summaryrefslogtreecommitdiffstats
path: root/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang
diff options
context:
space:
mode:
Diffstat (limited to 'acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang')
-rwxr-xr-xacl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang588
1 files changed, 588 insertions, 0 deletions
diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang b/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang
new file mode 100755
index 000000000..dc175d335
--- /dev/null
+++ b/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang
@@ -0,0 +1,588 @@
+module ietf-packet-fields {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
+ prefix packet-fields;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-ethertypes {
+ prefix eth;
+ reference
+ "RFC XXXX - Network ACL YANG Model.";
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling Language) Working
+ Group";
+
+ contact
+ "WG Web: http://tools.ietf.org/wg/netmod/
+ WG List: netmod@ietf.org
+
+ Editor: Mahesh Jethanandani
+ mjethanandani@gmail.com
+ Editor: Lisa Huang
+ lyihuang16@gmail.com
+ Editor: Sonal Agarwal
+ sagarwal12@gmail.com
+ Editor: Dana Blair
+ dblair@cisco.com";
+
+ description
+ "This YANG module defines groupings that are used by
+ ietf-access-control-list YANG module. Their usage is not
+ limited to ietf-access-control-list and can be
+ used anywhere as applicable.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ revision 2018-10-01 {
+ description
+ "Initial version.";
+ reference
+ "RFC XXX: Network Access Control List (ACL) YANG Data Model.";
+ }
+
+ /*
+ * Typedefs
+ */
+ typedef operator {
+ type enumeration {
+ enum lte {
+ description
+ "Less than or equal.";
+ }
+ enum gte {
+ description
+ "Greater than or equal.";
+ }
+ enum eq {
+ description
+ "Equal to.";
+ }
+ enum neq {
+ description
+ "Not equal to.";
+ }
+ }
+ description
+ "The source and destination port range definitions
+ can be further qualified using an operator. An
+ operator is needed only if lower-port is specified
+ and upper-port is not specified. The operator
+ therefore further qualifies lower-port only.";
+ }
+
+ /*
+ * Groupings
+ */
+ grouping port-range-or-operator {
+ choice port-range-or-operator {
+ case range {
+ leaf lower-port {
+ type inet:port-number;
+ must ". <= ../upper-port" {
+ error-message
+ "The lower-port must be less than or equal to
+ upper-port.";
+ }
+ mandatory true;
+ description
+ "Lower boundry for a port.";
+ }
+ leaf upper-port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Upper boundry for port.";
+ }
+ }
+ case operator {
+ leaf operator {
+ type operator;
+ default eq;
+ description
+ "Operator to be applied on the port below.";
+ }
+ leaf port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Port number along with operator on which to
+ match.";
+ }
+ }
+ description
+ "Choice of specifying a port range or a single
+ port along with an operator.";
+ }
+ description
+ "Grouping for port definitions in the form of a
+ choice statement.";
+ }
+
+ grouping acl-ip-header-fields {
+ description
+ "IP header fields common to ipv4 and ipv6";
+ reference
+ "RFC 791: Internet Protocol.";
+
+ leaf dscp {
+ type inet:dscp;
+ description
+ "Differentiated Services Code Point.";
+ reference
+ "RFC 2474: Definition of Differentiated services field
+ (DS field) in the IPv4 and IPv6 headers.";
+ }
+
+ leaf ecn {
+ type uint8 {
+ range 0..3;
+ }
+ description
+ "Explicit Congestion Notification.";
+ reference
+ "RFC 3168: Explicit Congestion Notification.";
+ }
+
+ leaf length {
+ type uint16;
+ description
+ "In IPv4 header field, this field is known as the Total Length.
+ Total Length is the length of the datagram, measured in octets,
+ including internet header and data.
+
+ In IPv6 header field, this field is known as the Payload
+ Length, the length of the IPv6 payload, i.e. the rest of
+ the packet following the IPv6 header, in octets.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+
+ leaf ttl {
+ type uint8;
+ description
+ "This field indicates the maximum time the datagram is allowed
+ to remain in the internet system. If this field contains the
+ value zero, then the datagram must be dropped.
+
+ In IPv6, this field is known as the Hop Limit.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+
+ leaf protocol {
+ type uint8;
+ description
+ "Internet Protocol number. Refers to the protocol of the
+ payload. In IPv6, this field is known as 'next-header,
+ and if extension headers are present, the protocol is
+ present in the 'upper-layer' header.";
+ reference
+ "RFC 791: Internet Protocol,
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+ }
+
+ grouping acl-ipv4-header-fields {
+ description
+ "Fields in IPv4 header.";
+
+ leaf ihl {
+ type uint8 {
+ range "5..60";
+ }
+ description
+ "An IPv4 header field, the Internet Header Length (IHL) is
+ the length of the internet header in 32 bit words, and
+ thus points to the beginning of the data. Note that the
+ minimum value for a correct header is 5.";
+ }
+
+ leaf flags {
+ type bits {
+ bit reserved {
+ position 0;
+ description
+ "Reserved. Must be zero.";
+ }
+ bit fragment {
+ position 1;
+ description
+ "Setting value to 0 indicates may fragment, while setting
+ the value to 1 indicates do not fragment.";
+ }
+ bit more {
+ position 2;
+ description
+ "Setting the value to 0 indicates this is the last fragment,
+ and setting the value to 1 indicates more fragments are
+ coming.";
+ }
+ }
+ description
+ "Bit definitions for the flags field in IPv4 header.";
+ }
+
+ leaf offset {
+ type uint16 {
+ range "20..65535";
+ }
+ description
+ "The fragment offset is measured in units of 8 octets (64 bits).
+ The first fragment has offset zero. The length is 13 bits";
+ }
+
+ leaf identification {
+ type uint16;
+ description
+ "An identifying value assigned by the sender to aid in
+ assembling the fragments of a datagram.";
+ }
+
+ choice destination-network {
+ case destination-ipv4-network {
+ leaf destination-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Destination IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv4 address or
+ referring to a group of IPv4 destination addresses.";
+ }
+ choice source-network {
+ case source-ipv4-network {
+ leaf source-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Source IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv4 address or
+ referring to a group of IPv4 source addresses.";
+ }
+ }
+
+ grouping acl-ipv6-header-fields {
+ description
+ "Fields in IPv6 header";
+
+ choice destination-network {
+ case destination-ipv6-network {
+ leaf destination-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Destination IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv6 address
+ or referring to a group of IPv6 destination
+ addresses.";
+ }
+
+ choice source-network {
+ case source-ipv6-network {
+ leaf source-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Source IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv6 address or
+ referring to a group of IPv6 source addresses.";
+ }
+
+ leaf flow-label {
+ type inet:ipv6-flow-label;
+ description
+ "IPv6 Flow label.";
+ }
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ grouping acl-eth-header-fields {
+ description
+ "Fields in Ethernet header.";
+
+ leaf destination-mac-address {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address.";
+ }
+ leaf destination-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address mask.";
+ }
+ leaf source-mac-address {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address.";
+ }
+ leaf source-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address mask.";
+ }
+ leaf ethertype {
+ type eth:ethertype;
+ description
+ "The Ethernet Type (or Length) value represented
+ in the canonical order defined by IEEE 802.
+ The canonical representation uses lowercase
+ characters.";
+ reference
+ "IEEE 802-2014 Clause 9.2";
+ }
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan
+ Area Networks: Overview and Architecture.";
+ }
+
+ grouping acl-tcp-header-fields {
+ description
+ "Collection of TCP header fields that can be used to
+ setup a match filter.";
+
+ leaf sequence-number {
+ type uint32;
+ description
+ "Sequence number that appears in the packet.";
+ }
+
+ leaf acknowledgement-number {
+ type uint32;
+ description
+ "The acknowledgement number that appears in the
+ packet.";
+ }
+
+ leaf data-offset {
+ type uint8 {
+ range "5..15";
+ }
+ description
+ "Specifies the size of the TCP header in 32-bit
+ words. The minimum size header is 5 words and
+ the maximum is 15 words thus giving the minimum
+ size of 20 bytes and maximum of 60 bytes,
+ allowing for up to 40 bytes of options in the
+ header.";
+ }
+
+ leaf reserved {
+ type uint8;
+ description
+ "Reserved for future use.";
+ }
+
+ leaf flags {
+ type bits {
+ bit cwr {
+ position 1;
+ description
+ "Congestion Window Reduced (CWR) flag is set by
+ the sending host to indicate that it received
+ a TCP segment with the ECE flag set and had
+ responded in congestion control mechanism.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit ece {
+ position 2;
+ description
+ "ECN-Echo has a dual role, depending on the value
+ of the SYN flag. It indicates:
+ If the SYN flag is set (1), that the TCP peer is ECN
+ capable. If the SYN flag is clear (0), that a packet
+ with Congestion Experienced flag set (ECN=11) in IP
+ header was received during normal transmission
+ (added to header by RFC 3168). This serves as an
+ indication of network congestion (or impending
+ congestion) to the TCP sender.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit urg {
+ position 3;
+ description
+ "Indicates that the Urgent pointer field is significant.";
+ }
+ bit ack {
+ position 4;
+ description
+ "Indicates that the Acknowledgment field is significant.
+ All packets after the initial SYN packet sent by the
+ client should have this flag set.";
+ }
+ bit psh {
+ position 5;
+ description
+ "Push function. Asks to push the buffered data to the
+ receiving application.";
+ }
+ bit rst {
+ position 6;
+ description
+ "Reset the connection.";
+ }
+ bit syn {
+ position 7;
+ description
+ "Synchronize sequence numbers. Only the first packet
+ sent from each end should have this flag set. Some
+ other flags and fields change meaning based on this
+ flag, and some are only valid for when it is set,
+ and others when it is clear.";
+ }
+ bit fin {
+ position 8;
+ description
+ "Last package from sender.";
+ }
+ }
+ description
+ "Also known as Control Bits. Contains 9 1-bit flags.";
+ reference
+ "RFC 793: Transmission Control Protocol (TCP).";
+ }
+
+ leaf window-size {
+ type uint16;
+ units "bytes";
+ description
+ "The size of the receive window, which specifies
+ the number of window size units beyond the segment
+ identified by the sequence number in the acknowledgment
+ field that the sender of this segment is currently
+ willing to receive.";
+ }
+
+ leaf urgent-pointer {
+ type uint16;
+ description
+ "This field is an offset from the sequence number
+ indicating the last urgent data byte.";
+ }
+
+ leaf options {
+ type binary {
+ length "1..40";
+ }
+ description
+ "The length of this field is determined by the
+ data offset field. Options have up to three
+ fields: Option-Kind (1 byte), Option-Length
+ (1 byte), Option-Data (variable). The Option-Kind
+ field indicates the type of option, and is the
+ only field that is not optional. Depending on
+ what kind of option we are dealing with,
+ the next two fields may be set: the Option-Length
+ field indicates the total length of the option,
+ and the Option-Data field contains the value of
+ the option, if applicable.";
+ }
+ }
+
+ grouping acl-udp-header-fields {
+ description
+ "Collection of UDP header fields that can be used
+ to setup a match filter.";
+
+ leaf length {
+ type uint16;
+ description
+ "A field that specifies the length in bytes of
+ the UDP header and UDP data. The minimum
+ length is 8 bytes because that is the length of
+ the header. The field size sets a theoretical
+ limit of 65,535 bytes (8 byte header + 65,527
+ bytes of data) for a UDP datagram. However the
+ actual limit for the data length, which is
+ imposed by the underlying IPv4 protocol, is
+ 65,507 bytes (65,535 minus 8 byte UDP header
+ minus 20 byte IP header).
+
+ In IPv6 jumbograms it is possible to have
+ UDP packets of size greater than 65,535 bytes.
+ RFC 2675 specifies that the length field is set
+ to zero if the length of the UDP header plus
+ UDP data is greater than 65,535.";
+ }
+ }
+
+ grouping acl-icmp-header-fields {
+ description
+ "Collection of ICMP header fields that can be
+ used to setup a match filter.";
+
+ leaf type {
+ type uint8;
+ description
+ "Also known as Control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+
+ leaf code {
+ type uint8;
+ description
+ "ICMP subtype. Also known as Control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+
+ leaf rest-of-header {
+ type binary;
+ description
+ "Unbounded in length, the contents vary based on the
+ ICMP type and code. Also referred to as 'Message Body'
+ in ICMPv6.";
+ reference
+ "RFC 792: Internet Control Message Protocol (ICMP),
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specifciation.";
+ }
+ }
+}