From a2ead5e4781ed729e3e6968b83bd4ec76cfc67aa Mon Sep 17 00:00:00 2001
From: Marek Gradzki <mgradzki@cisco.com>
Date: Mon, 15 Aug 2016 15:03:10 +0200
Subject: HONEYCOMB-139: yang model for ietf-acl draft revision 8

Change-Id: I9250e07f3811036f483959aa841897380bcb7669
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
---
 .../src/main/yang/ietf-access-control-list.yang    | 208 +++++++++++++++++++++
 1 file changed, 208 insertions(+)
 create mode 100644 v3po/api/src/main/yang/ietf-access-control-list.yang

(limited to 'v3po/api/src/main/yang/ietf-access-control-list.yang')

diff --git a/v3po/api/src/main/yang/ietf-access-control-list.yang b/v3po/api/src/main/yang/ietf-access-control-list.yang
new file mode 100644
index 000000000..3083ee2a0
--- /dev/null
+++ b/v3po/api/src/main/yang/ietf-access-control-list.yang
@@ -0,0 +1,208 @@
+module ietf-access-control-list {
+  yang-version 1.1;
+  namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+  prefix acl;
+  import ietf-yang-types {
+    prefix yang;
+  }
+  import ietf-packet-fields {
+    prefix packet-fields;
+  }
+  organization "IETF NETMOD (NETCONF Data Modeling Language)
+           Working Group";
+  contact
+    "WG Web: http://tools.ietf.org/wg/netmod/
+    WG List: netmod@ietf.org
+    WG Chair: Juergen Schoenwaelder
+    j.schoenwaelder@jacobs-university.de
+    WG Chair: Tom Nadeau
+    tnadeau@lucidvision.com
+    Editor: Dean Bogdanovic
+    ivandean@gmail.com
+    Editor: Kiran Agrahara Sreenivasa
+    kkoushik@cisco.com
+    Editor: Lisa Huang
+    lyihuang16@gmail.com
+    Editor: Dana Blair
+    dblair@cisco.com";
+  description
+    "This YANG module defines a component that describing the
+    configuration of Access Control Lists (ACLs).
+    Copyright (c) 2015 IETF Trust and the persons identified as
+    the document authors.  All rights reserved.
+    Redistribution and use in source and binary forms, with or
+    without modification, is permitted pursuant to, and subject
+    to the license terms contained in, the Simplified BSD
+    License set forth in Section 4.c of the IETF Trust's Legal
+    Provisions Relating to IETF Documents
+    (http://trustee.ietf.org/license-info).
+    This version of this YANG module is part of RFC XXXX; see
+    the RFC itself for full legal notices.";
+  revision 2016-07-08 {
+    description
+      "Base model for Network Access Control List (ACL).";
+    reference
+      "RFC XXXX: Network Access Control List (ACL)
+      YANG Data  Model";
+  }
+  identity acl-base {
+    description
+      "Base Access Control List type for all Access Control List type
+      identifiers.";
+  }
+  identity ipv4-acl {
+    base acl:acl-base;
+    description
+       "ACL that primarily matches on fields from the IPv4 header
+       (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
+       destination port).  An acl of type ipv4-acl does not contain
+       matches on fields in the ethernet header or the IPv6 header.";
+  }
+  identity ipv6-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields from the IPv6 header
+      (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
+      destination port). An acl of type ipv6-acl does not contain
+      matches on fields in the ethernet header or the IPv4 header.";
+  }
+  identity eth-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields in the ethernet header,
+      like 10/100/1000baseT or WiFi Access Control List. An acl of
+      type eth-acl does not contain matches on fields in the IPv4
+      header, IPv6 header or layer 4 headers.";
+  }
+  typedef acl-type {
+    type identityref {
+      base acl:acl-base;
+    }
+    description
+      "This type is used to refer to an Access Control List
+      (ACL) type";
+  }
+  typedef access-control-list-ref {
+    type leafref {
+      path "/access-lists/acl/acl-name";
+    }
+    description
+      "This type is used by data models that need to reference an
+      Access Control List";
+  }
+  container access-lists {
+    description
+      "This is a top level container for Access Control Lists.
+      It can have one or more Access Control Lists.";
+    list acl {
+      key "acl-type acl-name";
+      description
+        "An Access Control List(ACL) is an ordered list of
+        Access List Entries (ACE). Each Access Control Entry has a
+        list of match criteria and a list of actions.
+        Since there are several kinds of Access Control Lists
+        implemented with different attributes for
+        different vendors, this
+        model accommodates customizing Access Control Lists for
+        each kind and for each vendor.";
+      leaf acl-name {
+        type string;
+        description
+          "The name of access-list. A device MAY restrict the length 
+    	  and value of this name, possibly space and special 
+    	  characters are not allowed.";
+      }
+      leaf acl-type {
+        type acl-type;
+        description
+            "Type of access control list. Indicates the primary intended
+            type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
+            used in the list instance.";
+      }
+      container acl-oper-data {
+        config false;
+        description
+          "Overall Access Control List operational data";
+      }
+      container access-list-entries {
+        description
+          "The access-list-entries container contains
+          a list of access-list-entries(ACE).";
+        list ace {
+          key "rule-name";
+          ordered-by user;
+          description
+            "List of access list entries(ACE)";
+          leaf rule-name {
+            type string;
+            description
+              "A unique name identifying this Access List
+              Entry(ACE).";
+          }
+          container matches {
+            description
+              "Definitions for match criteria for this Access List
+        Entry.";
+            choice ace-type {
+              description
+                "Type of access list entry.";
+              case ace-ip {
+                      description "IP Access List Entry.";
+                choice ace-ip-version {
+                  description
+                    "IP version used in this Access List Entry.";
+                  case ace-ipv4 {
+                    uses packet-fields:acl-ipv4-header-fields;
+                  }
+                  case ace-ipv6 {
+                    uses packet-fields:acl-ipv6-header-fields;
+                  }
+                }
+                uses packet-fields:acl-ip-header-fields;
+              }
+              case ace-eth {
+                description
+                  "Ethernet Access List entry.";
+                uses packet-fields:acl-eth-header-fields;
+              }
+            }
+          }
+          container actions {
+            description
+              "Definitions of action criteria for this Access List
+        Entry.";
+            choice packet-handling {
+              default "deny";
+              description
+                "Packet handling action.";
+              case deny {
+                leaf deny {
+                  type empty;
+                  description
+                    "Deny action.";
+                }
+              }
+              case permit {
+                leaf permit {
+                  type empty;
+                  description
+                    "Permit action.";
+                }
+              }
+            }
+          }
+          container ace-oper-data {
+            config false;
+            description
+              "Operational data for this Access List Entry.";
+            leaf match-counter {
+              type yang:counter64;
+              description
+                "Number of matches for this Access List Entry";
+            }
+          }
+        }
+      }
+    }
+  }
+}
-- 
cgit 1.2.3-korg