summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorPavel Kotucek <pavel.kotucek@pantheon.tech>2019-04-15 14:10:15 +0200
committerHongjun Ni <hongjun.ni@intel.com>2019-04-25 13:01:35 +0000
commitbda8bf51f84cc9fb7a2d875c1f35540e0b4a3db4 (patch)
tree45a8d0a2d7e60295c01c0089d4147bb403f40da5 /src/plugins
parent29d2d586b9dfdd7776e42fefbe2b049de49dc009 (diff)
ACL yang models
Added ACL openconfig yang models. Change-Id: If8075def912bfa5f980101221d781b4857d4ca45 Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/yang/ietf/ietf-ip@2018-02-22.yang876
-rw-r--r--src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang847
-rw-r--r--src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang165
-rw-r--r--src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang (renamed from src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang)21
-rw-r--r--src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang309
-rw-r--r--src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang371
-rw-r--r--src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang (renamed from src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang)13
7 files changed, 2596 insertions, 6 deletions
diff --git a/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang b/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang
new file mode 100644
index 0000000..a270f67
--- /dev/null
+++ b/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang
@@ -0,0 +1,876 @@
+module ietf-ip {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-ip";
+ prefix ip;
+
+ import ietf-interfaces {
+ prefix if;
+ }
+ import ietf-inet-types {
+ prefix inet;
+ }
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+ description
+ "This module contains a collection of YANG definitions for
+ managing IP implementations.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8344; see
+ the RFC itself for full legal notices.";
+
+ revision 2018-02-22 {
+ description
+ "Updated to support NMDA.";
+ reference
+ "RFC 8344: A YANG Data Model for IP Management";
+ }
+
+ revision 2014-06-16 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7277: A YANG Data Model for IP Management";
+ }
+
+ /*
+ * Features
+ */
+
+ feature ipv4-non-contiguous-netmasks {
+ description
+ "Indicates support for configuring non-contiguous
+ subnet masks.";
+ }
+
+ feature ipv6-privacy-autoconf {
+ description
+ "Indicates support for privacy extensions for stateless address
+ autoconfiguration in IPv6.";
+ reference
+ "RFC 4941: Privacy Extensions for Stateless Address
+ Autoconfiguration in IPv6";
+ }
+
+ /*
+ * Typedefs
+ */
+
+ typedef ip-address-origin {
+ type enumeration {
+ enum other {
+ description
+ "None of the following.";
+ }
+
+ enum static {
+ description
+ "Indicates that the address has been statically
+ configured -- for example, using the Network Configuration
+ Protocol (NETCONF) or a command line interface.";
+ }
+ enum dhcp {
+ description
+ "Indicates an address that has been assigned to this
+ system by a DHCP server.";
+ }
+ enum link-layer {
+ description
+ "Indicates an address created by IPv6 stateless
+ autoconfiguration that embeds a link-layer address in its
+ interface identifier.";
+ }
+ enum random {
+ description
+ "Indicates an address chosen by the system at
+ random, e.g., an IPv4 address within 169.254/16, a
+ temporary address as described in RFC 4941, or a
+ semantically opaque address as described in RFC 7217.";
+ reference
+ "RFC 4941: Privacy Extensions for Stateless Address
+ Autoconfiguration in IPv6
+ RFC 7217: A Method for Generating Semantically Opaque
+ Interface Identifiers with IPv6 Stateless
+ Address Autoconfiguration (SLAAC)";
+ }
+ }
+ description
+ "The origin of an address.";
+ }
+
+ typedef neighbor-origin {
+ type enumeration {
+ enum other {
+ description
+ "None of the following.";
+ }
+ enum static {
+ description
+ "Indicates that the mapping has been statically
+ configured -- for example, using NETCONF or a command line
+ interface.";
+ }
+
+ enum dynamic {
+ description
+ "Indicates that the mapping has been dynamically resolved
+ using, for example, IPv4 ARP or the IPv6 Neighbor
+ Discovery protocol.";
+ }
+ }
+ description
+ "The origin of a neighbor entry.";
+ }
+
+ /*
+ * Data nodes
+ */
+
+ augment "/if:interfaces/if:interface" {
+ description
+ "IP parameters on interfaces.
+
+ If an interface is not capable of running IP, the server
+ must not allow the client to configure these parameters.";
+
+ container ipv4 {
+ presence
+ "Enables IPv4 unless the 'enabled' leaf
+ (which defaults to 'true') is set to 'false'";
+ description
+ "Parameters for the IPv4 address family.";
+
+ leaf enabled {
+ type boolean;
+ default true;
+ description
+ "Controls whether IPv4 is enabled or disabled on this
+ interface. When IPv4 is enabled, this interface is
+ connected to an IPv4 stack, and the interface can send
+ and receive IPv4 packets.";
+ }
+ leaf forwarding {
+ type boolean;
+ default false;
+ description
+ "Controls IPv4 packet forwarding of datagrams received by,
+ but not addressed to, this interface. IPv4 routers
+ forward datagrams. IPv4 hosts do not (except those
+ source-routed via the host).";
+ }
+
+ leaf mtu {
+ type uint16 {
+ range "68..max";
+ }
+ units "octets";
+ description
+ "The size, in octets, of the largest IPv4 packet that the
+ interface will send and receive.
+
+ The server may restrict the allowed values for this leaf,
+ depending on the interface's type.
+
+ If this leaf is not configured, the operationally used MTU
+ depends on the interface's type.";
+ reference
+ "RFC 791: Internet Protocol";
+ }
+ list address {
+ key "ip";
+ description
+ "The list of IPv4 addresses on the interface.";
+
+ leaf ip {
+ type inet:ipv4-address-no-zone;
+ description
+ "The IPv4 address on the interface.";
+ }
+ choice subnet {
+ mandatory true;
+ description
+ "The subnet can be specified as a prefix length or,
+ if the server supports non-contiguous netmasks, as
+ a netmask.";
+ leaf prefix-length {
+ type uint8 {
+ range "0..32";
+ }
+ description
+ "The length of the subnet prefix.";
+ }
+ leaf netmask {
+ if-feature ipv4-non-contiguous-netmasks;
+ type yang:dotted-quad;
+ description
+ "The subnet specified as a netmask.";
+ }
+ }
+
+ leaf origin {
+ type ip-address-origin;
+ config false;
+ description
+ "The origin of this address.";
+ }
+ }
+ list neighbor {
+ key "ip";
+ description
+ "A list of mappings from IPv4 addresses to
+ link-layer addresses.
+
+ Entries in this list in the intended configuration are
+ used as static entries in the ARP Cache.
+
+ In the operational state, this list represents the ARP
+ Cache.";
+ reference
+ "RFC 826: An Ethernet Address Resolution Protocol";
+
+ leaf ip {
+ type inet:ipv4-address-no-zone;
+ description
+ "The IPv4 address of the neighbor node.";
+ }
+ leaf link-layer-address {
+ type yang:phys-address;
+ mandatory true;
+ description
+ "The link-layer address of the neighbor node.";
+ }
+ leaf origin {
+ type neighbor-origin;
+ config false;
+ description
+ "The origin of this neighbor entry.";
+ }
+ }
+ }
+
+ container ipv6 {
+ presence
+ "Enables IPv6 unless the 'enabled' leaf
+ (which defaults to 'true') is set to 'false'";
+ description
+ "Parameters for the IPv6 address family.";
+
+ leaf enabled {
+ type boolean;
+ default true;
+ description
+ "Controls whether IPv6 is enabled or disabled on this
+ interface. When IPv6 is enabled, this interface is
+ connected to an IPv6 stack, and the interface can send
+ and receive IPv6 packets.";
+ }
+ leaf forwarding {
+ type boolean;
+ default false;
+ description
+ "Controls IPv6 packet forwarding of datagrams received by,
+ but not addressed to, this interface. IPv6 routers
+ forward datagrams. IPv6 hosts do not (except those
+ source-routed via the host).";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
+ Section 6.2.1, IsRouter";
+ }
+ leaf mtu {
+ type uint32 {
+ range "1280..max";
+ }
+ units "octets";
+ description
+ "The size, in octets, of the largest IPv6 packet that the
+ interface will send and receive.
+
+ The server may restrict the allowed values for this leaf,
+ depending on the interface's type.
+
+ If this leaf is not configured, the operationally used MTU
+ depends on the interface's type.";
+ reference
+ "RFC 8200: Internet Protocol, Version 6 (IPv6)
+ Specification
+ Section 5";
+ }
+
+ list address {
+ key "ip";
+ description
+ "The list of IPv6 addresses on the interface.";
+
+ leaf ip {
+ type inet:ipv6-address-no-zone;
+ description
+ "The IPv6 address on the interface.";
+ }
+ leaf prefix-length {
+ type uint8 {
+ range "0..128";
+ }
+ mandatory true;
+ description
+ "The length of the subnet prefix.";
+ }
+ leaf origin {
+ type ip-address-origin;
+ config false;
+ description
+ "The origin of this address.";
+ }
+ leaf status {
+ type enumeration {
+ enum preferred {
+ description
+ "This is a valid address that can appear as the
+ destination or source address of a packet.";
+ }
+ enum deprecated {
+ description
+ "This is a valid but deprecated address that should
+ no longer be used as a source address in new
+ communications, but packets addressed to such an
+ address are processed as expected.";
+ }
+ enum invalid {
+ description
+ "This isn't a valid address, and it shouldn't appear
+ as the destination or source address of a packet.";
+ }
+
+ enum inaccessible {
+ description
+ "The address is not accessible because the interface
+ to which this address is assigned is not
+ operational.";
+ }
+ enum unknown {
+ description
+ "The status cannot be determined for some reason.";
+ }
+ enum tentative {
+ description
+ "The uniqueness of the address on the link is being
+ verified. Addresses in this state should not be
+ used for general communication and should only be
+ used to determine the uniqueness of the address.";
+ }
+ enum duplicate {
+ description
+ "The address has been determined to be non-unique on
+ the link and so must not be used.";
+ }
+ enum optimistic {
+ description
+ "The address is available for use, subject to
+ restrictions, while its uniqueness on a link is
+ being verified.";
+ }
+ }
+ config false;
+ description
+ "The status of an address. Most of the states correspond
+ to states from the IPv6 Stateless Address
+ Autoconfiguration protocol.";
+ reference
+ "RFC 4293: Management Information Base for the
+ Internet Protocol (IP)
+ - IpAddressStatusTC
+ RFC 4862: IPv6 Stateless Address Autoconfiguration";
+ }
+ }
+
+ list neighbor {
+ key "ip";
+ description
+ "A list of mappings from IPv6 addresses to
+ link-layer addresses.
+
+ Entries in this list in the intended configuration are
+ used as static entries in the Neighbor Cache.
+
+ In the operational state, this list represents the
+ Neighbor Cache.";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)";
+
+ leaf ip {
+ type inet:ipv6-address-no-zone;
+ description
+ "The IPv6 address of the neighbor node.";
+ }
+ leaf link-layer-address {
+ type yang:phys-address;
+ mandatory true;
+ description
+ "The link-layer address of the neighbor node.
+
+ In the operational state, if the neighbor's 'state' leaf
+ is 'incomplete', this leaf is not instantiated.";
+ }
+ leaf origin {
+ type neighbor-origin;
+ config false;
+ description
+ "The origin of this neighbor entry.";
+ }
+ leaf is-router {
+ type empty;
+ config false;
+ description
+ "Indicates that the neighbor node acts as a router.";
+ }
+
+ leaf state {
+ type enumeration {
+ enum incomplete {
+ description
+ "Address resolution is in progress, and the
+ link-layer address of the neighbor has not yet been
+ determined.";
+ }
+ enum reachable {
+ description
+ "Roughly speaking, the neighbor is known to have been
+ reachable recently (within tens of seconds ago).";
+ }
+ enum stale {
+ description
+ "The neighbor is no longer known to be reachable, but
+ until traffic is sent to the neighbor no attempt
+ should be made to verify its reachability.";
+ }
+ enum delay {
+ description
+ "The neighbor is no longer known to be reachable, and
+ traffic has recently been sent to the neighbor.
+ Rather than probe the neighbor immediately, however,
+ delay sending probes for a short while in order to
+ give upper-layer protocols a chance to provide
+ reachability confirmation.";
+ }
+ enum probe {
+ description
+ "The neighbor is no longer known to be reachable, and
+ unicast Neighbor Solicitation probes are being sent
+ to verify reachability.";
+ }
+ }
+ config false;
+ description
+ "The Neighbor Unreachability Detection state of this
+ entry.";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
+ Section 7.3.2";
+ }
+ }
+
+ leaf dup-addr-detect-transmits {
+ type uint32;
+ default 1;
+ description
+ "The number of consecutive Neighbor Solicitation messages
+ sent while performing Duplicate Address Detection on a
+ tentative address. A value of zero indicates that
+ Duplicate Address Detection is not performed on
+ tentative addresses. A value of one indicates a single
+ transmission with no follow-up retransmissions.";
+ reference
+ "RFC 4862: IPv6 Stateless Address Autoconfiguration";
+ }
+ container autoconf {
+ description
+ "Parameters to control the autoconfiguration of IPv6
+ addresses, as described in RFC 4862.";
+ reference
+ "RFC 4862: IPv6 Stateless Address Autoconfiguration";
+
+ leaf create-global-addresses {
+ type boolean;
+ default true;
+ description
+ "If enabled, the host creates global addresses as
+ described in RFC 4862.";
+ reference
+ "RFC 4862: IPv6 Stateless Address Autoconfiguration
+ Section 5.5";
+ }
+ leaf create-temporary-addresses {
+ if-feature ipv6-privacy-autoconf;
+ type boolean;
+ default false;
+ description
+ "If enabled, the host creates temporary addresses as
+ described in RFC 4941.";
+ reference
+ "RFC 4941: Privacy Extensions for Stateless Address
+ Autoconfiguration in IPv6";
+ }
+
+ leaf temporary-valid-lifetime {
+ if-feature ipv6-privacy-autoconf;
+ type uint32;
+ units "seconds";
+ default 604800;
+ description
+ "The time period during which the temporary address
+ is valid.";
+ reference
+ "RFC 4941: Privacy Extensions for Stateless Address
+ Autoconfiguration in IPv6
+ - TEMP_VALID_LIFETIME";
+ }
+ leaf temporary-preferred-lifetime {
+ if-feature ipv6-privacy-autoconf;
+ type uint32;
+ units "seconds";
+ default 86400;
+ description
+ "The time period during which the temporary address is
+ preferred.";
+ reference
+ "RFC 4941: Privacy Extensions for Stateless Address
+ Autoconfiguration in IPv6
+ - TEMP_PREFERRED_LIFETIME";
+ }
+ }
+ }
+ }
+
+ /*
+ * Legacy operational state data nodes
+ */
+
+ augment "/if:interfaces-state/if:interface" {
+ status deprecated;
+ description
+ "Data nodes for the operational state of IP on interfaces.";
+
+ container ipv4 {
+ presence
+ "Present if IPv4 is enabled on this interface";
+ config false;
+ status deprecated;
+ description
+ "Interface-specific parameters for the IPv4 address family.";
+
+ leaf forwarding {
+ type boolean;
+ status deprecated;
+ description
+ "Indicates whether IPv4 packet forwarding is enabled or
+ disabled on this interface.";
+ }
+ leaf mtu {
+ type uint16 {
+ range "68..max";
+ }
+ units "octets";
+ status deprecated;
+ description
+ "The size, in octets, of the largest IPv4 packet that the
+ interface will send and receive.";
+ reference
+ "RFC 791: Internet Protocol";
+ }
+ list address {
+ key "ip";
+ status deprecated;
+ description
+ "The list of IPv4 addresses on the interface.";
+
+ leaf ip {
+ type inet:ipv4-address-no-zone;
+ status deprecated;
+ description
+ "The IPv4 address on the interface.";
+ }
+ choice subnet {
+ status deprecated;
+ description
+ "The subnet can be specified as a prefix length or,
+ if the server supports non-contiguous netmasks, as
+ a netmask.";
+ leaf prefix-length {
+ type uint8 {
+ range "0..32";
+ }
+ status deprecated;
+ description
+ "The length of the subnet prefix.";
+ }
+ leaf netmask {
+ if-feature ipv4-non-contiguous-netmasks;
+ type yang:dotted-quad;
+ status deprecated;
+ description
+ "The subnet specified as a netmask.";
+ }
+ }
+ leaf origin {
+ type ip-address-origin;
+ status deprecated;
+ description
+ "The origin of this address.";
+ }
+ }
+ list neighbor {
+ key "ip";
+ status deprecated;
+ description
+ "A list of mappings from IPv4 addresses to
+ link-layer addresses.
+
+ This list represents the ARP Cache.";
+ reference
+ "RFC 826: An Ethernet Address Resolution Protocol";
+
+ leaf ip {
+ type inet:ipv4-address-no-zone;
+ status deprecated;
+ description
+ "The IPv4 address of the neighbor node.";
+ }
+
+ leaf link-layer-address {
+ type yang:phys-address;
+ status deprecated;
+ description
+ "The link-layer address of the neighbor node.";
+ }
+ leaf origin {
+ type neighbor-origin;
+ status deprecated;
+ description
+ "The origin of this neighbor entry.";
+ }
+ }
+ }
+
+ container ipv6 {
+ presence
+ "Present if IPv6 is enabled on this interface";
+ config false;
+ status deprecated;
+ description
+ "Parameters for the IPv6 address family.";
+
+ leaf forwarding {
+ type boolean;
+ default false;
+ status deprecated;
+ description
+ "Indicates whether IPv6 packet forwarding is enabled or
+ disabled on this interface.";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
+ Section 6.2.1, IsRouter";
+ }
+ leaf mtu {
+ type uint32 {
+ range "1280..max";
+ }
+ units "octets";
+ status deprecated;
+ description
+ "The size, in octets, of the largest IPv6 packet that the
+ interface will send and receive.";
+ reference
+ "RFC 8200: Internet Protocol, Version 6 (IPv6)
+ Specification
+ Section 5";
+ }
+ list address {
+ key "ip";
+ status deprecated;
+ description
+ "The list of IPv6 addresses on the interface.";
+
+ leaf ip {
+ type inet:ipv6-address-no-zone;
+ status deprecated;
+ description
+ "The IPv6 address on the interface.";
+ }
+ leaf prefix-length {
+ type uint8 {
+ range "0..128";
+ }
+ mandatory true;
+ status deprecated;
+ description
+ "The length of the subnet prefix.";
+ }
+ leaf origin {
+ type ip-address-origin;
+ status deprecated;
+ description
+ "The origin of this address.";
+ }
+ leaf status {
+ type enumeration {
+ enum preferred {
+ description
+ "This is a valid address that can appear as the
+ destination or source address of a packet.";
+ }
+ enum deprecated {
+ description
+ "This is a valid but deprecated address that should
+ no longer be used as a source address in new
+ communications, but packets addressed to such an
+ address are processed as expected.";
+ }
+ enum invalid {
+ description
+ "This isn't a valid address, and it shouldn't appear
+ as the destination or source address of a packet.";
+ }
+
+ enum inaccessible {
+ description
+ "The address is not accessible because the interface
+ to which this address is assigned is not
+ operational.";
+ }
+ enum unknown {
+ description
+ "The status cannot be determined for some reason.";
+ }
+ enum tentative {
+ description
+ "The uniqueness of the address on the link is being
+ verified. Addresses in this state should not be
+ used for general communication and should only be
+ used to determine the uniqueness of the address.";
+ }
+ enum duplicate {
+ description
+ "The address has been determined to be non-unique on
+ the link and so must not be used.";
+ }
+ enum optimistic {
+ description
+ "The address is available for use, subject to
+ restrictions, while its uniqueness on a link is
+ being verified.";
+ }
+ }
+ status deprecated;
+ description
+ "The status of an address. Most of the states correspond
+ to states from the IPv6 Stateless Address
+ Autoconfiguration protocol.";
+ reference
+ "RFC 4293: Management Information Base for the
+ Internet Protocol (IP)
+ - IpAddressStatusTC
+ RFC 4862: IPv6 Stateless Address Autoconfiguration";
+ }
+ }
+
+ list neighbor {
+ key "ip";
+ status deprecated;
+ description
+ "A list of mappings from IPv6 addresses to
+ link-layer addresses.
+
+ This list represents the Neighbor Cache.";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)";
+
+ leaf ip {
+ type inet:ipv6-address-no-zone;
+ status deprecated;
+ description
+ "The IPv6 address of the neighbor node.";
+ }
+ leaf link-layer-address {
+ type yang:phys-address;
+ status deprecated;
+ description
+ "The link-layer address of the neighbor node.";
+ }
+ leaf origin {
+ type neighbor-origin;
+ status deprecated;
+ description
+ "The origin of this neighbor entry.";
+ }
+ leaf is-router {
+ type empty;
+ status deprecated;
+ description
+ "Indicates that the neighbor node acts as a router.";
+ }
+ leaf state {
+ type enumeration {
+ enum incomplete {
+ description
+ "Address resolution is in progress, and the
+ link-layer address of the neighbor has not yet been
+ determined.";
+ }
+ enum reachable {
+ description
+ "Roughly speaking, the neighbor is known to have been
+ reachable recently (within tens of seconds ago).";
+ }
+ enum stale {
+ description
+ "The neighbor is no longer known to be reachable, but
+ until traffic is sent to the neighbor no attempt
+ should be made to verify its reachability.";
+ }
+ enum delay {
+ description
+ "The neighbor is no longer known to be reachable, and
+ traffic has recently been sent to the neighbor.
+ Rather than probe the neighbor immediately, however,
+ delay sending probes for a short while in order to
+ give upper-layer protocols a chance to provide
+ reachability confirmation.";
+ }
+ enum probe {
+ description
+ "The neighbor is no longer known to be reachable, and
+ unicast Neighbor Solicitation probes are being sent
+ to verify reachability.";
+ }
+ }
+ status deprecated;
+ description
+ "The Neighbor Unreachability Detection state of this
+ entry.";
+ reference
+ "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
+ Section 7.3.2";
+ }
+ }
+ }
+ }
+}
diff --git a/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang
new file mode 100644
index 0000000..fe80988
--- /dev/null
+++ b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang
@@ -0,0 +1,847 @@
+module openconfig-acl {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/acl";
+
+ prefix "oc-acl";
+
+ import openconfig-packet-match { prefix oc-match; }
+ import openconfig-interfaces { prefix oc-if; }
+ import openconfig-yang-types { prefix oc-yang; }
+ import openconfig-extensions { prefix oc-ext; }
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state
+ data for network access control lists (i.e., filters, rules,
+ etc.). ACLs are organized into ACL sets, with each set
+ containing one or more ACL entries. ACL sets are identified
+ by a unique name, while each entry within a set is assigned
+ a sequence-id that determines the order in which the ACL
+ rules are applied to a packet. Note that ACLs are evaluated
+ in ascending order based on the sequence-id (low to high).
+
+ Individual ACL rules specify match criteria based on fields in
+ the packet, along with an action that defines how matching
+ packets should be handled. Entries have a type that indicates
+ the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.";
+
+ oc-ext:openconfig-version "1.0.2";
+
+ revision "2018-11-21" {
+ description
+ "Add OpenConfig module metadata extensions.";
+ reference "1.0.2";
+ }
+
+ revision "2018-04-24" {
+ description
+ "Clarified order of ACL evaluation";
+ reference "1.0.1";
+ }
+
+ revision "2017-05-26" {
+ description
+ "Separated ACL entries by type";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-01-22" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+ // OpenConfig specific extensions for module metadata.
+ oc-ext:regexp-posix;
+ oc-ext:catalog-organization "openconfig";
+ oc-ext:origin "openconfig";
+
+ identity ACL_TYPE {
+ description
+ "Base identity for types of ACL sets";
+ }
+
+ identity ACL_IPV4 {
+ base ACL_TYPE;
+ description
+ "IP-layer ACLs with IPv4 addresses";
+ }
+
+ identity ACL_IPV6 {
+ base ACL_TYPE;
+ description
+ "IP-layer ACLs with IPv6 addresses";
+ }
+
+ identity ACL_L2 {
+ base ACL_TYPE;
+ description
+ "MAC-layer ACLs";
+ }
+
+ identity ACL_MIXED {
+ base ACL_TYPE;
+ description
+ "Mixed-mode ACL that specifies L2 and L3 protocol
+ fields. This ACL type is not implemented by many
+ routing/switching devices.";
+ }
+
+ // ACL action type
+
+ identity FORWARDING_ACTION {
+ description
+ "Base identity for actions in the forwarding category";
+ }
+
+ identity ACCEPT {
+ base FORWARDING_ACTION;
+ description
+ "Accept the packet";
+ }
+
+ identity DROP {
+ base FORWARDING_ACTION;
+ description
+ "Drop packet without sending any ICMP error message";
+ }
+
+ identity REJECT {
+ base FORWARDING_ACTION;
+ description
+ "Drop the packet and send an ICMP error message to the source";
+ }
+
+ identity LOG_ACTION {
+ description
+ "Base identity for defining the destination for logging
+ actions";
+ }
+
+ identity LOG_SYSLOG {
+ base LOG_ACTION;
+ description
+ "Log the packet in Syslog";
+ }
+
+ identity LOG_NONE {
+ base LOG_ACTION;
+ description
+ "No logging";
+ }
+
+ identity ACL_COUNTER_CAPABILITY {
+ description
+ "Base identity for system to indicate how it is able to report
+ counters";
+ }
+
+ identity INTERFACE_ONLY {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are available and reported only per interface";
+ }
+
+ identity AGGREGATE_ONLY {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are aggregated over all interfaces, and reported
+ only per ACL entry";
+ }
+
+ identity INTERFACE_AGGREGATE {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are reported per interface, and also aggregated
+ and reported per ACL entry.";
+ }
+
+ // grouping statements
+
+ // input interface
+ grouping input-interface-config {
+ description
+ "Config of interface";
+
+ }
+
+ grouping input-interface-state {
+ description
+ "State information of interface";
+ }
+
+ grouping input-interface-top {
+ description
+ "Input interface top level container";
+
+ container input-interface {
+ description
+ "Input interface container";
+
+ container config {
+ description
+ "Config data";
+ uses input-interface-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information";
+ uses input-interface-config;
+ uses input-interface-state;
+ }
+
+ uses oc-if:interface-ref;
+
+ }
+ }
+
+ // Action Type
+ grouping action-config {
+ description
+ "Config of action type";
+
+
+ leaf forwarding-action {
+ type identityref {
+ base FORWARDING_ACTION;
+ }
+ mandatory true;
+ description
+ "Specifies the forwarding action. One forwarding action
+ must be specified for each ACL entry";
+ }
+
+ leaf log-action {
+ type identityref {
+ base LOG_ACTION;
+ }
+ default LOG_NONE;
+ description
+ "Specifies the log action and destination for
+ matched packets. The default is not to log the
+ packet.";
+ }
+
+
+ }
+
+ grouping action-state {
+ description
+ "State information of action type";
+
+ }
+
+ grouping action-top {
+ description
+ "ACL action type top level container";
+
+ container actions {
+ description
+ "Enclosing container for list of ACL actions associated
+ with an entry";
+
+ container config {
+ description
+ "Config data for ACL actions";
+ uses action-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for ACL actions";
+ uses action-config;
+ uses action-state;
+ }
+ }
+ }
+
+ grouping acl-counters-state {
+ description
+ "Common grouping for ACL counters";
+
+ leaf matched-packets {
+ type oc-yang:counter64;
+ description
+ "Count of the number of packets matching the current ACL
+ entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able implement
+ the required aggregation if such a count is needed.";
+ }
+
+ leaf matched-octets {
+ type oc-yang:counter64;
+ description
+ "Count of the number of octets (bytes) matching the current
+ ACL entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able implement
+ the required aggregation if such a count is needed.";
+ }
+
+ }
+
+ // Access List Entries
+ grouping access-list-entries-config {
+ description
+ "Access List Entries (ACE) config.";
+
+ leaf sequence-id {
+ type uint32;
+ description
+ "The sequence id determines the order in which ACL entries
+ are applied. The sequence id must be unique for each entry
+ in an ACL set. Target devices should apply the ACL entry
+ rules in ascending order determined by sequence id (low to
+ high), rather than the relying only on order in the list.";
+ }
+
+ leaf description {
+ type string;
+ description
+ "A user-defined description, or comment, for this Access List
+ Entry.";
+ }
+
+ }
+
+ grouping access-list-entries-state {
+ description
+ "Access List Entries state.";
+
+ uses acl-counters-state;
+
+ }
+
+ grouping access-list-entries-top {
+ description
+ "Access list entries to level container";
+
+ container acl-entries {
+ description
+ "Access list entries container";
+
+ list acl-entry {
+ key "sequence-id";
+ description
+ "List of ACL entries comprising an ACL set";
+
+ leaf sequence-id {
+ type leafref {
+ path "../config/sequence-id";
+ }
+ description
+ "references the list key";
+ }
+
+ container config {
+ description
+ "Access list entries config";
+ uses access-list-entries-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for ACL entries";
+ uses access-list-entries-config;
+ uses access-list-entries-state;
+ }
+
+ uses oc-match:ethernet-header-top {
+ when "../../config/type='ACL_L2'" {
+ description
+ "MAC-layer fields are valid when the ACL type is L2";
+ }
+ }
+ uses oc-match:ipv4-protocol-fields-top {
+ when "../../config/type='ACL_IPV4'" {
+ description
+ "IPv4-layer fields are valid when the ACL type is
+ IPv4";
+ }
+ }
+ uses oc-match:ipv6-protocol-fields-top {
+ when "../../config/type='ACL_IPV6'" {
+ description
+ "IPv6-layer fields are valid when the ACL type is
+ IPv6";
+ }
+ }
+ uses oc-match:transport-fields-top {
+ when "../../config/type='ACL_IPV6' or " +
+ "../../config/type='ACL_IPV4'" {
+ description
+ "Transport-layer fields are valid when specifying
+ L3 ACL types";
+ }
+ }
+ uses input-interface-top;
+
+ uses action-top;
+ }
+ }
+ }
+
+ grouping acl-set-config {
+ description
+ "Access Control List config";
+
+ leaf name {
+ type string;
+ description
+ "The name of the access-list set";
+ }
+
+ leaf type {
+ type identityref {
+ base ACL_TYPE;
+ }
+ description
+ "The type determines the fields allowed in the ACL entries
+ belonging to the ACL set (e.g., IPv4, IPv6, etc.)";
+ }
+
+ leaf description {
+ type string;
+ description
+ "Description, or comment, for the ACL set";
+ }
+
+ }
+
+ grouping acl-set-state {
+ description
+ "Access Control List state";
+ }
+
+ grouping acl-set-top {
+ description
+ "Access list entries variables top level container";
+
+ container acl-sets {
+ description
+ "Access list entries variables enclosing container";
+
+ list acl-set {
+ key "name type";
+ description
+ "List of ACL sets, each comprising of a list of ACL
+ entries";
+
+ leaf name {
+ type leafref {
+ path "../config/name";
+ }
+ description
+ "Reference to the name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to the type list key";
+ }
+
+ container config {
+ description
+ "Access list config";
+ uses acl-set-config;
+ }
+
+ container state {
+ config false;
+ description
+ "Access list state information";
+ uses acl-set-config;
+ uses acl-set-state;
+ }
+ uses access-list-entries-top;
+ }
+ }
+ }
+
+ grouping interface-acl-entries-config {
+ description
+ "Configuration data for per-interface ACLs";
+
+ }
+
+ grouping interface-acl-entries-state {
+ description
+ "Operational state data for per-interface ACL entries";
+
+ leaf sequence-id {
+ type leafref {
+ path "/acl/acl-sets/" +
+ "acl-set[name=current()/../../../../set-name]" +
+ "[type=current()/../../../../type]/" +
+ "acl-entries/acl-entry/sequence-id";
+ }
+ description
+ "Reference to an entry in the ACL set applied to an
+ interface";
+ }
+
+ uses acl-counters-state;
+
+ }
+
+ grouping interface-acl-entries-top {
+ description
+ "Top-level grouping for per-interface ACL entries";
+
+ container acl-entries {
+ config false;
+ description
+ "Enclosing container for list of references to ACLs";
+
+ list acl-entry {
+ key "sequence-id";
+ description
+ "List of ACL entries assigned to an interface";
+
+ leaf sequence-id {
+ type leafref {
+ path "../state/sequence-id";
+ }
+ description
+ "Reference to per-interface acl entry key";
+ }
+
+ // no config container since the enclosing container is
+ // read-only
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for per-interface ACL entries";
+
+ uses interface-acl-entries-config;
+ uses interface-acl-entries-state;
+ }
+ }
+ }
+ }
+
+ grouping interface-ingress-acl-config {
+ description
+ "Configuration data for per-interface ingress ACLs";
+
+ leaf set-name {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set/config/name";
+ }
+ description
+ "Reference to the ACL set name applied on ingress";
+ }
+
+ leaf type {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" +
+ "/config/type";
+ }
+ description
+ "Reference to the ACL set type applied on ingress";
+ }
+ }
+
+ grouping interface-ingress-acl-state {
+ description
+ "Operational state data for the per-interface ingress ACL";
+ }
+
+ grouping interface-ingress-acl-top {
+ description
+ "Top-level grouping for per-interface ingress ACL data";
+
+ container ingress-acl-sets {
+ description
+ "Enclosing container the list of ingress ACLs on the
+ interface";
+
+ list ingress-acl-set {
+ key "set-name type";
+ description
+ "List of ingress ACLs on the interface";
+
+ leaf set-name {
+ type leafref {
+ path "../config/set-name";
+ }
+ description
+ "Reference to set name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to type list key";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses interface-ingress-acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for interface ingress ACLs";
+
+ uses interface-ingress-acl-config;
+ uses interface-ingress-acl-state;
+ }
+
+ uses interface-acl-entries-top;
+ }
+ }
+ }
+
+ grouping interface-egress-acl-config {
+ description
+ "Configuration data for per-interface egress ACLs";
+
+ leaf set-name {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set/config/name";
+ }
+ description
+ "Reference to the ACL set name applied on egress";
+ }
+
+ leaf type {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" +
+ "/config/type";
+ }
+ description
+ "Reference to the ACL set type applied on egress.";
+ }
+ }
+
+ grouping interface-egress-acl-state {
+ description
+ "Operational state data for the per-interface egress ACL";
+ }
+
+ grouping interface-egress-acl-top {
+ description
+ "Top-level grouping for per-interface egress ACL data";
+
+ container egress-acl-sets {
+ description
+ "Enclosing container the list of egress ACLs on the
+ interface";
+
+ list egress-acl-set {
+ key "set-name type";
+ description
+ "List of egress ACLs on the interface";
+
+ leaf set-name {
+ type leafref {
+ path "../config/set-name";
+ }
+ description
+ "Reference to set name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to type list key";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses interface-egress-acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for interface egress ACLs";
+
+ uses interface-egress-acl-config;
+ uses interface-egress-acl-state;
+ }
+
+ uses interface-acl-entries-top;
+ }
+ }
+ }
+
+ grouping acl-interfaces-config {
+ description
+ "Configuration data for interface references";
+
+ leaf id {
+ type oc-if:interface-id;
+ description
+ "User-defined identifier for the interface -- a common
+ convention could be '<if name>.<subif index>'";
+ }
+ }
+
+ grouping acl-interfaces-state {
+ description
+ "Operational state data for interface references";
+ }
+
+ grouping acl-interfaces-top {
+ description
+ "Top-level grouping for interface-specific ACL data";
+
+ container interfaces {
+ description
+ "Enclosing container for the list of interfaces on which
+ ACLs are set";
+
+ list interface {
+ key "id";
+ description
+ "List of interfaces on which ACLs are set";
+
+ leaf id {
+ type leafref {
+ path "../config/id";
+ }
+ description
+ "Reference to the interface id list key";
+ }
+
+ container config {
+ description
+ "Configuration for ACL per-interface data";
+
+ uses acl-interfaces-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state for ACL per-interface data";
+
+ uses acl-interfaces-config;
+ uses acl-interfaces-state;
+ }
+
+ uses oc-if:interface-ref;
+ uses interface-ingress-acl-top;
+ uses interface-egress-acl-top;
+ }
+ }
+ }
+
+ grouping acl-config {
+ description
+ "Global configuration data for ACLs";
+ }
+
+ grouping acl-state {
+ description
+ "Global operational state data for ACLs";
+
+ leaf counter-capability {
+ type identityref {
+ base ACL_COUNTER_CAPABILITY;
+ }
+ description
+ "System reported indication of how ACL counters are reported
+ by the target";
+ }
+ }
+ grouping acl-top {
+ description
+ "Top level grouping for ACL data and structure";
+
+ container acl {
+ description
+ "Top level enclosing container for ACL model config
+ and operational state data";
+
+ container config {
+ description
+ "Global config data for ACLs";
+
+ uses acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Global operational state data for ACLs";
+
+ uses acl-config;
+ uses acl-state;
+ }
+
+ uses acl-set-top;
+ uses acl-interfaces-top;
+ }
+ }
+
+ // data definition statements
+ uses acl-top;
+
+ // augment statements
+
+
+}
diff --git a/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang
new file mode 100644
index 0000000..452d400
--- /dev/null
+++ b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang
@@ -0,0 +1,165 @@
+module openconfig-extensions {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/openconfig-ext";
+
+ prefix "oc-ext";
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module provides extensions to the YANG language to allow
+ OpenConfig specific functionality and meta-data to be defined.";
+
+ revision "2018-10-17" {
+ description
+ "Add extension for regular expression type.";
+ reference "0.4.0";
+ }
+
+ revision "2017-04-11" {
+ description
+ "rename password type to 'hashed' and clarify description";
+ reference "0.3.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Added extension for annotating encrypted values.";
+ reference "0.2.0";
+ }
+
+ revision "2015-10-09" {
+ description
+ "Initial OpenConfig public release";
+ reference "0.1.0";
+ }
+
+
+ // extension statements
+ extension openconfig-version {
+ argument "semver" {
+ yin-element false;
+ }
+ description
+ "The OpenConfig version number for the module. This is
+ expressed as a semantic version number of the form:
+ x.y.z
+ where:
+ * x corresponds to the major version,
+ * y corresponds to a minor version,
+ * z corresponds to a patch version.
+ This version corresponds to the model file within which it is
+ defined, and does not cover the whole set of OpenConfig models.
+ Where several modules are used to build up a single block of
+ functionality, the same module version is specified across each
+ file that makes up the module.
+ A major version number of 0 indicates that this model is still
+ in development (whether within OpenConfig or with industry
+ partners), and is potentially subject to change.
+ Following a release of major version 1, all modules will
+ increment major revision number where backwards incompatible
+ changes to the model are made.
+ The minor version is changed when features are added to the
+ model that do not impact current clients use of the model.
+ The patch-level version is incremented when non-feature changes
+ (such as bugfixes or clarifications to human-readable
+ descriptions that do not impact model functionality) are made
+ that maintain backwards compatibility.
+ The version number is stored in the module meta-data.";
+ }
+
+ extension openconfig-hashed-value {
+ description
+ "This extension provides an annotation on schema nodes to
+ indicate that the corresponding value should be stored and
+ reported in hashed form.
+ Hash algorithms are by definition not reversible. Clients
+ reading the configuration or applied configuration for the node
+ should expect to receive only the hashed value. Values written
+ in cleartext will be hashed. This annotation may be used on
+ nodes such as secure passwords in which the device never reports
+ a cleartext value, even if the input is provided as cleartext.";
+ }
+
+ extension regexp-posix {
+ description
+ "This extension indicates that the regular expressions included
+ within the YANG module specified are conformant with the POSIX
+ regular expression format rather than the W3C standard that is
+ specified by RFC6020 and RFC7950.";
+ }
+
+ extension telemetry-on-change {
+ description
+ "The telemetry-on-change annotation is specified in the context
+ of a particular subtree (container, or list) or leaf within the
+ YANG schema. Where specified, it indicates that the value stored
+ by the nodes within the context change their value only in response
+ to an event occurring. The event may be local to the target, for
+ example - a configuration change, or external - such as the failure
+ of a link.
+ When a telemetry subscription allows the target to determine whether
+ to export the value of a leaf in a periodic or event-based fashion
+ (e.g., TARGET_DEFINED mode in gNMI), leaves marked as
+ telemetry-on-change should only be exported when they change,
+ i.e., event-based.";
+ }
+
+ extension telemetry-atomic {
+ description
+ "The telemetry-atomic annotation is specified in the context of
+ a subtree (containre, or list), and indicates that all nodes
+ within the subtree are always updated together within the data
+ model. For example, all elements under the subtree may be updated
+ as a result of a new alarm being raised, or the arrival of a new
+ protocol message.
+ Transport protocols may use the atomic specification to determine
+ optimisations for sending or storing the corresponding data.";
+ }
+
+ extension operational {
+ description
+ "The operational annotation is specified in the context of a
+ grouping, leaf, or leaf-list within a YANG module. It indicates
+ that the nodes within the context are derived state on the device.
+ OpenConfig data models divide nodes into the following three categories:
+ - intended configuration - these are leaves within a container named
+ 'config', and are the writable configuration of a target.
+ - applied configuration - these are leaves within a container named
+ 'state' and are the currently running value of the intended configuration.
+ - derived state - these are the values within the 'state' container which
+ are not part of the applied configuration of the device. Typically, they
+ represent state values reflecting underlying operational counters, or
+ protocol statuses.";
+ }
+
+ extension catalog-organization {
+ argument "org" {
+ yin-element false;
+ }
+ description
+ "This extension specifies the organization name that should be used within
+ the module catalogue on the device for the specified YANG module. It stores
+ a pithy string where the YANG organization statement may contain more
+ details.";
+ }
+
+ extension origin {
+ argument "origin" {
+ yin-element false;
+ }
+ description
+ "This extension specifies the name of the origin that the YANG module
+ falls within. This allows multiple overlapping schema trees to be used
+ on a single network element without requiring module based prefixing
+ of paths.";
+ }
+} \ No newline at end of file
diff --git a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang
index fbb872f..7c23d2b 100644
--- a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang
+++ b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang
@@ -31,7 +31,13 @@ module openconfig-inet-types {
Section 4.c of the IETF Trust's Legal Provisions Relating
to IETF Documents (http://trustee.ietf.org/license-info).";
- oc-ext:openconfig-version "0.3.1";
+ oc-ext:openconfig-version "0.3.2";
+
+ revision "2018-11-21" {
+ description
+ "Add OpenConfig module metadata extensions.";
+ reference "0.3.2";
+ }
revision 2017-08-24 {
description
@@ -63,13 +69,18 @@ module openconfig-inet-types {
reference "0.1.0";
}
+ // OpenConfig specific extensions for module metadata.
+ oc-ext:regexp-posix;
+ oc-ext:catalog-organization "openconfig";
+ oc-ext:origin "openconfig";
+
// IPv4 and IPv6 types.
typedef ipv4-address {
type string {
- pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' +
+ pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' +
'25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' +
- '[0-9]|25[0-5])';
+ '[0-9]|25[0-5])$';
}
description
"An IPv4 address in dotted quad notation using the default
@@ -136,9 +147,9 @@ module openconfig-inet-types {
typedef ipv4-prefix {
type string {
- pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' +
+ pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' +
'25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' +
- '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))';
+ '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))$';
}
description
"An IPv4 prefix represented in dotted quad notation followed by
diff --git a/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang
new file mode 100644
index 0000000..1b93d52
--- /dev/null
+++ b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang
@@ -0,0 +1,309 @@
+module openconfig-packet-match-types {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/packet-match-types";
+
+ prefix "oc-pkt-match-types";
+
+ // import some basic types
+ import openconfig-inet-types { prefix oc-inet; }
+ import openconfig-extensions { prefix oc-ext; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines common types for use in models requiring
+ data definitions related to packet matches.";
+
+ oc-ext:openconfig-version "1.0.2";
+
+ revision "2018-11-21" {
+ description
+ "Add OpenConfig module metadata extensions.";
+ reference "1.0.2";
+ }
+
+ revision "2018-04-15" {
+ description
+ "Corrected description and range for ethertype typedef";
+ reference "1.0.1";
+ }
+
+ revision "2017-05-26" {
+ description
+ "Separated IP matches into AFs";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-04-27" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+ // OpenConfig specific extensions for module metadata.
+ oc-ext:regexp-posix;
+ oc-ext:catalog-organization "openconfig";
+ oc-ext:origin "openconfig";
+
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+
+ //TODO: should replace this with an official IEEE module
+ // when available. Only a select number of types are
+ // defined in this identity.
+ identity ETHERTYPE {
+ description
+ "Base identity for commonly used Ethertype values used
+ in packet header matches on Ethernet frames. The Ethertype
+ indicates which protocol is encapsulated in the Ethernet
+ payload.";
+ reference
+ "IEEE 802.3";
+ }
+
+ identity ETHERTYPE_IPV4 {
+ base ETHERTYPE;
+ description
+ "IPv4 protocol (0x0800)";
+ }
+
+ identity ETHERTYPE_ARP {
+ base ETHERTYPE;
+ description
+ "Address resolution protocol (0x0806)";
+ }
+
+ identity ETHERTYPE_VLAN {
+ base ETHERTYPE;
+ description
+ "VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note
+ that this value is also used to represent Shortest Path
+ Bridging (IEEE 801.1aq) frames.";
+ }
+
+ identity ETHERTYPE_IPV6 {
+ base ETHERTYPE;
+ description
+ "IPv6 protocol (0x86DD)";
+ }
+
+ identity ETHERTYPE_MPLS {
+ base ETHERTYPE;
+ description
+ "MPLS unicast (0x8847)";
+ }
+
+ identity ETHERTYPE_LLDP {
+ base ETHERTYPE;
+ description
+ "Link Layer Discovery Protocol (0x88CC)";
+ }
+
+ identity ETHERTYPE_ROCE {
+ base ETHERTYPE;
+ description
+ "RDMA over Converged Ethernet (0x8915)";
+ }
+
+
+ //TODO: should replace this with an official IANA module when
+ //available. Only a select set of protocols are defined with
+ //this identity.
+ identity IP_PROTOCOL {
+ description
+ "Base identity for commonly used IP protocols used in
+ packet header matches";
+ reference
+ "IANA Assigned Internet Protocol Numbers";
+ }
+
+ identity IP_TCP {
+ base IP_PROTOCOL;
+ description
+ "Transmission Control Protocol (6)";
+ }
+
+ identity IP_UDP {
+ base IP_PROTOCOL;
+ description
+ "User Datagram Protocol (17)";
+ }
+
+ identity IP_ICMP {
+ base IP_PROTOCOL;
+ description
+ "Internet Control Message Protocol (1)";
+ }
+
+ identity IP_IGMP {
+ base IP_PROTOCOL;
+ description
+ "Internet Group Membership Protocol (2)";
+ }
+
+ identity IP_PIM {
+ base IP_PROTOCOL;
+ description
+ "Protocol Independent Multicast (103)";
+ }
+
+ identity IP_RSVP {
+ base IP_PROTOCOL;
+ description
+ "Resource Reservation Protocol (46)";
+ }
+
+ identity IP_GRE {
+ base IP_PROTOCOL;
+ description
+ "Generic Routing Encapsulation (47)";
+ }
+
+ identity IP_AUTH {
+ base IP_PROTOCOL;
+ description
+ "Authentication header, e.g., for IPSEC (51)";
+ }
+
+ identity IP_L2TP {
+ base IP_PROTOCOL;
+ description
+ "Layer Two Tunneling Protocol v.3 (115)";
+ }
+
+
+
+ identity TCP_FLAGS {
+ description
+ "Common TCP flags used in packet header matches";
+ reference
+ "IETF RFC 793 - Transmission Control Protocol
+ IETF RFC 3168 - The Addition of Explicit Congestion
+ Notification (ECN) to IP";
+ }
+
+ identity TCP_SYN {
+ base TCP_FLAGS;
+ description
+ "TCP SYN flag";
+ }
+
+ identity TCP_FIN {
+ base TCP_FLAGS;
+ description
+ "TCP FIN flag";
+ }
+
+ identity TCP_RST {
+ base TCP_FLAGS;
+ description
+ "TCP RST flag";
+ }
+
+ identity TCP_PSH {
+ base TCP_FLAGS;
+ description
+ "TCP push flag";
+ }
+
+ identity TCP_ACK {
+ base TCP_FLAGS;
+ description
+ "TCP ACK flag";
+ }
+
+ identity TCP_URG {
+ base TCP_FLAGS;
+ description
+ "TCP urgent flag";
+ }
+
+ identity TCP_ECE {
+ base TCP_FLAGS;
+ description
+ "TCP ECN-Echo flag. If the SYN flag is set, indicates that
+ the TCP peer is ECN-capable, otherwise indicates that a
+ packet with Congestion Experienced flag in the IP header
+ is set";
+ }
+
+ identity TCP_CWR {
+ base TCP_FLAGS;
+ description
+ "TCP Congestion Window Reduced flag";
+ }
+
+ // typedef statements
+
+ typedef port-num-range {
+ type union {
+ type string {
+ pattern '^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?' +
+ '[0-9]?)\.\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?' +
+ '[0-9]?[0-9]?)$';
+ }
+ type oc-inet:port-number;
+ type enumeration {
+ enum ANY {
+ description
+ "Indicates any valid port number (e.g., wildcard)";
+ }
+ }
+ }
+ description
+ "Port numbers may be represented as a single value,
+ an inclusive range as <lower>..<higher>, or as ANY to
+ indicate a wildcard.";
+ }
+
+ typedef ip-protocol-type {
+ type union {
+ type uint8 {
+ range 0..254;
+ }
+ type identityref {
+ base IP_PROTOCOL;
+ }
+ }
+ description
+ "The IP protocol number may be expressed as a valid protocol
+ number (integer) or using a protocol type defined by the
+ IP_PROTOCOL identity";
+ }
+
+ typedef ethertype-type {
+ type union {
+ type uint16 {
+ range 1536..65535;
+ }
+ type identityref {
+ base ETHERTYPE;
+ }
+ }
+ description
+ "The Ethertype value may be expressed as a 16-bit number in
+ decimal notation, or using a type defined by the
+ ETHERTYPE identity";
+ }
+
+}
diff --git a/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang
new file mode 100644
index 0000000..510bc57
--- /dev/null
+++ b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang
@@ -0,0 +1,371 @@
+module openconfig-packet-match {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/header-fields";
+
+ prefix "oc-pkt-match";
+
+ // import some basic types
+ import openconfig-inet-types { prefix oc-inet; }
+ import openconfig-yang-types { prefix oc-yang; }
+ import openconfig-packet-match-types { prefix oc-pkt-match-types; }
+ import openconfig-extensions { prefix oc-ext; }
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines data related to packet header fields
+ used in matching operations, for example in ACLs. When a
+ field is omitted from a match expression, the effect is a
+ wildcard ('any') for that field.";
+
+ oc-ext:openconfig-version "1.1.1";
+
+ revision "2018-11-21" {
+ description
+ "Add OpenConfig module metadata extensions.";
+ reference "1.1.1";
+ }
+
+ revision "2017-12-15" {
+ description
+ "Add MPLS packet field matches";
+ reference "1.1.0";
+ }
+
+ revision "2017-05-26" {
+ description
+ "Separated IP matches into AFs";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-04-27" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+ // OpenConfig specific extensions for module metadata.
+ oc-ext:regexp-posix;
+ oc-ext:catalog-organization "openconfig";
+ oc-ext:origin "openconfig";
+
+
+ // Physical Layer fields
+ // ethernet-header
+ grouping ethernet-header-config {
+ description
+ "Configuration data of fields in Ethernet header.";
+
+ leaf source-mac {
+ type oc-yang:mac-address;
+ description
+ "Source IEEE 802 MAC address.";
+ }
+
+ leaf source-mac-mask {
+ type oc-yang:mac-address;
+ description
+ "Source IEEE 802 MAC address mask.";
+ }
+
+ leaf destination-mac {
+ type oc-yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address.";
+ }
+
+ leaf destination-mac-mask {
+ type oc-yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address mask.";
+ }
+
+ leaf ethertype {
+ type oc-pkt-match-types:ethertype-type;
+ description
+ "Ethertype field to match in Ethernet packets";
+ }
+ }
+
+ grouping ethernet-header-state {
+ description
+ "State information of fields in Ethernet header.";
+ }
+
+ grouping ethernet-header-top {
+ description
+ "Top level container for fields in Ethernet header.";
+
+ container l2 {
+ description
+ "Ethernet header fields";
+
+ container config {
+ description
+ "Configuration data";
+ uses ethernet-header-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State Information.";
+ uses ethernet-header-config;
+ uses ethernet-header-state;
+ }
+ }
+ }
+
+ grouping mpls-header-top {
+ description
+ "Top-level container for fields in an MPLS header.";
+
+ container mpls {
+ description
+ "MPLS header fields";
+
+ container config {
+ description
+ "Configuration parameters relating to fields within
+ the MPLS header.";
+ uses mpls-header-config;
+ }
+
+ container state {
+ config false;
+ description
+ "Operational state parameters relating to fields
+ within the MPLS header";
+ uses mpls-header-config;
+ }
+ }
+ }
+
+ grouping mpls-header-config {
+ description
+ "Configuration parameters relating to matches within
+ MPLS header fields.";
+
+ leaf traffic-class {
+ type uint8 {
+ range "0..7";
+ }
+ description
+ "The value of the MPLS traffic class (TC) bits,
+ formerly known as the EXP bits.";
+ }
+ }
+
+ grouping ip-protocol-fields-common-config {
+ description
+ "IP protocol fields common to IPv4 and IPv6";
+
+ leaf dscp {
+ type oc-inet:dscp;
+ description
+ "Value of diffserv codepoint.";
+ }
+
+ leaf protocol {
+ type oc-pkt-match-types:ip-protocol-type;
+ description
+ "The protocol carried in the IP packet, expressed either
+ as its IP protocol number, or by a defined identity.";
+ }
+
+ leaf hop-limit {
+ type uint8 {
+ range 0..255;
+ }
+ description
+ "The IP packet's hop limit -- known as TTL (in hops) in
+ IPv4 packets, and hop limit in IPv6";
+ }
+ }
+
+ // IP Layer
+ // ip-protocol-fields
+ grouping ipv4-protocol-fields-config {
+ description
+ "Configuration data of IP protocol fields
+ for IPv4";
+
+ leaf source-address {
+ type oc-inet:ipv4-prefix;
+ description
+ "Source IPv4 address prefix.";
+ }
+
+ leaf destination-address {
+ type oc-inet:ipv4-prefix;
+ description
+ "Destination IPv4 address prefix.";
+ }
+
+ uses ip-protocol-fields-common-config;
+
+ }
+
+ grouping ipv4-protocol-fields-state {
+ description
+ "State information of IP header fields for IPv4";
+ }
+
+ grouping ipv4-protocol-fields-top {
+ description
+ "IP header fields for IPv4";
+
+ container ipv4 {
+ description
+ "Top level container for IPv4 match field data";
+
+ container config {
+ description
+ "Configuration data for IPv4 match fields";
+ uses ipv4-protocol-fields-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for IPv4 match fields";
+ uses ipv4-protocol-fields-config;
+ uses ipv4-protocol-fields-state;
+ }
+ }
+ }
+
+ grouping ipv6-protocol-fields-config {
+ description
+ "Configuration data for IPv6 match fields";
+
+ leaf source-address {
+ type oc-inet:ipv6-prefix;
+ description
+ "Source IPv6 address prefix.";
+ }
+
+ leaf source-flow-label {
+ type oc-inet:ipv6-flow-label;
+ description
+ "Source IPv6 Flow label.";
+ }
+
+ leaf destination-address {
+ type oc-inet:ipv6-prefix;
+ description
+ "Destination IPv6 address prefix.";
+ }
+
+ leaf destination-flow-label {
+ type oc-inet:ipv6-flow-label;
+ description
+ "Destination IPv6 Flow label.";
+ }
+
+ uses ip-protocol-fields-common-config;
+ }
+
+ grouping ipv6-protocol-fields-state {
+ description
+ "Operational state data for IPv6 match fields";
+ }
+
+ grouping ipv6-protocol-fields-top {
+ description
+ "Top-level grouping for IPv6 match fields";
+
+ container ipv6 {
+ description
+ "Top-level container for IPv6 match field data";
+
+ container config {
+ description
+ "Configuration data for IPv6 match fields";
+
+ uses ipv6-protocol-fields-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for IPv6 match fields";
+
+ uses ipv6-protocol-fields-config;
+ uses ipv6-protocol-fields-state;
+ }
+ }
+ }
+
+ // Transport fields
+ grouping transport-fields-config {
+ description
+ "Configuration data of transport-layer packet fields";
+
+ leaf source-port {
+ type oc-pkt-match-types:port-num-range;
+ description
+ "Source port or range";
+ }
+
+ leaf destination-port {
+ type oc-pkt-match-types:port-num-range;
+ description
+ "Destination port or range";
+ }
+
+ leaf-list tcp-flags {
+ type identityref {
+ base oc-pkt-match-types:TCP_FLAGS;
+ }
+ description
+ "List of TCP flags to match";
+ }
+ }
+
+ grouping transport-fields-state {
+ description
+ "State data of transport-fields";
+ }
+
+ grouping transport-fields-top {
+ description
+ "Destination transport-fields top level grouping";
+
+ container transport {
+ description
+ "Transport fields container";
+
+ container config {
+ description
+ "Configuration data";
+ uses transport-fields-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State data";
+ uses transport-fields-config;
+ uses transport-fields-state;
+ }
+ }
+ }
+
+}
diff --git a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang
index b3b2c16..1c2a7f5 100644
--- a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang
+++ b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang
@@ -32,7 +32,13 @@ module openconfig-yang-types {
Section 4.c of the IETF Trust's Legal Provisions Relating
to IETF Documents (http://trustee.ietf.org/license-info).";
- oc-ext:openconfig-version "0.2.0";
+ oc-ext:openconfig-version "0.2.1";
+
+ revision "2018-11-21" {
+ description
+ "Add OpenConfig module metadata extensions.";
+ reference "0.2.1";
+ }
revision 2018-04-24 {
description
@@ -58,6 +64,11 @@ module openconfig-yang-types {
reference "0.1.0";
}
+ // OpenConfig specific extensions for module metadata.
+ oc-ext:regexp-posix;
+ oc-ext:catalog-organization "openconfig";
+ oc-ext:origin "openconfig";
+
typedef dotted-quad {
type string {
pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' +