Local Attack Defense
This section describes the configuration model of local attack defense and provides examples of XML packets.
Data Model
The data model file for local attack defense is huawei-cpu-traffic-security.yang.
Only X series cards support the user-level rate limiting function.
Object |
Description |
Value |
Remarks |
|---|---|---|---|
/huawei-traffic:defend/host-car/enable |
Indicates whether user-level rate limiting is enabled. |
The value is of the Boolean type:
By default, user-level rate limiting is enabled. |
The value cannot be set to false if there are configurations on all related host-car nodes. |
/huawei-traffic:defend/host-car/protocol/protocol-typelist/protocol-type |
Indicates the packet types to which user-level rate limiting applies. |
The value is of the enumerated type:
By default, user-level rate limiting applies to the following types of packets: eap, arp, dhcp-request, dhcpv6-request, nd |
The value eap indicates 802.1X. If this value eap is configured, user-level rate limiting is applied to 802.1X packets on a switch. |
/huawei-traffic:defend/host-car/user/user-list/mac-address |
Indicates the MAC address for which a rate limit needs to be set. |
The value is in H-H-H format. |
You need to set a rate limit for the specified MAC address. |
/huawei-traffic:defend/host-car/user/user-list/threshold |
Indicates the rate limit for the specified MAC address. |
The value is an integer that ranges from 1 to 128. |
N/A |
/huawei-traffic:defend/host-car/threshold |
Indicates the user-level rate limit. |
The value is an integer that ranges from 1 to 128. By default, the user-level rate limit is 10 pps. |
N/A |
/ietf-interfaces:interfaces/interface/huawei-traffic:host-car/enable |
Indicates whether user-level rate limiting is enabled on an interface. |
The value is of the Boolean type:
By default, user-level rate limiting is enabled on an interface. |
N/A |
/huawei-traffic:attack-user/input/slot |
Displays attack source information of a specified slot. |
The value depends on the switch configuration. |
N/A |
/huawei-traffic:portattack-user/input/slot |
Displays attack source tracing information on the interfaces in the specified slot. |
The value depends on the switch configuration. |
N/A |
/huawei-traffic:defend/policy/policy-list/name |
Indicates the name of an attack defense policy. |
The value is a string of 1 to 32 case-sensitive characters. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/enable |
Indicates whether port attack defense is enabled. |
The value is of the Boolean type:
By default, port attack defense is enabled. |
To avoid conflicts, ensure that the configurations of other auto-port-defend nodes are deleted if auto-port-defend/enable is set to false. |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/alarm |
Indicates whether the function of reporting port attack defense events is enabled. |
The value is of the Boolean type:
By default, the function of reporting port attack defense events is disabled. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/sample |
Indicates the protocol packet sampling ratio for port attack defense. |
The value is an integer that ranges from 1 to 1024. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/whitelist/whitelist-id-list/whitelist-id |
Indicates the ID of the whitelist for port attack defense. |
The value is an integer that ranges from 1 to 32. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/whitelist/whitelist-id-list/acl |
Indicates the number of the ACL applied to the whitelist for port attack defense. |
The value is an integer that ranges from 2000 to 3999. |
This node cannot be configured simultaneously with the node /huawei-traffic:defend/policy/policy-list/auto-port-defend/whitelist/whitelist-id-list/interface-name. |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/whitelist/whitelist-id-list/interface-name |
Indicates the interface to which the whitelist for port attack defense is applied. |
The value is a string in the format of interface type + interface number, for example, GigabitEthernet1/0/1. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/aging-time |
Indicates the aging time for port attack defense. |
The value is an integer that ranges from 30 to 86400, and must be a multiple of 10. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/protocol/protocol-port-type-list/protocol-port-type |
Indicates the protocols to which port attack defense is applied. |
The value is of the enumerated type:
|
N/A |
/huawei-traffic:defend/policy/policy-list/auto-port-defend/protocol/protocol-port-type-list/threshold |
Indicates the protocol packet rate threshold for port attack defense. |
The value is an integer that ranges from 1 to 65535. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/enable |
Indicates whether the attack source tracing function is enabled. |
The value is of the Boolean type:
By default, attack source tracing is enabled. |
To avoid conflicts, ensure that the configurations of other auto-defend nodes are deleted if auto-defend/enable is set to false. |
/huawei-traffic:defend/policy/policy-list/auto-defend/threshold |
Indicates the checking threshold and event reporting threshold for attack source tracing. |
The value is an integer that ranges from 1 to 65535. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/alarm |
Indicates whether the function for reporting attack source tracing events is enabled. |
The value is of the Boolean type:
By default, the function for reporting attack source tracing events is disabled. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/sample |
Indicates the packet sampling ratio for attack source tracing. |
The value is an integer that ranges from 1 to 1024. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/whitelist/whitelist-id-list/whitelist-id |
Indicates the ID of a whitelist for attack source tracing. |
The value is an integer that ranges from 1 to 32. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/whitelist/whitelist-id-list/interface-name |
Indicates the interface to which the whitelist for attack source tracing is applied. |
The value is a string in the format of interface type + interface number, for example, GigabitEthernet1/0/1. |
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/whitelist/whitelist-id-list/acl |
Indicates the number of the ACL applied to the whitelist for attack source tracing. |
The value is an integer that ranges from 2000 to 3999. |
This node cannot be configured simultaneously with the node /huawei-traffic:defend/policy/policy-list/auto-defend/whitelist/whitelist-id-list/interface-name. |
/huawei-traffic:defend/policy/policy-list/auto-defend/action |
Indicates the punish action taken on the attack source. |
The value is of the enumerated type:
|
N/A |
/huawei-traffic:defend/policy/policy-list/auto-defend/recover-timer |
Indicates the period during which packets sent from an attack source are discarded. |
The value is an integer that ranges from 1 to 86400. |
When this node is configured, the node /huawei-traffic:defend/policy/policy-list/auto-defend/action must be set to deny. |
/huawei-traffic:defend/policy/policy-list/auto-defend/protocol-list/protocol |
Indicates the type of traced packets. |
The value is of the enumerated type:
|
The value eap indicates 802.1X. If this value eap is configured, 802.1X packets are traced on the switch. |
/huawei-traffic:defend/policy/policy-list/auto-defend/trace-type |
Indicates attack source tracing mode. |
The value is of the enumerated type:
|
N/A |
/huawei-traffic:defend/policy/policy-list/apply-list/applied-type |
Indicates the mode in which an attack defense policy is applied. |
The value is of the enumerated type:
|
When the value of this node is set to slot, the node /huawei-traffic:defend/policy/policy-list/apply-list/slot is mandatory. |
/huawei-traffic:defend/policy/policy-list/apply-list/slot |
Indicates the slot to which an attack defense policy is applied. |
The value is a string of 1 to 32 characters. The value must be an actual slot ID on a switch, for example, 1/3 or 2. |
N/A |
/huawei-traffic:defend/errordown-recover-timer |
Indicates the period of time after which an interface that is shut down due to auto-defend protection can automatically go up. |
The value is an integer that ranges from 30 to 86400, in seconds. |
N/A |
/huawei-traffic:defend/policy/policy-list/car/packet/packet-type |
Specifies the type of CPU-forwarded protocol packets to be rate-limited or discarded. |
The value is of the enumerated type. For details about the supported protocol packet types, see Attack Defense Packet Types. The request cannot be delivered if an unsupported protocol packet type is configured. |
N/A |
/huawei-traffic:defend/policy/policy-list/car/packet/cir |
Specifies the CIR for protocol packets to be sent to the CPU. |
The value is an integer in the range from 8 to 4294967295, in kbit/s. The value range varies according to protocol packet types. |
This object cannot be configured together with the /huawei-traffic:defend/policy/policy-list/car/packet/deny object. |
/huawei-traffic:defend/policy/policy-list/car/packet/cbs |
Specifies the CBS for protocol packets to be sent to the CPU. |
The value is an integer in the range from 10000 to 4294967295, in bytes. The value range varies according to protocol packet types. |
Before configuring this object, configure the huawei-traffic:defend/policy/policy-list/car/packet/cir object first. |
/huawei-traffic:defend/policy/policy-list/car/packet/deny |
Sets the action for protocol packets to be sent to the CPU to deny. |
- |
This object cannot be configured together with the /huawei-traffic:defend/policy/policy-list/car/packet/cir object. |
/hw-traffic:defend/policy/policy-list/blacklist/blacklist-number |
Specifies the ID of a blacklist. |
The value is an integer that ranges from 1 to 8. |
N/A |
/hw-traffic:defend/policy/policy-list/blacklist/acl-number |
Specifies the number of an ACL matching the IPv4 blacklist. |
The value is an integer that ranges from 2000 to 4999.
|
N/A |
Configuring User-Level Rate Limiting
This section provides a sample of configuring user-level rate limiting using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config |
|
Data requirement 1: configuring user-level rate limiting
Item |
Data |
Description |
|---|---|---|
Whether user-level rate limiting is enabled |
true |
User-level rate limiting is enabled. |
Packet types to which user-level rate limiting applies |
eap, arp |
User-level rate limiting applies to 802.1X and ARP packets. |
Rate limit for specified MAC addresses |
MAC address 2: 02:00:00:22:22:aa; rate limit 2: 13 MAC address 1: 00:00:00:22:22:aa; rate limit 1: 12 |
The rate limit for the host with MAC address 00:00:00:22:22:aa is 12 pps. The rate limit for the host with MAC address 02:00:00:22:22:aa is 13 pps. |
User-level rate limit |
7 |
The user-level rate limit is 7 pps. |
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-traffic:defend xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:host-car>
<hw-traffic:enable>true</hw-traffic:enable>
<hw-traffic:protocol>
<hw-traffic:protocol-typelist>
<hw-traffic:protocol-type>eap</hw-traffic:protocol-type>
</hw-traffic:protocol-typelist>
<hw-traffic:protocol-typelist>
<hw-traffic:protocol-type>arp</hw-traffic:protocol-type>
</hw-traffic:protocol-typelist>
</hw-traffic:protocol>
<hw-traffic:user>
<hw-traffic:user-list>
<hw-traffic:mac-address>02:00:00:22:22:aa</hw-traffic:mac-address>
<hw-traffic:threshold>13</hw-traffic:threshold>
</hw-traffic:user-list>
<hw-traffic:user-list>
<hw-traffic:mac-address>00:00:00:22:22:aa</hw-traffic:mac-address>
<hw-traffic:threshold>12</hw-traffic:threshold>
</hw-traffic:user-list>
</hw-traffic:user>
<hw-traffic:threshold>7</hw-traffic:threshold>
</hw-traffic:host-car>
</hw-traffic:defend>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Data requirement 2: configuring user-level rate limiting
Item |
Data |
Description |
|---|---|---|
Whether user-level rate limiting is disabled on an interface |
false |
User-level rate limiting is disabled on an interface. |
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="7" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-traffic:defend xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:host-car>
<hw-traffic:enable>true</hw-traffic:enable>
</hw-traffic:host-car>
</hw-traffic:defend>
<if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<if:interface>
<if:name>GigabitEthernet1/0/1</if:name>
<if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
<hw-traffic:host-car xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:enable>false</hw-traffic:enable>
</hw-traffic:host-car>
</if:interface>
</if:interfaces>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Configuring Port Attack Defense
This section provides a sample of configuring port attack defense using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config |
|
Data requirement: configuring port attack defense
Item |
Data |
Description |
|---|---|---|
Name of the attack defense policy |
test |
The name of the attack defense policy is test. |
Whether port attack defense is enabled |
true |
Port attack defense is enabled. |
Policy application mode |
all |
The attack defense policy test is applied to all cards of a device. |
Protocols to which port attack defense is applied. |
dhcp |
Port attack defense is applied to DHCP packets. |
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-traffic:defend xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:policy>
<hw-traffic:policy-list>
<hw-traffic:name>test</hw-traffic:name>
<hw-traffic:auto-port-defend>
<hw-traffic:enable>true</hw-traffic:enable>
<hw-traffic:protocol>
<hw-traffic:protocol-port-type-list>
<hw-traffic:protocol-port-type>dhcp</hw-traffic:protocol-port-type>
</hw-traffic:protocol-port-type-list>
</hw-traffic:protocol>
</hw-traffic:auto-port-defend>
<hw-traffic:apply-list>
<hw-traffic:applied-type>all</hw-traffic:applied-type>
</hw-traffic:apply-list>
</hw-traffic:policy-list>
</hw-traffic:policy>
</hw-traffic:defend>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Configuring a Whitelist for Attack Source Tracing
This section provides a sample of configuring a whitelist for attack source tracing using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config |
|
Data requirement 1: configuring a whitelist for attack source tracing
Item |
Data |
Description |
|---|---|---|
Name of the attack defense policy |
test |
The name of the attack defense policy is test. |
Whether attack source tracing is enabled |
true |
Attack source tracing is enabled. |
Whitelist ID |
5 |
The whitelist ID for attack source tracing is 5. |
Number of the ACL applied to the whitelist for attack source tracing |
3001 |
ACL 3001 is applied to the whitelist for attack source tracing. |
Request Example
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="8" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-traffic:defend xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:policy>
<hw-traffic:policy-list>
<hw-traffic:name>test</hw-traffic:name>
<hw-traffic:auto-defend>
<hw-traffic:enable>true</hw-traffic:enable>
<hw-traffic:whitelist>
<hw-traffic:whitelist-id-list>
<hw-traffic:whitelist-id>5</hw-traffic:whitelist-id>
<hw-traffic:acl>3001</hw-traffic:acl>
</hw-traffic:whitelist-id-list>
</hw-traffic:whitelist>
</hw-traffic:auto-defend>
</hw-traffic:policy-list>
</hw-traffic:policy>
</hw-traffic:defend>
</config>
</edit-config>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="7">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-message>parse rpc config error.</error-message>
</rpc-error>
</rpc-reply>
Data requirement 2: querying attack source information
Item |
Data |
Description |
|---|---|---|
Query attack source information |
1 |
Query attack source information of the slot 1. |
Query source tracing information |
1 |
Query source tracing information of interfaces in the slot 1. |
Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1e50634f-2b46-11e8-8554-e04c4a198245">
<hw-traffic:attack-user xmlns:hw-traffic="urn:huawei:params:xml:ns:yang:huawei-traffic">
<hw-traffic:slot>1</hw-traffic:slot>
</hw-traffic:attack-user>
</rpc>
Response Example
Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1e50634f-2b46-11e8-8554-e04c4a198245">
<result>
<attack-user>
<user>
<trace-type>mac</trace-type>
</user>
<user>
<trace-type>ip</trace-type>
</user>
</attack-user>
</result>
</rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4c26fa70-2b49-11e8-a720-e04c4a198245">
<rpc-error xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-app-tag>1</error-app-tag>
<error-path/>
<error-message>The configuration/operation does not support.</error-message>
</rpc-error>
</rpc-reply>
Configuring Rate Limiting for Protocol Packets to Be Sent to the CPU
This section provides a sample of configuring rate limiting for protocol packets to be sent to the CPU using the edit-config method.
Operation |
XPATH |
|---|---|
edit-config |
|
Data Requirement 1: Configuring Rate Limiting for Protocol Packets to Be Sent to the CPU
Item |
Data |
Description |
|---|---|---|
Name of the attack defense policy |
test |
Set the name of the attack defense policy to test. |
Type of CPU-forwarded protocol packets to be rate-limited or discarded |
arp-request |
Rate-limit ARP Request packets to be sent to the CPU. |
CIR for protocol packets to be sent to the CPU |
8 |
Set the CIR for ARP Request packets to be sent to the CPU to 8 kbit/s. |
CBS for protocol packets to be sent to the CPU |
10000 |
Set the CBS for ARP Request packets to be sent to the CPU to 10000 bytes. |
Type of protocol packets to be rate-limited or discarded |
vbst |
Discard VBST packets to be sent to the CPU. |
Deny action for protocol packets to be sent to the CPU |
- |
Discard VBST packets to be sent to the CPU. |
Request Example
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<edit-config>
<target>
<running/>
</target>
<config>
<defend xmlns="urn:huawei:params:xml:ns:yang:huawei-traffic">
<policy>
<policy-list>
<name>test</name>
<car>
<packet>
<packet-type>arp-request</packet-type>
<cir>8</cir>
<cbs>10000</cbs>
</packet>
<packet>
<packet-type>vbst</packet-type>
<deny/>
</packet>
</car>
</policy-list>
</policy>
</defend>
</config>
</edit-config>
</rpc>
Response Example
# Sample of successful response
##### Ok Reply or Operation Successful ##### <?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <ok/> </rpc-reply>
# Sample of failed response
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message>This packet-type capwap does not support.</error-message>
<error-info>Error on node /huawei-traffic:defend/policy/policy-list[name="test"]/car</error-info>
</rpc-error>
</rpc-reply>
Data Requirement 2: Deleting the Rate Limiting Configuration of Protocol Packets to Be Sent to the CPU
Delete the configuration performed in Data Requirement 1.
Request Example
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<edit-config>
<target>
<running/>
</target>
<config>
<defend xmlns="urn:huawei:params:xml:ns:yang:huawei-traffic">
<policy>
<policy-list>
<name>test</name>
<car nc:operation="remove" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<packet>
<packet-type>arp-request</packet-type>
<cir>8</cir>
<cbs>10000</cbs>
</packet>
<packet>
<packet-type>vbst</packet-type>
<deny/>
</packet>
</car>
</policy-list>
</policy>
</defend>
</config>
</edit-config>
</rpc>
Response Example
# Sample of successful response
##### Ok Reply or Operation Successful ##### <?xml version='1.0' encoding='UTF-8'?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2"> <ok/> </rpc-reply>
# Sample of failed response
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<rpc-error>
<error-app-tag>-1</error-app-tag>
<error-message>The configuration/operation does not support.</error-message>
<error-info>Error on node /huawei-traffic:defend/policy/policy-list[name="test"]/car</error-info>
</rpc-error>
</rpc-reply>