diff options
Diffstat (limited to 'acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang')
| -rw-r--r-- | acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang | 230 |
1 files changed, 230 insertions, 0 deletions
diff --git a/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang b/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang new file mode 100644 index 000000000..f94dfa29a --- /dev/null +++ b/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang @@ -0,0 +1,230 @@ +module vpp-acl { + yang-version 1; + namespace "http://fd.io/hc2vpp/yang/vpp/acl"; + prefix "vpp-acl"; + + import ietf-access-control-list { + prefix "acl"; + } + + import yang-ext { + prefix "ext"; + } + + import ietf-packet-fields { + prefix packet-fields; + } + + import ietf-inet-types { + prefix inet; + } + + import ietf-yang-types { + prefix yang; + } + + organization + "FD.io - The Fast Data Project"; + + contact + "Hc2vpp Wiki <https://wiki.fd.io/view/Hc2vpp> + Mailing List <hc2vpp@lists.fd.io>"; + + description + "This module contains a collection of YANG definitions + that extend ietf-access-control-list module + with VPP specific features provided by the VPP ACL plugin. + + Copyright (c) 2016-2017 Cisco and/or its affiliates. + + Licensed under the Apache License, Version 2.0 (the 'License'); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an 'AS IS' BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License."; + + revision "2018-10-22" { + description + "Updated vpp dependencies to match changes in ietf-access-control-list@2018-10-01 yang model."; + } + + revision "2017-06-15" { + description + "Renamed stateful/permit leaf to permit-and-reflect"; + } + + revision "2016-12-14" { + description + "Initial revision of vpp-acl model."; + } + + identity vpp-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-ace type."; + } + + identity vpp-macip-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-macip-acl type."; + } + + identity accept-and-reflect { + base acl:forwarding-action; + description + "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs."; + } + + grouping value-range { + description "Defines value range with first and last value defined"; + + leaf first { + type uint8; + mandatory true; + description "Lower boundary for range"; + } + + leaf last { + type uint8; + mandatory true; + description "Upper boundary for range"; + must "last >= first"; + } + } + + grouping acl-icmp-header-fields { + description + "ICMP header fields"; + container icmp-type-range { + presence "Enables setting icmp-type"; + description + "Inclusive range representing icmp types to be used."; + uses value-range; + } + + container icmp-code-range { + presence "Enables setting icmp-code"; + description + "Inclusive range representing icmp codes to be used."; + uses value-range; + } + } + + grouping acl-tcp-header-fields { + + description "ICMP header fields"; + + leaf flags-mask { + type bits { + bit cwr { + position 1; + description + "Congestion Window Reduced (CWR) flag is set by + the sending host to indicate that it received + a TCP segment with the ECE flag set and had + responded in congestion control mechanism."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit ece { + position 2; + description + "ECN-Echo has a dual role, depending on the value + of the SYN flag. It indicates: + If the SYN flag is set (1), that the TCP peer is ECN + capable. If the SYN flag is clear (0), that a packet + with Congestion Experienced flag set (ECN=11) in IP + header was received during normal transmission + (added to header by RFC 3168). This serves as an + indication of network congestion (or impending + congestion) to the TCP sender."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit urg { + position 3; + description + "Indicates that the Urgent pointer field is significant."; + } + bit ack { + position 4; + description + "Indicates that the Acknowledgment field is significant. + All packets after the initial SYN packet sent by the + client should have this flag set."; + } + bit psh { + position 5; + description + "Push function. Asks to push the buffered data to the + receiving application."; + } + bit rst { + position 6; + description + "Reset the connection."; + } + bit syn { + position 7; + description + "Synchronize sequence numbers. Only the first packet + sent from each end should have this flag set. Some + other flags and fields change meaning based on this + flag, and some are only valid for when it is set, + and others when it is clear."; + } + bit fin { + position 8; + description + "Last package from sender."; + } + } + description + "Also known as Control Bits. Contains 9 1-bit flags."; + reference + "RFC 793: Transmission Control Protocol (TCP)."; + } + } + + augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:icmp/acl:icmp { + ext:augment-identifier "vpp-icmp-ace-augmentation"; + container vpp-icmp-ace { + description + "Access List entry that can define: + - icmp code range fields + - icmp type range fields."; + uses acl-icmp-header-fields; + } + } + + augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:tcp/acl:tcp { + ext:augment-identifier "vpp-tcp-ace-augmentation"; + container vpp-tcp-ace { + description + "Access List entry that can define: + - Flag mask"; + uses acl-tcp-header-fields; + } + } + + augment /acl:acls/acl:acl { + ext:augment-identifier "vpp-acl-augmentation"; + leaf tag { + type string { + length 1..63; + } + description + "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp, + and returned in read requests. No processing involved."; + } + } +}
\ No newline at end of file |