PDN-MPE-FILTER-MIB DEFINITIONS ::= BEGIN

-- Version :  0.1 DRAFT
-- Enterprise filter mib (mpe support)
-- Copyright (C) 2000 Paradyne Corporation.

-- Created by : Prakash Easwar

IMPORTS
RowStatus,DisplayString
FROM SNMPv2-TC
IpAddress
FROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212
TRAP-TYPE
FROM RFC-1215
entPhysicalIndex
FROM ENTITY-MIB
mpe-filter
FROM PDN-HEADER-MIB
;

mpeSysDevFilterMIBObjects OBJECT IDENTIFIER ::= { mpe-filter 1 }
mpeSysDevFilterMIBTraps   OBJECT IDENTIFIER ::= { mpe-filter 2 }

mpeSysDevIpFilter OBJECT IDENTIFIER ::= { mpeSysDevFilterMIBObjects 1 }

-- The filter group.

mpeSysDevIpFilterConfigTable OBJECT-TYPE
  SYNTAX SEQUENCE OF MpeSysDevIpFilterConfigTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "This table allows the user to configure filtering information.
     Every filter is comprised of a number of rules(see SysDevRuleTable).
     When a filter is bound to an interface, all the rules of that particular
     filter apply to that particular interface. Also the same filter
     maybe bound to several interfaces. This table only allows
     us to configure information about a particular filter.
     this table is indexed by entPhysicalIndex and sysDevIpFilterName." 
   ::= { mpeSysDevIpFilter 1 }

mpeSysDevIpFilterConfigTableEntry OBJECT-TYPE
  SYNTAX MpeSysDevIpFilterConfigTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "Describes a specific entry of the filter configuration table."
  INDEX {entPhysicalIndex,  mpeSysDevIpFilterName }
   ::= { mpeSysDevIpFilterConfigTable 1 }

MpeSysDevIpFilterConfigTableEntry ::=
  SEQUENCE {
    mpeSysDevIpFilterName       		    DisplayString (SIZE(1..12)),
    mpeSysDevIpDefFilterAction   		 INTEGER,
    mpeSysDevIpFilterNumOfDynamicRules  INTEGER,
    mpeSysDevIpFilterNumOfStaticRules   INTEGER,
    mpeSysDevIpFilterRefCount			    INTEGER,
    mpeSysDevIpFilterTcpAckFilterAction INTEGER,
    mpeSysDevIpFilterDhcpFilterAction	 INTEGER,
    mpeSysDevIpFilterRowStatus		    RowStatus
}

mpeSysDevIpFilterName OBJECT-TYPE
  SYNTAX  DisplayString (SIZE(1..12))
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to the name
    of the filter."
::= { mpeSysDevIpFilterConfigTableEntry 1 }

mpeSysDevIpDefFilterAction OBJECT-TYPE
  SYNTAX INTEGER {
    forward (1),
    discard (2),
    delete (3)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the  default action
     taken on a particular IP packet based on the filter rule.
     forward - the packet is forwarded
       discard - the packet is discarded.
       delete - the rule of a particular filter or the 
       filter as a whole is deleted."
::= { mpeSysDevIpFilterConfigTableEntry 2 }

mpeSysDevIpFilterNumOfDynamicRules OBJECT-TYPE
  SYNTAX INTEGER
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "This object corresponds to the number of dynamic rules 
     configured for this filter"
::= { mpeSysDevIpFilterConfigTableEntry 3 }
 
mpeSysDevIpFilterNumOfStaticRules OBJECT-TYPE
  SYNTAX INTEGER
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "This object corresponds to the number of static rules 
     configured for this filter"
::= { mpeSysDevIpFilterConfigTableEntry 4 }
 
mpeSysDevIpFilterRefCount OBJECT-TYPE
  SYNTAX INTEGER
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "This object corresponds to the number of 
     references for this filter by the various 
     interfaces of the system
     For Example if filter 'abc' is bound to
     two of the DSL interfaces as input filters. then
     the reference count for this filter is 2.
     if a filter 'def' is bound to the 10BaseT interface
     as both an input and an output filter. The reference count
     for this filter would be 2. Filters can be deleted from the
     system (by a user) only if the reference count equals 0"
::= { mpeSysDevIpFilterConfigTableEntry 5 }

mpeSysDevIpFilterTcpAckFilterAction OBJECT-TYPE
  SYNTAX INTEGER {
     forward (1),
     discard (2),
     noOp (3)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the  default action
     taken on the first TCP ACK packet of the TCP connection. This
     object is not supported for MCC."
::= { mpeSysDevIpFilterConfigTableEntry 6 }

mpeSysDevIpFilterDhcpFilterAction OBJECT-TYPE
  SYNTAX INTEGER {
	 forward (1),
	 discard (2),
	 noOp (3)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
	 "The value of this object corresponds to the  default action
	  taken on the DHCP transaction messages. This object is not supported
	  for mcc."
::= { mpeSysDevIpFilterConfigTableEntry 7 }

mpeSysDevIpFilterRowStatus OBJECT-TYPE
  SYNTAX RowStatus 
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The object is used to add or delete a row from
     this table." 
::= { mpeSysDevIpFilterConfigTableEntry 8 }

mpeSysDevIpFilterRuleConfigTable OBJECT-TYPE
  SYNTAX SEQUENCE OF MpeSysDevIpFilterRuleConfigTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "This table allows the user to configure the rules of each IP filter.
     When a filter is bound to an interface, all the rules of that particular 
     filter apply to that particular interface. Also, the same filter may be
     found to several interfaces. This table is indexed by entPhysicalIndex,
     sysDevIpFilterName and sysDevIpFilterRuleNumber."
::= { mpeSysDevIpFilter 2 }

mpeSysDevIpFilterRuleConfigTableEntry OBJECT-TYPE
  SYNTAX MpeSysDevIpFilterRuleConfigTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "Describes a specific entry of the filter rule configuration table."
  INDEX { entPhysicalIndex, 
          mpeSysDevIpRuleFilterName, 
          mpeSysDevIpFilterRuleNumber }
::= { mpeSysDevIpFilterRuleConfigTable 1 }

MpeSysDevIpFilterRuleConfigTableEntry ::=
  SEQUENCE {
    mpeSysDevIpRuleFilterName    		     DisplayString (SIZE(1..12)),
    mpeSysDevIpFilterRuleNumber             INTEGER (1..33),
    mpeSysDevIpFilterRuleSrcAddress    	  IpAddress,
    mpeSysDevIpFilterRuleSrcAddrMask   	  IpAddress,
    mpeSysDevIpFilterRuleSrcAddrCompEnable  INTEGER,
    mpeSysDevIpFilterRuleSrcPortNum    	  INTEGER (0..65535),
    mpeSysDevIpFilterRuleMaxSrcPortNum 	  INTEGER (0..65535),
    mpeSysDevIpFilterRuleSrcCompType   	  INTEGER,
    mpeSysDevIpFilterRuleDestAddress   	  IpAddress,
    mpeSysDevIpFilterRuleDestAddrMask   	  IpAddress,
    mpeSysDevIpFilterRuleDestAddrCompEnable INTEGER,
    mpeSysDevIpFilterRuleDestPortNum    	  INTEGER (0..65535),
    mpeSysDevIpFilterRuleMaxDestPortNum 	  INTEGER (0..65535),
    mpeSysDevIpFilterRuleDestCompType  	  INTEGER,
    mpeSysDevIpFilterRuleType               INTEGER,
    mpeSysDevIpFilterRuleProtocolTypeUdp    INTEGER,
    mpeSysDevIpFilterRuleProtocolTypeTcp    INTEGER,
    mpeSysDevIpFilterRuleProtocolTypeIcmp   INTEGER,
    mpeSysDevIpFilterRuleRowStatus 		     RowStatus
   }

mpeSysDevIpRuleFilterName OBJECT-TYPE
  SYNTAX  DisplayString (SIZE(1..12))
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to the name
    of the filter."
::= { mpeSysDevIpFilterRuleConfigTableEntry 1 }

mpeSysDevIpFilterRuleNumber OBJECT-TYPE
  SYNTAX INTEGER (1..33)
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to a rule 
     within a particular filter. If the value of this object
     is 0, then the sets apply to the filter as a whole. For
     example one may want to delete the whole filter. for
     a get only the name of the filter is returned."
::= { mpeSysDevIpFilterRuleConfigTableEntry 2 }

mpeSysDevIpFilterRuleSrcAddress OBJECT-TYPE
  SYNTAX IpAddress
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to an source
     IP Address. This object could be set if IP packets need to be
     filtered based on where it is coming from. Setting this object
     to 0.0.0.0 disables source IP address comparison."
::= { mpeSysDevIpFilterRuleConfigTableEntry 3 }

mpeSysDevIpFilterRuleSrcAddrMask OBJECT-TYPE
  SYNTAX IpAddress
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to an source
     IP Address Mask. The value of this object is bitwise anded
     with the source address within the IP packet and then compared
     with the mpeSysDevIPFilterSrcAddress."
::= { mpeSysDevIpFilterRuleConfigTableEntry 4 }

mpeSysDevIpFilterRuleSrcAddrCompEnable OBJECT-TYPE
  SYNTAX INTEGER {
    enable (1),
    disable (2),
    noOp (3)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
     "This object enables or disables the source address comparison.
      It is not supported for MCC."
::= { mpeSysDevIpFilterRuleConfigTableEntry 5 }

mpeSysDevIpFilterRuleSrcPortNum OBJECT-TYPE
  SYNTAX INTEGER (0..65535)
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The UDP or TCP port number of the source on which this filter 
     is applied."
::= { mpeSysDevIpFilterRuleConfigTableEntry 6 }

mpeSysDevIpFilterRuleMaxSrcPortNum OBJECT-TYPE
  SYNTAX INTEGER (0..65535)
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The maximum UDP or TCP port number of the source on which
     this filter is applied. This object is valid only if the source 
     comparison type is in-range or out-range"
::= { mpeSysDevIpFilterRuleConfigTableEntry 7 }

mpeSysDevIpFilterRuleSrcCompType OBJECT-TYPE
  SYNTAX INTEGER {
    none (1),
    eq (2),
    neq (3),
    gt (4),
    lt (5),
    inRange (6),
    outRange (7)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the type of
     comparison which is to be made for source based filtering 
     for the particular rule of the filter.
       none - no comparison is to be made.
       eq - equal to
       neq - not equal to
       gt - greater than
       lt - less than
       inRange - the source port number of the TCP or UDP packet
                 is within a specified range.
       outRange - the source port number of the TCP or UDP packet
                  lies outside a specified range."
::= { mpeSysDevIpFilterRuleConfigTableEntry 8 }

mpeSysDevIpFilterRuleDestAddress OBJECT-TYPE
  SYNTAX IpAddress
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to an destination
     IP Address. This object could be set if IP packets need to be
     filtered based on where it is going to."
::= { mpeSysDevIpFilterRuleConfigTableEntry 9 }

mpeSysDevIpFilterRuleDestAddrMask OBJECT-TYPE
  SYNTAX IpAddress
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to an destination
     IP Address Mask. The value of this object is bitwise anded
     with the destination address within the IP packet and then compared
     with the mpeSysDevIPFilterRuleDestAddress"
::= { mpeSysDevIpFilterRuleConfigTableEntry 10 }

mpeSysDevIpFilterRuleDestAddrCompEnable OBJECT-TYPE
  SYNTAX INTEGER {
    enable (1),
    disable (2),
    noOp (3)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "This object enables or disables the destination address comparison.
     It is not supported for MCC."
::= { mpeSysDevIpFilterRuleConfigTableEntry 11 }

mpeSysDevIpFilterRuleDestPortNum OBJECT-TYPE
  SYNTAX INTEGER (0..65535)
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The UDP or TCP port number of the destination on which this filter 
     is applied"
::= { mpeSysDevIpFilterRuleConfigTableEntry 12 }

mpeSysDevIpFilterRuleMaxDestPortNum OBJECT-TYPE
  SYNTAX INTEGER (0..65535)
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The maximum UDP or TCP port number of the destination on which
     this filter is applied. This object is valid only if the destination
     comparison type is in-range or out-range"
::= { mpeSysDevIpFilterRuleConfigTableEntry 13 }

mpeSysDevIpFilterRuleDestCompType OBJECT-TYPE
  SYNTAX INTEGER {
    none (1),
    eq (2),
    neq (3),
    gt (4),
    lt (5),
    inRange (6),
    outRange (7)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the type of
     comparison which is to be made for destination based filtering 
     for the particular rule of the filter.
       none - no comparison is to be made.
       eq - equal to
       neq - not equal to
       gt - greater than
       lt - less than
       inRange - the source port number of the TCP or UDP packet
                 is within a specified range.
       outRange - the source port number of the TCP or UDP packet
                  lies outside a specified range."
::= { mpeSysDevIpFilterRuleConfigTableEntry 14 }

mpeSysDevIpFilterRuleType OBJECT-TYPE
  SYNTAX INTEGER {
    static (1),
    dynamic (2)
  }
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the type of
     type of rule configured
          static - This indicates that the rule was configured
                   by an NMS either by SNMP, console or using
                   telnet
          dynamic - this indicates that the rule was configured
                   by the the system for end-users who have obtaimed
                   an IP address using the DHCP protocol."
::= { mpeSysDevIpFilterRuleConfigTableEntry 15 }
 
mpeSysDevIpFilterRuleProtocolTypeUdp OBJECT-TYPE
  SYNTAX INTEGER {
    forward (1),
    discard (2)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the action
     taken on a particular UDP packet based on the source/
     destination port comparison rule."
::= { mpeSysDevIpFilterRuleConfigTableEntry 16 }
 
mpeSysDevIpFilterRuleProtocolTypeTcp OBJECT-TYPE
  SYNTAX INTEGER {
      forward (1),
      discard (2)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the action
     taken on a particular TCP packet bases on the source/
     destination port comparison rule."
::= { mpeSysDevIpFilterRuleConfigTableEntry 17 }
 
mpeSysDevIpFilterRuleProtocolTypeIcmp OBJECT-TYPE
  SYNTAX INTEGER {
    forward (1),
    discard (2)
  }
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds to the action
     taken on a particular ICMP packet bases on the protocol
     type comparison rule."
::= { mpeSysDevIpFilterRuleConfigTableEntry 18 }

mpeSysDevIpFilterRuleRowStatus OBJECT-TYPE
  SYNTAX RowStatus 
  ACCESS read-write
  STATUS mandatory
  DESCRIPTION
    "The object is used to add or delete a row from
     this table." 
::= { mpeSysDevIpFilterRuleConfigTableEntry 19 }

mpeSysDevMaxNumOfIpFiltersTable OBJECT-TYPE
  SYNTAX SEQUENCE OF MpeSysDevMaxNumOfIpFiltersTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "This table contains the maximum number of IP filters
     supported on a device. It is indexed by entPhysicalIndex."
  ::= { mpeSysDevIpFilter 3 }

mpeSysDevMaxNumOfIpFiltersTableEntry OBJECT-TYPE
  SYNTAX MpeSysDevMaxNumOfIpFiltersTableEntry
  ACCESS not-accessible
  STATUS mandatory
  DESCRIPTION
    "Describes a specific entry of the max number of filters table."
  INDEX { entPhysicalIndex }
::= { mpeSysDevMaxNumOfIpFiltersTable 1 }

MpeSysDevMaxNumOfIpFiltersTableEntry  ::=
  SEQUENCE {
    mpeSysDevMaxNumOfInputIpFilters	INTEGER,
    mpeSysDevMaxNumOfOutputIpFilters	INTEGER
  }
	 
mpeSysDevMaxNumOfInputIpFilters OBJECT-TYPE
  SYNTAX INTEGER
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to the max
     number of input IP filters supported by each device."
::= { mpeSysDevMaxNumOfIpFiltersTableEntry 1 }

mpeSysDevMaxNumOfOutputIpFilters OBJECT-TYPE
  SYNTAX INTEGER
  ACCESS read-only
  STATUS mandatory
  DESCRIPTION
    "The value of this object corresponds directly to the max
    number of Output IP filters supported by each device."
::= { mpeSysDevMaxNumOfIpFiltersTableEntry 2 }

END

