{ "id":"/axapi/v3/ddos/template/udp/{name}", "type":"object", "node-type":"list", "title":"udp", "partition-visibility":"shared", "description":"UDP template configuration", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Configure session age(in minutes) for UDP sessions", "optional":true }, "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval", "optional":true }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "tunnel-encap":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"gre-encap", "description":"Enable Tunnel encapsulation using IP in IP" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv4":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv6":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } }, "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"ip-encap", "description":"Enable Tunnel encapsulation using GRE" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv4-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv6-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } } } }, "spoof-detect-cfg":{ "type":"object", "properties":{ "spoof-detect":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Force client to retry on udp" }, "min-retry-gap-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "spoof-detect-retry-timeout-val-only":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "not":"spoof-detect-retry-timeout", "description":"timeout in seconds" }, "min-retry-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval" }, "spoof-detect-retry-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "not":"spoof-detect-retry-timeout-val-only", "description":"timeout in seconds" } } }, "drop-known-resp-src-port-cfg":{ "type":"object", "properties":{ "drop-known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop well-known if src-port is less than 1024" }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"excluding src port equal destination port" } } }, "drop-ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop NTP monlist request/response", "optional":true }, "token-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Token Authentication", "optional":true }, "token-authentication-hw-assist-disable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga,soft-ax", "soft-ax"], "default":0, "partition-visibility":"shared", "description":"token-authentication disable hardware assistance", "optional":true }, "token-authentication-salt-prefix":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"token-authentication salt-prefix", "optional":true }, "token-authentication-salt-prefix-curr":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-salt-prefix-prev":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-formula":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; ", "enum":[ "md5_Salt-SrcIp-SrcPort-DstIp-DstPort", "md5_Salt-DstIp-DstPort", "md5_Salt-SrcIp-DstIp", "md5_Salt-SrcPort-DstPort", "md5_Salt-UintDstIp-DstPort", "sha1_Salt-SrcIp-SrcPort-DstIp-DstPort", "sha1_Salt-DstIp-DstPort", "sha1_Salt-SrcIp-DstIp", "sha1_Salt-SrcPort-DstPort", "sha1_Salt-UintDstIp-DstPort" ], "optional":true }, "previous-salt-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":10080, "default":1, "partition-visibility":"shared", "description":"Token-Authentication previous salt-prefix timeout in minutes, default is 1 min", "optional":true }, "token-authentication-public-address":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The server public IP address", "optional":true }, "public-ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP address", "optional":true }, "public-ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPV6 address", "optional":true }, "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet", "optional":true }, "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}", "array":[ { "properties":{ "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-seq" ] } ] } }, "object-keys":[ "name" ], "required":[ "name" ] }