Protocol Documentation

Table of Contents

firewall_service.proto

Top

This file defines the Access Control List (ACL) package for JUNOS.

An ACL is a basic stateless forwarding construct also known as a firewall filter. An ACL is made up of an ordered set of ACL entries (ACE) An ACL matches packet content against a set of criteria and takes an action or actions against the packet if it matches the criteria.

NOTE: A packet must match ALL the criteria in an ACE to be considered a match.

A match is defined by an operation, a packet field, and a value to be matched against. For details about the various packet fields that could be matched and the operations supported for matched packets, see the corresponding enum or message structures that follow.

There are two types of actions that can be taken against matched packets, terminating and non-terminating actions. Each ACE in an ACL can have zero or more non-terminating actions and zero or one terminating action.

A non-terminating action is one that does not stop the processing of the packet through the rest of the ACL. Non-terminating actions include count, log, assign DSCP value, etc. Terminating actions do prevent the packet from being processed any further through the ACL. Terminating actions include accept, discard, reject, etc.

An attachment point, or bind point, is the point in the path of packet processing where the packet is subjected to ACL processing. An attachment point is defined by attachment entity and direction in which the ACL is applied. A typical bind point where packets are subjeted to ACL processing is an interface.

The following is an object diagram for a typical ACL.

Legend:
ACE-1 is the ordered Access List Entry at position 1.
ACE-n is the ordered Access List Entry at position n.
M-n is the match number n in the list of matching criteria in a given ACE.
A-n is the action number n in the list of actions for a given ACE.
    No no more than 1 action in the A-1 through A-n list can be a terminating action.


          +----------+----------+---+----------+
ACL -> | ACE-1 | ACE-2 | ... | ACE-n |
          +----------+----------+---+----------+
             |
             |
             |         +-------+
             +----->| M-1 |
                       +-------+
                        | M-2 |
                       +------+
                         | ... |
                       +-----+
                       | M-n |
                       +-----+
                           |
                           |               +-----+
                          +---------->| A-1 |
                                          +-----+
                                           | A-2 |
                                          +-----+
                                            | ... |
                                          +-----+
                                           | A-n |
                                          +-----+

AccessList

FieldTypeLabelDescription
acl_name string optional

AccessList name

acl_type AccessListTypes optional

AccessList type

acl_family AccessListFamilies optional

AccessList family

acl_flag AccessListFlags optional

AccessList flag

ace_list AclEntry repeated

List of Destination addresses

AccessListCounter

FieldTypeLabelDescription
acl AccessList optional

The ACL to be counted

counter_name string optional

Name of the counter

AccessListCounterBulk

FieldTypeLabelDescription
acl AccessList optional

The ACL to be counted

starting_index uint32 optional

Starting index for the counter

AccessListCounterVal

FieldTypeLabelDescription
counter_name string optional

Counter Name

status AccessListReturnVal optional

Error status

bytes uint64 optional

Byte count

packets uint64 optional

Packet count

AccessListObjBind

FieldTypeLabelDescription
acl AccessList optional

ACL

obj_type AccessListBindObjType optional

Binding object type

bind_object string optional

Bind object name where the ACL is bound

bind_direction AclBindDirection optional

Bind direction

bind_family AccessListFamilies optional

Family of the bind object. Must match with the ACL family

AccessListPolicer

FieldTypeLabelDescription
policer_name string optional

Policer name

policer_type AclPolicerType optional

Policer type

policer_flag AclPolicerFlags optional

Policer Flags

policer_params AclPolicerParameter optional

Policer Paremeter

AccessListReturnStatus

FieldTypeLabelDescription
status AccessListReturnVal optional

Return status of the access list request

AccessListVoid

FieldTypeLabelDescription
void string optional

A void message

AclActionCounter

FieldTypeLabelDescription
counter_name string optional

Counter name. (MAXIMUM 64 characters)

AclActionPolicer

FieldTypeLabelDescription
policer AccessListPolicer optional

The policer

AclActionRoutingInstance

FieldTypeLabelDescription
rt_instance_name string optional

Name of the routing instance

AclAdjacency

FieldTypeLabelDescription
type AclAdjacencyType optional

Type of adjacency placement

ace_name string optional

The name of the previous or next ACE

AclEntry

FieldTypeLabelDescription
inet_entry AclInetEntry optional

For Inet family

AclEntryInetAction

FieldTypeLabelDescription
actions_nt AclEntryInetNonTerminatingAction optional

List of non-terminating actions.

action_t AclEntryInetTerminatingAction optional

One terminating action

AclEntryInetNonTerminatingAction

FieldTypeLabelDescription
action_count AclActionCounter optional

Count the matching packets

action_log AclBooleanType optional

Log the matching packets

action_syslog AclBooleanType optional

Syslog the matching packets

action_policer AclActionPolicer optional

Police the matching packets. NOTE: Ensure that the policer exists before using it.

action_sample AclBooleanType optional

Sample

action_next_term AclBooleanType optional

Next term

AclEntryInetTerminatingAction

FieldTypeLabelDescription
action_accept AclBooleanType optional

Accept the matching packets

action_discard AclBooleanType optional

Discard the matching packets

action_reject AclEntryActionRejectReason optional

Reject the matching packets

action_rt_inst AclActionRoutingInstance optional

Direct matching packets to a routing instance

AclEntryMatchInet

FieldTypeLabelDescription
match_dst_addrs AclMatchIpAddress repeated

List of Destination addresses

match_src_addrs AclMatchIpAddress repeated

List of source addresses

match_dst_ports AclMatchPort repeated

List of destination ports

match_src_ports AclMatchPort repeated

List of source ports

match_dscp_code AclMatchDscpCode repeated

List of DSCP code points

match_protocols AclMatchProtocol repeated

List of protocols

match_icmp_type AclMatchIcmpType repeated

List of ICMP types

match_icmp_code AclMatchIcmpCode repeated

List of ICMP codes

match_pkt_len AclMatchPktLen repeated

List of packet lengths

match_ttl AclMatchTtl repeated

List of TTLs

fragment_flags AclFragmentFlags optional

Fragment flag

match_frag_offset AclMatchFragmentOffset repeated

List of fragment offset range

ifl_names AclMatchIflNameIndex repeated

IFL index or IFL name with unit. For example: 329 or ge-0/0/1.0

match_ip_precedence AclMatchIpPrecedence repeated

List of IP precedence

match_addrs AclMatchIpAddress repeated

List of addresses

match_ports AclMatchPort repeated

List of ports

match_flex_range AclMatchFlexibleOffsetRange repeated

List of flexible ranges

match_flex_mask AclMatchFlexibleOffsetMask repeated

List of flexible masks

AclInetEntry

FieldTypeLabelDescription
ace_name string optional

AclEntry name

ace_op AclEntryOperation optional

ACL Entry (ACE) operation

adjacency AclAdjacency optional

Adjacency

matches AclEntryMatchInet optional

Matches

actions AclEntryInetAction optional

Actions

AclMatchDscpCode

FieldTypeLabelDescription
min uint32 optional

Minimum DSCP code

max uint32 optional

Maximum DSCP code

match_op AclMatchOperation optional

ACL match op

AclMatchFlexOffset

FieldTypeLabelDescription
min uint32 optional

Minimum range value

max uint32 optional

Maximum range value

match_op AclMatchOperation optional

ACL match op

AclMatchFlexibleMask

Flexible mask matches

FieldTypeLabelDescription
start_offset AclEntryMatchFlexStartOffest optional

Flex match start offset

bit_length uint32 optional

Flex match bit length (0 - 32)

bit_offset uint32 optional

Flex match bit offset (0 - 7)

byte_offset uint32 optional

Flex match byte offset

mask uint32 optional

Flex match mask

prefix_string string optional

32-bit flex match value in hex format (0x12345678)

AclMatchFlexibleOffsetMask

FieldTypeLabelDescription
flex_mask_match AclMatchFlexibleMask optional

Use flexible mask match option.

AclMatchFlexibleOffsetRange

FieldTypeLabelDescription
flex_range_match AclMatchFlexibleRange optional

Use flexible range match option.

AclMatchFlexibleRange

FieldTypeLabelDescription
start_offset AclEntryMatchFlexStartOffest optional

Flex match start offset

bit_length uint32 optional

Flex match bit length (0 - 32)

bit_offset uint32 optional

Flex match bit offset (0 - 7)

byte_offset uint32 optional

Flex match byte offset

range AclMatchFlexOffset optional

Flex match range value

AclMatchFragmentOffset

FieldTypeLabelDescription
min uint32 optional

Fragment offset range start

max uint32 optional

Fragment offset range start

match_op AclMatchOperation optional

AclMatch op

AclMatchIcmpCode

FieldTypeLabelDescription
min uint32 optional

Minimum ICMP code

max uint32 optional

Maximum ICMP code

match_op AclMatchOperation optional

ACL match op

AclMatchIcmpType

FieldTypeLabelDescription
min uint32 optional

Minimum Icmp type

max uint32 optional

Maximum Icmp type

match_op AclMatchOperation optional

AclMatch op

AclMatchIflNameIndex

IFL index or name

FieldTypeLabelDescription
ifl_name string optional

IFL name

ifl_index uint32 optional

IFL index

AclMatchIpAddress

FieldTypeLabelDescription
addr IpAddress optional

address

prefix_len uint32 optional

Destination prefix length

match_op AclMatchOperation optional

ACL match op

AclMatchIpPrecedence

FieldTypeLabelDescription
min Precedence optional

Minimum precedence

max Precedence optional

Maximum precedence

match_op AclMatchOperation optional

ACL match op

AclMatchPktLen

FieldTypeLabelDescription
min uint32 optional

Minimum packet length

max uint32 optional

Maximum packet length

match_op AclMatchOperation optional

ACL match op

AclMatchPort

FieldTypeLabelDescription
min int32 optional

Minimum port

max int32 optional

Maximum port

match_op AclMatchOperation optional

ACL match op

AclMatchProtocol

FieldTypeLabelDescription
min uint32 optional

Minimum protocol number

max uint32 optional

Maximum protocol number

match_op AclMatchOperation optional

ACL match op

AclMatchTtl

FieldTypeLabelDescription
min uint32 optional

Minimum time to live

max uint32 optional

Maximum time to live

match_op AclMatchOperation optional

ACL match op

AclPolicerHeirarchical

FieldTypeLabelDescription
aggregate_rate_unit AclPolicerRate optional

Bandwidth unit

aggregate_rate uint64 optional

Bandwidth rate

aggregate_burst_size_unit AclPolicerBurstSize optional

Burst unit

aggregate_burst_size uint64 optional

Burst size

preminum_rate_unit AclPolicerRate optional

Bandwidth unit

premium_rate uint64 optional

Bandwidth rate

premium_burst_size_unit AclPolicerBurstSize optional

Burst unit

premium_burst_size uint64 optional

Burst size

discard AclBooleanType optional

Discard action

AclPolicerParameter

FieldTypeLabelDescription
two_color_parameter AclPolicerTwoColor optional

Two color

sr_three_color_parameter AclPolicerSingleRateThreeColor optional

Three color

tr_three_color_parameter AclPolicerTwoRateThreeColor optional

Three color

hierarchical_parameter AclPolicerHeirarchical optional

Hierarchcical

AclPolicerSingleRateThreeColor

FieldTypeLabelDescription
committed_rate_unit AclPolicerRate optional

Bandwidth unit

committed_rate uint64 optional

Bandwidth rate

committed_burst_unit AclPolicerBurstSize optional

Burst unit

committed_burst_size uint64 optional

Burst size

excess_burst_size uint64 optional

Burst size

excess_burst_unit AclPolicerBurstSize optional

Burst unit

discard AclBooleanType optional

Discard action

color_mode AclColorModeType optional

Color mode

AclPolicerTwoColor

FieldTypeLabelDescription
bw_unit AclPolicerRate optional

Bandwidth unit

bandwidth uint64 optional

Bandwidth rate

burst_unit AclPolicerBurstSize optional

Burst unit

burst_size uint64 optional

Burst size

lp AclLossPriority optional

Loss priority

fc_string string optional

Forwarding class.

discard AclBooleanType optional

Discard action

AclPolicerTwoRateThreeColor

FieldTypeLabelDescription
committed_rate_unit AclPolicerRate optional

Bandwidth unit

committed_rate uint64 optional

Bandwidth rate

committed_burst_unit AclPolicerBurstSize optional

Burst unit

committed_burst_size uint64 optional

Burst size

excess_rate_unit AclPolicerRate optional

Bandwidth unit

excess_rate uint64 optional

Bandwidth rate

excess_burst_unit AclPolicerBurstSize optional

Burst unit

excess_burst_size uint64 optional

Burst size

discard AclBooleanType optional

Discard action

color_mode AclColorModeType optional

Color mode

AccessListBindObjType

NameNumberDescription
ACL_BIND_OBJ_TYPE_INVALID 0

Invalid

ACL_BIND_OBJ_TYPE_INTERFACE 1

Interface

AccessListFamilies

NameNumberDescription
ACL_FAMILY_INVALID 0

Invalid

ACL_FAMILY_INET 1

IPv4 family

ACL_FAMILY_INET6 2

IPv6 family

ACL_FAMILY_ES 3

Ethernet Switching family

ACL_FAMILY_VPLS 4

VPLS family

ACL_FAMILY_MULTISERVICE 5

MULTISERVICE family

ACL_FAMILY_CCC 6

CCC family

ACL_FAMILY_MPLS 7

MPLS family

AccessListFlags

NameNumberDescription
ACL_FLAGS_NONE 0

No flags

AccessListReturnVal

NameNumberDescription
ACL_STATUS_EOK 0

Success

ACL_STATUS_NULL_MESSAGE 1

The RPC was a NULL buffer

ACL_STATUS_EINVALID_MESSAGE 2

Wrong input

ACL_STATUS_EINTERNAL 3

Server internal error

ACL_STATUS_EUNSUPPORTED_OP 4

Operation not supported

ACL_STATUS_NO_RESOURCE 5

Resource not available at server

ACL_STATUS_BS_TIMEOUT 6

Bulk Stats timeout

AccessListTypes

NameNumberDescription
ACL_TYPE_INVALID 0

Invalid ACL type

ACL_TYPE_CLASSIC 1

Classic ACL type

AclAdjacencyType

NameNumberDescription
ACL_ADJACENCY_NONE 0

For first ACE

ACL_ADJACENCY_AFTER 1

Add after the given ACE

ACL_ADJACENCY_BEFORE 2

Add before the given ACE

AclBindDirection

NameNumberDescription
ACL_BIND_DIRECTION_INVALID 0

Invalid bind direction

ACL_BIND_DIRECTION_INPUT 1

Bind on ingress

ACL_BIND_DIRECTION_OUTPUT 2

Bind on egress

AclBooleanType

NameNumberDescription
ACL_FALSE 0

ACL does not exist

ACL_TRUE 1

ACL exists

AclColorModeType

NameNumberDescription
ACL_COLOR_MODE_INVALID 0

Invalid color mode

ACL_COLOR_MODE_COLOR_BLIND 1

Color Blind

ACL_COLOR_MODE_COLOR_AWARE 2

Color Aware

AclEntryActionRejectReason

NameNumberDescription
ACL_ACTION_REJECT_ADMINISTRATIVELY_PROHIBITED 0

Send ICMP Administratively Prohibited message

ACL_ACTION_REJECT_BAD_HOST_TOS 1

Send ICMP Bad Host ToS message

ACL_ACTION_REJECT_BAD_NETWORK_TOS 2

Send ICMP Bad Network ToS message

ACL_ACTION_REJECT_FRAGMENTATION_NEEDED 3

Send ICMP Fragmentation Needed message

ACL_ACTION_REJECT_HOST_PROHIBITED 4

Send ICMP Host Prohibited message

ACL_ACTION_REJECT_HOST_UNKNOWN 5

Send ICMP Host Unknown message

ACL_ACTION_REJECT_HOST_UNREACHABLE 6

Send ICMP Host Unreachable message

ACL_ACTION_REJECT_NETWORK_PROHIBITED 7

Send ICMP Network Prohibited message

ACL_ACTION_REJECT_NETWORK_UNKNOWN 8

Send ICMP Network Unknown message

ACL_ACTION_REJECT_NETWORK_UNREACHABLE 9

Send ICMP Network Unreachable message

ACL_ACTION_REJECT_PORT_UNREACHABLE 10

Send ICMP Port Unreachable message

ACL_ACTION_REJECT_PRECEDENCE_CUTOFF 11

Send ICMP Precedence Cutoff message

ACL_ACTION_REJECT_PRECEDENCE_VIOLATION 12

Send ICMP Precedence Violation message

ACL_ACTION_REJECT_PROTOCOL_UNREACHABLE 13

Send ICMP Protocol Unreachable message

ACL_ACTION_REJECT_SOURCE_HOST_ISOLATED 14

Send ICMP Source Host Isolated message

ACL_ACTION_REJECT_SOURCE_ROUTE_FAILED 15

Send ICMP Source Route Failed message

ACL_ACTION_REJECT_TCP_RESET 16

Send TCP Reset message

AclEntryMatchFlexStartOffest

NameNumberDescription
ACL_FLEX_MATCH_OFFSET_INVALID 0

Invalid Flex match start offset

ACL_FLEX_MATCH_OFFSET_LAYER_THREE 1

Layer-3 Flex match start offset

ACL_FLEX_MATCH_OFFSET_LAYER_FOUR 2

Layer-4 Flex match start offset

ACL_FLEX_MATCH_OFFSET_PAYLOAD 3

Payload Flex match start offset

AclEntryOperation

NameNumberDescription
ACL_ENTRY_OPERATION_INVALID 0

Invalid ACE operation

ACL_ENTRY_OPERATION_ADD 1

Add a new ACE. Can be used with: AccessListAdd or AccessListChange APIs

ACL_ENTRY_OPERATION_DELETE 2

Delete an existing ACE. Can be used with AccessListChange API

ACL_ENTRY_OPERATION_REPLACE 3

Replace an existing ACE. Must provide adjacency details to preserve the order of the ACE. Can be used with AccessListChange API

AclFragmentFlags

NameNumberDescription
ACL_FRAGMENT_NONE 0

None

ACL_DONT_FRAGMENT 1

Dont fragment flag

ACL_IS_FRAGMENT 2

Is fragment flag

ACL_FIRST_FRAGMENT 3

First fragment flag

ACL_LAST_FRAGMENT 4

More last fragment flag

AclLossPriority

NameNumberDescription
ACL_LOSS_PRIORITY_INVALID 0

Invalid loss priority

ACL_LOSS_PRIORITY_HIGH 1

High loss priority

ACL_LOSS_PRIORITY_MEDIUM_HIGH 2

Medium-high loss priority

ACL_LOSS_PRIORITY_MEDIUM_LOW 3

Medium-low loss priority

ACL_LOSS_PRIORITY_LOW 4

Low loss priority

AclMatchOperation

NameNumberDescription
ACL_MATCH_OP_INVALID 0

Invalid match operation

ACL_MATCH_OP_EQUAL 1

Equal match operation

ACL_MATCH_OP_NOT_EQUAL 2

Not equal match operation

AclPolicerBurstSize

NameNumberDescription
ACL_POLICER_BURST_SIZE_INVALID 0

Policer burst size invalid

ACL_POLICER_BURST_SIZE_BYTE 1

Policer burst size in Bytes

ACL_POLICER_BURST_SIZE_KBYTE 2

Policer burst size in KiloBytes

ACL_POLICER_BURST_SIZE_MBYTE 3

Policer burst size in MegaBytes

ACL_POLICER_BURST_SIZE_GBYTE 4

Policer burst size in GigaBytes

AclPolicerFlags

NameNumberDescription
ACL_POLICER_FLAG_INVALID 0

Invalid ACL policer flag

ACL_POLICER_FLAG_TERM_SPECIFIC 1

The policer instance is activated for each ACE referenced.

ACL_POLICER_FLAG_FILTER_SPECIFIC 2

The policer instance is activated at the global ACL level.

AclPolicerRate

NameNumberDescription
ACL_POLICER_RATE_INVALID 0

Invalid policer rate

ACL_POLICER_RATE_BPS 1

Bits per second

ACL_POLICER_RATE_KBPS 2

Kilobits per second

ACL_POLICER_RATE_MBPS 3

Megabits per second

ACL_POLICER_RATE_GBPS 4

Gigabits per second

AclPolicerType

NameNumberDescription
ACL_POLICER_INVALID 0

Invalid policer type

ACL_TWO_COLOR_POLICER 1

Single rate two color

ACL_SINGLE_RATE_THREE_COLOR_POLICER 2

Singel rate three color

ACL_TWO_RATE_THREE_COLOR_POLICER 3

Two rate three color

ACL_HIERARCHICAL_POLICER 4

Hierarchical

Precedence

NameNumberDescription
ACL_PRECENCE_ROUTINE 0

Routine precedence

ACL_PRECENCE_PRIORITY 1

Priority precedence

ACL_PRECENCE_IMMEDIATE 2

Immediate precedence

ACL_PRECENCE_FLASH 3

Flash precedence

ACL_PRECENCE_FLASH_OVERRIDE 4

Flash override precedence

ACL_PRECENCE_CRITICAL_ECP 5

Critical ecp precedence

ACL_PRECENCE_INTERNET_CONTROL 6

Internet control precedence

ACL_PRECENCE_NET_CONTROL 7

Network control precedence

AclService

Method NameRequest TypeResponse TypeDescription
AccessListAdd AccessList AccessListReturnStatus

Adds an ACL and returns the result.

AccessListDelete AccessList AccessListReturnStatus

Delete an ACL from the system and return the result. NOTE: For the delete operation to be successful, the ACL must not be bound to any object.

AccessListChange AccessList AccessListReturnStatus

Changes an ACL based on the list of ACL entries provided and returns the result. It is advisable to use this API for incremental changes only. For large-scale changes, it is recommended to use the 'Replace' version of the API.

AccessListBindAdd AccessListObjBind AccessListReturnStatus

Add a binding of an ACL with a bind object and return the result.

AccessListBindDelete AccessListObjBind AccessListReturnStatus

Delete a binding of an ACL with a bind object and return the result.

AccessListPolicerAdd AccessListPolicer AccessListReturnStatus

Adds a policer and returns the result.

AccessListPolicerReplace AccessListPolicer AccessListReturnStatus

Changes a policer and returns the result.

AccessListPolicerDelete AccessListPolicer AccessListReturnStatus

Deletes a policer and returns the result.

AccessListPileupStart AccessListVoid AccessListReturnStatus

This optimized command lets the server know to accumulate the Access List Entries and configure the ACL only after AccessListPileupEnd is received. For every AccessList RPC invocation, the entire ACL is applied to the system. The AccessListPileupStart and AccessListPileupEnd functions are useful in batch processing for increasing performance

AccessListPileupEnd AccessListVoid AccessListReturnStatus

This command lets the server know to stop accumulating Access List Entries and signals the system to configure the access list. For every AccessList RPC invocation, the entire ACL is applied to the system. The AccessListPileupStart and AccessListPileupEnd functions are useful in batch processing for increasing performance

AccessListCounterGet AccessListCounter AccessListCounterVal

This API is used to get a single counter.
The call is a blocking call for up to 10 seconds. This is non-configurable.
The full counter name must be passed to the function when called

AccessListPolicerCounterGet AccessListCounter AccessListCounterVal

This API is used to get a single Policer Counter.
The call is a blocking call for up to 10 seconds. This is non-configurable.
The full counter name must be passed to the function when called.

AccessListCounterClear AccessListCounter AccessListReturnStatus

This command clears the named counter associated with an ACL. The counter name passed with the AccessListCounterClear function must be fully qualified. Currently only 1 counter name per call is supported.

AccessListCounterBulkGet AccessListCounterBulk AccessListCounterVal

Get all the counters associated with an ACL. Each call to this API returns 10 counters from the starting_index specified in AccessListCounterBulk message. The client runs this API in a loop that must stop under any of the following conditions: - The targeted number of counters are retrieved. - An error is returned. - The API returns less than 10 counters.

AccessListPolicerCounterBulkGet AccessListCounterBulk AccessListCounterVal

Get all the policer counters associated with an ACL. Each call to this API will return 10 counters from the starting_index specified in AccessListCounterBulk message. The client is expected to run this API in a loop that must stop under any of the following conditions: - The targeted number of counters are retrieved. - An error is returned. - The API returns less than 10 counters.

Scalar Value Types

.proto TypeNotesC++ TypeJava TypePython Type
double double double float
float float float float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long
uint32 Uses variable-length encoding. uint32 int int/long
uint64 Uses variable-length encoding. uint64 long int/long
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long
sfixed32 Always four bytes. int32 int int
sfixed64 Always eight bytes. int64 long int/long
bool bool boolean boolean
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode
bytes May contain any arbitrary sequence of bytes. string ByteString str