summaryrefslogtreecommitdiffstats
path: root/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang
diff options
context:
space:
mode:
Diffstat (limited to 'acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang')
-rw-r--r--acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang284
1 files changed, 0 insertions, 284 deletions
diff --git a/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang b/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang
deleted file mode 100644
index 2f7f82e9c..000000000
--- a/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang
+++ /dev/null
@@ -1,284 +0,0 @@
-module vpp-acl {
- yang-version 1;
- namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl";
- prefix "vpp-acl";
-
- import ietf-access-control-list {
- prefix "acl";
- }
-
- import yang-ext {
- prefix "ext";
- }
-
- import ietf-packet-fields {
- prefix packet-fields;
- }
-
- import ietf-inet-types {
- prefix inet;
- }
-
- import ietf-yang-types {
- prefix yang;
- }
-
- organization
- "FD.io - The Fast Data Project";
-
- contact
- "Hc2vpp Wiki <https://wiki.fd.io/view/Hc2vpp>
- Mailing List <hc2vpp@lists.fd.io>";
-
- description
- "This module contains a collection of YANG definitions
- that extend ietf-access-control-list module
- with VPP specific features provided by the VPP ACL plugin.
-
- Copyright (c) 2016-2017 Cisco and/or its affiliates.
-
- Licensed under the Apache License, Version 2.0 (the 'License');
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at:
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an 'AS IS' BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.";
-
- revision "2017-06-15" {
- description
- "Renamed stateful/permit leaf to permit-and-reflect";
- }
-
- revision "2016-12-14" {
- description
- "Initial revision of vpp-acl model.";
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:actions/acl:packet-handling {
- ext:augment-identifier "stateful-acl-action-augmentation";
- when "../acl:matches/acl:ace-type = 'vpp-acl:vpp-acl'";
- case stateful {
- leaf permit-and-reflect {
- type empty;
- description
- "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs.";
- }
- }
- }
-
- identity vpp-acl {
- base acl:acl-base;
- description
- "ACL that contains only aces of vpp-ace type.";
- }
-
- identity vpp-macip-acl {
- base acl:acl-base;
- description
- "ACL that contains only aces of vpp-macip-acl type.";
- }
-
- grouping value-range {
- description "Defines value range with first and last value defined";
-
- leaf first {
- type uint8;
- mandatory true;
- description "Lower boundary for range";
- }
-
- leaf last {
- type uint8;
- mandatory true;
- description "Upper boundary for range";
- must "last >= first";
- }
- }
-
- grouping acl-icmp-header-fields {
- description
- "ICMP header fields";
- container icmp-type-range {
- presence "Enables setting icmp-type";
- description
- "Inclusive range representing icmp types to be used.";
- uses value-range;
- }
-
- container icmp-code-range {
- presence "Enables setting icmp-code";
- description
- "Inclusive range representing icmp codes to be used.";
- uses value-range;
- }
- }
-
- grouping acl-tcp-header-fields {
- description
- "TCP header fields";
- leaf tcp-flags-mask {
- description
- "Binary mask for tcp flags to match. MSB order (FIN at position 0).
- Applied as logical AND to tcp flags field of the packet being matched,
- before it is compared with tcp-flags-value.";
- type uint8;
- }
- leaf tcp-flags-value {
- description
- "Binary value for tcp flags to match. MSB order (FIN at position 0).
- Before tcp-flags-value is compared with tcp flags field of the packet being matched,
- tcp-flags-mask is applied to packet field value.";
- type uint8;
- }
- }
-
- grouping acl-other-protocol-fields {
- description "Used for any other protocol than TCP/UDP/ICMP/ICMPv6";
- leaf protocol {
- must "protocol != 1 and protocol != 6 and protocol != 17 and protocol != 58";
- type uint8;
- description "Internet Protocol number.";
- }
- }
-
- grouping acl-ip-protocol-header-fields {
- description
- "Defines header fields for TCP/UDP or ICMP protocols";
- choice ip-protocol {
- case icmp {
- container icmp-nodes {
- uses acl-icmp-header-fields;
- }
- }
- case icmp-v6 {
- container icmp-v6-nodes {
- uses acl-icmp-header-fields;
- }
- }
- case udp {
- container udp-nodes {
- uses packet-fields:acl-transport-header-fields;
- }
- }
- case tcp {
- container tcp-nodes {
- uses packet-fields:acl-transport-header-fields;
- uses acl-tcp-header-fields;
- }
- }
- case other {
- container other-nodes {
- uses acl-other-protocol-fields;
- }
- }
- }
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type {
- ext:augment-identifier "vpp-acl-type-augmentation";
- case vpp-ace {
- description
- "Access List entry that can define:
- - IP4/IP6 src/dst ip prefix- Internet Protocol number
- - Internet Protocol number
- - selected L4 headers:
- * ICMP (type range)
- * UDP (port range)
- * TCP (port range, flags mask, flags value)";
- container vpp-ace-nodes {
- choice ace-ip-version {
- description
- "IP version used in this Access List Entry.";
- case ace-ipv4 {
- uses packet-fields:acl-ipv4-header-fields;
- }
- case ace-ipv6 {
- uses packet-fields:acl-ipv6-header-fields;
- }
- }
- uses acl-ip-protocol-header-fields;
- }
- }
- }
-
- grouping vpp-macip-ace-eth-header-fields {
- description
- "Fields in Ethernet header supported by vpp-macip rule";
- leaf source-mac-address {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address.
- Before source-mac-address is compared with source mac address field of the packet being matched,
- source-mac-address-mask is applied to packet field value.";
- }
- leaf source-mac-address-mask {
- type yang:mac-address;
- description
- "Source IEEE 802 MAC address mask.
- Applied as logical AND with source mac address field of the packet being matched,
- before it is compared with source-mac-address.";
- }
- }
-
- grouping vpp-macip-ace-ipv4-header-fields {
- description
- "Fields in IPv4 header supported by vpp-macip rule";
- leaf source-ipv4-network {
- type inet:ipv4-prefix;
- description
- "Source IPv4 address prefix.";
- }
- }
-
- grouping vpp-macip-ace-ipv6-header-fields {
- description
- "Fields in IPv6 header supported by vpp-macip rule";
- leaf source-ipv6-network {
- type inet:ipv6-prefix;
- description
- "Source IPv6 address prefix.";
- }
- }
-
- augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type {
- ext:augment-identifier "vpp-macip-acl-type-augmentation";
- case vpp-macip-ace {
- description
- "Access List entry that can define:
- - IP4/IP6 src ip prefix
- - src MAC address mask
- - src MAC address value
- - can be used only for static ACLs.";
- container vpp-macip-ace-nodes {
- choice ace-ip-version {
- description
- "IP version used in this Access List Entry.";
- case ace-ipv4 {
- uses vpp-macip-ace-ipv4-header-fields;
- }
- case ace-ipv6 {
- uses vpp-macip-ace-ipv6-header-fields;
- }
- }
- uses vpp-macip-ace-eth-header-fields;
- }
- }
- }
-
- augment /acl:access-lists/acl:acl {
- ext:augment-identifier "vpp-acl-augmentation";
- leaf tag {
- type string {
- length 1..63;
- }
- description
- "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp,
- and returned in read requests. No processing involved.";
- }
- }
-} \ No newline at end of file