diff options
author | Pavel Kotucek <pavel.kotucek@pantheon.tech> | 2019-04-15 14:10:15 +0200 |
---|---|---|
committer | Hongjun Ni <hongjun.ni@intel.com> | 2019-04-25 13:01:35 +0000 |
commit | bda8bf51f84cc9fb7a2d875c1f35540e0b4a3db4 (patch) | |
tree | 45a8d0a2d7e60295c01c0089d4147bb403f40da5 /src/plugins/yang/openconfig | |
parent | 29d2d586b9dfdd7776e42fefbe2b049de49dc009 (diff) |
ACL yang models
Added ACL openconfig yang models.
Change-Id: If8075def912bfa5f980101221d781b4857d4ca45
Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
Diffstat (limited to 'src/plugins/yang/openconfig')
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang | 847 | ||||
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang | 165 | ||||
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang (renamed from src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang) | 21 | ||||
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang | 309 | ||||
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang | 371 | ||||
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang (renamed from src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang) | 13 |
6 files changed, 1720 insertions, 6 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang new file mode 100644 index 0000000..fe80988 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang @@ -0,0 +1,847 @@ +module openconfig-acl { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/acl"; + + prefix "oc-acl"; + + import openconfig-packet-match { prefix oc-match; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state + data for network access control lists (i.e., filters, rules, + etc.). ACLs are organized into ACL sets, with each set + containing one or more ACL entries. ACL sets are identified + by a unique name, while each entry within a set is assigned + a sequence-id that determines the order in which the ACL + rules are applied to a packet. Note that ACLs are evaluated + in ascending order based on the sequence-id (low to high). + + Individual ACL rules specify match criteria based on fields in + the packet, along with an action that defines how matching + packets should be handled. Entries have a type that indicates + the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc."; + + oc-ext:openconfig-version "1.0.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-24" { + description + "Clarified order of ACL evaluation"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated ACL entries by type"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-01-22" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + identity ACL_TYPE { + description + "Base identity for types of ACL sets"; + } + + identity ACL_IPV4 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv4 addresses"; + } + + identity ACL_IPV6 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv6 addresses"; + } + + identity ACL_L2 { + base ACL_TYPE; + description + "MAC-layer ACLs"; + } + + identity ACL_MIXED { + base ACL_TYPE; + description + "Mixed-mode ACL that specifies L2 and L3 protocol + fields. This ACL type is not implemented by many + routing/switching devices."; + } + + // ACL action type + + identity FORWARDING_ACTION { + description + "Base identity for actions in the forwarding category"; + } + + identity ACCEPT { + base FORWARDING_ACTION; + description + "Accept the packet"; + } + + identity DROP { + base FORWARDING_ACTION; + description + "Drop packet without sending any ICMP error message"; + } + + identity REJECT { + base FORWARDING_ACTION; + description + "Drop the packet and send an ICMP error message to the source"; + } + + identity LOG_ACTION { + description + "Base identity for defining the destination for logging + actions"; + } + + identity LOG_SYSLOG { + base LOG_ACTION; + description + "Log the packet in Syslog"; + } + + identity LOG_NONE { + base LOG_ACTION; + description + "No logging"; + } + + identity ACL_COUNTER_CAPABILITY { + description + "Base identity for system to indicate how it is able to report + counters"; + } + + identity INTERFACE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are available and reported only per interface"; + } + + identity AGGREGATE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are aggregated over all interfaces, and reported + only per ACL entry"; + } + + identity INTERFACE_AGGREGATE { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are reported per interface, and also aggregated + and reported per ACL entry."; + } + + // grouping statements + + // input interface + grouping input-interface-config { + description + "Config of interface"; + + } + + grouping input-interface-state { + description + "State information of interface"; + } + + grouping input-interface-top { + description + "Input interface top level container"; + + container input-interface { + description + "Input interface container"; + + container config { + description + "Config data"; + uses input-interface-config; + } + + container state { + config false; + description + "State information"; + uses input-interface-config; + uses input-interface-state; + } + + uses oc-if:interface-ref; + + } + } + + // Action Type + grouping action-config { + description + "Config of action type"; + + + leaf forwarding-action { + type identityref { + base FORWARDING_ACTION; + } + mandatory true; + description + "Specifies the forwarding action. One forwarding action + must be specified for each ACL entry"; + } + + leaf log-action { + type identityref { + base LOG_ACTION; + } + default LOG_NONE; + description + "Specifies the log action and destination for + matched packets. The default is not to log the + packet."; + } + + + } + + grouping action-state { + description + "State information of action type"; + + } + + grouping action-top { + description + "ACL action type top level container"; + + container actions { + description + "Enclosing container for list of ACL actions associated + with an entry"; + + container config { + description + "Config data for ACL actions"; + uses action-config; + } + + container state { + config false; + description + "State information for ACL actions"; + uses action-config; + uses action-state; + } + } + } + + grouping acl-counters-state { + description + "Common grouping for ACL counters"; + + leaf matched-packets { + type oc-yang:counter64; + description + "Count of the number of packets matching the current ACL + entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + leaf matched-octets { + type oc-yang:counter64; + description + "Count of the number of octets (bytes) matching the current + ACL entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + } + + // Access List Entries + grouping access-list-entries-config { + description + "Access List Entries (ACE) config."; + + leaf sequence-id { + type uint32; + description + "The sequence id determines the order in which ACL entries + are applied. The sequence id must be unique for each entry + in an ACL set. Target devices should apply the ACL entry + rules in ascending order determined by sequence id (low to + high), rather than the relying only on order in the list."; + } + + leaf description { + type string; + description + "A user-defined description, or comment, for this Access List + Entry."; + } + + } + + grouping access-list-entries-state { + description + "Access List Entries state."; + + uses acl-counters-state; + + } + + grouping access-list-entries-top { + description + "Access list entries to level container"; + + container acl-entries { + description + "Access list entries container"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries comprising an ACL set"; + + leaf sequence-id { + type leafref { + path "../config/sequence-id"; + } + description + "references the list key"; + } + + container config { + description + "Access list entries config"; + uses access-list-entries-config; + } + + container state { + config false; + description + "State information for ACL entries"; + uses access-list-entries-config; + uses access-list-entries-state; + } + + uses oc-match:ethernet-header-top { + when "../../config/type='ACL_L2'" { + description + "MAC-layer fields are valid when the ACL type is L2"; + } + } + uses oc-match:ipv4-protocol-fields-top { + when "../../config/type='ACL_IPV4'" { + description + "IPv4-layer fields are valid when the ACL type is + IPv4"; + } + } + uses oc-match:ipv6-protocol-fields-top { + when "../../config/type='ACL_IPV6'" { + description + "IPv6-layer fields are valid when the ACL type is + IPv6"; + } + } + uses oc-match:transport-fields-top { + when "../../config/type='ACL_IPV6' or " + + "../../config/type='ACL_IPV4'" { + description + "Transport-layer fields are valid when specifying + L3 ACL types"; + } + } + uses input-interface-top; + + uses action-top; + } + } + } + + grouping acl-set-config { + description + "Access Control List config"; + + leaf name { + type string; + description + "The name of the access-list set"; + } + + leaf type { + type identityref { + base ACL_TYPE; + } + description + "The type determines the fields allowed in the ACL entries + belonging to the ACL set (e.g., IPv4, IPv6, etc.)"; + } + + leaf description { + type string; + description + "Description, or comment, for the ACL set"; + } + + } + + grouping acl-set-state { + description + "Access Control List state"; + } + + grouping acl-set-top { + description + "Access list entries variables top level container"; + + container acl-sets { + description + "Access list entries variables enclosing container"; + + list acl-set { + key "name type"; + description + "List of ACL sets, each comprising of a list of ACL + entries"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to the type list key"; + } + + container config { + description + "Access list config"; + uses acl-set-config; + } + + container state { + config false; + description + "Access list state information"; + uses acl-set-config; + uses acl-set-state; + } + uses access-list-entries-top; + } + } + } + + grouping interface-acl-entries-config { + description + "Configuration data for per-interface ACLs"; + + } + + grouping interface-acl-entries-state { + description + "Operational state data for per-interface ACL entries"; + + leaf sequence-id { + type leafref { + path "/acl/acl-sets/" + + "acl-set[name=current()/../../../../set-name]" + + "[type=current()/../../../../type]/" + + "acl-entries/acl-entry/sequence-id"; + } + description + "Reference to an entry in the ACL set applied to an + interface"; + } + + uses acl-counters-state; + + } + + grouping interface-acl-entries-top { + description + "Top-level grouping for per-interface ACL entries"; + + container acl-entries { + config false; + description + "Enclosing container for list of references to ACLs"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries assigned to an interface"; + + leaf sequence-id { + type leafref { + path "../state/sequence-id"; + } + description + "Reference to per-interface acl entry key"; + } + + // no config container since the enclosing container is + // read-only + + container state { + + config false; + + description + "Operational state data for per-interface ACL entries"; + + uses interface-acl-entries-config; + uses interface-acl-entries-state; + } + } + } + } + + grouping interface-ingress-acl-config { + description + "Configuration data for per-interface ingress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on ingress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on ingress"; + } + } + + grouping interface-ingress-acl-state { + description + "Operational state data for the per-interface ingress ACL"; + } + + grouping interface-ingress-acl-top { + description + "Top-level grouping for per-interface ingress ACL data"; + + container ingress-acl-sets { + description + "Enclosing container the list of ingress ACLs on the + interface"; + + list ingress-acl-set { + key "set-name type"; + description + "List of ingress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-ingress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface ingress ACLs"; + + uses interface-ingress-acl-config; + uses interface-ingress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping interface-egress-acl-config { + description + "Configuration data for per-interface egress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on egress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on egress."; + } + } + + grouping interface-egress-acl-state { + description + "Operational state data for the per-interface egress ACL"; + } + + grouping interface-egress-acl-top { + description + "Top-level grouping for per-interface egress ACL data"; + + container egress-acl-sets { + description + "Enclosing container the list of egress ACLs on the + interface"; + + list egress-acl-set { + key "set-name type"; + description + "List of egress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-egress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface egress ACLs"; + + uses interface-egress-acl-config; + uses interface-egress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping acl-interfaces-config { + description + "Configuration data for interface references"; + + leaf id { + type oc-if:interface-id; + description + "User-defined identifier for the interface -- a common + convention could be '<if name>.<subif index>'"; + } + } + + grouping acl-interfaces-state { + description + "Operational state data for interface references"; + } + + grouping acl-interfaces-top { + description + "Top-level grouping for interface-specific ACL data"; + + container interfaces { + description + "Enclosing container for the list of interfaces on which + ACLs are set"; + + list interface { + key "id"; + description + "List of interfaces on which ACLs are set"; + + leaf id { + type leafref { + path "../config/id"; + } + description + "Reference to the interface id list key"; + } + + container config { + description + "Configuration for ACL per-interface data"; + + uses acl-interfaces-config; + } + + container state { + + config false; + + description + "Operational state for ACL per-interface data"; + + uses acl-interfaces-config; + uses acl-interfaces-state; + } + + uses oc-if:interface-ref; + uses interface-ingress-acl-top; + uses interface-egress-acl-top; + } + } + } + + grouping acl-config { + description + "Global configuration data for ACLs"; + } + + grouping acl-state { + description + "Global operational state data for ACLs"; + + leaf counter-capability { + type identityref { + base ACL_COUNTER_CAPABILITY; + } + description + "System reported indication of how ACL counters are reported + by the target"; + } + } + grouping acl-top { + description + "Top level grouping for ACL data and structure"; + + container acl { + description + "Top level enclosing container for ACL model config + and operational state data"; + + container config { + description + "Global config data for ACLs"; + + uses acl-config; + } + + container state { + + config false; + + description + "Global operational state data for ACLs"; + + uses acl-config; + uses acl-state; + } + + uses acl-set-top; + uses acl-interfaces-top; + } + } + + // data definition statements + uses acl-top; + + // augment statements + + +} diff --git a/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang new file mode 100644 index 0000000..452d400 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang @@ -0,0 +1,165 @@ +module openconfig-extensions { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/openconfig-ext"; + + prefix "oc-ext"; + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module provides extensions to the YANG language to allow + OpenConfig specific functionality and meta-data to be defined."; + + revision "2018-10-17" { + description + "Add extension for regular expression type."; + reference "0.4.0"; + } + + revision "2017-04-11" { + description + "rename password type to 'hashed' and clarify description"; + reference "0.3.0"; + } + + revision "2017-01-29" { + description + "Added extension for annotating encrypted values."; + reference "0.2.0"; + } + + revision "2015-10-09" { + description + "Initial OpenConfig public release"; + reference "0.1.0"; + } + + + // extension statements + extension openconfig-version { + argument "semver" { + yin-element false; + } + description + "The OpenConfig version number for the module. This is + expressed as a semantic version number of the form: + x.y.z + where: + * x corresponds to the major version, + * y corresponds to a minor version, + * z corresponds to a patch version. + This version corresponds to the model file within which it is + defined, and does not cover the whole set of OpenConfig models. + Where several modules are used to build up a single block of + functionality, the same module version is specified across each + file that makes up the module. + A major version number of 0 indicates that this model is still + in development (whether within OpenConfig or with industry + partners), and is potentially subject to change. + Following a release of major version 1, all modules will + increment major revision number where backwards incompatible + changes to the model are made. + The minor version is changed when features are added to the + model that do not impact current clients use of the model. + The patch-level version is incremented when non-feature changes + (such as bugfixes or clarifications to human-readable + descriptions that do not impact model functionality) are made + that maintain backwards compatibility. + The version number is stored in the module meta-data."; + } + + extension openconfig-hashed-value { + description + "This extension provides an annotation on schema nodes to + indicate that the corresponding value should be stored and + reported in hashed form. + Hash algorithms are by definition not reversible. Clients + reading the configuration or applied configuration for the node + should expect to receive only the hashed value. Values written + in cleartext will be hashed. This annotation may be used on + nodes such as secure passwords in which the device never reports + a cleartext value, even if the input is provided as cleartext."; + } + + extension regexp-posix { + description + "This extension indicates that the regular expressions included + within the YANG module specified are conformant with the POSIX + regular expression format rather than the W3C standard that is + specified by RFC6020 and RFC7950."; + } + + extension telemetry-on-change { + description + "The telemetry-on-change annotation is specified in the context + of a particular subtree (container, or list) or leaf within the + YANG schema. Where specified, it indicates that the value stored + by the nodes within the context change their value only in response + to an event occurring. The event may be local to the target, for + example - a configuration change, or external - such as the failure + of a link. + When a telemetry subscription allows the target to determine whether + to export the value of a leaf in a periodic or event-based fashion + (e.g., TARGET_DEFINED mode in gNMI), leaves marked as + telemetry-on-change should only be exported when they change, + i.e., event-based."; + } + + extension telemetry-atomic { + description + "The telemetry-atomic annotation is specified in the context of + a subtree (containre, or list), and indicates that all nodes + within the subtree are always updated together within the data + model. For example, all elements under the subtree may be updated + as a result of a new alarm being raised, or the arrival of a new + protocol message. + Transport protocols may use the atomic specification to determine + optimisations for sending or storing the corresponding data."; + } + + extension operational { + description + "The operational annotation is specified in the context of a + grouping, leaf, or leaf-list within a YANG module. It indicates + that the nodes within the context are derived state on the device. + OpenConfig data models divide nodes into the following three categories: + - intended configuration - these are leaves within a container named + 'config', and are the writable configuration of a target. + - applied configuration - these are leaves within a container named + 'state' and are the currently running value of the intended configuration. + - derived state - these are the values within the 'state' container which + are not part of the applied configuration of the device. Typically, they + represent state values reflecting underlying operational counters, or + protocol statuses."; + } + + extension catalog-organization { + argument "org" { + yin-element false; + } + description + "This extension specifies the organization name that should be used within + the module catalogue on the device for the specified YANG module. It stores + a pithy string where the YANG organization statement may contain more + details."; + } + + extension origin { + argument "origin" { + yin-element false; + } + description + "This extension specifies the name of the origin that the YANG module + falls within. This allows multiple overlapping schema trees to be used + on a single network element without requiring module based prefixing + of paths."; + } +}
\ No newline at end of file diff --git a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang index fbb872f..7c23d2b 100644 --- a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang +++ b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang @@ -31,7 +31,13 @@ module openconfig-inet-types { Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info)."; - oc-ext:openconfig-version "0.3.1"; + oc-ext:openconfig-version "0.3.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.3.2"; + } revision 2017-08-24 { description @@ -63,13 +69,18 @@ module openconfig-inet-types { reference "0.1.0"; } + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + // IPv4 and IPv6 types. typedef ipv4-address { type string { - pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])'; + '[0-9]|25[0-5])$'; } description "An IPv4 address in dotted quad notation using the default @@ -136,9 +147,9 @@ module openconfig-inet-types { typedef ipv4-prefix { type string { - pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))'; + '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))$'; } description "An IPv4 prefix represented in dotted quad notation followed by diff --git a/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang new file mode 100644 index 0000000..1b93d52 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang @@ -0,0 +1,309 @@ +module openconfig-packet-match-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/packet-match-types"; + + prefix "oc-pkt-match-types"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines common types for use in models requiring + data definitions related to packet matches."; + + oc-ext:openconfig-version "1.0.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-15" { + description + "Corrected description and range for ethertype typedef"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // extension statements + + // feature statements + + // identity statements + + + //TODO: should replace this with an official IEEE module + // when available. Only a select number of types are + // defined in this identity. + identity ETHERTYPE { + description + "Base identity for commonly used Ethertype values used + in packet header matches on Ethernet frames. The Ethertype + indicates which protocol is encapsulated in the Ethernet + payload."; + reference + "IEEE 802.3"; + } + + identity ETHERTYPE_IPV4 { + base ETHERTYPE; + description + "IPv4 protocol (0x0800)"; + } + + identity ETHERTYPE_ARP { + base ETHERTYPE; + description + "Address resolution protocol (0x0806)"; + } + + identity ETHERTYPE_VLAN { + base ETHERTYPE; + description + "VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note + that this value is also used to represent Shortest Path + Bridging (IEEE 801.1aq) frames."; + } + + identity ETHERTYPE_IPV6 { + base ETHERTYPE; + description + "IPv6 protocol (0x86DD)"; + } + + identity ETHERTYPE_MPLS { + base ETHERTYPE; + description + "MPLS unicast (0x8847)"; + } + + identity ETHERTYPE_LLDP { + base ETHERTYPE; + description + "Link Layer Discovery Protocol (0x88CC)"; + } + + identity ETHERTYPE_ROCE { + base ETHERTYPE; + description + "RDMA over Converged Ethernet (0x8915)"; + } + + + //TODO: should replace this with an official IANA module when + //available. Only a select set of protocols are defined with + //this identity. + identity IP_PROTOCOL { + description + "Base identity for commonly used IP protocols used in + packet header matches"; + reference + "IANA Assigned Internet Protocol Numbers"; + } + + identity IP_TCP { + base IP_PROTOCOL; + description + "Transmission Control Protocol (6)"; + } + + identity IP_UDP { + base IP_PROTOCOL; + description + "User Datagram Protocol (17)"; + } + + identity IP_ICMP { + base IP_PROTOCOL; + description + "Internet Control Message Protocol (1)"; + } + + identity IP_IGMP { + base IP_PROTOCOL; + description + "Internet Group Membership Protocol (2)"; + } + + identity IP_PIM { + base IP_PROTOCOL; + description + "Protocol Independent Multicast (103)"; + } + + identity IP_RSVP { + base IP_PROTOCOL; + description + "Resource Reservation Protocol (46)"; + } + + identity IP_GRE { + base IP_PROTOCOL; + description + "Generic Routing Encapsulation (47)"; + } + + identity IP_AUTH { + base IP_PROTOCOL; + description + "Authentication header, e.g., for IPSEC (51)"; + } + + identity IP_L2TP { + base IP_PROTOCOL; + description + "Layer Two Tunneling Protocol v.3 (115)"; + } + + + + identity TCP_FLAGS { + description + "Common TCP flags used in packet header matches"; + reference + "IETF RFC 793 - Transmission Control Protocol + IETF RFC 3168 - The Addition of Explicit Congestion + Notification (ECN) to IP"; + } + + identity TCP_SYN { + base TCP_FLAGS; + description + "TCP SYN flag"; + } + + identity TCP_FIN { + base TCP_FLAGS; + description + "TCP FIN flag"; + } + + identity TCP_RST { + base TCP_FLAGS; + description + "TCP RST flag"; + } + + identity TCP_PSH { + base TCP_FLAGS; + description + "TCP push flag"; + } + + identity TCP_ACK { + base TCP_FLAGS; + description + "TCP ACK flag"; + } + + identity TCP_URG { + base TCP_FLAGS; + description + "TCP urgent flag"; + } + + identity TCP_ECE { + base TCP_FLAGS; + description + "TCP ECN-Echo flag. If the SYN flag is set, indicates that + the TCP peer is ECN-capable, otherwise indicates that a + packet with Congestion Experienced flag in the IP header + is set"; + } + + identity TCP_CWR { + base TCP_FLAGS; + description + "TCP Congestion Window Reduced flag"; + } + + // typedef statements + + typedef port-num-range { + type union { + type string { + pattern '^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?' + + '[0-9]?)\.\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?' + + '[0-9]?[0-9]?)$'; + } + type oc-inet:port-number; + type enumeration { + enum ANY { + description + "Indicates any valid port number (e.g., wildcard)"; + } + } + } + description + "Port numbers may be represented as a single value, + an inclusive range as <lower>..<higher>, or as ANY to + indicate a wildcard."; + } + + typedef ip-protocol-type { + type union { + type uint8 { + range 0..254; + } + type identityref { + base IP_PROTOCOL; + } + } + description + "The IP protocol number may be expressed as a valid protocol + number (integer) or using a protocol type defined by the + IP_PROTOCOL identity"; + } + + typedef ethertype-type { + type union { + type uint16 { + range 1536..65535; + } + type identityref { + base ETHERTYPE; + } + } + description + "The Ethertype value may be expressed as a 16-bit number in + decimal notation, or using a type defined by the + ETHERTYPE identity"; + } + +} diff --git a/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang new file mode 100644 index 0000000..510bc57 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang @@ -0,0 +1,371 @@ +module openconfig-packet-match { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/header-fields"; + + prefix "oc-pkt-match"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-packet-match-types { prefix oc-pkt-match-types; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data related to packet header fields + used in matching operations, for example in ACLs. When a + field is omitted from a match expression, the effect is a + wildcard ('any') for that field."; + + oc-ext:openconfig-version "1.1.1"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.1.1"; + } + + revision "2017-12-15" { + description + "Add MPLS packet field matches"; + reference "1.1.0"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // Physical Layer fields + // ethernet-header + grouping ethernet-header-config { + description + "Configuration data of fields in Ethernet header."; + + leaf source-mac { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address."; + } + + leaf source-mac-mask { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address mask."; + } + + leaf destination-mac { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address."; + } + + leaf destination-mac-mask { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address mask."; + } + + leaf ethertype { + type oc-pkt-match-types:ethertype-type; + description + "Ethertype field to match in Ethernet packets"; + } + } + + grouping ethernet-header-state { + description + "State information of fields in Ethernet header."; + } + + grouping ethernet-header-top { + description + "Top level container for fields in Ethernet header."; + + container l2 { + description + "Ethernet header fields"; + + container config { + description + "Configuration data"; + uses ethernet-header-config; + } + + container state { + config false; + description + "State Information."; + uses ethernet-header-config; + uses ethernet-header-state; + } + } + } + + grouping mpls-header-top { + description + "Top-level container for fields in an MPLS header."; + + container mpls { + description + "MPLS header fields"; + + container config { + description + "Configuration parameters relating to fields within + the MPLS header."; + uses mpls-header-config; + } + + container state { + config false; + description + "Operational state parameters relating to fields + within the MPLS header"; + uses mpls-header-config; + } + } + } + + grouping mpls-header-config { + description + "Configuration parameters relating to matches within + MPLS header fields."; + + leaf traffic-class { + type uint8 { + range "0..7"; + } + description + "The value of the MPLS traffic class (TC) bits, + formerly known as the EXP bits."; + } + } + + grouping ip-protocol-fields-common-config { + description + "IP protocol fields common to IPv4 and IPv6"; + + leaf dscp { + type oc-inet:dscp; + description + "Value of diffserv codepoint."; + } + + leaf protocol { + type oc-pkt-match-types:ip-protocol-type; + description + "The protocol carried in the IP packet, expressed either + as its IP protocol number, or by a defined identity."; + } + + leaf hop-limit { + type uint8 { + range 0..255; + } + description + "The IP packet's hop limit -- known as TTL (in hops) in + IPv4 packets, and hop limit in IPv6"; + } + } + + // IP Layer + // ip-protocol-fields + grouping ipv4-protocol-fields-config { + description + "Configuration data of IP protocol fields + for IPv4"; + + leaf source-address { + type oc-inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + + leaf destination-address { + type oc-inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + + uses ip-protocol-fields-common-config; + + } + + grouping ipv4-protocol-fields-state { + description + "State information of IP header fields for IPv4"; + } + + grouping ipv4-protocol-fields-top { + description + "IP header fields for IPv4"; + + container ipv4 { + description + "Top level container for IPv4 match field data"; + + container config { + description + "Configuration data for IPv4 match fields"; + uses ipv4-protocol-fields-config; + } + + container state { + config false; + description + "State information for IPv4 match fields"; + uses ipv4-protocol-fields-config; + uses ipv4-protocol-fields-state; + } + } + } + + grouping ipv6-protocol-fields-config { + description + "Configuration data for IPv6 match fields"; + + leaf source-address { + type oc-inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + + leaf source-flow-label { + type oc-inet:ipv6-flow-label; + description + "Source IPv6 Flow label."; + } + + leaf destination-address { + type oc-inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + + leaf destination-flow-label { + type oc-inet:ipv6-flow-label; + description + "Destination IPv6 Flow label."; + } + + uses ip-protocol-fields-common-config; + } + + grouping ipv6-protocol-fields-state { + description + "Operational state data for IPv6 match fields"; + } + + grouping ipv6-protocol-fields-top { + description + "Top-level grouping for IPv6 match fields"; + + container ipv6 { + description + "Top-level container for IPv6 match field data"; + + container config { + description + "Configuration data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + } + + container state { + + config false; + + description + "Operational state data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + uses ipv6-protocol-fields-state; + } + } + } + + // Transport fields + grouping transport-fields-config { + description + "Configuration data of transport-layer packet fields"; + + leaf source-port { + type oc-pkt-match-types:port-num-range; + description + "Source port or range"; + } + + leaf destination-port { + type oc-pkt-match-types:port-num-range; + description + "Destination port or range"; + } + + leaf-list tcp-flags { + type identityref { + base oc-pkt-match-types:TCP_FLAGS; + } + description + "List of TCP flags to match"; + } + } + + grouping transport-fields-state { + description + "State data of transport-fields"; + } + + grouping transport-fields-top { + description + "Destination transport-fields top level grouping"; + + container transport { + description + "Transport fields container"; + + container config { + description + "Configuration data"; + uses transport-fields-config; + } + + container state { + config false; + description + "State data"; + uses transport-fields-config; + uses transport-fields-state; + } + } + } + +} diff --git a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang index b3b2c16..1c2a7f5 100644 --- a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang +++ b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang @@ -32,7 +32,13 @@ module openconfig-yang-types { Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info)."; - oc-ext:openconfig-version "0.2.0"; + oc-ext:openconfig-version "0.2.1"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.2.1"; + } revision 2018-04-24 { description @@ -58,6 +64,11 @@ module openconfig-yang-types { reference "0.1.0"; } + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + typedef dotted-quad { type string { pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + |