
    ORGANIZATION "Hewlett Packard Enterprise"
    CONTACT-INFO "Hewlett Packard Enterprise Development Company LP
      8000 Foothills Blvd.
      Roseville, CA 95747"
    DESCRIPTION
            "This MIB module describes objects for management of
             Unicast Reverse Path Forwarding (URPF)."
    REVISION     "202106100000Z"     -- June 10, 2021
    DESCRIPTION
            "Added hpicfUrpfConfigHasAllowlistAcl and 
             hpicfUrpfConfigAllowlistAclName."
    REVISION     "201606140000Z"     -- June 14, 2016
    DESCRIPTION
            "Initial version of URPF MIB module."
    ::= { hpSwitch 131 }

    hpicfUrpfConfig       OBJECT IDENTIFIER ::= { hpicfUrpfMIB 1 }
    hpicfUrpfStats        OBJECT IDENTIFIER ::= { hpicfUrpfMIB 2 }
    hpicfUrpfConformance  OBJECT IDENTIFIER ::= { hpicfUrpfMIB 3 }

    hpicfUrpfConfigGlobalEnable  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Is the URPF feature enabled.
                 true(1)  - URPF is enabled;
                 false(2)  URPF is disabled."
        DEFVAL      { false }
        ::= { hpicfUrpfConfig 1 }

    hpicfUrpfConfigGlobalLogTimeout  OBJECT-TYPE
        SYNTAX      Integer32 (30..300)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "The time, in seconds, between URPF logging summary messages."
        DEFVAL      { 300 }
        ::= { hpicfUrpfConfig 2 }

    hpicfUrpfConfigTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF HpicfUrpfConfigEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "The table contains configuration information
                 for URPF processing."
        ::= { hpicfUrpfConfig 3 }

    hpicfUrpfConfigEntry  OBJECT-TYPE
        SYNTAX      HpicfUrpfConfigEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "Each table entry contains configuration parameters for an
                 interface and address family."
        INDEX   { hpicfUrpfIfIndex, hpicfUrpfAddrFamily }
        ::= { hpicfUrpfConfigTable 1 }

    HpicfUrpfConfigEntry ::=
        SEQUENCE {
            hpicfUrpfIfIndex                InterfaceIndex,
            hpicfUrpfAddrFamily             InetAddressType,
            hpicfUrpfConfigMode             INTEGER,
            hpicfUrpfConfigDefRoute         TruthValue,
            hpicfUrpfConfigAllowDhcp        TruthValue,
            hpicfUrpfConfigLogging          TruthValue,
            hpicfUrpfConfigHasWhitelistAcl  TruthValue,
            hpicfUrpfConfigWhitelistAclName SnmpAdminString,
            hpicfUrpfConfigHasAllowlistAcl  TruthValue,
            hpicfUrpfConfigAllowlistAclName SnmpAdminString
        }

    hpicfUrpfIfIndex  OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "The interface for the table entry."
        ::= { hpicfUrpfConfigEntry 1 }

    hpicfUrpfAddrFamily  OBJECT-TYPE
        SYNTAX      InetAddressType
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "The address family for the table entry."
        ::= { hpicfUrpfConfigEntry 2 }

    hpicfUrpfConfigMode  OBJECT-TYPE
        SYNTAX      INTEGER { none(1),
                              strict(2),
                              loose(3)
                    }
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "The URPF match mode. URPF operates in one of two modes:
                 strict and loose. In strict mode, a route to the source
                 address must exist, and the ingress interface of the
                 packet must be the same interface used to egress packets
                 back to the source. For example, the ingress and egress routes
                 are symmetric and must use the same interface. In loose
                 mode, a route to the source address must exist, but the
                 ingress interface of the packet is not checked.
                 none(1)   - URPF not applied to the interface;
                 strict(2) - must match expected interface;
                 loose(3)  - ingress interface is not checked."
        DEFVAL      { none }
        ::= { hpicfUrpfConfigEntry 3 }

    hpicfUrpfConfigDefRoute  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Allow use of the default route when checking the ingress
                 port. Enabling use of the default route is only supported
                 in strict mode. If use of the default route was enabled in
                 loose mode, all packets would be allowed, therefore this
                 option is not supported in loose mode.
                 true(1)  - enable use of default route in port match;
                 false(2) - disable use of default route in port match."
        DEFVAL      { false }
        ::= { hpicfUrpfConfigEntry 4 }

    hpicfUrpfConfigAllowDhcp  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Allow packets with SA=0.0.0.0 and DA=255.255.255.255, such as
                 DHCP and BOOTP, to bypass the URPF checks.
                 true(1)  - packets will bypass URPF checks;
                 false(2)  packets will be dropped."
        DEFVAL      { false }
        ::= { hpicfUrpfConfigEntry 5 }

    hpicfUrpfConfigLogging  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Is logging of dropped packets enabled.
                 true(1)  - logging enabled;
                 false(2) - logging disabled."
        DEFVAL      { false }
        ::= { hpicfUrpfConfigEntry 6 }

    hpicfUrpfConfigHasWhitelistAcl  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Is a whitelist ACL applied to this interface.
                 true(1)  - whitelist ACL applied;
                 false(2) - whitelist ACL not applied."
        DEFVAL      { false }
        ::= { hpicfUrpfConfigEntry 7 }

    hpicfUrpfConfigWhitelistAclName  OBJECT-TYPE
        SYNTAX      SnmpAdminString
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "The URPF whitelist ACL name. The ACL must already exist at 
                 the time of application."
        ::= { hpicfUrpfConfigEntry 8 }

    hpicfUrpfConfigHasAllowlistAcl  OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "Is a allowlist ACL applied to this interface.
                 true(1)  - allowlist ACL applied;
                 false(2) - allowlist ACL not applied."
        DEFVAL      { false }
        ::= { hpicfUrpfConfigEntry 9 }

    hpicfUrpfConfigAllowlistAclName  OBJECT-TYPE
        SYNTAX      SnmpAdminString
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
                "The URPF allowlist ACL name. The ACL must already exist at 
                 the time of application."
        ::= { hpicfUrpfConfigEntry 10 }

    hpicfUrpfStatsTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF HpicfUrpfStatsEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "The table containing statistics information for packets
                 that are dropped by URPF processing."
        ::= { hpicfUrpfStats 1 }

    hpicfUrpfStatsEntry    OBJECT-TYPE
        SYNTAX      HpicfUrpfStatsEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "Each table entry counts packets that are dropped by URPF processing
                 on a particular interface and IP address family."
        INDEX   { hpicfUrpfIfIndex, hpicfUrpfAddrFamily }
        ::= { hpicfUrpfStatsTable 1 }

    HpicfUrpfStatsEntry ::=
        SEQUENCE {
            hpicfUrpfStatsBlockedPackets   Counter64,
            hpicfUrpfStatsBlockedOctets    Counter64
        }

    hpicfUrpfStatsBlockedPackets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "The number of packets blocked by URPF on this interface and
                 address family."
        ::= { hpicfUrpfStatsEntry 1 }

    hpicfUrpfStatsBlockedOctets OBJECT-TYPE
        SYNTAX      Counter64
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "The number of octets blocked by URPF on this interface and
                 address family."
        ::= { hpicfUrpfStatsEntry 2 }


-- ****************************************************************************
-- Conformance Information  
-- ****************************************************************************

-- units of conformance

    hpicfUrpfMIBGroups      OBJECT IDENTIFIER ::= { hpicfUrpfConformance 1 }
    hpicfUrpfMIBCompliances OBJECT IDENTIFIER ::= { hpicfUrpfConformance 2 }

    hpicfUrpfScalarGroup  OBJECT-GROUP
        OBJECTS {
            hpicfUrpfConfigGlobalEnable,
            hpicfUrpfConfigGlobalLogTimeout
        }
        STATUS      current
        DESCRIPTION "A collection of scalar objects providing global
                     configuration information for URPF."
        ::= { hpicfUrpfMIBGroups 1 }
 
    hpicfUrpfConfigTableGroup  OBJECT-GROUP
        OBJECTS {
            hpicfUrpfConfigMode,
            hpicfUrpfConfigDefRoute,
            hpicfUrpfConfigAllowDhcp,
            hpicfUrpfConfigLogging,
            hpicfUrpfConfigHasWhitelistAcl,
            hpicfUrpfConfigWhitelistAclName
        }
        STATUS      deprecated
        DESCRIPTION "A collection of objects providing configuration
                     information for URPF."
        ::= { hpicfUrpfMIBGroups 2 }
 
    hpicfUrpfStatsTableGroup  OBJECT-GROUP
        OBJECTS {
            hpicfUrpfStatsBlockedPackets,
            hpicfUrpfStatsBlockedOctets
        }
        STATUS      current
        DESCRIPTION "A collection of objects providing statistics for URPF."
        ::= { hpicfUrpfMIBGroups 3 }
 
    hpicfUrpfConfigTableGroup1  OBJECT-GROUP
        OBJECTS {
            hpicfUrpfConfigMode,
            hpicfUrpfConfigDefRoute,
            hpicfUrpfConfigAllowDhcp,
            hpicfUrpfConfigLogging,
            hpicfUrpfConfigHasWhitelistAcl,
            hpicfUrpfConfigWhitelistAclName,
            hpicfUrpfConfigHasAllowlistAcl,
            hpicfUrpfConfigAllowlistAclName
        }
        STATUS      current
        DESCRIPTION "A collection of objects providing configuration
                     information for URPF."
        ::= { hpicfUrpfMIBGroups 4 }

-- compliance statements

    hpicfUrpfMIBCompliance  MODULE-COMPLIANCE
        STATUS      deprecated
        DESCRIPTION "The compliance statement for HP switches implementing
                     the HPICF-URPF MIB."
        MODULE -- This Module
        MANDATORY-GROUPS {
            hpicfUrpfScalarGroup,
            hpicfUrpfConfigTableGroup,
            hpicfUrpfStatsTableGroup
        }
        ::= { hpicfUrpfMIBCompliances 1 }

    hpicfUrpfMIBCompliance1  MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION "The compliance statement for HP switches implementing
                     the HPICF-URPF MIB."
        MODULE -- This Module
        MANDATORY-GROUPS {
            hpicfUrpfScalarGroup,
            hpicfUrpfConfigTableGroup1,
            hpicfUrpfStatsTableGroup
        }
        ::= { hpicfUrpfMIBCompliances 2 }

END
