ddos dst entry l4-type¶
DDOS L4 type
l4-type Specification¶
Type Collection Object Key(s) protocol Collection Name l4-type-list Collection URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type Element Name l4-type Element URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} Element Attributes l4-type_attributes Statistics Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/stats Operational Data URI /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/oper Schema l4-type schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Create List | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Get Object | GET | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Get List | GET | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Modify Object | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} | ||
Replace List | PUT | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} |
l4-type-list¶
l4-type-list is JSON List of l4-type attributes
l4-type-list : [
]
l4-type attributes¶
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for glid-exceed-action
Type: Object
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-exceed-action
Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;
Type: string
Supported Values: drop, black-list
port-ind
Description: port-ind is a JSON Block. Please see below for port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind
protocol
Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for template
Type: Object
topk-sources
Description: topk-sources is a JSON Block. Please see below for topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for tunnel-rate-limit
Type: Object
undefined-port-hit-statistics
Description: undefined-port-hit-statistics is a JSON Block. Please see below for undefined-port-hit-statistics
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
undefined-port-hit-statistics¶
Specification Type object reset-interval
Description Configure port scanning counter reset interval (minutes), Default 60 mins
Type: number
Range: 1-64000
Default: 60
undefined-port-hit-statistics
Description Enable port scanning statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template¶
Specification Type object template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
glid-exceed-action¶
Specification Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for glid-exceed-action_stateless-encap-action-cfg
Type: Object
glid-exceed-action_stateless-encap-action-cfg¶
Specification Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
tunnel-decap¶
Specification Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
tunnel-decap_key-cfg¶
Specification Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
topk-sources¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tunnel-rate-limit¶
Specification Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats l4type-icmp¶
Counter | Size | Description | |
---|---|---|---|
port_src_bl | 8 | Src Blacklisted | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
rate_type2_exceed_drop | 8 | ICMP Type Dst Rate 3 Dropped | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
rate_type2_exceed_bl | 8 | ICMP Type Dst Rate 3 Blacklisted | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
icmpv6_rfc_undef_drop | 8 | ICMPv6 RFC Undef Type Dropped | |
rate_type1_exceed | 8 | ICMP Type Dst Rate 2 Exceeded | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
rate_type0_exceed_drop | 8 | ICMP Type Dst Rate 1 Dropped | |
rate_type1_exceed_bl | 8 | ICMP Type Dst Rate 2 Blacklisted | |
rate_type2_exceed | 8 | ICMP Type Dst Rate 3 Exceeded | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
rate_type0_exceed | 8 | ICMP Type Dst Rate 1 Exceeded | |
type | 8 | ICMP Type | |
frag_rcvd | 8 | Fragmented Packets Received | |
wildcard_bl | 8 | ICMP Type Wildcard Blacklisted | |
icmpv4_rfc_undef_drop | 8 | ICMPv4 RFC Undef Type Dropped | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
rate_type1_exceed_drop | 8 | ICMP Type Dst Rate 2 Dropped | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
type_deny_drop | 8 | ICMP Type Dropped | |
wildcard_deny_drop | 8 | ICMP Type Wildcard Dropped | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
port_rcvd | 8 | Inbound Packets Received | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
src_drop | 8 | Src Packets Dropped | |
port_bytes | 8 | Inbound Bytes Received | |
frag_timeout | 8 | Fragmented Packets Timeout | |
wildcard | 8 | ICMP Type Wildcard | |
frag_drop | 8 | Fragmented Packets Dropped | |
port_drop | 8 | Inbound Packets Dropped | |
rate_type0_exceed_bl | 8 | ICMP Type Dst Rate 1 Blacklisted | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
type_bl | 8 | ICMP Type Blacklisted |
stats other-ipproto¶
Counter | Size | Description | |
---|---|---|---|
filter_none_match | 8 | Filter No Match | |
src_filter3_match | 8 | Src Filter3 Match | |
filter3_match | 8 | Filter3 Match | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
src_filter2_match | 8 | Src Filter2 Match | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
filter_total_not_match | 8 | Filter Not Matched on Pkt | |
filter4_match | 8 | Filter4 Match | |
src_filter4_match | 8 | Src Filter4 Match | |
src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
src_filter_none_match | 8 | Src Filter No Match | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
filter_action_default_pass | 8 | Filter Action Default Pass | |
filter_action_whitelist | 8 | Filter Action Whitelist | |
port_src_bl | 8 | Src Blacklisted | |
frag_timeout | 8 | Fragmented Packets Timeout | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
filter_action_drop | 8 | Filter Action Drop | |
filter1_match | 8 | Filter1 Match | |
filter_auth_fail | 8 | Filter Auth Failed | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
src_filter1_match | 8 | Src Filter1 Match | |
filter_action_blacklist | 8 | Filter Action Blacklist | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
filter5_match | 8 | Filter5 Match | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
src_filter_auth_fail | 8 | Src Filter Auth Failed | |
port_rcvd | 8 | Inbound Packets Received | |
src_filter5_match | 8 | Src Filter5 Match | |
src_filter_action_whitelist | 8 | Src Filter Action Whitelist | |
src_drop | 8 | Src Packets Dropped | |
port_bytes | 8 | Inbound Bytes Received | |
frag_rcvd | 8 | Fragmented Packets Received | |
src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
filter2_match | 8 | Filter2 Match | |
frag_drop | 8 | Fragmented Packets Dropped | |
port_drop | 8 | Inbound Packets Dropped | |
src_filter_action_drop | 8 | Src Filter Action Drop |
stats tcp-port¶
Counter | Size | Description | |
---|---|---|---|
src_ack_auth_fail | 8 | Src ACK Retry Dropped | |
src_well_known_port | 8 | Src TCP SrcPort Wellknown | |
tcp_rexmit_syn_limit_drop | 8 | TCP SYN Retransmit Exceeded Drop | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
filter_total_not_match | 8 | Filter Not Matched on Pkt | |
src_ack_retry_gap_drop | 8 | Src ACK Retry Retry-Gap Dropped | |
filter4_match | 8 | Filter4 Match | |
src_create_conn_non_syn_dropped | 8 | Src Create Conn with non-SYN Packets Dropped | |
sess_aged | 8 | Sessions Aged Out | |
tcp_auth_resp | 8 | TCP Auth Responded | |
pattern_filter1_match | 8 | Extracted Filter1 Match | |
conn_close | 8 | Connections Closed | |
syn_auth_fail | 8 | SYN Auth Failed | |
pattern_filter2_match | 8 | Extracted Filter2 Match | |
syn_retry_init | 8 | SYN Retry Init | |
pattern_filter5_match | 8 | Extracted Filter5 Match | |
wellknown_sport_drop | 8 | TCP SrcPort Wellknown | |
src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
port_syn_rate_exceed | 8 | TCP SYN Rate Exceeded | |
conn_rexmit_rate_excd | 8 | TCP Conn Retransmit Rate Exceeded | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
out_of_seq_excd | 8 | Out-Of-Seq Exceeded | |
conn_close_w_rst | 8 | RST Connections Closed | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
filter_action_default_pass | 8 | Filter Action Default Pass | |
src_ack_retry_rto_progress | 8 | Src ACK Retry RTO Progress | |
src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
src_retransmit_excd | 8 | Src Retransmit Exceeded | |
pattern_filter3_match | 8 | Extracted Filter3 Match | |
tcp_rexmit_syn_limit_bl | 8 | TCP SYN Retransmit Exceeded Blacklist | |
src_ack_retry_timeout | 8 | Src ACK Retry Timeout | |
src_filter5_match | 8 | Src Filter5 Match | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
filter5_match | 8 | Filter5 Match | |
tcp_auth_drop | 8 | TCP Auth Dropped | |
src_filter4_match | 8 | Src Filter4 Match | |
src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
syn_cookie_fail | 8 | SYN Cookie Failed | |
src_syn_retry_rto_fail | 8 | Src SYN Retry RTO Dropped | |
syn_retry_rto_progress | 8 | SYN Retry RTO Progress | |
src_conn_rexmit_rate_excd | 8 | Src TCP Conn Retransmit Rate Exceeded | |
src_out_of_seq_excd | 8 | Src Out-Of-Seq Exceeded | |
rst_cookie_fail | 8 | RST Cookie Failed | |
ack_retry_rto_fail | 8 | ACK Retry RTO Dropped | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
frag_rcvd | 8 | Fragmented Packets Received | |
src_syn_retry_init | 8 | Src SYN Retry Init | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
syn_retry_rto_pass | 8 | SYN Retry RTO Passed | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
filter1_match | 8 | Filter1 Match | |
port_bytes | 8 | Inbound Bytes Received | |
sess_create_inbound | 8 | Inbound Sessions Created | |
filter_auth_fail | 8 | Filter Auth Failed | |
conn_create_from_syn | 8 | Connections Created From SYN | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
src_filter1_match | 8 | Src Filter1 Match | |
src_zero_window_excd | 8 | Src Zero-Window Exceeded | |
pattern_filter4_match | 8 | Extracted Filter4 Match | |
ack_auth_fail | 8 | ACK Retry Dropped | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
src_drop | 8 | Src Packets Dropped | |
syn_retry_blacklist | 8 | SYN Retry Timeout Blacklisted | |
synack_reset_sent | 8 | SYNACK Reset Sent | |
pattern_recognition_pattern_changed | 8 | Pattern Recognition: Pattern Change Detected | |
src_conn_ofo_rate_excd | 8 | Src TCP Conn Out-Of-Seq Rate Exceeded | |
syn_retry_gap_drop | 8 | SYN Retry-Gap Dropped | |
conn_create_from_ack | 8 | Connections Created From ACK | |
filter_none_match | 8 | Filter No Match | |
src_filter3_match | 8 | Src Filter3 Match | |
src_syn_retry_gap_drop | 8 | Src SYN Retry-Gap Dropped | |
syn_drop | 8 | SYN Dropped | |
src_syn_rate_exceed | 8 | Src TCP SYN Rate Exceeded | |
port_conn_rate_exceed | 8 | Conn Rate Exceeded | |
src_syn_retry_timeout | 8 | Src SYN Retry Timeout | |
src_filter_none_match | 8 | Src Filter No Match | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
unauth_drop | 8 | TCP Unauth Dropped | |
src_syn_cookie_sent | 8 | Src SYN Cookie Sent | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
ack_retry_timeout | 8 | ACK Retry Timeout | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
syn_retry_timeout | 8 | SYN Retry Timeout | |
syn_tfo_rcv | 8 | SYN TFO Received | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
src_unauth_drop | 8 | Src TCP Unauth Dropped | |
filter_action_whitelist | 8 | Filter Action WL | |
src_conn_pkt_rate_excd | 8 | Src TCP Conn Pkt Rate Exceeded | |
port_src_bl | 8 | Src Blacklisted | |
frag_timeout | 8 | Fragmented Packets Timeout | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
sess_create_outbound | 8 | Outbound Sessions Created | |
pattern_filter_drop | 8 | Extracted Filter Drop | |
conn_close_w_fin | 8 | FIN Connections Closed | |
src_syn_retry_blacklist | 8 | Src SYN Retry Timeout Blacklisted | |
src_ack_retry_rto_pass | 8 | Src ACK Retry RTO Passed | |
src_conn_zwindow_rate_excd | 8 | Src TCP Conn Zero-Window Rate Exceeded | |
src_ack_retry_init | 8 | Src ACK Retry Init | |
ack_retry_blacklist | 8 | ACK Retry Timeout Blacklisted | |
filter_action_blacklist | 8 | Filter Action Blacklist | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
syn_auth_pass | 8 | SYN Auth Passed | |
syn_retry_rto_fail | 8 | SYN Retry RTO Dropped | |
syn_cookie_sent | 8 | SYN Cookie Sent | |
retransmit_excd | 8 | Retransmit Exceeded | |
src_syn_auth_fail | 8 | Src SYN Auth Failed | |
src_filter_action_whitelist | 8 | Src Filter Action WL | |
zero_window_excd | 8 | Zero-Window Exceeded | |
src_ack_retry_reset | 8 | Src ACK Retry Timeout Reset | |
conn_ofo_rate_excd | 8 | TCP Conn Out-Of-Seq Rate Exceeded | |
filter2_match | 8 | Filter2 Match | |
src_ack_retry_blacklist | 8 | Src ACK Retry Timeout Blacklisted | |
frag_drop | 8 | Fragmented Packets Dropped | |
pattern_not_found | 8 | Pattern Recognitoin: Pattern Not Found | |
syn_retry_reset | 8 | SYN Retry Timeout Reset | |
port_conn_limm_exceed | 8 | Conn Limit Exceeded | |
filter3_match | 8 | Filter3 Match | |
exceed_drop_climit_src | 8 | Src Conn Limit Exceeded | |
conn_close_w_idle | 8 | Idle Connections Closed | |
src_filter2_match | 8 | Src Filter2 Match | |
sess_create | 8 | Session Create | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
ack_retry_pass | 8 | ACK Retry Passed | |
pattern_recognition_generic_error | 8 | Pattern Recognition: Exceptions | |
ack_retry_reset | 8 | ACK Retry Timeout Reset | |
src_syn_cookie_fail | 8 | Src SYN Cookie Failed | |
syn_retry_failed | 8 | SYN Retry Dropped | |
pattern_recognition_sampling_started | 8 | Pattern Recognition: Sampling Started | |
ack_retry_init | 8 | ACK Retry Init | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
ack_retry_gap_drop | 8 | ACK Retry Retry-Gap Dropped | |
create_conn_non_syn_dropped | 8 | Create Conn with non-SYN Packets Dropped | |
syn_retry_pass | 8 | SYN Retry Passed | |
src_syn_retry_failed | 8 | Src SYN Retry Dropped | |
filter_action_drop | 8 | Filter Action Drop | |
src_ack_retry_rto_fail | 8 | Src ACK Retry RTO Dropped | |
conn_zwindow_rate_excd | 8 | TCP Conn Zero-Window Rate Exceeded | |
ack_retry_rto_progress | 8 | ACK Retry RTO Progress | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
pattern_recognition_proceeded | 8 | Pattern Recognition: Engine Started | |
port_drop | 8 | Inbound Packets Dropped | |
ack_retry_rto_pass | 8 | ACK Retry RTO Passed | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
src_filter_auth_fail | 8 | Src Filter Auth Failed | |
src_syn_retry_rto_pass | 8 | Src SYN Retry RTO Passed | |
src_syn_retry_reset | 8 | Src SYN Retry Timeout Reset | |
port_rcvd | 8 | Inbound Packets Received | |
conn_close_half_open | 8 | Half Open Connections Closed | |
synack_multiple_attempts_per_ip_detected | 8 | SYNACK Multiple Attempts Per IP Detected | |
src_syn_retry_rto_progress | 8 | Src SYN Retry RTO Progress | |
conn_prate_excd | 8 | TCP Conn Pkt Rate Exceeded | |
exceed_drop_crate_src | 8 | Src Conn Rate Exceeded | |
src_rst_cookie_fail | 8 | Src RST Cookie Failed | |
src_auth_drop | 8 | Src TCP Auth Dropped | |
src_filter_action_drop | 8 | Src Filter Action Drop |
stats udp-port¶
Counter | Size | Description | |
---|---|---|---|
pattern_filter5_match | 8 | Extracted Filter5 Match | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
src_udp_retry_gap_drop | 8 | Src UDP Retry-Gap Dropped | |
filter4_match | 8 | Filter4 Match | |
spoof_detect_fail | 8 | UDP Retry Timeout | |
sess_aged | 8 | Sessions Aged Out | |
pattern_filter4_match | 8 | Extracted Filter4 Match | |
pattern_filter1_match | 8 | Extracted Filter1 Match | |
pattern_filter2_match | 8 | Extracted Filter2 Match | |
wellknown_sport_drop | 8 | UDP SrcPort Wellknown | |
src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
src_udp_retry_init | 8 | Src UDP Retry Init | |
src_payload_too_small | 8 | Src UDP Payload Too Small | |
src_udp_retry_pass | 8 | Src UDP Retry Passed | |
udp_retry_init | 8 | UDP Retry Init | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
src_filter5_match | 8 | Src Filter5 Match | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
port_bytes | 8 | Inbound Bytes Received | |
frag_rcvd | 8 | Fragmented Packets Received | |
src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
pattern_filter3_match | 8 | Extracted Filter3 Match | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
filter5_match | 8 | Filter5 Match | |
src_filter4_match | 8 | Src Filter4 Match | |
src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
filter_total_not_match | 8 | Filter Not Matched on Pkt | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
payload_too_small | 8 | UDP Payload Too Small | |
src_payload_too_big | 8 | Src UDP Payload Too Large | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
filter1_match | 8 | Filter1 Match | |
ntp_monlist_resp | 8 | NTP Monlist Response | |
sess_create_inbound | 8 | Inbound Sessions Created | |
filter_auth_fail | 8 | Filter Auth Failed | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
src_filter1_match | 8 | Src Filter1 Match | |
udp_retry_pass | 8 | UDP Retry Passed | |
src_udp_auth_drop | 8 | Src UDP Auth Dropped | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
src_drop | 8 | Src Packets Dropped | |
pattern_recognition_pattern_changed | 8 | Pattern Recognition: Pattern Change Detected | |
port_drop | 8 | Inbound Packets Dropped | |
filter_none_match | 8 | Filter No Match | |
src_filter3_match | 8 | Src Filter3 Match | |
ntp_monlist_req | 8 | NTP Monlist Request | |
payload_too_big | 8 | UDP Payload Too Large | |
port_conn_rate_exceed | 8 | Conn Rate Exceeded | |
src_filter_none_match | 8 | Src Filter No Match | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
udp_retry_gap_drop | 8 | UDP Retry-Gap Dropped | |
filter_action_whitelist | 8 | Filter Action Whitelist | |
src_conn_pkt_rate_excd | 8 | Src UDP Conn Pkt Rate Exceeded | |
port_src_bl | 8 | Src Blacklisted | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
sess_create_outbound | 8 | Outbound Sessions Created | |
pattern_filter_drop | 8 | Extracted Filter Drop | |
pattern_recognition_proceeded | 8 | Pattern Recognition: Engine Started | |
src_well_known_port | 8 | Src UDP SrcPort Wellknown | |
filter_action_blacklist | 8 | Filter Action Blacklist | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
src_filter_action_whitelist | 8 | Src Filter Action Whitelist | |
filter2_match | 8 | Filter2 Match | |
frag_drop | 8 | Fragmented Packets Dropped | |
pattern_not_found | 8 | Pattern Recognition: Pattern Not Found | |
port_conn_limm_exceed | 8 | Conn Limit Exceeded | |
filter3_match | 8 | Filter3 Match | |
src_ntp_monlist_resp | 8 | Src NTP Monlist Response | |
src_filter2_match | 8 | Src Filter2 Match | |
sess_create | 8 | Session Create | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
exceed_drop_climit_src | 8 | Src Conn Limit Exceeded | |
udp_auth_drop | 8 | UDP Auth Dropped | |
pattern_recognition_generic_error | 8 | Pattern Recognition: Exceptions | |
src_ntp_monlist_req | 8 | Src NTP Monlist Request | |
pattern_recognition_sampling_started | 8 | Pattern Recognition: Sampling Started | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
filter_action_default_pass | 8 | Filter Action Default Pass | |
filter_action_drop | 8 | Filter Action Drop | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
frag_timeout | 8 | Fragmented Packets Timeout | |
src_filter_auth_fail | 8 | Src Filter Auth Failed | |
port_rcvd | 8 | Inbound Packets Received | |
conn_prate_excd | 8 | UDP Conn Pkt Rate Exceeded | |
exceed_drop_crate_src | 8 | Src Conn Rate Exceeded | |
src_filter_action_drop | 8 | Src Filter Action Drop | |
src_udp_auth_timeout | 8 | Src UDP Retry Timeout |
operational data¶
Counter | Size | Description | |
---|---|---|---|
hw-blacklisted | string | hw-blacklisted | |
entry-displayed-count | number | entry-displayed-count | |
all-l4-types | flag | all-l4-types | |
ddos_entry_list | ddos_entry_list | ||
service-displayed-count | number | service-displayed-count | |
undefined-stats-port-num | number | undefined-stats-port-num | |
undefined-port-hit-stats-wellknown | undefined-port-hit-stats-wellknown | ||
undefined-port-hit-stats-non-wellknown | undefined-port-hit-stats-non-wellknown | ||
undefined-port-hit-statistics | flag | undefined-port-hit-statistics |