HC2VPP-14: move ietf acl models from vpp-classfier to acl module

Change-Id: Idcb2697c5ef06d9d4a62a5de4bc5a56e0212f6a8
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>

3 files changed, 390 insertions, 3 deletions

diff --git a/acl/acl-api/pom.xml b/acl/acl-api/pom.xml
index 1898903f5..87068ccd4 100644
--- a/acl/acl-api/pom.xml
+++ b/acl/acl-api/pom.xml
@@ -48,10 +48,9 @@
       <groupId>org.opendaylight.mdsal.model</groupId>
       <artifactId>yang-ext</artifactId>
     </dependency>
-
     <dependency>
-      <groupId>io.fd.hc2vpp.vpp.classifier</groupId>
-      <artifactId>vpp-classifier-api</artifactId>
+      <groupId>io.fd.hc2vpp.common</groupId>
+      <artifactId>naming-context-api</artifactId>
       <version>${project.version}</version>
     </dependency>
   </dependencies>
diff --git a/acl/acl-api/src/main/yang/ietf-access-control-list.yang b/acl/acl-api/src/main/yang/ietf-access-control-list.yang
new file mode 100644
index 000000000..3083ee2a0
--- /dev/null
+++ b/acl/acl-api/src/main/yang/ietf-access-control-list.yang
@@ -0,0 +1,208 @@
+module ietf-access-control-list {
+  yang-version 1.1;
+  namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+  prefix acl;
+  import ietf-yang-types {
+    prefix yang;
+  }
+  import ietf-packet-fields {
+    prefix packet-fields;
+  }
+  organization "IETF NETMOD (NETCONF Data Modeling Language)
+           Working Group";
+  contact
+    "WG Web: http://tools.ietf.org/wg/netmod/
+    WG List: netmod@ietf.org
+    WG Chair: Juergen Schoenwaelder
+    j.schoenwaelder@jacobs-university.de
+    WG Chair: Tom Nadeau
+    tnadeau@lucidvision.com
+    Editor: Dean Bogdanovic
+    ivandean@gmail.com
+    Editor: Kiran Agrahara Sreenivasa
+    kkoushik@cisco.com
+    Editor: Lisa Huang
+    lyihuang16@gmail.com
+    Editor: Dana Blair
+    dblair@cisco.com";
+  description
+    "This YANG module defines a component that describing the
+    configuration of Access Control Lists (ACLs).
+    Copyright (c) 2015 IETF Trust and the persons identified as
+    the document authors.  All rights reserved.
+    Redistribution and use in source and binary forms, with or
+    without modification, is permitted pursuant to, and subject
+    to the license terms contained in, the Simplified BSD
+    License set forth in Section 4.c of the IETF Trust's Legal
+    Provisions Relating to IETF Documents
+    (http://trustee.ietf.org/license-info).
+    This version of this YANG module is part of RFC XXXX; see
+    the RFC itself for full legal notices.";
+  revision 2016-07-08 {
+    description
+      "Base model for Network Access Control List (ACL).";
+    reference
+      "RFC XXXX: Network Access Control List (ACL)
+      YANG Data  Model";
+  }
+  identity acl-base {
+    description
+      "Base Access Control List type for all Access Control List type
+      identifiers.";
+  }
+  identity ipv4-acl {
+    base acl:acl-base;
+    description
+       "ACL that primarily matches on fields from the IPv4 header
+       (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
+       destination port).  An acl of type ipv4-acl does not contain
+       matches on fields in the ethernet header or the IPv6 header.";
+  }
+  identity ipv6-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields from the IPv6 header
+      (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
+      destination port). An acl of type ipv6-acl does not contain
+      matches on fields in the ethernet header or the IPv4 header.";
+  }
+  identity eth-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields in the ethernet header,
+      like 10/100/1000baseT or WiFi Access Control List. An acl of
+      type eth-acl does not contain matches on fields in the IPv4
+      header, IPv6 header or layer 4 headers.";
+  }
+  typedef acl-type {
+    type identityref {
+      base acl:acl-base;
+    }
+    description
+      "This type is used to refer to an Access Control List
+      (ACL) type";
+  }
+  typedef access-control-list-ref {
+    type leafref {
+      path "/access-lists/acl/acl-name";
+    }
+    description
+      "This type is used by data models that need to reference an
+      Access Control List";
+  }
+  container access-lists {
+    description
+      "This is a top level container for Access Control Lists.
+      It can have one or more Access Control Lists.";
+    list acl {
+      key "acl-type acl-name";
+      description
+        "An Access Control List(ACL) is an ordered list of
+        Access List Entries (ACE). Each Access Control Entry has a
+        list of match criteria and a list of actions.
+        Since there are several kinds of Access Control Lists
+        implemented with different attributes for
+        different vendors, this
+        model accommodates customizing Access Control Lists for
+        each kind and for each vendor.";
+      leaf acl-name {
+        type string;
+        description
+          "The name of access-list. A device MAY restrict the length 
+    	  and value of this name, possibly space and special 
+    	  characters are not allowed.";
+      }
+      leaf acl-type {
+        type acl-type;
+        description
+            "Type of access control list. Indicates the primary intended
+            type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
+            used in the list instance.";
+      }
+      container acl-oper-data {
+        config false;
+        description
+          "Overall Access Control List operational data";
+      }
+      container access-list-entries {
+        description
+          "The access-list-entries container contains
+          a list of access-list-entries(ACE).";
+        list ace {
+          key "rule-name";
+          ordered-by user;
+          description
+            "List of access list entries(ACE)";
+          leaf rule-name {
+            type string;
+            description
+              "A unique name identifying this Access List
+              Entry(ACE).";
+          }
+          container matches {
+            description
+              "Definitions for match criteria for this Access List
+        Entry.";
+            choice ace-type {
+              description
+                "Type of access list entry.";
+              case ace-ip {
+                      description "IP Access List Entry.";
+                choice ace-ip-version {
+                  description
+                    "IP version used in this Access List Entry.";
+                  case ace-ipv4 {
+                    uses packet-fields:acl-ipv4-header-fields;
+                  }
+                  case ace-ipv6 {
+                    uses packet-fields:acl-ipv6-header-fields;
+                  }
+                }
+                uses packet-fields:acl-ip-header-fields;
+              }
+              case ace-eth {
+                description
+                  "Ethernet Access List entry.";
+                uses packet-fields:acl-eth-header-fields;
+              }
+            }
+          }
+          container actions {
+            description
+              "Definitions of action criteria for this Access List
+        Entry.";
+            choice packet-handling {
+              default "deny";
+              description
+                "Packet handling action.";
+              case deny {
+                leaf deny {
+                  type empty;
+                  description
+                    "Deny action.";
+                }
+              }
+              case permit {
+                leaf permit {
+                  type empty;
+                  description
+                    "Permit action.";
+                }
+              }
+            }
+          }
+          container ace-oper-data {
+            config false;
+            description
+              "Operational data for this Access List Entry.";
+            leaf match-counter {
+              type yang:counter64;
+              description
+                "Number of matches for this Access List Entry";
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields.yang b/acl/acl-api/src/main/yang/ietf-packet-fields.yang
new file mode 100644
index 000000000..0b1ce5cdd
--- /dev/null
+++ b/acl/acl-api/src/main/yang/ietf-packet-fields.yang
@@ -0,0 +1,180 @@
+module ietf-packet-fields {
+  yang-version 1.1;
+  namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
+  prefix packet-fields;
+  import ietf-inet-types {
+    prefix inet;
+  }
+  import ietf-yang-types {
+    prefix yang;
+  }
+  organization "IETF NETMOD (NETCONF Data Modeling Language) Working 
+                Group";
+  contact
+    "WG Web: http://tools.ietf.org/wg/netmod/
+    WG List: netmod@ietf.org
+    WG Chair: Juergen Schoenwaelder
+    j.schoenwaelder@jacobs-university.de
+    WG Chair: Tom Nadeau
+    tnadeau@lucidvision.com
+    Editor: Dean Bogdanovic
+    deanb@juniper.net
+    Editor: Kiran Agrahara Sreenivasa
+    kkoushik@cisco.com
+    Editor: Lisa Huang
+    lyihuang16@gmail.com
+    Editor: Dana Blair
+    dblair@cisco.com";
+  description
+    "This YANG module defines groupings that are used by 
+    ietf-access-control-list YANG module. Their usage is not 
+    limited to ietf-access-control-list and can be
+    used anywhere as applicable.
+    Copyright (c) 2015 IETF Trust and the persons identified as
+    the document authors.  All rights reserved.
+    Redistribution and use in source and binary forms, with or
+    without modification, is permitted pursuant to, and subject
+    to the license terms contained in, the Simplified BSD
+    License set forth in Section 4.c of the IETF Trust's Legal
+    Provisions Relating to IETF Documents
+    (http://trustee.ietf.org/license-info).
+    This version of this YANG module is part of RFC XXXX; see
+    the RFC itself for full legal notices.";
+  revision 2016-07-08 {
+    description
+      "Initial version of packet fields used by
+      ietf-access-control-list";
+    reference
+      "RFC XXXX: Network Access Control List (ACL)
+      YANG Data  Model";
+  }
+  grouping acl-transport-header-fields {
+    description
+      "Transport header fields";
+    container source-port-range {
+      presence "Enables setting source port range";
+      description 
+        "Inclusive range representing source ports to be used.
+        When only lower-port is present, it represents a single port.";
+      leaf lower-port {
+        type inet:port-number;
+        mandatory true;
+        description
+          "Lower boundary for port.";
+      }
+      leaf upper-port {
+        type inet:port-number;
+        must ". >= ../lower-port" {
+          error-message
+          "The upper-port must be greater than or equal to lower-port";
+        }
+        description
+          "Upper boundary for port . If existing, the upper port
+          must be greater or equal to lower-port.";
+      }
+    }
+    container destination-port-range {
+      presence "Enables setting destination port range";
+      description
+        "Inclusive range representing destination ports to be used. When 
+	only lower-port is present, it represents a single port.";
+      leaf lower-port {
+        type inet:port-number;
+        mandatory true;
+        description
+          "Lower boundary for port.";
+      }
+      leaf upper-port {
+        type inet:port-number;
+        must ". >= ../lower-port" {
+          error-message
+            "The upper-port must be greater than or equal to lower-port";
+        }
+
+        description
+          "Upper boundary for port. If existing, the upper port must
+          be greater or equal to lower-port";
+      }
+    }
+  }
+  grouping acl-ip-header-fields {
+    description
+      "IP header fields common to ipv4 and ipv6";
+    leaf dscp {
+      type inet:dscp;
+      description
+        "Value of dscp.";
+    }
+    leaf protocol {
+      type uint8;
+      description
+        "Internet Protocol number.";
+    }
+    uses acl-transport-header-fields;
+  }
+  grouping acl-ipv4-header-fields {
+    description
+      "Fields in IPv4 header.";
+    leaf destination-ipv4-network {
+      type inet:ipv4-prefix;
+      description
+        "Destination IPv4 address prefix.";
+    }
+    leaf source-ipv4-network {
+      type inet:ipv4-prefix;
+      description
+        "Source IPv4 address prefix.";
+    }
+  }
+  grouping acl-ipv6-header-fields {
+    description
+      "Fields in IPv6 header";
+    leaf destination-ipv6-network {
+      type inet:ipv6-prefix;
+      description
+        "Destination IPv6 address prefix.";
+    }
+    leaf source-ipv6-network {
+      type inet:ipv6-prefix;
+      description
+        "Source IPv6 address prefix.";
+    }
+    leaf flow-label {
+      type inet:ipv6-flow-label;
+      description
+        "IPv6 Flow label.";
+    }
+    reference
+      "RFC 4291: IP Version 6 Addressing Architecture
+      RFC 4007: IPv6 Scoped Address Architecture
+      RFC 5952: A Recommendation for IPv6 Address Text Representation";
+  }
+  grouping acl-eth-header-fields {
+    description
+      "Fields in Ethernet header.";
+    leaf destination-mac-address {
+      type yang:mac-address;
+      description
+        "Destination IEEE 802 MAC address.";
+    }
+    leaf destination-mac-address-mask {
+      type yang:mac-address;
+      description
+        "Destination IEEE 802 MAC address mask.";
+    }
+    leaf source-mac-address {
+      type yang:mac-address;
+      description
+        "Source IEEE 802 MAC address.";
+    }
+    leaf source-mac-address-mask {
+      type yang:mac-address;
+      description
+        "Source IEEE 802 MAC address mask.";
+    }
+    reference
+      "IEEE 802: IEEE Standard for Local and Metropolitan Area
+      Networks: Overview and Architecture.";
+  }
+
+}
\ No newline at end of file