diff options
Diffstat (limited to 'v3po/api/src/main/yang/ietf-access-control-list.yang')
-rw-r--r-- | v3po/api/src/main/yang/ietf-access-control-list.yang | 208 |
1 files changed, 208 insertions, 0 deletions
diff --git a/v3po/api/src/main/yang/ietf-access-control-list.yang b/v3po/api/src/main/yang/ietf-access-control-list.yang new file mode 100644 index 000000000..3083ee2a0 --- /dev/null +++ b/v3po/api/src/main/yang/ietf-access-control-list.yang @@ -0,0 +1,208 @@ +module ietf-access-control-list { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; + prefix acl; + import ietf-yang-types { + prefix yang; + } + import ietf-packet-fields { + prefix packet-fields; + } + organization "IETF NETMOD (NETCONF Data Modeling Language) + Working Group"; + contact + "WG Web: http://tools.ietf.org/wg/netmod/ + WG List: netmod@ietf.org + WG Chair: Juergen Schoenwaelder + j.schoenwaelder@jacobs-university.de + WG Chair: Tom Nadeau + tnadeau@lucidvision.com + Editor: Dean Bogdanovic + ivandean@gmail.com + Editor: Kiran Agrahara Sreenivasa + kkoushik@cisco.com + Editor: Lisa Huang + lyihuang16@gmail.com + Editor: Dana Blair + dblair@cisco.com"; + description + "This YANG module defines a component that describing the + configuration of Access Control Lists (ACLs). + Copyright (c) 2015 IETF Trust and the persons identified as + the document authors. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + revision 2016-07-08 { + description + "Base model for Network Access Control List (ACL)."; + reference + "RFC XXXX: Network Access Control List (ACL) + YANG Data Model"; + } + identity acl-base { + description + "Base Access Control List type for all Access Control List type + identifiers."; + } + identity ipv4-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields from the IPv4 header + (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv4-acl does not contain + matches on fields in the ethernet header or the IPv6 header."; + } + identity ipv6-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields from the IPv6 header + (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv6-acl does not contain + matches on fields in the ethernet header or the IPv4 header."; + } + identity eth-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields in the ethernet header, + like 10/100/1000baseT or WiFi Access Control List. An acl of + type eth-acl does not contain matches on fields in the IPv4 + header, IPv6 header or layer 4 headers."; + } + typedef acl-type { + type identityref { + base acl:acl-base; + } + description + "This type is used to refer to an Access Control List + (ACL) type"; + } + typedef access-control-list-ref { + type leafref { + path "/access-lists/acl/acl-name"; + } + description + "This type is used by data models that need to reference an + Access Control List"; + } + container access-lists { + description + "This is a top level container for Access Control Lists. + It can have one or more Access Control Lists."; + list acl { + key "acl-type acl-name"; + description + "An Access Control List(ACL) is an ordered list of + Access List Entries (ACE). Each Access Control Entry has a + list of match criteria and a list of actions. + Since there are several kinds of Access Control Lists + implemented with different attributes for + different vendors, this + model accommodates customizing Access Control Lists for + each kind and for each vendor."; + leaf acl-name { + type string; + description + "The name of access-list. A device MAY restrict the length + and value of this name, possibly space and special + characters are not allowed."; + } + leaf acl-type { + type acl-type; + description + "Type of access control list. Indicates the primary intended + type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) + used in the list instance."; + } + container acl-oper-data { + config false; + description + "Overall Access Control List operational data"; + } + container access-list-entries { + description + "The access-list-entries container contains + a list of access-list-entries(ACE)."; + list ace { + key "rule-name"; + ordered-by user; + description + "List of access list entries(ACE)"; + leaf rule-name { + type string; + description + "A unique name identifying this Access List + Entry(ACE)."; + } + container matches { + description + "Definitions for match criteria for this Access List + Entry."; + choice ace-type { + description + "Type of access list entry."; + case ace-ip { + description "IP Access List Entry."; + choice ace-ip-version { + description + "IP version used in this Access List Entry."; + case ace-ipv4 { + uses packet-fields:acl-ipv4-header-fields; + } + case ace-ipv6 { + uses packet-fields:acl-ipv6-header-fields; + } + } + uses packet-fields:acl-ip-header-fields; + } + case ace-eth { + description + "Ethernet Access List entry."; + uses packet-fields:acl-eth-header-fields; + } + } + } + container actions { + description + "Definitions of action criteria for this Access List + Entry."; + choice packet-handling { + default "deny"; + description + "Packet handling action."; + case deny { + leaf deny { + type empty; + description + "Deny action."; + } + } + case permit { + leaf permit { + type empty; + description + "Permit action."; + } + } + } + } + container ace-oper-data { + config false; + description + "Operational data for this Access List Entry."; + leaf match-counter { + type yang:counter64; + description + "Number of matches for this Access List Entry"; + } + } + } + } + } + } +} |