.. _ddos_template_udp: ddos template udp ================= UDP template configuration udp Specification ----------------- ===================================== ================================================================= **Parameter** **Value** ===================================== ================================================================= **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`1210_udp_list` **Collection URI** /axapi/v3/ddos/template/udp **Element Name** udp **Element URI** /axapi/v3/ddos/template/udp/{name} **Element Attributes** udp_attributes **Partition Visibility** shared **Schema** :download:`udp schema ` ===================================== ================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/udp .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/udp .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/udp/{name} .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/udp .. raw:: html :ref:`1210_udp_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/udp/{name} .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/udp/{name} .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/udp .. raw:: html :ref:`1210_udp_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/template/udp/{name} .. raw:: html :ref:`1210_udp_attributes` .. raw:: html
.. _1210_udp_list: udp-list -------- udp-list is **JSON List** of :ref:`1210_udp_attributes` udp-list : [ { :ref:`1210_udp_attributes` }, { :ref:`1210_udp_attributes` }, ... ] .. _1210_udp_attributes: udp attributes -------------- **age** **Description** Configure session age(in minutes) for UDP sessions **Type:** number **Range:** 1-63 **drop-known-resp-src-port-cfg** **Description:** drop-known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1210_drop-known-resp-src-port-cfg` **Type:** Object **drop-ntp-monlist** **Description** Drop NTP monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq} ` **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **previous-salt-timeout** **Description** Token-Authentication previous salt-prefix timeout in minutes, default is 1 min **Type:** number **Range:** 1-10080 **Default:** 1 **public-ipv4-addr** **Description** IP address **Type:** string **Format:** ipv4-address **public-ipv6-addr** **Description** IPV6 address **Type:** string **Format:** ipv6-address **spoof-detect-cfg** **Description:** spoof-detect-cfg is a **JSON Block**. Please see below for :ref:`1210_spoof-detect-cfg` **Type:** Object **token-authentication** **Description** Enable Token Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-formula** **Description** 'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; **Type:** string **Supported Values:** md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort **token-authentication-hw-assist-disable** **Description** token-authentication disable hardware assistance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-public-address** **Description** The server public IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix** **Description** token-authentication salt-prefix **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix-curr** **Description** **Type:** number **Range:** 1-4294967295 **token-authentication-salt-prefix-prev** **Description** **Type:** number **Range:** 1-4294967295 **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1210_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1210_tunnel-encap: tunnel-encap ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1210_tunnel-encap_always` **Type:** Object **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1210_tunnel-encap_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encapsulation using GRE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** gre-encap and ip-encap are mutually exclusive **ip-encap** **Description** Enable Tunnel encapsulation using IP in IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ip-encap and gre-encap are mutually exclusive .. _1210_tunnel-encap_gre-always: tunnel-encap_gre-always ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **preserve-src-ipv4-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1210_tunnel-encap_always: tunnel-encap_always ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **preserve-src-ipv4** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1210_spoof-detect-cfg: spoof-detect-cfg ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-retry-gap** **Description** Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval **Type:** number **Range:** 1-80 **min-retry-gap-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **spoof-detect** **Description** Force client to retry on udp **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spoof-detect-retry-timeout** **Description** timeout in seconds **Type:** number **Range:** 1-31 **Default:** 5 **Mutual Exclusion:** spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive **spoof-detect-retry-timeout-val-only** **Description** timeout in seconds **Type:** number **Range:** 1-31 **Default:** 5 **Mutual Exclusion:** spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive .. _1210_drop-known-resp-src-port-cfg: drop-known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **drop-known-resp-src-port** **Description** Drop well-known if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exclude-src-resp-port** **Description** excluding src port equal destination port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1210_filter-list: filter-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **udp-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters