From b4581d183065af6b82026003959b96fbe6850dd1 Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Fri, 16 Jun 2017 14:36:52 +0200 Subject: Rename yang files to match model revision Also order of revisions was sorted starting from most current. Change-Id: I21fd35cfdb1cc5601b3fb40c9f3755bd3b995b14 Signed-off-by: Marek Gradzki --- .../src/main/yang/ietf-access-control-list.yang | 208 ----------------- .../yang/ietf-access-control-list@2016-07-08.yang | 208 +++++++++++++++++ acl/acl-api/src/main/yang/ietf-packet-fields.yang | 180 -------------- .../main/yang/ietf-packet-fields@2016-07-08.yang | 180 ++++++++++++++ acl/acl-api/src/main/yang/interface-acl.yang | 84 ------- .../src/main/yang/interface-acl@2016-12-14.yang | 84 +++++++ acl/acl-api/src/main/yang/vpp-acl-context.yang | 66 ------ .../src/main/yang/vpp-acl-context@2017-01-04.yang | 66 ++++++ acl/acl-api/src/main/yang/vpp-acl.yang | 258 --------------------- acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang | 258 +++++++++++++++++++++ 10 files changed, 796 insertions(+), 796 deletions(-) delete mode 100644 acl/acl-api/src/main/yang/ietf-access-control-list.yang create mode 100644 acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang delete mode 100644 acl/acl-api/src/main/yang/ietf-packet-fields.yang create mode 100644 acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang delete mode 100644 acl/acl-api/src/main/yang/interface-acl.yang create mode 100644 acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang delete mode 100644 acl/acl-api/src/main/yang/vpp-acl-context.yang create mode 100644 acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang delete mode 100644 acl/acl-api/src/main/yang/vpp-acl.yang create mode 100644 acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang (limited to 'acl/acl-api/src/main') diff --git a/acl/acl-api/src/main/yang/ietf-access-control-list.yang b/acl/acl-api/src/main/yang/ietf-access-control-list.yang deleted file mode 100644 index 3083ee2a0..000000000 --- a/acl/acl-api/src/main/yang/ietf-access-control-list.yang +++ /dev/null @@ -1,208 +0,0 @@ -module ietf-access-control-list { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; - prefix acl; - import ietf-yang-types { - prefix yang; - } - import ietf-packet-fields { - prefix packet-fields; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) - Working Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - ivandean@gmail.com - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines a component that describing the - configuration of Access Control Lists (ACLs). - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Base model for Network Access Control List (ACL)."; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - identity acl-base { - description - "Base Access Control List type for all Access Control List type - identifiers."; - } - identity ipv4-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv4 header - (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv4-acl does not contain - matches on fields in the ethernet header or the IPv6 header."; - } - identity ipv6-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv6 header - (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv6-acl does not contain - matches on fields in the ethernet header or the IPv4 header."; - } - identity eth-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields in the ethernet header, - like 10/100/1000baseT or WiFi Access Control List. An acl of - type eth-acl does not contain matches on fields in the IPv4 - header, IPv6 header or layer 4 headers."; - } - typedef acl-type { - type identityref { - base acl:acl-base; - } - description - "This type is used to refer to an Access Control List - (ACL) type"; - } - typedef access-control-list-ref { - type leafref { - path "/access-lists/acl/acl-name"; - } - description - "This type is used by data models that need to reference an - Access Control List"; - } - container access-lists { - description - "This is a top level container for Access Control Lists. - It can have one or more Access Control Lists."; - list acl { - key "acl-type acl-name"; - description - "An Access Control List(ACL) is an ordered list of - Access List Entries (ACE). Each Access Control Entry has a - list of match criteria and a list of actions. - Since there are several kinds of Access Control Lists - implemented with different attributes for - different vendors, this - model accommodates customizing Access Control Lists for - each kind and for each vendor."; - leaf acl-name { - type string; - description - "The name of access-list. A device MAY restrict the length - and value of this name, possibly space and special - characters are not allowed."; - } - leaf acl-type { - type acl-type; - description - "Type of access control list. Indicates the primary intended - type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) - used in the list instance."; - } - container acl-oper-data { - config false; - description - "Overall Access Control List operational data"; - } - container access-list-entries { - description - "The access-list-entries container contains - a list of access-list-entries(ACE)."; - list ace { - key "rule-name"; - ordered-by user; - description - "List of access list entries(ACE)"; - leaf rule-name { - type string; - description - "A unique name identifying this Access List - Entry(ACE)."; - } - container matches { - description - "Definitions for match criteria for this Access List - Entry."; - choice ace-type { - description - "Type of access list entry."; - case ace-ip { - description "IP Access List Entry."; - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses packet-fields:acl-ip-header-fields; - } - case ace-eth { - description - "Ethernet Access List entry."; - uses packet-fields:acl-eth-header-fields; - } - } - } - container actions { - description - "Definitions of action criteria for this Access List - Entry."; - choice packet-handling { - default "deny"; - description - "Packet handling action."; - case deny { - leaf deny { - type empty; - description - "Deny action."; - } - } - case permit { - leaf permit { - type empty; - description - "Permit action."; - } - } - } - } - container ace-oper-data { - config false; - description - "Operational data for this Access List Entry."; - leaf match-counter { - type yang:counter64; - description - "Number of matches for this Access List Entry"; - } - } - } - } - } - } -} diff --git a/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang b/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang new file mode 100644 index 000000000..3083ee2a0 --- /dev/null +++ b/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang @@ -0,0 +1,208 @@ +module ietf-access-control-list { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; + prefix acl; + import ietf-yang-types { + prefix yang; + } + import ietf-packet-fields { + prefix packet-fields; + } + organization "IETF NETMOD (NETCONF Data Modeling Language) + Working Group"; + contact + "WG Web: http://tools.ietf.org/wg/netmod/ + WG List: netmod@ietf.org + WG Chair: Juergen Schoenwaelder + j.schoenwaelder@jacobs-university.de + WG Chair: Tom Nadeau + tnadeau@lucidvision.com + Editor: Dean Bogdanovic + ivandean@gmail.com + Editor: Kiran Agrahara Sreenivasa + kkoushik@cisco.com + Editor: Lisa Huang + lyihuang16@gmail.com + Editor: Dana Blair + dblair@cisco.com"; + description + "This YANG module defines a component that describing the + configuration of Access Control Lists (ACLs). + Copyright (c) 2015 IETF Trust and the persons identified as + the document authors. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + revision 2016-07-08 { + description + "Base model for Network Access Control List (ACL)."; + reference + "RFC XXXX: Network Access Control List (ACL) + YANG Data Model"; + } + identity acl-base { + description + "Base Access Control List type for all Access Control List type + identifiers."; + } + identity ipv4-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields from the IPv4 header + (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv4-acl does not contain + matches on fields in the ethernet header or the IPv6 header."; + } + identity ipv6-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields from the IPv6 header + (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv6-acl does not contain + matches on fields in the ethernet header or the IPv4 header."; + } + identity eth-acl { + base acl:acl-base; + description + "ACL that primarily matches on fields in the ethernet header, + like 10/100/1000baseT or WiFi Access Control List. An acl of + type eth-acl does not contain matches on fields in the IPv4 + header, IPv6 header or layer 4 headers."; + } + typedef acl-type { + type identityref { + base acl:acl-base; + } + description + "This type is used to refer to an Access Control List + (ACL) type"; + } + typedef access-control-list-ref { + type leafref { + path "/access-lists/acl/acl-name"; + } + description + "This type is used by data models that need to reference an + Access Control List"; + } + container access-lists { + description + "This is a top level container for Access Control Lists. + It can have one or more Access Control Lists."; + list acl { + key "acl-type acl-name"; + description + "An Access Control List(ACL) is an ordered list of + Access List Entries (ACE). Each Access Control Entry has a + list of match criteria and a list of actions. + Since there are several kinds of Access Control Lists + implemented with different attributes for + different vendors, this + model accommodates customizing Access Control Lists for + each kind and for each vendor."; + leaf acl-name { + type string; + description + "The name of access-list. A device MAY restrict the length + and value of this name, possibly space and special + characters are not allowed."; + } + leaf acl-type { + type acl-type; + description + "Type of access control list. Indicates the primary intended + type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) + used in the list instance."; + } + container acl-oper-data { + config false; + description + "Overall Access Control List operational data"; + } + container access-list-entries { + description + "The access-list-entries container contains + a list of access-list-entries(ACE)."; + list ace { + key "rule-name"; + ordered-by user; + description + "List of access list entries(ACE)"; + leaf rule-name { + type string; + description + "A unique name identifying this Access List + Entry(ACE)."; + } + container matches { + description + "Definitions for match criteria for this Access List + Entry."; + choice ace-type { + description + "Type of access list entry."; + case ace-ip { + description "IP Access List Entry."; + choice ace-ip-version { + description + "IP version used in this Access List Entry."; + case ace-ipv4 { + uses packet-fields:acl-ipv4-header-fields; + } + case ace-ipv6 { + uses packet-fields:acl-ipv6-header-fields; + } + } + uses packet-fields:acl-ip-header-fields; + } + case ace-eth { + description + "Ethernet Access List entry."; + uses packet-fields:acl-eth-header-fields; + } + } + } + container actions { + description + "Definitions of action criteria for this Access List + Entry."; + choice packet-handling { + default "deny"; + description + "Packet handling action."; + case deny { + leaf deny { + type empty; + description + "Deny action."; + } + } + case permit { + leaf permit { + type empty; + description + "Permit action."; + } + } + } + } + container ace-oper-data { + config false; + description + "Operational data for this Access List Entry."; + leaf match-counter { + type yang:counter64; + description + "Number of matches for this Access List Entry"; + } + } + } + } + } + } +} diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields.yang b/acl/acl-api/src/main/yang/ietf-packet-fields.yang deleted file mode 100644 index 0b1ce5cdd..000000000 --- a/acl/acl-api/src/main/yang/ietf-packet-fields.yang +++ /dev/null @@ -1,180 +0,0 @@ -module ietf-packet-fields { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; - prefix packet-fields; - import ietf-inet-types { - prefix inet; - } - import ietf-yang-types { - prefix yang; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) Working - Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - deanb@juniper.net - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines groupings that are used by - ietf-access-control-list YANG module. Their usage is not - limited to ietf-access-control-list and can be - used anywhere as applicable. - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Initial version of packet fields used by - ietf-access-control-list"; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - grouping acl-transport-header-fields { - description - "Transport header fields"; - container source-port-range { - presence "Enables setting source port range"; - description - "Inclusive range representing source ports to be used. - When only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - description - "Upper boundary for port . If existing, the upper port - must be greater or equal to lower-port."; - } - } - container destination-port-range { - presence "Enables setting destination port range"; - description - "Inclusive range representing destination ports to be used. When - only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - - description - "Upper boundary for port. If existing, the upper port must - be greater or equal to lower-port"; - } - } - } - grouping acl-ip-header-fields { - description - "IP header fields common to ipv4 and ipv6"; - leaf dscp { - type inet:dscp; - description - "Value of dscp."; - } - leaf protocol { - type uint8; - description - "Internet Protocol number."; - } - uses acl-transport-header-fields; - } - grouping acl-ipv4-header-fields { - description - "Fields in IPv4 header."; - leaf destination-ipv4-network { - type inet:ipv4-prefix; - description - "Destination IPv4 address prefix."; - } - leaf source-ipv4-network { - type inet:ipv4-prefix; - description - "Source IPv4 address prefix."; - } - } - grouping acl-ipv6-header-fields { - description - "Fields in IPv6 header"; - leaf destination-ipv6-network { - type inet:ipv6-prefix; - description - "Destination IPv6 address prefix."; - } - leaf source-ipv6-network { - type inet:ipv6-prefix; - description - "Source IPv6 address prefix."; - } - leaf flow-label { - type inet:ipv6-flow-label; - description - "IPv6 Flow label."; - } - reference - "RFC 4291: IP Version 6 Addressing Architecture - RFC 4007: IPv6 Scoped Address Architecture - RFC 5952: A Recommendation for IPv6 Address Text Representation"; - } - grouping acl-eth-header-fields { - description - "Fields in Ethernet header."; - leaf destination-mac-address { - type yang:mac-address; - description - "Destination IEEE 802 MAC address."; - } - leaf destination-mac-address-mask { - type yang:mac-address; - description - "Destination IEEE 802 MAC address mask."; - } - leaf source-mac-address { - type yang:mac-address; - description - "Source IEEE 802 MAC address."; - } - leaf source-mac-address-mask { - type yang:mac-address; - description - "Source IEEE 802 MAC address mask."; - } - reference - "IEEE 802: IEEE Standard for Local and Metropolitan Area - Networks: Overview and Architecture."; - } - -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang b/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang new file mode 100644 index 000000000..0b1ce5cdd --- /dev/null +++ b/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang @@ -0,0 +1,180 @@ +module ietf-packet-fields { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; + prefix packet-fields; + import ietf-inet-types { + prefix inet; + } + import ietf-yang-types { + prefix yang; + } + organization "IETF NETMOD (NETCONF Data Modeling Language) Working + Group"; + contact + "WG Web: http://tools.ietf.org/wg/netmod/ + WG List: netmod@ietf.org + WG Chair: Juergen Schoenwaelder + j.schoenwaelder@jacobs-university.de + WG Chair: Tom Nadeau + tnadeau@lucidvision.com + Editor: Dean Bogdanovic + deanb@juniper.net + Editor: Kiran Agrahara Sreenivasa + kkoushik@cisco.com + Editor: Lisa Huang + lyihuang16@gmail.com + Editor: Dana Blair + dblair@cisco.com"; + description + "This YANG module defines groupings that are used by + ietf-access-control-list YANG module. Their usage is not + limited to ietf-access-control-list and can be + used anywhere as applicable. + Copyright (c) 2015 IETF Trust and the persons identified as + the document authors. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + revision 2016-07-08 { + description + "Initial version of packet fields used by + ietf-access-control-list"; + reference + "RFC XXXX: Network Access Control List (ACL) + YANG Data Model"; + } + grouping acl-transport-header-fields { + description + "Transport header fields"; + container source-port-range { + presence "Enables setting source port range"; + description + "Inclusive range representing source ports to be used. + When only lower-port is present, it represents a single port."; + leaf lower-port { + type inet:port-number; + mandatory true; + description + "Lower boundary for port."; + } + leaf upper-port { + type inet:port-number; + must ". >= ../lower-port" { + error-message + "The upper-port must be greater than or equal to lower-port"; + } + description + "Upper boundary for port . If existing, the upper port + must be greater or equal to lower-port."; + } + } + container destination-port-range { + presence "Enables setting destination port range"; + description + "Inclusive range representing destination ports to be used. When + only lower-port is present, it represents a single port."; + leaf lower-port { + type inet:port-number; + mandatory true; + description + "Lower boundary for port."; + } + leaf upper-port { + type inet:port-number; + must ". >= ../lower-port" { + error-message + "The upper-port must be greater than or equal to lower-port"; + } + + description + "Upper boundary for port. If existing, the upper port must + be greater or equal to lower-port"; + } + } + } + grouping acl-ip-header-fields { + description + "IP header fields common to ipv4 and ipv6"; + leaf dscp { + type inet:dscp; + description + "Value of dscp."; + } + leaf protocol { + type uint8; + description + "Internet Protocol number."; + } + uses acl-transport-header-fields; + } + grouping acl-ipv4-header-fields { + description + "Fields in IPv4 header."; + leaf destination-ipv4-network { + type inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + leaf source-ipv4-network { + type inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + } + grouping acl-ipv6-header-fields { + description + "Fields in IPv6 header"; + leaf destination-ipv6-network { + type inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + leaf source-ipv6-network { + type inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + leaf flow-label { + type inet:ipv6-flow-label; + description + "IPv6 Flow label."; + } + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text Representation"; + } + grouping acl-eth-header-fields { + description + "Fields in Ethernet header."; + leaf destination-mac-address { + type yang:mac-address; + description + "Destination IEEE 802 MAC address."; + } + leaf destination-mac-address-mask { + type yang:mac-address; + description + "Destination IEEE 802 MAC address mask."; + } + leaf source-mac-address { + type yang:mac-address; + description + "Source IEEE 802 MAC address."; + } + leaf source-mac-address-mask { + type yang:mac-address; + description + "Source IEEE 802 MAC address mask."; + } + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture."; + } + +} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/interface-acl.yang b/acl/acl-api/src/main/yang/interface-acl.yang deleted file mode 100644 index aab82e566..000000000 --- a/acl/acl-api/src/main/yang/interface-acl.yang +++ /dev/null @@ -1,84 +0,0 @@ -module interface-acl { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:interface:acl"; - prefix "ifc-acl"; - - revision "2016-12-14" { - description "Initial revision of interface-acl model"; - } - - import ietf-interfaces { - prefix "if"; - } - import yang-ext { - prefix "ext"; - } - import ietf-yang-types { - prefix "yang"; - } - - import vpp-acl { - prefix "vpp-acl"; - } - - import ietf-access-control-list { - prefix "acl"; - } - - description "Augmentations to interfaces model to apply acls exposed by acl plugin of vpp"; - - grouping vpp-acls-base-attributes { - description - "List of ACLs of vpp-acl type"; // TODO express constraint in the model if possible - list vpp-acls { - key "type name"; - ordered-by user; - - leaf type { - type acl:acl-type; - } - - leaf name { - type acl:access-control-list-ref; - } - } - } - - grouping vpp-macip-acls-base-attributes { - container vpp-macip-acl { - description - "ACL of vpp-macip-acl type"; // TODO express constraint in the model if possible - - leaf type { - type acl:acl-type; - } - - leaf name { - type acl:access-control-list-ref; - } - } - } - - grouping interface-acl-attributes { - container acl { - container ingress { - uses vpp-acls-base-attributes; - uses vpp-macip-acls-base-attributes; - } - container egress { - uses vpp-acls-base-attributes; - } - } - } - - augment /if:interfaces/if:interface { - ext:augment-identifier "vpp-acl-interface-augmentation"; - uses interface-acl-attributes; - } - - augment /if:interfaces-state/if:interface { - ext:augment-identifier "vpp-acl-interface-state-augmentation"; - uses interface-acl-attributes; - } - -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang b/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang new file mode 100644 index 000000000..aab82e566 --- /dev/null +++ b/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang @@ -0,0 +1,84 @@ +module interface-acl { + yang-version 1; + namespace "urn:opendaylight:params:xml:ns:yang:interface:acl"; + prefix "ifc-acl"; + + revision "2016-12-14" { + description "Initial revision of interface-acl model"; + } + + import ietf-interfaces { + prefix "if"; + } + import yang-ext { + prefix "ext"; + } + import ietf-yang-types { + prefix "yang"; + } + + import vpp-acl { + prefix "vpp-acl"; + } + + import ietf-access-control-list { + prefix "acl"; + } + + description "Augmentations to interfaces model to apply acls exposed by acl plugin of vpp"; + + grouping vpp-acls-base-attributes { + description + "List of ACLs of vpp-acl type"; // TODO express constraint in the model if possible + list vpp-acls { + key "type name"; + ordered-by user; + + leaf type { + type acl:acl-type; + } + + leaf name { + type acl:access-control-list-ref; + } + } + } + + grouping vpp-macip-acls-base-attributes { + container vpp-macip-acl { + description + "ACL of vpp-macip-acl type"; // TODO express constraint in the model if possible + + leaf type { + type acl:acl-type; + } + + leaf name { + type acl:access-control-list-ref; + } + } + } + + grouping interface-acl-attributes { + container acl { + container ingress { + uses vpp-acls-base-attributes; + uses vpp-macip-acls-base-attributes; + } + container egress { + uses vpp-acls-base-attributes; + } + } + } + + augment /if:interfaces/if:interface { + ext:augment-identifier "vpp-acl-interface-augmentation"; + uses interface-acl-attributes; + } + + augment /if:interfaces-state/if:interface { + ext:augment-identifier "vpp-acl-interface-state-augmentation"; + uses interface-acl-attributes; + } + +} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl-context.yang b/acl/acl-api/src/main/yang/vpp-acl-context.yang deleted file mode 100644 index fde7f6346..000000000 --- a/acl/acl-api/src/main/yang/vpp-acl-context.yang +++ /dev/null @@ -1,66 +0,0 @@ -module vpp-acl-context { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl:context"; - prefix "nc"; - - description "Context for vpp-acl assignment mapping"; - - revision "2017-01-04" { - description "Initial revision."; - } - - import naming-context { - prefix "nc"; - } - - import yang-ext { - prefix "ext"; - } - - grouping vpp-acl-context-attributes { - container vpp-acl-mappings { - list vpp-acl-context { - - key "name"; - - leaf name { - type string; - description "vpp-acl context name"; - } - - list acl-mapping { - key "name"; - - leaf name { - type string; - description "ACL name"; - } - - leaf index { - type int32; - description "ACL index"; - } - - list ace-mapping { - key "name"; - - leaf name { - type string; - description "ACEs name"; - } - - leaf index { - type int32; - description "ACE index"; - } - } - } - } - } - } - - augment /nc:contexts { - ext:augment-identifier "vpp-acl-context-augmentation"; - uses vpp-acl-context-attributes; - } -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang b/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang new file mode 100644 index 000000000..fde7f6346 --- /dev/null +++ b/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang @@ -0,0 +1,66 @@ +module vpp-acl-context { + yang-version 1; + namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl:context"; + prefix "nc"; + + description "Context for vpp-acl assignment mapping"; + + revision "2017-01-04" { + description "Initial revision."; + } + + import naming-context { + prefix "nc"; + } + + import yang-ext { + prefix "ext"; + } + + grouping vpp-acl-context-attributes { + container vpp-acl-mappings { + list vpp-acl-context { + + key "name"; + + leaf name { + type string; + description "vpp-acl context name"; + } + + list acl-mapping { + key "name"; + + leaf name { + type string; + description "ACL name"; + } + + leaf index { + type int32; + description "ACL index"; + } + + list ace-mapping { + key "name"; + + leaf name { + type string; + description "ACEs name"; + } + + leaf index { + type int32; + description "ACE index"; + } + } + } + } + } + } + + augment /nc:contexts { + ext:augment-identifier "vpp-acl-context-augmentation"; + uses vpp-acl-context-attributes; + } +} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl.yang b/acl/acl-api/src/main/yang/vpp-acl.yang deleted file mode 100644 index 0a800370d..000000000 --- a/acl/acl-api/src/main/yang/vpp-acl.yang +++ /dev/null @@ -1,258 +0,0 @@ -module vpp-acl { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl"; - prefix "vpp-acl"; - - revision "2016-12-14" { - description - "Initial revision of vpp-acl model."; - } - - revision "2017-06-15" { - description - "Renamed stateful/permit leaf to permit-and-reflect"; - } - - import ietf-access-control-list { - prefix "acl"; - } - - import yang-ext { - prefix "ext"; - } - - import ietf-packet-fields { - prefix packet-fields; - } - - import ietf-inet-types { - prefix inet; - } - - import ietf-yang-types { - prefix yang; - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:actions/acl:packet-handling { - ext:augment-identifier "stateful-acl-action-augmentation"; - when "../acl:matches/acl:ace-type = 'vpp-acl:vpp-acl'"; - case stateful { - leaf permit-and-reflect { - type empty; - description - "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs."; - } - } - } - - identity vpp-acl { - base acl:acl-base; - description - "ACL that contains only aces of vpp-ace type."; - } - - identity vpp-macip-acl { - base acl:acl-base; - description - "ACL that contains only aces of vpp-macip-acl type."; - } - - grouping value-range { - description "Defines value range with first and last value defined"; - - leaf first { - type uint8; - mandatory true; - description "Lower boundary for range"; - } - - leaf last { - type uint8; - mandatory true; - description "Upper boundary for range"; - must "last >= first"; - } - } - - grouping acl-icmp-header-fields { - description - "ICMP header fields"; - container icmp-type-range { - presence "Enables setting icmp-type"; - description - "Inclusive range representing icmp types to be used."; - uses value-range; - } - - container icmp-code-range { - presence "Enables setting icmp-code"; - description - "Inclusive range representing icmp codes to be used."; - uses value-range; - } - } - - grouping acl-tcp-header-fields { - description - "TCP header fields"; - leaf tcp-flags-mask { - description - "Binary mask for tcp flags to match. MSB order (FIN at position 0). - Applied as logical AND to tcp flags field of the packet being matched, - before it is compared with tcp-flags-value."; - type uint8; - } - leaf tcp-flags-value { - description - "Binary value for tcp flags to match. MSB order (FIN at position 0). - Before tcp-flags-value is compared with tcp flags field of the packet being matched, - tcp-flags-mask is applied to packet field value."; - type uint8; - } - } - - grouping acl-other-protocol-fields { - description "Used for any other protocol than TCP/UDP/ICMP/ICMPv6"; - leaf protocol { - must "protocol != 1 and protocol != 6 and protocol != 17 and protocol != 58"; - type uint8; - description "Internet Protocol number."; - } - } - - grouping acl-ip-protocol-header-fields { - description - "Defines header fields for TCP/UDP or ICMP protocols"; - choice ip-protocol { - case icmp { - container icmp-nodes { - uses acl-icmp-header-fields; - } - } - case icmp-v6 { - container icmp-v6-nodes { - uses acl-icmp-header-fields; - } - } - case udp { - container udp-nodes { - uses packet-fields:acl-transport-header-fields; - } - } - case tcp { - container tcp-nodes { - uses packet-fields:acl-transport-header-fields; - uses acl-tcp-header-fields; - } - } - case other { - container other-nodes { - uses acl-other-protocol-fields; - } - } - } - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { - ext:augment-identifier "vpp-acl-type-augmentation"; - case vpp-ace { - description - "Access List entry that can define: - - IP4/IP6 src/dst ip prefix- Internet Protocol number - - Internet Protocol number - - selected L4 headers: - * ICMP (type range) - * UDP (port range) - * TCP (port range, flags mask, flags value)"; - container vpp-ace-nodes { - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses acl-ip-protocol-header-fields; - } - } - } - - grouping vpp-macip-ace-eth-header-fields { - description - "Fields in Ethernet header supported by vpp-macip rule"; - leaf source-mac-address { - type yang:mac-address; - description - "Source IEEE 802 MAC address. - Before source-mac-address is compared with source mac address field of the packet being matched, - source-mac-address-mask is applied to packet field value."; - } - leaf source-mac-address-mask { - type yang:mac-address; - description - "Source IEEE 802 MAC address mask. - Applied as logical AND with source mac address field of the packet being matched, - before it is compared with source-mac-address."; - } - } - - grouping vpp-macip-ace-ipv4-header-fields { - description - "Fields in IPv4 header supported by vpp-macip rule"; - leaf source-ipv4-network { - type inet:ipv4-prefix; - description - "Source IPv4 address prefix."; - } - } - - grouping vpp-macip-ace-ipv6-header-fields { - description - "Fields in IPv6 header supported by vpp-macip rule"; - leaf source-ipv6-network { - type inet:ipv6-prefix; - description - "Source IPv6 address prefix."; - } - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { - ext:augment-identifier "vpp-macip-acl-type-augmentation"; - case vpp-macip-ace { - description - "Access List entry that can define: - - IP4/IP6 src ip prefix - - src MAC address mask - - src MAC address value - - can be used only for static ACLs."; - container vpp-macip-ace-nodes { - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses vpp-macip-ace-ipv4-header-fields; - } - case ace-ipv6 { - uses vpp-macip-ace-ipv6-header-fields; - } - } - uses vpp-macip-ace-eth-header-fields; - } - } - } - - augment /acl:access-lists/acl:acl { - ext:augment-identifier "vpp-acl-augmentation"; - leaf tag { - type string { - length 1..63; - } - description - "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp, - and returned in read requests. No processing involved."; - } - } -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang b/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang new file mode 100644 index 000000000..dfc1d890b --- /dev/null +++ b/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang @@ -0,0 +1,258 @@ +module vpp-acl { + yang-version 1; + namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl"; + prefix "vpp-acl"; + + revision "2017-06-15" { + description + "Renamed stateful/permit leaf to permit-and-reflect"; + } + + revision "2016-12-14" { + description + "Initial revision of vpp-acl model."; + } + + import ietf-access-control-list { + prefix "acl"; + } + + import yang-ext { + prefix "ext"; + } + + import ietf-packet-fields { + prefix packet-fields; + } + + import ietf-inet-types { + prefix inet; + } + + import ietf-yang-types { + prefix yang; + } + + augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:actions/acl:packet-handling { + ext:augment-identifier "stateful-acl-action-augmentation"; + when "../acl:matches/acl:ace-type = 'vpp-acl:vpp-acl'"; + case stateful { + leaf permit-and-reflect { + type empty; + description + "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs."; + } + } + } + + identity vpp-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-ace type."; + } + + identity vpp-macip-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-macip-acl type."; + } + + grouping value-range { + description "Defines value range with first and last value defined"; + + leaf first { + type uint8; + mandatory true; + description "Lower boundary for range"; + } + + leaf last { + type uint8; + mandatory true; + description "Upper boundary for range"; + must "last >= first"; + } + } + + grouping acl-icmp-header-fields { + description + "ICMP header fields"; + container icmp-type-range { + presence "Enables setting icmp-type"; + description + "Inclusive range representing icmp types to be used."; + uses value-range; + } + + container icmp-code-range { + presence "Enables setting icmp-code"; + description + "Inclusive range representing icmp codes to be used."; + uses value-range; + } + } + + grouping acl-tcp-header-fields { + description + "TCP header fields"; + leaf tcp-flags-mask { + description + "Binary mask for tcp flags to match. MSB order (FIN at position 0). + Applied as logical AND to tcp flags field of the packet being matched, + before it is compared with tcp-flags-value."; + type uint8; + } + leaf tcp-flags-value { + description + "Binary value for tcp flags to match. MSB order (FIN at position 0). + Before tcp-flags-value is compared with tcp flags field of the packet being matched, + tcp-flags-mask is applied to packet field value."; + type uint8; + } + } + + grouping acl-other-protocol-fields { + description "Used for any other protocol than TCP/UDP/ICMP/ICMPv6"; + leaf protocol { + must "protocol != 1 and protocol != 6 and protocol != 17 and protocol != 58"; + type uint8; + description "Internet Protocol number."; + } + } + + grouping acl-ip-protocol-header-fields { + description + "Defines header fields for TCP/UDP or ICMP protocols"; + choice ip-protocol { + case icmp { + container icmp-nodes { + uses acl-icmp-header-fields; + } + } + case icmp-v6 { + container icmp-v6-nodes { + uses acl-icmp-header-fields; + } + } + case udp { + container udp-nodes { + uses packet-fields:acl-transport-header-fields; + } + } + case tcp { + container tcp-nodes { + uses packet-fields:acl-transport-header-fields; + uses acl-tcp-header-fields; + } + } + case other { + container other-nodes { + uses acl-other-protocol-fields; + } + } + } + } + + augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { + ext:augment-identifier "vpp-acl-type-augmentation"; + case vpp-ace { + description + "Access List entry that can define: + - IP4/IP6 src/dst ip prefix- Internet Protocol number + - Internet Protocol number + - selected L4 headers: + * ICMP (type range) + * UDP (port range) + * TCP (port range, flags mask, flags value)"; + container vpp-ace-nodes { + choice ace-ip-version { + description + "IP version used in this Access List Entry."; + case ace-ipv4 { + uses packet-fields:acl-ipv4-header-fields; + } + case ace-ipv6 { + uses packet-fields:acl-ipv6-header-fields; + } + } + uses acl-ip-protocol-header-fields; + } + } + } + + grouping vpp-macip-ace-eth-header-fields { + description + "Fields in Ethernet header supported by vpp-macip rule"; + leaf source-mac-address { + type yang:mac-address; + description + "Source IEEE 802 MAC address. + Before source-mac-address is compared with source mac address field of the packet being matched, + source-mac-address-mask is applied to packet field value."; + } + leaf source-mac-address-mask { + type yang:mac-address; + description + "Source IEEE 802 MAC address mask. + Applied as logical AND with source mac address field of the packet being matched, + before it is compared with source-mac-address."; + } + } + + grouping vpp-macip-ace-ipv4-header-fields { + description + "Fields in IPv4 header supported by vpp-macip rule"; + leaf source-ipv4-network { + type inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + } + + grouping vpp-macip-ace-ipv6-header-fields { + description + "Fields in IPv6 header supported by vpp-macip rule"; + leaf source-ipv6-network { + type inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + } + + augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { + ext:augment-identifier "vpp-macip-acl-type-augmentation"; + case vpp-macip-ace { + description + "Access List entry that can define: + - IP4/IP6 src ip prefix + - src MAC address mask + - src MAC address value + - can be used only for static ACLs."; + container vpp-macip-ace-nodes { + choice ace-ip-version { + description + "IP version used in this Access List Entry."; + case ace-ipv4 { + uses vpp-macip-ace-ipv4-header-fields; + } + case ace-ipv6 { + uses vpp-macip-ace-ipv6-header-fields; + } + } + uses vpp-macip-ace-eth-header-fields; + } + } + } + + augment /acl:access-lists/acl:acl { + ext:augment-identifier "vpp-acl-augmentation"; + leaf tag { + type string { + length 1..63; + } + description + "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp, + and returned in read requests. No processing involved."; + } + } +} \ No newline at end of file -- cgit 1.2.3-korg