Junos OS acl IDL - Protocol Documentation

Table of Contents

firewall_service.proto

Top

This file defines the ACL package for JUNOS.

Brief Description of the key concepts associated with this package and functionality is as follows:

ACL is an acronym for Access Control List which is a basic stateless forwarding construct to match on packet content and take a set of actions if packet passes the matching criteria.

An ACL is made up of an ordered set of ACL Entries, which defines how a packet is matched against configured criteria and how it is treated in the event of a match.

Each ACL Entry or ACE defines a set of packet matching criteria and a set of actions to take on the packet if the matching criteria is true. A packet needs to match ALL the matches in an ACE to be considered a match.

A Match is defined by an operation, packet field and value to be matched against. For details on the operations supported and various packet fields that could be matched, refer to the corresponding Enum or Message structure below.

An action determines what to do with the packet when it matches the matching criteria. There are two types of actions, terminating actions and non-terminating actions. Each ACE can have zero or more non-terminating actions and zero or exactly one terminating action. A non-terminating action is one that does not stop the packet from undergoing the rest of the ACL processing. An terminating action is one, that stops the packet from undergoing any further ACL processing.

An attachment point or a bind point is the point in the path of packet processing where the packet is subjected to ACL processing. An attachment point is defined by attachment entity and direction in which the ACL is applied. For example a typical bind point is an interface where a packet is subjected to ACL.

The diagram below depicts an object diagram for a typical ACL. Legends: ACE-1 is the ordered Access List Entry at position 1. ACE-n is the ordered Access List Entry at position n. M-n is the match number n in list of matching criteria in a given ACE. A-n is the action number n in the list of actions for a given ACE. No no more than 1 action could be a terminating action.

+-------+-------+-----+------+ ACL -> | ACE-1 | ACE-2 | ... | ACE-n| +-------+-------+-----+------+ | | | +-----+ +----->| M-1 | +-----+ | M-2 | +-----+ | ... | +-----+ | M-n | +-----+ | | +-----+ +---------->| A-1 | +-----+ | A-2 | +-----+ | ... | +-----+ | A-n | +-----+

AccessList

ACL

FieldTypeLabelDescription
acl_name string optional

AccessList name

acl_type AccessListTypes optional

AccessList type

acl_family AccessListFamilies optional

AccessList family

acl_flag AccessListFlags optional

AccessList flag

ace_list AclEntry repeated

List of Destination addresses

AccessListBindObjPoint

ACL Bind Points

FieldTypeLabelDescription
intf string optional

Bind object - Interface

fwd_table string optional

Bind object - Forwarding Table

vlan AclBindObjVlan optional

Bind object - VLAN

bd AclBindObjBridgeDomain optional

Bind object - Bridge Domain

AccessListCounter

An ACL Counter

FieldTypeLabelDescription
acl AccessList optional

Access list

counter_name string optional

Counter name

AccessListCounterBulk

Bulk ACL Counter

FieldTypeLabelDescription
acl AccessList optional

Access list

starting_index uint32 optional

Starting Index

AccessListCounterVal

Return counter statistics

FieldTypeLabelDescription
counter_name string optional

Counter Name

status AccessListReturnVal optional

Error status

bytes uint64 optional

Byte count

packets uint64 optional

Packet count

AccessListObjBind

Per forwarding element ACL binding

FieldTypeLabelDescription
acl AccessList optional

ACL

obj_type AccessListBindObjType optional

Binding object type

bind_object AccessListBindObjPoint optional

Bind object name where the ACL is to be bound

bind_direction AclBindDirection optional

Bind direction

bind_family AccessListFamilies optional

Family on the bind object. Must match with the ACL family

AccessListPolicer

ACL Policer

FieldTypeLabelDescription
policer_name string optional

Policer name

policer_type AclPolicerType optional

Policer type

policer_flag AclPolicerFlags optional

Policer Flags

policer_params AclPolicerParameter optional

Policer Paremeter

AccessListReturnStatus

ACL Return Status

FieldTypeLabelDescription
status AccessListReturnVal optional

ACL return status value

AccessListVoid

A void message

FieldTypeLabelDescription
void string optional

AclActionCopyToHost

Copy To Client action

FieldTypeLabelDescription
client_name string optional

Client name (upto 64 characters)

AclActionCounter

Counter action

FieldTypeLabelDescription
counter_name string optional

Counter name (upto 64 characters)

AclActionForwardingClass

Action forwarding class by id

FieldTypeLabelDescription
fc AclForwardingClass optional

set forwarding class id

AclActionForwardingPriority

action forwarding priority

FieldTypeLabelDescription
priority uint32 optional

priority

AclActionIflNameIndex

Ifl Index or name in filter action

FieldTypeLabelDescription
ifl_name string optional

Ifl Name

ifl_index uint32 optional

Ifl Index

AclActionLossPriority

action losspriority

FieldTypeLabelDescription
lp AclLossPriority optional

Set loss priority

AclActionNextHop

Next hop

FieldTypeLabelDescription
nh_idx uint32 optional

Next hop index

AclActionNextInterface

action next interface

FieldTypeLabelDescription
rti_name string optional

routing-instance name

ifl AclActionIflNameIndex optional

ifl index or ifl name

AclActionNextIp

action next interface

FieldTypeLabelDescription
rti_name string optional

routing-instance name

addr IpAddress optional

address

prefix_len uint32 optional

Destination prefix length

AclActionPolicer

Police the matching packets

FieldTypeLabelDescription
policer AccessListPolicer optional

The policer

AclActionPolicerInstance

Police the matching packets with respect to template

FieldTypeLabelDescription
policer AccessListPolicer optional

The policer

policer_instance string optional

Policer Instance name

AclActionRoutingInstance

Direct matching packets to a routing-instance

FieldTypeLabelDescription
rt_instance_name string optional

AclActionSendToClient

Send To Client action

FieldTypeLabelDescription
client_name string optional

Client name (upto 64 characters)

AclActionSetIpDscp

action set dscp

FieldTypeLabelDescription
dscp uint32 optional

DSCP for IP and IPv6

AclActionSetNexthop

Next hop action

FieldTypeLabelDescription
nh_idx uint32 optional

Set nh idx

AclActionTopologyRedirect

Redirect matching packets with respect to topology mentioned

FieldTypeLabelDescription
rt_instance_name string optional

RT instance name

topology_name string optional

Topology name

AclAdjacency

Adjacency details of ace placement

FieldTypeLabelDescription
type AclAdjacencyType optional

Type of adjacency placement

ace_name string optional

The previous or the next AC

AclBindObjBridgeDomain

Bridge Domain Elements

FieldTypeLabelDescription
bd_name string optional

Bind object bd name where the ACL is to be bound

rtb_name string optional

Bind object Routing Instance name of bd_name where the ACL is to be bound

AclBindObjVlan

The VLAN objects to which the ACL can be bound

FieldTypeLabelDescription
vlan_name string optional

Bind object VLAN name where the ACL is to be bound

rtb_name string optional

Bind object Routing Instance name of vlan_name where the ACL is to be bound

AclCccEntry

CCC ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchCcc optional

Matches

actions AclEntryCccAction optional

Actions

AclEntry

An ACL entry. It could be one of type of families.

FieldTypeLabelDescription
inet_entry AclInetEntry optional

For Inet family

es_entry AclEsEntry optional

For Ethernet Switching family

inet6_entry AclInet6Entry optional

For Inet6 family

vpls_entry AclVplsEntry optional

For vpls family

ccc_entry AclCccEntry optional

For ccc family

mservice_entry AclMultiServiceEntry optional

For multiservices family

mpls_entry AclMplsEntry optional

For mpls family

AclEntryCccAction

ACL CCC Action

FieldTypeLabelDescription
actions_nt AclEntryCccNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryCccTerminatingAction optional

One terminating action

AclEntryCccNonTerminatingAction

Non-terminating ACL CCC Actions

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

action_sample AclBooleanType optional

Sample

action_copy_to_host AclActionCopyToHost optional

Copy of matching packets to host client name

AclEntryCccTerminatingAction

Terminating ACL CCC Actions

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_send_to_client AclActionSendToClient optional

Direct matching packets to client name

action_send_to_host AclBooleanType optional

Direct matching packets to host

AclEntryEsAction

ACL Action

FieldTypeLabelDescription
actions_nt AclEntryEsNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryEsTerminatingAction optional

One terminating action

AclEntryEsNonTerminatingAction

Non-terminating ACL Action

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

action_next_term AclBooleanType optional

Next Term

action_lp AclActionLossPriority optional

Loss priority

AclEntryEsTerminatingAction

Terminating ACL Action

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_nh AclActionNextHop optional

Next hop

action_send_to_host AclBooleanType optional

Send to host

AclEntryInet6Action

ACL inet6 Actions

FieldTypeLabelDescription
actions_nt AclEntryInet6NonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryInet6TerminatingAction optional

One terminating action

AclEntryInet6NonTerminatingAction

Non-terminating ACL inet6 Actions

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

action_sample AclBooleanType optional

Sample

action_next_term AclBooleanType optional

Next Term

action_port_mirror AclBooleanType optional

port mirror action

action_lp AclActionLossPriority optional

set loss priority to matched packets

action_fwd_class AclActionForwardingClass optional

set Forwarding class to matched packets

action_fwd_priority AclActionForwardingPriority optional

set Forwarding Priority to matched packets

action_next_intf AclActionNextInterface optional

set Next interface to matched packets

action_next_ip AclActionNextIp optional

set Next IPv4 to matched packets

action_ip_dscp AclActionSetIpDscp optional

set IP DSCP to matched packets

action_copy_to_host AclActionCopyToHost optional

Copy of matching packets to host client name

action_policer_inst AclActionPolicerInstance optional

Police the matching packets. Ensure that policer exists before using it.

AclEntryInet6TerminatingAction

Terminating ACL inet6 Actions

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_reject AclEntryActionRejectReason optional

Reject the matching packets

action_rt_inst AclActionRoutingInstance optional

Direct matching packets to a routing instance

action_topo_redirect AclActionTopologyRedirect optional

Direct matching packets to a routing instance

action_send_to_client AclActionSendToClient optional

client name

action_send_to_host AclBooleanType optional

Direct matching packets to host

action_nh AclActionSetNexthop optional

set nexthop idx

AclEntryInetAction

ACL Action

FieldTypeLabelDescription
actions_nt AclEntryInetNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryInetTerminatingAction optional

One terminating action

AclEntryInetNonTerminatingAction

Non-terminating ACL Action

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. / Ensure that policer exists before using it.

action_sample AclBooleanType optional

Sample

action_next_term AclBooleanType optional

Next Term

AclEntryInetTerminatingAction

Terminating ACL Action

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_reject AclEntryActionRejectReason optional

Reject the matching packets

action_rt_inst AclActionRoutingInstance optional

Direct matching packets to a routing instance

AclEntryMatchCcc

CCC Matches and Actions

FieldTypeLabelDescription
match_pkt_len AclMatchPktLen repeated

List of Packet lengths

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit like ge-0/0/1.0 or IFL index)

ether_types AclMatchEtherType repeated

List of Ether type match

match_src_macs AclMatchMacAddress repeated

List Source MAC match

match_dst_macs AclMatchMacAddress repeated

List Destination MAC match

cfm_opcodes AclMatchCfmOpcode repeated

List of CFM Opcode match

cfm_levels AclMatchCfmLevel repeated

List of CFM Level match

match_flex_range AclMatchFlexibleOffsetRange optional

Flex Ranges

match_flex_mask AclMatchFlexibleOffsetMask optional

Flex Masks

AclEntryMatchEs

An ACL Match

FieldTypeLabelDescription
match_dst_mac_addrs AclMatchMacAddress repeated

List of Destination mac addresses

match_src_mac_addrs AclMatchMacAddress repeated

List of Source mac addresses

match_dst_ports AclMatchPort repeated

List of Destination ports

match_src_ports AclMatchPort repeated

List of Source ports

match_dscp_code AclMatchDscpCode repeated

List of Dscp code points

match_protocols AclMatchProtocol repeated

List of Protocols

match_icmp_type AclMatchIcmpType repeated

List of Icmp types

match_icmp_code AclMatchIcmpCode repeated

List of Icmp codes

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index)

match_ether_type AclMatchEtherType repeated

match_learn_vlan_id AclMatchLearnVlanId repeated

match_learn_vlan_priority AclMatchLearnVlanPriority repeated

AclEntryMatchInet

An ACL Match

FieldTypeLabelDescription
match_dst_addrs AclMatchIpAddress repeated

List of Destination addresses

match_src_addrs AclMatchIpAddress repeated

List of Source addresses

match_dst_ports AclMatchPort repeated

List of Destination ports

match_src_ports AclMatchPort repeated

List of Source ports

match_dscp_code AclMatchDscpCode repeated

List of Dscp code points

match_protocols AclMatchProtocol repeated

List of Protocols

match_icmp_type AclMatchIcmpType repeated

List of Icmp types

match_icmp_code AclMatchIcmpCode repeated

List of Icmp codes

match_pkt_len AclMatchPktLen repeated

List of Packet lengths

match_ttl AclMatchTtl repeated

List of Ttl's

fragment_flags AclFragmentFlags optional

Fragment flag

match_frag_offset AclMatchFragmentOffset repeated

List of fragment offset range

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index)

match_ip_precedence AclMatchIpPrecedence repeated

List of ip precedence

match_addrs AclMatchIpAddress repeated

List of Addresses

match_ports AclMatchPort repeated

List of Ports

match_flex_range AclMatchFlexibleOffsetRange optional

Flex Ranges

match_flex_mask AclMatchFlexibleOffsetMask optional

Flex Masks

AclEntryMatchInet6

Inet6 Matches and actions

FieldTypeLabelDescription
match_dst_addrs AclMatchIpAddress repeated

List of Destination addresses

match_src_addrs AclMatchIpAddress repeated

List of Source addresses

match_dst_ports AclMatchPort repeated

List of Destination ports

match_src_ports AclMatchPort repeated

List of Source ports

match_dscp_code AclMatchDscpCode repeated

List of Dscp code points

payload_protocols AclMatchProtocol repeated

List of Protocols

match_icmp_type AclMatchIcmpType repeated

List of Icmp types

match_icmp_code AclMatchIcmpCode repeated

List of Icmp codes

match_pkt_len AclMatchPktLen repeated

List of Packet lengths

fragment_flags AclFragmentFlags optional

Fragment flag

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index)

match_traffic_classes AclMatchTrafficClass repeated

List of traffic classes

match_addrs AclMatchIpAddress repeated

List of Addresses

match_flex_range AclMatchFlexibleOffsetRange optional

Flex Ranges

match_flex_mask AclMatchFlexibleOffsetMask optional

Flex Masks

ipv6_next_headers AclMatchNextHeader repeated

List of Next Header match

match_loss_priority AclMatchLossPriority repeated

List of Loss Priority

match_fwd_class AclMatchForwardingClass repeated

List of Forwarding Class

match_ports AclMatchPort repeated

List of Ports

AclEntryMatchMpls

Mpls Matches and Actions

FieldTypeLabelDescription
match_label1 AclMatchMplsLabel repeated

Label-1 match

match_label2 AclMatchMplsLabel repeated

Label-2 match

match_label3 AclMatchMplsLabel repeated

Label-3 match

match_flex_range AclMatchFlexibleOffsetRange optional

Flex Ranges

match_flex_mask AclMatchFlexibleOffsetMask optional

Flex Masks

AclEntryMatchMultiService

multiservices Matches and Actions

FieldTypeLabelDescription
match_dst_addrs AclMatchIpAddress repeated

List of Destination addresses (V4)

match_src_addrs AclMatchIpAddress repeated

List of Source addresses (V4)

match_addrs AclMatchIpAddress repeated

List of addresses (V4)

match_dst_ports AclMatchPort repeated

List of Destination ports

match_src_ports AclMatchPort repeated

List of Source ports

match_ip_protocols AclMatchProtocol repeated

List of Protocols

payload_protocols AclMatchProtocol repeated

List of Protocols

match_icmp_type AclMatchIcmpType repeated

List of Icmp types

match_icmp_code AclMatchIcmpCode repeated

List of Icmp codes

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit like ge-0/0/1.0 or IFL index)

ipv6_next_headers AclMatchNextHeader repeated

List of Next Header match

ether_types AclMatchEtherType repeated

List of Ether type match

match_src_macs AclMatchMacAddress repeated

List Source MAC match

match_dst_macs AclMatchMacAddress repeated

List Destination MAC match

vlan_ether_types AclMatchEtherType repeated

List of Ether type match

stp_state AclStpMatchFlags optional

STP state match

mesh_group_ids AclMatchMeshGroup repeated

List of mesh group id match

l2_tokens AclMatchL2Token repeated

List of L2 token match

match_pkt_len AclMatchPktLen repeated

List of Packet lengths

AclEntryMatchVpls

VPLS Matches and Actions

FieldTypeLabelDescription
match_dst_addrs AclMatchIpAddress repeated

List of Destination addresses (V4)

match_src_addrs AclMatchIpAddress repeated

List of Source addresses (V4)

match_dst_v6_addrs AclMatchIpAddress repeated

List of Destination addresses (V6)

match_src_v6_addrs AclMatchIpAddress repeated

List of Source addresses (V6)

match_dst_ports AclMatchPort repeated

List of Destination ports

match_src_ports AclMatchPort repeated

List of Source ports

match_dscp_code AclMatchDscpCode repeated

List of Dscp code points

match_ip_protocols AclMatchProtocol repeated

List of Protocols

payload_protocols AclMatchProtocol repeated

List of Protocols

match_icmp_type AclMatchIcmpType repeated

List of Icmp types

match_icmp_code AclMatchIcmpCode repeated

List of Icmp codes

ifl_names AclMatchIflNameIndex repeated

Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index)

match_traffic_classes AclMatchTrafficClass repeated

List of traffic classes

ipv6_next_headers AclMatchNextHeader repeated

List of Next Header match

ether_types AclMatchEtherType repeated

List of Ether type match

match_src_macs AclMatchMacAddress repeated

List Source MAC match

match_dst_macs AclMatchMacAddress repeated

List Destination MAC match

vlan_ether_types AclMatchEtherType repeated

List of Ether type match

learn_vlan_ids AclMatchVlanId repeated

List of Vlan Id match

user_vlan_ids AclMatchVlanId repeated

List of Vlan Id match

learn_vlan_priority AclMatchLearnVlanPriority repeated

List of Vlan Id match

stp_state AclStpMatchFlags optional

STP state match

mesh_group_ids AclMatchMeshGroup repeated

List of mesh group id match

cfm_opcodes AclMatchCfmOpcode repeated

List of CFM Opcode match

cfm_levels AclMatchCfmLevel repeated

List of CFM Level match

l2_tokens AclMatchL2Token repeated

List of L2 token match

match_v6_addrs AclMatchIpAddress repeated

List of Ipv6 addresses (V6)

match_flex_range AclMatchFlexibleOffsetRange optional

Flex Ranges

match_flex_mask AclMatchFlexibleOffsetMask optional

Flex Masks

match_pkt_len AclMatchPktLen repeated

List of Packet lengths

AclEntryMplsAction

ACL Mpls Action

FieldTypeLabelDescription
actions_nt AclEntryMplsNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryMplsTerminatingAction optional

One terminating action

AclEntryMplsNonTerminatingAction

Non-terminating ACL MPLS Actions

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

AclEntryMplsTerminatingAction

Terminating ACL MPLS Actions

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

AclEntryMultiServiceAction

ACL Multi Service Actions

FieldTypeLabelDescription
actions_nt AclEntryMultiServiceNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryMultiServiceTerminatingAction optional

One terminating action

AclEntryMultiServiceNonTerminatingAction

Non-terminating ACL Multi Service Actions

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

action_sample AclBooleanType optional

Sample

action_next_term AclBooleanType optional

Next Term

action_copy_to_host AclActionCopyToHost optional

Copy of matching packets to host

AclEntryMultiServiceTerminatingAction

Terminating ACL Multi Service Actions

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_send_to_client AclActionSendToClient optional

Direct matching packets to client name

action_send_to_host AclBooleanType optional

Direct matching packets to host

AclEntryVplsAction

ACL VPLS Action

FieldTypeLabelDescription
actions_nt AclEntryVplsNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryVplsTerminatingAction optional

One terminating action

AclEntryVplsNonTerminatingAction

Non-terminating ACL Vpls Actions

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. Ensure that policer exists before using it.

action_sample AclBooleanType optional

Sample

action_next_term AclBooleanType optional

Next Term

action_no_mac_learn AclBooleanType optional

No Mac Learn

action_copy_to_host AclActionCopyToHost optional

Copy of matching packets to host client name

AclEntryVplsTerminatingAction

Terminating ACL Vpls Actions

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_send_to_client AclActionSendToClient optional

Direct matching packets to client name

action_send_to_host AclBooleanType optional

Direct matching packets to host

action_nh AclActionSetNexthop optional

set nexthop idx

AclEsEntry

An Inet ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchEs optional

Matches

actions AclEntryEsAction optional

Actions

AclInet6Entry

An Inet6 ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchInet6 optional

Matches

actions AclEntryInet6Action optional

Actions

AclInetEntry

An Inet ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchInet optional

Matches

actions AclEntryInetAction optional

Actions

AclMatchCfmLevel

CFM Level match condition

FieldTypeLabelDescription
cfm_level uint32 optional

cfm_level value

match_op AclMatchOperation optional

AclMatch op

AclMatchCfmOpcode

CFM opcode match condition

FieldTypeLabelDescription
min uint32 optional

Minimum cfm opcode value

max uint32 optional

Maximum cfm opcode Value

match_op AclMatchOperation optional

AclMatch op

AclMatchDscpCode

DSCP (diffserv code point) match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Dscp code

max uint32 optional

Maximum Dscp code

match_op AclMatchOperation optional

AclMatch op

AclMatchEtherType

EtherType Match

FieldTypeLabelDescription
min uint32 optional

Minimum Ether type

max uint32 optional

Maximum Ether type

match_op AclMatchOperation optional

AclMatch op

AclMatchFlexOffset

Flex Offset range matches

FieldTypeLabelDescription
min uint32 optional

Minimum range value

max uint32 optional

Maximum range value

match_op AclMatchOperation optional

AclMatch op

AclMatchFlexibleMask

A Flexible Mask Match

FieldTypeLabelDescription
start_offset AclEntryMatchFlexStartOffest optional

Flex match start offset

bit_length uint32 optional

Flex match bit length (0 - 32)

bit_offset uint32 optional

Flex match bit offset (0 - 7)

byte_offset uint32 optional

Flex match byte offset

mask uint32 optional

Flex match mask

prefix_string string optional

32 Bit, Flex match value in hex format (0x12345678)

AclMatchFlexibleOffsetMask

A Flexible Offset Mask Match

FieldTypeLabelDescription
flex_mask_match AclMatchFlexibleMask optional

Flexible mask match

AclMatchFlexibleOffsetRange

A Flexible Offset Range Match

FieldTypeLabelDescription
flex_range_match AclMatchFlexibleRange optional

Flexible range match

AclMatchFlexibleRange

A Flexible Range Match

FieldTypeLabelDescription
start_offset AclEntryMatchFlexStartOffest optional

Flex match start offset

bit_length uint32 optional

Flex match bit length (0 - 32)

bit_offset uint32 optional

Flex match bit offset (0 - 7)

byte_offset uint32 optional

Flex match byte offset

range AclMatchFlexOffset optional

Flex match range value

AclMatchForwardingClass

Forwarding class match condition

FieldTypeLabelDescription
fwd_class AclForwardingClass optional

Loss Priority match

match_op AclMatchOperation optional

AclMatch op

AclMatchFragmentOffset

Fragment offset match condition for IPv4

FieldTypeLabelDescription
min uint32 optional

Fragment offset range start

max uint32 optional

Fragment offset range start

match_op AclMatchOperation optional

AclMatch op

AclMatchIcmpCode

ICMP code match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Icmp code

max uint32 optional

Maximum Icmp code

match_op AclMatchOperation optional

AclMatch op

AclMatchIcmpType

ICMP type match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Icmp type

max uint32 optional

Maximum Icmp type

match_op AclMatchOperation optional

AclMatch op

AclMatchIflNameIndex

Ifl Index or name

FieldTypeLabelDescription
ifl_name string optional

Ifl Name

ifl_index uint32 optional

Ifl Index

AclMatchIpAddress

Destination Address match condition

FieldTypeLabelDescription
addr IpAddress optional

address

prefix_len uint32 optional

Destination prefix length

match_op AclMatchOperation optional

AclMatch op

AclMatchIpPrecedence

Ip Precedence match

FieldTypeLabelDescription
min Precedence optional

Minimum precedence

max Precedence optional

Maximum precedence

match_op AclMatchOperation optional

AclMatch op

AclMatchL2Token

L2 token match condition

FieldTypeLabelDescription
token uint32 optional

L2 token value

match_op AclMatchOperation optional

AclMatch op

AclMatchLearnVlanId

Learn VLAN ID Match

FieldTypeLabelDescription
min uint32 optional

Minimum Learn vlan id

max uint32 optional

Maximum Learn vLan id

match_op AclMatchOperation optional

AclMatch op

AclMatchLearnVlanPriority

Learn VLAN Priority Match

FieldTypeLabelDescription
min uint32 optional

Minimum Learn vlan priority

max uint32 optional

Maximum Learn vLan priority

match_op AclMatchOperation optional

AclMatch op

AclMatchLossPriority

Loss Priority match condition

FieldTypeLabelDescription
lp AclLossPriority optional

Loss Priority match

match_op AclMatchOperation optional

AclMatch op

AclMatchMacAddress

Mac Address match condition

FieldTypeLabelDescription
addr MacAddress optional

Mac address

addr_len uint32 optional

Mac address length

match_op AclMatchOperation optional

AclMatch op

AclMatchMeshGroup

Mesh Group match condition

FieldTypeLabelDescription
mesh_group_id uint32 optional

mesh_group_id value

match_op AclMatchOperation optional

AclMatch op

AclMatchMplsLabel

Mpls label match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Label value

max uint32 optional

Maximum Label Value

match_op AclMatchOperation optional

AclMatch op

AclMatchNextHeader

NextHeader match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Label value

max uint32 optional

Maximum Label Value

match_op AclMatchOperation optional

AclMatch op

AclMatchPktLen

Packet length match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Packet length

max uint32 optional

Maximum Packet length

match_op AclMatchOperation optional

AclMatch op

AclMatchPort

Port match condition

FieldTypeLabelDescription
min int32 optional

Minimum port

max int32 optional

Maximum port

match_op AclMatchOperation optional

AclMatch op

AclMatchProtocol

IP Protocol match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Protocol number

max uint32 optional

Maximum Protocol number

match_op AclMatchOperation optional

AclMatch op

AclMatchTrafficClass

Traffic class match

FieldTypeLabelDescription
min int32 optional

Minimum value

max int32 optional

Maximum value

match_op AclMatchOperation optional

AclMatch op

AclMatchTtl

TTL (Time to live) match condition for IPv4

FieldTypeLabelDescription
min uint32 optional

Minimum Time to live

max uint32 optional

Maximum Time to live

match_op AclMatchOperation optional

AclMatch op

AclMatchVlanId

VlanId match condition

FieldTypeLabelDescription
min uint32 optional

Minimum Label value

max uint32 optional

Maximum Label Value

match_op AclMatchOperation optional

AclMatch op

AclMplsEntry

MPLS ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchMpls optional

Matches

actions AclEntryMplsAction optional

Actions

AclMultiServiceEntry

MultiServices ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchMultiService optional

Matches

actions AclEntryMultiServiceAction optional

Actions

AclPolicerHierarchical

Hierarchical Policer parameters

FieldTypeLabelDescription
aggregate_rate_unit AclPolicerRate optional

Bandwidth unit

aggregate_rate uint64 optional

Bandwidth rate

aggregate_burst_size_unit AclPolicerBurstSize optional

Burst unit

aggregate_burst_size uint64 optional

Burst size

premium_rate_unit AclPolicerRate optional

Bandwidth unit

premium_rate uint64 optional

Bandwidth rate

premium_burst_size_unit AclPolicerBurstSize optional

Burst unit

premium_burst_size uint64 optional

Burst size

discard AclBooleanType optional

Discard action

AclPolicerParameter

Policer Parameter

FieldTypeLabelDescription
two_color_parameter AclPolicerTwoColor optional

Two color

sr_three_color_parameter AclPolicerSingleRateThreeColor optional

Three color

tr_three_color_parameter AclPolicerTwoRateThreeColor optional

Three color

hierarchical_parameter AclPolicerHierarchical optional

Hierarchcical

AclPolicerSingleRateThreeColor

Policer parameter for single rate three color policer

FieldTypeLabelDescription
committed_rate_unit AclPolicerRate optional

Bandwidth unit

committed_rate uint64 optional

Bandwidth rate

committed_burst_unit AclPolicerBurstSize optional

Burst unit

committed_burst_size uint64 optional

Burst size

excess_burst_size uint64 optional

Burst size

excess_burst_unit AclPolicerBurstSize optional

Burst unit

discard AclBooleanType optional

Discard action

color_mode AclColorModeType optional

Color mode

AclPolicerTwoColor

Policer parameter for two color policer

FieldTypeLabelDescription
bw_unit AclPolicerRate optional

Bandwidth unit

bandwidth uint64 optional

Bandwidth rate

burst_unit AclPolicerBurstSize optional

Burst unit

burst_size uint64 optional

Burst size

lp AclLossPriority optional

Loss priority

fc_string string optional

Forwarding class.

discard AclBooleanType optional

Discard action

AclPolicerTwoRateThreeColor

Policer parameter for two rate three color policer

FieldTypeLabelDescription
committed_rate_unit AclPolicerRate optional

Bandwidth unit

committed_rate uint64 optional

Bandwidth rate

committed_burst_unit AclPolicerBurstSize optional

Burst unit

committed_burst_size uint64 optional

Burst size

excess_rate_unit AclPolicerRate optional

Bandwidth unit

excess_rate uint64 optional

Bandwidth rate

excess_burst_unit AclPolicerBurstSize optional

Burst unit

excess_burst_size uint64 optional

Burst size

discard AclBooleanType optional

Discard action

color_mode AclColorModeType optional

AclVplsEntry

VPLS ACL entry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

AclEntry operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchVpls optional

Matches

actions AclEntryVplsAction optional

Actions

AccessListBindObjType

The forwarding element entities to which the ACL can be bound.

NameNumberDescription
ACL_BIND_OBJ_TYPE_INVALID 0

Invalid

ACL_BIND_OBJ_TYPE_INTERFACE 1

Interface

ACL_BIND_OBJ_TYPE_FWD_TABLE 2

Forwarding table

ACL_BIND_OBJ_TYPE_VLAN 3

Forwarding table

ACL_BIND_OBJ_TYPE_BRG_DOMAIN 4

Bridge domain

AccessListFamilies

AccessList Families.

NameNumberDescription
ACL_FAMILY_INVALID 0

Invalid

ACL_FAMILY_INET 1

IPv4 family

ACL_FAMILY_INET6 2

IPv6 family

ACL_FAMILY_ES 3

Ethernet Switching family

ACL_FAMILY_VPLS 4

VPLS family

ACL_FAMILY_MULTISERVICE 5

MULTISERVICE family

ACL_FAMILY_CCC 6

CCC family

ACL_FAMILY_MPLS 7

MPLS family

AccessListFlags

Any proprietory flag to be enabled at the ACL level.

NameNumberDescription
ACL_FLAGS_NONE 0

None

AccessListReturnVal

Return values for the RPCs.

NameNumberDescription
ACL_STATUS_EOK 0

Success

ACL_STATUS_NULL_MESSAGE 1

The RPC was a NULL buffer

ACL_STATUS_EINVALID_MESSAGE 2

Wrong input

ACL_STATUS_EINTERNAL 3

Server Internal error

ACL_STATUS_EUNSUPPORTED_OP 4

Operation not supported

ACL_STATUS_NO_RESOURCE 5

Resource not available at server

ACL_STATUS_BS_TIMEOUT 6

Bulk Stats timeout

AccessListTypes

AccessList types.

NameNumberDescription
ACL_TYPE_INVALID 0

Invalid ACL type

ACL_TYPE_CLASSIC 1

Classic ACL type

AclAdjacencyType

Adjacency Type which determines the ACE order in an ACL

NameNumberDescription
ACL_ADJACENCY_NONE 0

For first ace

ACL_ADJACENCY_AFTER 1

Add next to the given ace

ACL_ADJACENCY_BEFORE 2

Add before the given ace

AclBindDirection

Direction in which an ACL is bound.

NameNumberDescription
ACL_BIND_DIRECTION_INVALID 0

Invalid bind direction

ACL_BIND_DIRECTION_INPUT 1

Bind on ingress

ACL_BIND_DIRECTION_OUTPUT 2

Bind on egress

AclBooleanType

Boolean types

NameNumberDescription
ACL_FALSE 0

ACL_TRUE 1

AclColorModeType

Color mode for SRTCM and TRTCM

NameNumberDescription
ACL_COLOR_MODE_INVALID 0

Invalid Color Mode

ACL_COLOR_MODE_COLOR_BLIND 1

Color Blind

ACL_COLOR_MODE_COLOR_AWARE 2

Color Aware

AclEntryActionRejectReason

NameNumberDescription
ACL_ACTION_REJECT_ADMINISTRATIVELY_PROHIBITED 0

Send ICMP Administratively Prohibited message

ACL_ACTION_REJECT_BAD_HOST_TOS 1

Send ICMP Bad Host ToS message

ACL_ACTION_REJECT_BAD_NETWORK_TOS 2

Send ICMP Bad Network ToS message

ACL_ACTION_REJECT_FRAGMENTATION_NEEDED 3

Send ICMP Fragmentation Needed message

ACL_ACTION_REJECT_HOST_PROHIBITED 4

Send ICMP Host Prohibited message

ACL_ACTION_REJECT_HOST_UNKNOWN 5

Send ICMP Host Unknown message

ACL_ACTION_REJECT_HOST_UNREACHABLE 6

Send ICMP Host Unreachable message

ACL_ACTION_REJECT_NETWORK_PROHIBITED 7

Send ICMP Network Prohibited message

ACL_ACTION_REJECT_NETWORK_UNKNOWN 8

Send ICMP Network Unknown message

ACL_ACTION_REJECT_NETWORK_UNREACHABLE 9

Send ICMP Network Unreachable message

ACL_ACTION_REJECT_PORT_UNREACHABLE 10

Send ICMP Port Unreachable message

ACL_ACTION_REJECT_PRECEDENCE_CUTOFF 11

Send ICMP Precedence Cutoff message

ACL_ACTION_REJECT_PRECEDENCE_VIOLATION 12

Send ICMP Precedence Violation message

ACL_ACTION_REJECT_PROTOCOL_UNREACHABLE 13

Send ICMP Protocol Unreachable message

ACL_ACTION_REJECT_SOURCE_HOST_ISOLATED 14

Send ICMP Source Host Isolated message

ACL_ACTION_REJECT_SOURCE_ROUTE_FAILED 15

Send ICMP Source Route Failed message

ACL_ACTION_REJECT_TCP_RESET 16

Send TCP Reset message

AclEntryMatchFlexStartOffest

Flexible Start Offset Match Conditions

NameNumberDescription
ACL_FLEX_MATCH_OFFSET_INVALID 0

Invalid Flex match start offset

ACL_FLEX_MATCH_OFFSET_LAYER_THREE 1

Layer-3 Flex match start offset

ACL_FLEX_MATCH_OFFSET_LAYER_FOUR 2

Layer-4 Flex match start offset

ACL_FLEX_MATCH_OFFSET_PAYLOAD 3

Payload Flex match start offset

AclEntryOperation

ACL Entry operation

NameNumberDescription
ACL_ENTRY_OPERATION_INVALID 0

Invalid ACE operation

ACL_ENTRY_OPERATION_ADD 1

Add a new ACE. Can be used with Add ACL, Change ACL, replace ACL API's

ACL_ENTRY_OPERATION_DELETE 2

Delete a existing ace. Can be used with change ACL API

ACL_ENTRY_OPERATION_REPLACE 3

Replace a existing ace. Must provide adjacency details to preserve the order of the ace. Can be used with Change ACL API

AclForwardingClass

Forwarding Class

NameNumberDescription
ACL_FORWARDING_CLASS_INVALID 0

Invalid ACL forwarding class

ACL_FORWARDING_CLASS_ASSURED 1

Assured

ACL_FORWARDING_CLASS_BEST_EFFORT 2

Best effort

ACL_FORWARDING_CLASS_EXPEDITED 3

Expidited

ACL_FORWARDING_CLASS_NETWORK_CONTROL 4

Network Control

AclFragmentFlags

Fragment Flags

NameNumberDescription
ACL_FRAGMENT_NONE 0

None

ACL_DONT_FRAGMENT 1

Dont fragment flag

ACL_IS_FRAGMENT 2

Is fragment flag

ACL_FIRST_FRAGMENT 3

First fragment flag

ACL_LAST_FRAGMENT 4

More last fragment flag

AclLossPriority

Loss Priority

NameNumberDescription
ACL_LOSS_PRIORITY_INVALID 0

Invalid Loss Priority

ACL_LOSS_PRIORITY_HIGH 1

Loss Priority HIGH

ACL_LOSS_PRIORITY_MEDIUM_HIGH 2

Loss Priority MEDIUM-HIGH

ACL_LOSS_PRIORITY_MEDIUM_LOW 3

Loss priority - MEDIUM-LOW

ACL_LOSS_PRIORITY_LOW 4

Loss priority - LOW

AclMatchOperation

Supported Match Operations

NameNumberDescription
ACL_MATCH_OP_INVALID 0

Invalid match operation

ACL_MATCH_OP_EQUAL 1

Match operation equal

ACL_MATCH_OP_NOT_EQUAL 2

Match operation not equal

AclPolicerBurstSize

Policer Burst Size

NameNumberDescription
ACL_POLICER_BURST_SIZE_INVALID 0

Invalid Policer Burst Size

ACL_POLICER_BURST_SIZE_BYTE 1

Bytes

ACL_POLICER_BURST_SIZE_KBYTE 2

KiloBytes

ACL_POLICER_BURST_SIZE_MBYTE 3

MegaBytes

ACL_POLICER_BURST_SIZE_GBYTE 4

GigaBytes

AclPolicerFlags

Policer Flags

NameNumberDescription
ACL_POLICER_FLAG_INVALID 0

Invalid Policer Flag

ACL_POLICER_FLAG_TERM_SPECIFIC 1

The policer instance is activated for each ACE its referenced.

ACL_POLICER_FLAG_FILTER_SPECIFIC 2

The policer instance is activated at global ACL level.

AclPolicerRate

Policer Rate unit

NameNumberDescription
ACL_POLICER_RATE_INVALID 0

Invalid Policer Rate

ACL_POLICER_RATE_BPS 1

Bits per second

ACL_POLICER_RATE_KBPS 2

Kilobits per second

ACL_POLICER_RATE_MBPS 3

Megabits per second

ACL_POLICER_RATE_GBPS 4

Gigabits per second

AclPolicerType

Various ACL Policer Type

NameNumberDescription
ACL_POLICER_INVALID 0

Invalid policer type

ACL_TWO_COLOR_POLICER 1

Single rate two color

ACL_SINGLE_RATE_THREE_COLOR_POLICER 2

Single rate three color

ACL_TWO_RATE_THREE_COLOR_POLICER 3

Two rate three color

ACL_HIERARCHICAL_POLICER 4

Hierarchical

AclStpMatchFlags

STP match Flags

NameNumberDescription
ACL_MATCH_STP_FLAG_INVALID 0

Invalid STP flag

ACL_MATCH_STP_FLAG_BLOCKING 1

Match BLOCKING STP flag

ACL_MATCH_STP_FLAG_FORWARDING 2

Match FORWARDING STP flag

Precedence

Precedence

NameNumberDescription
ACL_PRECENCE_ROUTINE 0

Routine precedence

ACL_PRECENCE_PRIORITY 1

Priority precedence

ACL_PRECENCE_IMMEDIATE 2

Immediate precedence

ACL_PRECENCE_FLASH 3

Flash precedence

ACL_PRECENCE_FLASH_OVERRIDE 4

Flash override precedence

ACL_PRECENCE_CRITICAL_ECP 5

Critical ecp precedence

ACL_PRECENCE_INTERNET_CONTROL 6

Internet control precedence

ACL_PRECENCE_NET_CONTROL 7

Network control precedence

AclService

ACL Service APIs defines a set of simple RPCs to operate upon the various components, viz. - ACL

- ACE

- Policer

- Attachment Points

- Statistics

Each of RPCs are named by concatenating the corresponding ACL object and the operation to be performed. This gives an easy to understand semantics to the RPCs.

Method NameRequest TypeResponse TypeDescription
AccessListAdd AccessList AccessListReturnStatus

Adds an ACL and returns the result.

AccessListDelete AccessList AccessListReturnStatus

Delete an ACL from the system and return the result. For successful delete to happen, the ACL should not be bound to any object.

AccessListChange AccessList AccessListReturnStatus

Changes an ACL based on the list of ACL entries provided, and returns the result. It is advisable to use this API to for small incremental changes. For wholesale changes, it is recommended to use the 'Replace' version of the API.

AccessListBindAdd AccessListObjBind AccessListReturnStatus

Add a binding of an ACL with a bind object and return the result.

AccessListBindDelete AccessListObjBind AccessListReturnStatus

Deletes a binding of an ACL with a bind object and return the result.

AccessListPolicerAdd AccessListPolicer AccessListReturnStatus

Adds a policer and returns the result.

AccessListPolicerReplace AccessListPolicer AccessListReturnStatus

Changes a policer and returns the result.

AccessListPolicerDelete AccessListPolicer AccessListReturnStatus

Deletes a policer and returns the result.

AccessListPileupStart AccessListVoid AccessListReturnStatus

Following are optimized command to let the server know to accumulate the Access List Entries and configure on when AccessListPileupEnd is received. For every AccessList RPC invocation, the entire ACL is applied to the system For application which wants to do batching for better performance, the AccessListPileupStart and AccessListPileupEnd will help achieve that.

AccessListPileupEnd AccessListVoid AccessListReturnStatus

Following are optimized command to let the server know to accumulate the ace_list and configure on when AccessListPileupEnd is received. For every AccessList RPC invocation, the entire ACL is applied to the system For application which wants to do batching for better performance, the AccessListPileupStart and AccessListPileupEnd will help achieve that.

AccessListCounterGet AccessListCounter AccessListCounterVal

Few points to note with this API. The call is going to be blocking for worst case of 10 seconds which is non configurable. The counter name is expected to be fully resolved. For example: for term specific policer counter it is expected to be passed to full counter name.

AccessListPolicerCounterGet AccessListCounter AccessListCounterVal

AccessListCounterClear AccessListCounter AccessListReturnStatus

Clears a particular counter whose fully qualified name is provided, associated with an ACL. Few points to note with this API. Currently only 1 counter get is supported. The counter name is expected to be fully resolved. For example: for term specific policer counter it is expected to be passed to full counter name.

AccessListCounterBulkGet AccessListCounterBulk AccessListCounterVal

Get all the counters associated with an ACL. Each call to this API will return 10 counters from the starting_index specified in AccessListCounterBulk message. The client is expected to run this API in loop which should stop in either one of the following condition: a. The targeted number of counters are retrieved. b. An error is returned. c. The API returns less than 10 counters.

AccessListPolicerCounterBulkGet AccessListCounterBulk AccessListCounterVal

Get all the policer counters associated with an ACL. Each call to this API will return 10 counters from the starting_index specified in AccessListCounterBulk message. The client is expected to run this API in loop which should stop in either one of the following condition: a. The targeted number of counters are retrieved. b. An error is returned. c. The API returns less than 10 counters.

Scalar Value Types

.proto TypeNotesC++ TypeJava TypePython Type
double double double float
float float float float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long
uint32 Uses variable-length encoding. uint32 int int/long
uint64 Uses variable-length encoding. uint64 long int/long
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long
sfixed32 Always four bytes. int32 int int
sfixed64 Always eight bytes. int64 long int/long
bool bool boolean boolean
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode
bytes May contain any arbitrary sequence of bytes. string ByteString str