summaryrefslogtreecommitdiffstats
path: root/v3po/api/src/main/yang/ietf-access-control-list.yang
diff options
context:
space:
mode:
Diffstat (limited to 'v3po/api/src/main/yang/ietf-access-control-list.yang')
-rw-r--r--v3po/api/src/main/yang/ietf-access-control-list.yang208
1 files changed, 208 insertions, 0 deletions
diff --git a/v3po/api/src/main/yang/ietf-access-control-list.yang b/v3po/api/src/main/yang/ietf-access-control-list.yang
new file mode 100644
index 000000000..3083ee2a0
--- /dev/null
+++ b/v3po/api/src/main/yang/ietf-access-control-list.yang
@@ -0,0 +1,208 @@
+module ietf-access-control-list {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+ prefix acl;
+ import ietf-yang-types {
+ prefix yang;
+ }
+ import ietf-packet-fields {
+ prefix packet-fields;
+ }
+ organization "IETF NETMOD (NETCONF Data Modeling Language)
+ Working Group";
+ contact
+ "WG Web: http://tools.ietf.org/wg/netmod/
+ WG List: netmod@ietf.org
+ WG Chair: Juergen Schoenwaelder
+ j.schoenwaelder@jacobs-university.de
+ WG Chair: Tom Nadeau
+ tnadeau@lucidvision.com
+ Editor: Dean Bogdanovic
+ ivandean@gmail.com
+ Editor: Kiran Agrahara Sreenivasa
+ kkoushik@cisco.com
+ Editor: Lisa Huang
+ lyihuang16@gmail.com
+ Editor: Dana Blair
+ dblair@cisco.com";
+ description
+ "This YANG module defines a component that describing the
+ configuration of Access Control Lists (ACLs).
+ Copyright (c) 2015 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+ revision 2016-07-08 {
+ description
+ "Base model for Network Access Control List (ACL).";
+ reference
+ "RFC XXXX: Network Access Control List (ACL)
+ YANG Data Model";
+ }
+ identity acl-base {
+ description
+ "Base Access Control List type for all Access Control List type
+ identifiers.";
+ }
+ identity ipv4-acl {
+ base acl:acl-base;
+ description
+ "ACL that primarily matches on fields from the IPv4 header
+ (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
+ destination port). An acl of type ipv4-acl does not contain
+ matches on fields in the ethernet header or the IPv6 header.";
+ }
+ identity ipv6-acl {
+ base acl:acl-base;
+ description
+ "ACL that primarily matches on fields from the IPv6 header
+ (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
+ destination port). An acl of type ipv6-acl does not contain
+ matches on fields in the ethernet header or the IPv4 header.";
+ }
+ identity eth-acl {
+ base acl:acl-base;
+ description
+ "ACL that primarily matches on fields in the ethernet header,
+ like 10/100/1000baseT or WiFi Access Control List. An acl of
+ type eth-acl does not contain matches on fields in the IPv4
+ header, IPv6 header or layer 4 headers.";
+ }
+ typedef acl-type {
+ type identityref {
+ base acl:acl-base;
+ }
+ description
+ "This type is used to refer to an Access Control List
+ (ACL) type";
+ }
+ typedef access-control-list-ref {
+ type leafref {
+ path "/access-lists/acl/acl-name";
+ }
+ description
+ "This type is used by data models that need to reference an
+ Access Control List";
+ }
+ container access-lists {
+ description
+ "This is a top level container for Access Control Lists.
+ It can have one or more Access Control Lists.";
+ list acl {
+ key "acl-type acl-name";
+ description
+ "An Access Control List(ACL) is an ordered list of
+ Access List Entries (ACE). Each Access Control Entry has a
+ list of match criteria and a list of actions.
+ Since there are several kinds of Access Control Lists
+ implemented with different attributes for
+ different vendors, this
+ model accommodates customizing Access Control Lists for
+ each kind and for each vendor.";
+ leaf acl-name {
+ type string;
+ description
+ "The name of access-list. A device MAY restrict the length
+ and value of this name, possibly space and special
+ characters are not allowed.";
+ }
+ leaf acl-type {
+ type acl-type;
+ description
+ "Type of access control list. Indicates the primary intended
+ type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
+ used in the list instance.";
+ }
+ container acl-oper-data {
+ config false;
+ description
+ "Overall Access Control List operational data";
+ }
+ container access-list-entries {
+ description
+ "The access-list-entries container contains
+ a list of access-list-entries(ACE).";
+ list ace {
+ key "rule-name";
+ ordered-by user;
+ description
+ "List of access list entries(ACE)";
+ leaf rule-name {
+ type string;
+ description
+ "A unique name identifying this Access List
+ Entry(ACE).";
+ }
+ container matches {
+ description
+ "Definitions for match criteria for this Access List
+ Entry.";
+ choice ace-type {
+ description
+ "Type of access list entry.";
+ case ace-ip {
+ description "IP Access List Entry.";
+ choice ace-ip-version {
+ description
+ "IP version used in this Access List Entry.";
+ case ace-ipv4 {
+ uses packet-fields:acl-ipv4-header-fields;
+ }
+ case ace-ipv6 {
+ uses packet-fields:acl-ipv6-header-fields;
+ }
+ }
+ uses packet-fields:acl-ip-header-fields;
+ }
+ case ace-eth {
+ description
+ "Ethernet Access List entry.";
+ uses packet-fields:acl-eth-header-fields;
+ }
+ }
+ }
+ container actions {
+ description
+ "Definitions of action criteria for this Access List
+ Entry.";
+ choice packet-handling {
+ default "deny";
+ description
+ "Packet handling action.";
+ case deny {
+ leaf deny {
+ type empty;
+ description
+ "Deny action.";
+ }
+ }
+ case permit {
+ leaf permit {
+ type empty;
+ description
+ "Permit action.";
+ }
+ }
+ }
+ }
+ container ace-oper-data {
+ config false;
+ description
+ "Operational data for this Access List Entry.";
+ leaf match-counter {
+ type yang:counter64;
+ description
+ "Number of matches for this Access List Entry";
+ }
+ }
+ }
+ }
+ }
+ }
+}