-- ==================================================================
-- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
--
-- Description: ACFP MIB
-- Reference:
-- Version: V1.5
-- History:
--   V1.0 2006-07-04 Created by Wang Haidong
--   V1.1 2007-03-23 Modified by Hao Chunbo
--        Delete the default value of hpnicfAcfpPolicyAdminStatus.
--   V1.2 2007-07-03 Modified by Hao Chunbo
--        Add a new trap node for hpnicfAcfpPolicyLifetime.
--   V1.3 2007-11-07 Modified by Li Yugang
--        Modify the value of hpnicfAcfpServerCurContextType.
--        Destroy the node of hpnicfAcfpRuleEstablish.
--        Add a new node for HpnicfAcfpPolicyDestIfFailAction.
--        Add a new node for HpnicfAcfpPolicyPriority.
--        Add a new node for hpnicfAcfpRuleTCPFlag.
--   V1.4 2007-12-19 Modified by Li Yugang
--        Modify the description of hpnicfAcfpPolicyRowStatus.
--        Modify the description of hpnicfAcfpRuleRowStatus.
--        Modify the status of hpnicfAcfpRuleEstablish.
--        Modify the value of hpnicfAcfpRuleTCPFlag.
--   V1.5 2009-11-30 Modified by Zhu Dengfeng
--        Add a new node for hpnicfAcfpRuleSrcIPV6Address
--        Add a new node for hpnicfAcfpRuleSrcPrefixLen
--        Add a new node for hpnicfAcfpRuleDstIPV6Address
--        Add a new node for hpnicfAcfpRuleDstPrefixLen
--        Add a new node for hpnicfAcfpRuleTrafficType
--        Add a new node for hpnicfAcfpRuleTypeOrLen
-- ==================================================================
HPN-ICF-ACFP-MIB DEFINITIONS ::= BEGIN

IMPORTS
    IpAddress, Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
        FROM SNMPv2-SMI
    RowStatus, TruthValue, MacAddress, DisplayString
        FROM SNMPv2-TC
    Ipv6Address
        FROM IPV6-TC
    InetAddressPrefixLength
        FROM INET-ADDRESS-MIB
    hpnicfCommon
        FROM HPN-ICF-OID-MIB;

--
-- Node definitions
--

hpnicfAcfp MODULE-IDENTITY
    LAST-UPDATED "200607041936Z"
    ORGANIZATION
        ""
    CONTACT-INFO
        ""
    DESCRIPTION
        "This MIB module defines a set of basic objects for
        configuring switches and routers to enable ACFP."
    REVISION    "200607041936Z"
    DESCRIPTION
        "Initial version"
    ::= { hpnicfCommon 74 }

hpnicfAcfpObjects OBJECT IDENTIFIER  ::= { hpnicfAcfp 1 }

hpnicfAcfpOAP  OBJECT IDENTIFIER ::= { hpnicfAcfpObjects 1 }

--  ACFP server information
--      ACFP server should create this object and
--      advertise its capability

hpnicfAcfpServer OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 1 }

hpnicfAcfpServerInfo OBJECT-TYPE
    SYNTAX      BITS
        {
            ipserver(0),
            redirect(1),
            mirror(2),
            passThrough(3)
        }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "When retrieved, this object returns a set of bits
        indicating the capabilities (or configuration) of the
        switch or router.  The set bit is indication that a
        router or switch can support the action for
        security rule."
    ::= { hpnicfAcfpServer 1 }

hpnicfAcfpServerMaxLifetime OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "When retrieved, this object returns the maximum
        lifetime in seconds, that this router or switch allows
        policy rules to have."
    ::= { hpnicfAcfpServer 2 }

hpnicfAcfpServerPersistentRules OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "When retrieved, this object returns true(1) if the
        ACFP MIB implementation can store policy rules
        persistently.  Otherwise, it returns false(2)."
    ::= { hpnicfAcfpServer 3 }

hpnicfAcfpServerCurContextType OBJECT-TYPE
    SYNTAX      INTEGER
        {
            no-context(1),
            context-VLANID(2),
            context-HG(3),
            context-FlowID(4),
            context-HGPlus(5)
        }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "In some circumstances, it's necessary that packets go to
        ACFP client with context from ACFP server.  However, the context
        perhaps is different.  hpnicfAcfpServerCurContextType is
        used to distinguish this difference, ACFP client may
        process distinctively."
    ::= { hpnicfAcfpServer 4 }

-- ACFP client Information.
--     This object is used for network management purpose.

hpnicfAcfpClientInfo OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 2 }

hpnicfAcfpClientInfoTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF HpnicfAcfpClientInfoEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains the basic information about ACFP client."
    ::= { hpnicfAcfpClientInfo 1 }

hpnicfAcfpClientInfoEntry OBJECT-TYPE
    SYNTAX      HpnicfAcfpClientInfoEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This list contains the basic information about ACFP client."
    INDEX
        {
            hpnicfAcfpClientID
        }
    ::= { hpnicfAcfpClientInfoTable 1 }

HpnicfAcfpClientInfoEntry ::= SEQUENCE
    {
        hpnicfAcfpClientID             Integer32,
        hpnicfAcfpClientDescription    DisplayString,
        hpnicfAcfpClientHwVersion      DisplayString,
        hpnicfAcfpClientOSVersion      DisplayString,
        hpnicfAcfpClientAppVersion     DisplayString,
        hpnicfAcfpClientIP             IpAddress,
        hpnicfAcfpClientMode           BITS,
        hpnicfAcfpClientRowStatus      RowStatus
    }

hpnicfAcfpClientID OBJECT-TYPE
    SYNTAX      Integer32(1..2147483647)
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The identifier of ACFP client."
    ::= { hpnicfAcfpClientInfoEntry 1 }

hpnicfAcfpClientDescription OBJECT-TYPE
    SYNTAX      DisplayString(SIZE(0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Description of the application that is running on ACFP
        client, eg. IPS, VCX."
    ::= { hpnicfAcfpClientInfoEntry 2 }

hpnicfAcfpClientHwVersion OBJECT-TYPE
    SYNTAX      DisplayString(SIZE(0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The hardware revision of ACFP client."
    ::= { hpnicfAcfpClientInfoEntry 3 }

hpnicfAcfpClientOSVersion OBJECT-TYPE
    SYNTAX      DisplayString(SIZE(0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The operating system version running ACFP client."
    ::= { hpnicfAcfpClientInfoEntry 4 }

hpnicfAcfpClientAppVersion OBJECT-TYPE
    SYNTAX      DisplayString(SIZE(0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The application version running on ACFP client"
    ::= { hpnicfAcfpClientInfoEntry 5 }

hpnicfAcfpClientIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "IP address of ACFP client."
    ::= { hpnicfAcfpClientInfoEntry 6 }

hpnicfAcfpClientMode OBJECT-TYPE
    SYNTAX      BITS
        {
            ipserver(0),
            redirect(1),
            mirror(2),
            passThrough(3)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "ACFP client informs Router or switch which mode it is operating.
        Router or switch checks hpnicfAcfpServerInfo to see whether it is
        capable of fulfilling this function.  If not, router or switch
        generates a trap informing ACFP client such OAP mode is not
        supported."
    DEFVAL { 0 }
    ::= { hpnicfAcfpClientInfoEntry 7 }

hpnicfAcfpClientRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "RowStatus, supports three states: createAndGo, active, destroy.
        Creation Operation Restriction:
        Node hpnicfAcfpClientMode must be bound while creating a row. It is
        optional for other nodes.
        ACFP module must be enabled for the server while creating a row.
        The number of rows created must not exceed upper limit.

        Modification Operation Restriction:
        Nodes that do not support modification: hpnicfAcfpClientMode.
        Nodes that support modification: hpnicfAcfpClientDescription,
        hpnicfAcfpClientHwVersion, hpnicfAcfpClientOSVersion,
        hpnicfAcfpClientAppVersion and hpnicfAcfpClientIP.
        If the row to be modified does not exist, error returns directly.

        Deletion Operation Restriction:
        If the row to be deleted does not exist, success returns directly.
        "
    ::= { hpnicfAcfpClientInfoEntry 8 }

-- Policy Information applied to Router or switch

hpnicfAcfpPolicy OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 3 }

hpnicfAcfpPolicyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF HpnicfAcfpPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table lists all current policies for ACFP
        client(s).  Entries in this table are created or removed
        implicitly when entries in the hpnicfAcfpRuleTable are
        created or removed, respectively.  A policy entry in this
        table only exists as long as there is rule of this policy
        in the hpnicfAcfpRuleTable.  The table serves for listing the
        existing policies and their remaining lifetimes and for
        changing lifetimes of policies and implicitly of all policy
        members and all their member policy rules can be
        deleted by setting hpnicfAcfpPolicyLifetime to 0."
    ::= { hpnicfAcfpPolicy 1 }

hpnicfAcfpPolicyEntry OBJECT-TYPE
    SYNTAX      HpnicfAcfpPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The list contains basic information of ACFP Policy."
    INDEX
        {
            hpnicfAcfpClientID,
            hpnicfAcfpPolicyIndex
        }
    ::= { hpnicfAcfpPolicyTable 1 }

HpnicfAcfpPolicyEntry ::= SEQUENCE
    {
        hpnicfAcfpPolicyIndex              Integer32,
        hpnicfAcfpPolicyInIfIndex          Integer32,
        hpnicfAcfpPolicyOutIfIndex         Integer32,
        hpnicfAcfpPolicyDestIfIndex        Integer32,
        hpnicfAcfpPolicyContextID          Integer32,
        hpnicfAcfpPolicyAdminStatus        INTEGER,
        hpnicfAcfpPolicyLifetime           Integer32,
        hpnicfAcfpPolicyTimeStart          OCTET STRING,
        hpnicfAcfpPolicyTimeEnd            OCTET STRING,
        hpnicfAcfpPolicyRowStatus          RowStatus,
        hpnicfAcfpPolicyDestIfFailAction   INTEGER,
        hpnicfAcfpPolicyPriority           INTEGER
    }

hpnicfAcfpPolicyIndex OBJECT-TYPE
    SYNTAX      Integer32(1..2147483647)
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The identifier of the Policy of ACFP client"
    ::= { hpnicfAcfpPolicyEntry 1 }

hpnicfAcfpPolicyInIfIndex OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Packet is received from this interface.  The value of this object
        contains the same value of ifIndex of ifTable."
    DEFVAL {0}
    ::= { hpnicfAcfpPolicyEntry 2}


hpnicfAcfpPolicyOutIfIndex OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Packet is sent to this interface.  The value of this object
        contains the same value of ifIndex of ifTable."
    DEFVAL {0}
    ::= { hpnicfAcfpPolicyEntry 3 }

hpnicfAcfpPolicyDestIfIndex OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Through this interface, packet go to ACFP client from
        ACFP server.  The value of this object contains the same
        value of ifIndex of ifTable."
    DEFVAL {0}
    ::= { hpnicfAcfpPolicyEntry 4 }

hpnicfAcfpPolicyContextID OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Internal id ACFP server allocated used to map to the interface.
        ACFP server may send packet with this hpnicfAcfpPolicyContextID to
        ACFP client, ACFP client can make use of this hpnicfAcfpPolicyContextID
        and find the policy. "
    ::= { hpnicfAcfpPolicyEntry 5 }

hpnicfAcfpPolicyAdminStatus OBJECT-TYPE
    SYNTAX      INTEGER
        {
            enable(1), -- policy is applied
            disable(2)   -- policy is not applied

        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object indicates the desired status of the
        policy."
    ::= { hpnicfAcfpPolicyEntry 6 }

hpnicfAcfpPolicyLifetime OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "When retrieved, this object delivers the maximum lifetime (seconds)
        of all the rules of this, i.e., of all the rows in hpnicfAcfpRuleTable
        that have the same values of hpnicfAcfpRulePolicyIndex and
        hpnicfAcfpClientID.  Successfully writing to this object modifies the
        lifetime of all the rules of this.  Successfully writing a value
        of 0 terminates all the rules and implicitly deletes this as soon as
        all member entries are removed from the hpnicfAcfpRuleTable. Note that
        after a lifetime expired, all the corresponding entry in the
        hpnicfAcfpRuleTable will be removed and this will be deleted
        implicitly.  Writing to this object is processed by the ACFP MIB
        implementation by choosing a lifetime value that is greater than
        or equal to zero and less than or equal to the minimum of the requested
        value and the value specified by object hpnicfAcfpServerMaxLifetime:

            0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)

        whereas:
        lt_granted is the actually granted lifetime by the ACFP MIB
        implementation.
        lt_requested is the requested lifetime of the ACFP client.
        lt_maximum is the value of object hpnicfAcfpServerMaxLifetime.
        SNMP set requests to this object may be rejected or the value of
        the object after an accepted set operation may be less than the
        value that was contained in the SNMP set request."
    DEFVAL{ hpnicfAcfpServerMaxLifetime }
    ::= { hpnicfAcfpPolicyEntry 7 }

hpnicfAcfpPolicyTimeStart OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(8))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Beginning time of this policy every day.  Eg. HH:MM:SS"
    ::= { hpnicfAcfpPolicyEntry 8 }

hpnicfAcfpPolicyTimeEnd OBJECT-TYPE
    SYNTAX      OCTET STRING(SIZE(8))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Ending time of this policy every day.  Eg. HH:MM:SS"
    ::= { hpnicfAcfpPolicyEntry 9 }

hpnicfAcfpPolicyRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "RowStatus, supports three states: createAndGo, active, destroy.
        Creation Operation Restriction:
        The client corresponding to the index hpnicfAcfpClientID must exist
        while creating a row.
        Nodes hpnicfAcfpPolicyTimeStart and hpnicfAcfpPolicyTimeEnd are
        bound together, and hpnicfAcfpPolicyTimeEnd must be greater than
        hpnicfAcfpPolicyTimeStart.
        The number of rows created on an incoming/outgoing interface
        cannot exceed the upper limit.
        The number of rows created cannot exceed the upper limit for each client.
        A packet matches a policy in the following order:
        - It first matches the policy with the highest priority.
        - For two policies with the same priority,
          it matches the one with the smallest client index.
        - For two policies with the same client index,
          it matches the one with the smallest policy index.

        Modification Operation Restriction:
        Nodes that do not support modification: hpnicfAcfpPolicyInIfIndex,
        hpnicfAcfpPolicyOutIfIndex, hpnicfAcfpPolicyDestIfIndex,
        hpnicfAcfpPolicyDestIfFailAction, hpnicfAcfpPolicyPriority.
        Nodes that support modification: hpnicfAcfpPolicyAdminStatus,
        hpnicfAcfpPolicyLifetime, hpnicfAcfpPolicyTimeStart and hpnicfAcfpPolicyTimeEnd.
        While modifying a row, if the row corresponding to the index configured
        does not exist, error returns directly.
        While modifying a node, the restriction over hpnicfAcfpPolicyTimeStart
        and hpnicfAcfpPolicyTimeEnd is the same as creating a node.

        Deletion Operation Restriction:
        If the row to be deleted does not exist, success returns directly.
        "
    ::= { hpnicfAcfpPolicyEntry 10 }

hpnicfAcfpPolicyDestIfFailAction OBJECT-TYPE
    SYNTAX      INTEGER
        {
            delete(1),   -- delete all rules of the policy from driver
            reserve(2)   -- reserve all rules of the policy in driver
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object indicates the action of the
        policy when the destination interface failed."
    DEFVAL { 1 }
    ::= { hpnicfAcfpPolicyEntry 11 }

hpnicfAcfpPolicyPriority OBJECT-TYPE
    SYNTAX      INTEGER
        {
            priority1(1), -- Priority 1 (MIN)
            priority2(2), -- Priority 2
            priority3(3), -- Priority 3
            priority4(4), -- Priority 4
            priority5(5), -- Priority 5
            priority6(6), -- Priority 6
            priority7(7), -- Priority 7
            priority8(8)  -- Priority 8 (MAX)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of this object indicates the priority of the
        policy.
        Priority8 is maximal priority.
        Priority1 is minimal priority."
    DEFVAL { 4 }
    ::= { hpnicfAcfpPolicyEntry 12 }

-- Individual Rule policy Information applied to Router or switch

hpnicfAcfpRule OBJECT IDENTIFIER ::= { hpnicfAcfpOAP 4 }

hpnicfAcfpRuleTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF HpnicfAcfpRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table lists all the rules.  It is indexed by
        hpnicfAcfpClientID, hpnicfAcfpRulePolicyIndex and hpnicfAcfpRuleIndex.
        Entries can be deleted by writing hpnicfAcfpPolicyLifetime to 0."
    ::= { hpnicfAcfpRule 1 }

hpnicfAcfpRuleEntry OBJECT-TYPE
    SYNTAX      HpnicfAcfpRuleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The list contains basic information of the rule."
    INDEX
        {
            hpnicfAcfpClientID,
            hpnicfAcfpPolicyIndex,
            hpnicfAcfpRuleIndex
        }
    ::= { hpnicfAcfpRuleTable 1 }

HpnicfAcfpRuleEntry ::= SEQUENCE
    {
        hpnicfAcfpRuleIndex           Integer32,
        hpnicfAcfpRuleOperStatus      INTEGER,
        hpnicfAcfpRuleAction          INTEGER,
        hpnicfAcfpRuleAll             TruthValue,
        hpnicfAcfpRuleSrcMAC          MacAddress,
        hpnicfAcfpRuleDstMAC          MacAddress,
        hpnicfAcfpRuleVlanStart       Integer32,
        hpnicfAcfpRuleVlanEnd         Integer32,
        hpnicfAcfpRuleProtocol        Integer32,
        hpnicfAcfpRuleSrcIP           IpAddress,
        hpnicfAcfpRuleSrcIPMask       IpAddress,
        hpnicfAcfpRuleSrcOp           INTEGER,
        hpnicfAcfpRuleSrcStartPort    Integer32,
        hpnicfAcfpRuleSrcEndPort      Integer32,
        hpnicfAcfpRuleDstIP           IpAddress,
        hpnicfAcfpRuleDstIPMask       IpAddress,
        hpnicfAcfpRuleDstOp           INTEGER,
        hpnicfAcfpRuleDstStartPort    Integer32,
        hpnicfAcfpRuleDstEndPort      Integer32,
        hpnicfAcfpRulePrecedence      Integer32,
        hpnicfAcfpRuleTos             Integer32,
        hpnicfAcfpRuleDscp            Integer32,
        hpnicfAcfpRuleEstablish       TruthValue,
        hpnicfAcfpRuleFragment        TruthValue,
        hpnicfAcfpRulePacketRate      Integer32,
        hpnicfAcfpRuleRowStatus       RowStatus,
        hpnicfAcfpRuleTCPFlag         Integer32,
        hpnicfAcfpRuleSrcIPV6Address  Ipv6Address,
        hpnicfAcfpRuleSrcPrefixLen    InetAddressPrefixLength,
        hpnicfAcfpRuleDstIPV6Address  Ipv6Address,
        hpnicfAcfpRuleDstPrefixLen    InetAddressPrefixLength,
        hpnicfAcfpRuleTrafficType     BITS,
        hpnicfAcfpRuleTypeOrLen       Integer32
    }

hpnicfAcfpRuleIndex OBJECT-TYPE
    SYNTAX      Integer32(1..2147483647)
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The identifier of the rules which have the same hpnicfAcfpPolicyIndex
        and hpnicfAcfpClientID.hpnicfAcfpRuleIndex indicates rule sequence in the
        same policy."
    ::= { hpnicfAcfpRuleEntry 1 }

hpnicfAcfpRuleOperStatus OBJECT-TYPE
    SYNTAX      INTEGER
        {
            success(1), -- rule applied successfully to interface
            fail(2)     -- rule failed to apply to interface

        }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of this object indicates the status of a rule.
        success : Applied rule to interface successfully.
        fail : Failed to apply rule to interface.
        "
    DEFVAL { fail }
    ::= { hpnicfAcfpRuleEntry 2 }

hpnicfAcfpRuleAction OBJECT-TYPE
    SYNTAX      INTEGER
        {
            permit(1),
            deny(2),
            redirect(3),
            mirror(4),
            rate(5)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The action of this rule."
    ::= { hpnicfAcfpRuleEntry 3 }

hpnicfAcfpRuleAll OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The rule match all packet or does not.
        true : all
        false : not all
        "
    DEFVAL { false }
    ::= { hpnicfAcfpRuleEntry 4 }

hpnicfAcfpRuleSrcMAC OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source MAC of this rule."
    ::= { hpnicfAcfpRuleEntry 5 }

hpnicfAcfpRuleDstMAC OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination MAC of this rule."
    ::= { hpnicfAcfpRuleEntry 6 }

hpnicfAcfpRuleVlanStart OBJECT-TYPE
    SYNTAX      Integer32(0..4094)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Starting VLAN id of this rule.
        0 : Invalid value"
    DEFVAL { 0 }
    ::= { hpnicfAcfpRuleEntry 7 }

hpnicfAcfpRuleVlanEnd OBJECT-TYPE
    SYNTAX      Integer32(0..4094)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Ending VLAN id of this rule.
        0 : Invalid value"
    DEFVAL { 0 }
    ::= { hpnicfAcfpRuleEntry 8 }

hpnicfAcfpRuleProtocol OBJECT-TYPE
    SYNTAX      Integer32(0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The protocol-type of this rule.
        <0-255>  Protocol number
        gre      GRE tunneling(47)
        icmp     Internet Control Message Protocol(1)
        igmp     Internet Management Protocol(2)
        ip       Any IP protocol(0)
        ipinip   IP in IP tunneling(4)
        ospf     OSPF routing protocol(89)
        tcp      Transmission Control Protocol (6)
        udp      User Datagram Protocol (17)
        "
    DEFVAL { 0 }
    ::= { hpnicfAcfpRuleEntry 9 }

hpnicfAcfpRuleSrcIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source IP address of this rule."
    ::= { hpnicfAcfpRuleEntry 10 }

hpnicfAcfpRuleSrcIPMask OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source IP-address wild of this rule.  Eg. 0.0.0.255."
    ::= { hpnicfAcfpRuleEntry 11 }

hpnicfAcfpRuleSrcOp OBJECT-TYPE
    SYNTAX      INTEGER
        {
            equal(1),
            notEqual(2),
            lessThan(3),
            greaterThan(4),
            range(5),
            invalid(6)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source Port operation for this rule"
    DEFVAL { invalid }
    ::= { hpnicfAcfpRuleEntry 12 }

hpnicfAcfpRuleSrcStartPort OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Starting UDP/TCP Source Port number of this rule."
    ::= { hpnicfAcfpRuleEntry 13 }

hpnicfAcfpRuleSrcEndPort OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Ending UDP/TCP Source Port of this rule."
    ::= { hpnicfAcfpRuleEntry 14 }

hpnicfAcfpRuleDstIP OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination IP address of this rule."
    ::= { hpnicfAcfpRuleEntry 15 }

hpnicfAcfpRuleDstIPMask OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination IP-address wild of this rule.  Eg. 0.0.0.255"
    ::= { hpnicfAcfpRuleEntry 16 }

hpnicfAcfpRuleDstOp OBJECT-TYPE
    SYNTAX      INTEGER
        {
            equal(1),
            nonEqual(2),
            lessThan(3),
            greaterThan(4),
            range(5),
            invalid(6)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination Port operation for this rule"
    DEFVAL { invalid }
    ::= { hpnicfAcfpRuleEntry 17 }

hpnicfAcfpRuleDstStartPort OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Starting UDP/TCP Destination Port number of this rule."
    ::= { hpnicfAcfpRuleEntry 18 }

hpnicfAcfpRuleDstEndPort OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Ending UDP/TCP Destination Port of this rule."
    ::= { hpnicfAcfpRuleEntry 19 }

hpnicfAcfpRulePrecedence OBJECT-TYPE
    SYNTAX      Integer32(0..7|255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of precedence field in IP header.
        <255>                  Invalid value
        <0-7>                  value of precedence
        routine(0)             Routine precedence
        priority(1)            Priority precedence
        immediate(2)           Immediate precedence
        flash(3)               Flash precedence
        flash-override(4)      Flash Override precedence
        critical(5)            Critical precedence
        internet(6)            Network Control precedence
        network(7)             Internetwork Control precedence
        "
    DEFVAL { 255 }
    ::= { hpnicfAcfpRuleEntry 20 }

hpnicfAcfpRuleTos OBJECT-TYPE
    SYNTAX      Integer32(0..15|255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of TOS field in IP header.
        <255>                  Invalid value
        <0-15>                 value of ToS (Type of Service)
        Normal(0)              normal service
        min-monetary-cost(1)   minimum monetary cost
        max-reliability(2)     maximum reliability
        max-throughput(4)      maximum throughput
        min-delay(8)           minimum delay
        "
    DEFVAL { 255 }
    ::= { hpnicfAcfpRuleEntry 21 }

hpnicfAcfpRuleDscp OBJECT-TYPE
    SYNTAX      Integer32(0..63|255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of DSCP.
        <255>                  Invalid value
        <0-63>                 value of DSCP
        Be(0)                  best effort
        af11(10)               assured forwarding 11 service
        af12(12)               assured forwarding 12 service
        af13(14)               assured forwarding 13 service
        af21(18)               assured forwarding 18 service
        af22(20)               assured forwarding 20 service
        af23(22)               assured forwarding 22 service
        af31(26)               assured forwarding 31 service
        af32(28)               assured forwarding 32 service
        af33(30)               assured forwarding 33 service
        af41(34)               assured forwarding 41 service
        af42(36)               assured forwarding 42 service
        af43(38)               assured forwarding 43 service
        cs1(8)                 class selector 1 service
        cs2(16)                class selector 2 service
        cs3(24)                class selector 3 service
        cs4(32)                class selector 4 service
        cs5(40)                class selector 5 service
        cs6(48)                class selector 6 service
        cs7(56)                class selector 7 service
        ef(46)                 expedited forwarding service
        "
    DEFVAL { 255 }
    ::= { hpnicfAcfpRuleEntry 22 }

hpnicfAcfpRuleEstablish OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      deprecated
    DESCRIPTION
        "Establish Flag.  Matches the TCP packets with the ACK
        and/or RST flag, including the TCP packets of these
        types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK."
    DEFVAL { false }
    ::= { hpnicfAcfpRuleEntry 23 }

hpnicfAcfpRuleFragment OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The flag of matching fragmented packet."
    DEFVAL { false }
    ::= { hpnicfAcfpRuleEntry 24 }

hpnicfAcfpRulePacketRate OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Packet rate (Kbps) of this rule."
    ::= { hpnicfAcfpRuleEntry 25 }

hpnicfAcfpRuleRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "RowStatus, supports three states: createAndGo, active, destroy.
        Creation Operation Restriction:
        Node hpnicfAcfpRuleAction must be bound while creating a line.
        Nodes hpnicfAcfpRuleAll and hpnicfAcfpRuleProtocol, hpnicfAcfpRuleSrcIP,
        hpnicfAcfpRuleSrcIPMask, hpnicfAcfpRuleDstIP, hpnicfAcfpRuleSrcOp,
        hpnicfAcfpRuleSrcStartPort, hpnicfAcfpRuleSrcEndPort, hpnicfAcfpRuleDstIP,
        hpnicfAcfpRuleDstIPMask, hpnicfAcfpRuleDstOp, hpnicfAcfpRuleDstStartPort,
        hpnicfAcfpRuleDstEndPort, hpnicfAcfpRulePrecedence, hpnicfAcfpRuleTos,
        hpnicfAcfpRuleDscp, hpnicfAcfpRuleTCPFlag, hpnicfAcfpRuleFragment are
        mutually exclusive.
        Nodes hpnicfAcfpRuleSrcIP and hpnicfAcfpRuleSrcIPMask are bound together,
        otherwise, the source IP address is neglected.
        The restriction over hpnicfAcfpRuleDstIP and hpnicfAcfpRuleDstIPMask is the
        same as hpnicfAcfpRuleSrcIP and hpnicfAcfpRuleSrcIPMask.
        Nodes hpnicfAcfpRuleDscp and hpnicfAcfpRulePrecedence, hpnicfAcfpRuleTos are
        mutually exclusive.
        If the node hpnicfAcfpRuleSrcOp is bound to range(5),
        hpnicfAcfpRuleSrcStartPort and hpnicfAcfpRuleSrcEndPort must be bound together,
        and hpnicfAcfpRuleSrcEndPort must be greater than hpnicfAcfpRuleSrcStartPort.
        If the node hpnicfAcfpRuleSrcOp is bound to equal(1), notEqual(2),
        lessThan(3) or greaterThan(4), hpnicfAcfpRuleSrcStartPort must be bound
        together, and hpnicfAcfpRuleSrcEndPort is neglected.
        The restriction over hpnicfAcfpRuleDstOp, hpnicfAcfpRuleDstStartPort and
        hpnicfAcfpRuleDstEndPort is the same as hpnicfAcfpRuleSrcOp,
        hpnicfAcfpRuleSrcStartPort and hpnicfAcfpRuleSrcEndPort.
        If the node hpnicfAcfpRuleAction is bound to redirect(3) or mirror(4),
        the destination interfaces of the policy the rule belonging to must exist;
        The number of rows created cannot exceed the upper limit for each policy,
        each inbound interface and each outbound interface.

        Modification Operation Restriction:
        The row does not support modification.

        Deletion Operation Restriction
        If the row to be deleted does not exist, success returns directly.
        "
    ::= { hpnicfAcfpRuleEntry 26 }

hpnicfAcfpRuleTCPFlag OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "TCP Flag.
        <0>       don't care for TCP flag to match packets
        <1-65535> care for TCP flag to match packets,
                  the value is combination of next list.
                  URG_VALID (1 << 13)
                  URG_SET   (1 << 5)
                  ACK_VALID (1 << 12)
                  ACK_SET   (1 << 4)
                  PSH_VALID (1 << 11)
                  PSH_SET   (1 << 3)
                  RST_VALID (1 << 10)
                  RST_SET   (1 << 2)
                  SYN_VALID (1 << 9)
                  SYN_SET   (1 << 1)
                  FIN_VALID (1 << 8)
                  FIN_SET   1

        Matches the TCP packets with the URG and/or
        ACK and/or PSH and/or RST and/or SYN and/or FIN flag,
        including the TCP packets of these
        types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK."
    DEFVAL { 0 }
    ::= { hpnicfAcfpRuleEntry 27 }

hpnicfAcfpRuleSrcIPV6Address OBJECT-TYPE
    SYNTAX      Ipv6Address
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source IPv6 address of this rule."
    ::= { hpnicfAcfpRuleEntry 28 }

hpnicfAcfpRuleSrcPrefixLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Source IPv6 address prefix length of this rule. Eg. 64."
    ::= { hpnicfAcfpRuleEntry 29 }

hpnicfAcfpRuleDstIPV6Address OBJECT-TYPE
    SYNTAX      Ipv6Address
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination IPv6 address of this rule."
    ::= { hpnicfAcfpRuleEntry 30 }

hpnicfAcfpRuleDstPrefixLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Destination IPv6 address prefix length of this rule. Eg. 64."
    ::= { hpnicfAcfpRuleEntry 31 }

hpnicfAcfpRuleTrafficType OBJECT-TYPE
    SYNTAX      BITS
        {
            unicast(0),
            multicast(1),
            broadcast(2)
        }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Traffic type of this rule. When retrieved, this object
        returns a set of bits indicating the traffic type."
    ::= { hpnicfAcfpRuleEntry 32 }

hpnicfAcfpRuleTypeOrLen OBJECT-TYPE
    SYNTAX      Integer32(0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The type or length of ethernet packet.
        For Ethernet II encapsulation, it stands for packet type.
        For 802.3 encapsulation, it stands for packet length."
    ::= { hpnicfAcfpRuleEntry 33 }

-- Notifications.  The definition of hpnicfAcfpNotifications makes notification
-- registrations reversible (see STD 58, RFC 2578, section 8.5).

hpnicfAcfpNotifications OBJECT IDENTIFIER  ::= { hpnicfAcfpOAP 5 }

hpnicfAcfpCurContextChanged NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpServerCurContextType
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when router or switch changed
        hpnicfAcfpServerCurContextType."
    ::= { hpnicfAcfpNotifications 1 }

hpnicfAcfpClientRegister NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpClientID
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when the ACFP client is registered."
    ::= { hpnicfAcfpNotifications 2 }

hpnicfAcfpClientUnRegister NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpClientID
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when the ACFP client is unregistered."
    ::= { hpnicfAcfpNotifications 3 }

hpnicfAcfpClientDead NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpClientID
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when the ACFP client is not responding."
    ::= { hpnicfAcfpNotifications 4 }

hpnicfAcfpNotSupportedOAPMode NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpClientID,
            hpnicfAcfpClientMode,
            hpnicfAcfpServerInfo
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when router or switch cannot support OAP
        mode that ACFP client wants to operate on."
    ::= { hpnicfAcfpNotifications 5 }

hpnicfAcfpLifetimeChangeEvent NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpPolicyLifetime
        }
    STATUS      current
    DESCRIPTION
        "This notification can be generated for indicating that
        The lifetime of all member rules of the was
        changed by successfully writing to object
        hpnicfAcfpPolicyLifetime.  Note that this notification
        is only sent if the lifetime of a policy was changed by
        successfully writing to object hpnicfAcfpPolicyLifetime."
    ::= { hpnicfAcfpNotifications 6 }

hpnicfAcfpRuleCreatedEvent NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpRuleIndex
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when a new rule is created."
    ::= { hpnicfAcfpNotifications 7 }

hpnicfAcfpRuleDeletedEvent NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpRuleIndex
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when a rule is deleted."
    ::= { hpnicfAcfpNotifications 8 }

hpnicfAcfpRuleErrorEvent NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpRuleIndex
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent when rule cannot be applied."
    ::= { hpnicfAcfpNotifications 9 }

hpnicfAcfpLifetimeExpireEvent NOTIFICATION-TYPE
    OBJECTS
        {
            hpnicfAcfpPolicyLifetime
        }
    STATUS      current
    DESCRIPTION
        "This notification is sent
         when the time of the policy existed exceeds its lifetime."
    ::= { hpnicfAcfpNotifications 10 }

END
