diff options
Diffstat (limited to 'src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang')
-rw-r--r-- | src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang | 847 |
1 files changed, 0 insertions, 847 deletions
diff --git a/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang deleted file mode 100644 index fe80988..0000000 --- a/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang +++ /dev/null @@ -1,847 +0,0 @@ -module openconfig-acl { - - yang-version "1"; - - // namespace - namespace "http://openconfig.net/yang/acl"; - - prefix "oc-acl"; - - import openconfig-packet-match { prefix oc-match; } - import openconfig-interfaces { prefix oc-if; } - import openconfig-yang-types { prefix oc-yang; } - import openconfig-extensions { prefix oc-ext; } - - // meta - organization "OpenConfig working group"; - - contact - "OpenConfig working group - www.openconfig.net"; - - description - "This module defines configuration and operational state - data for network access control lists (i.e., filters, rules, - etc.). ACLs are organized into ACL sets, with each set - containing one or more ACL entries. ACL sets are identified - by a unique name, while each entry within a set is assigned - a sequence-id that determines the order in which the ACL - rules are applied to a packet. Note that ACLs are evaluated - in ascending order based on the sequence-id (low to high). - - Individual ACL rules specify match criteria based on fields in - the packet, along with an action that defines how matching - packets should be handled. Entries have a type that indicates - the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc."; - - oc-ext:openconfig-version "1.0.2"; - - revision "2018-11-21" { - description - "Add OpenConfig module metadata extensions."; - reference "1.0.2"; - } - - revision "2018-04-24" { - description - "Clarified order of ACL evaluation"; - reference "1.0.1"; - } - - revision "2017-05-26" { - description - "Separated ACL entries by type"; - reference "1.0.0"; - } - - revision "2016-08-08" { - description - "OpenConfig public release"; - reference "0.2.0"; - } - - revision "2016-01-22" { - description - "Initial revision"; - reference "TBD"; - } - - // OpenConfig specific extensions for module metadata. - oc-ext:regexp-posix; - oc-ext:catalog-organization "openconfig"; - oc-ext:origin "openconfig"; - - identity ACL_TYPE { - description - "Base identity for types of ACL sets"; - } - - identity ACL_IPV4 { - base ACL_TYPE; - description - "IP-layer ACLs with IPv4 addresses"; - } - - identity ACL_IPV6 { - base ACL_TYPE; - description - "IP-layer ACLs with IPv6 addresses"; - } - - identity ACL_L2 { - base ACL_TYPE; - description - "MAC-layer ACLs"; - } - - identity ACL_MIXED { - base ACL_TYPE; - description - "Mixed-mode ACL that specifies L2 and L3 protocol - fields. This ACL type is not implemented by many - routing/switching devices."; - } - - // ACL action type - - identity FORWARDING_ACTION { - description - "Base identity for actions in the forwarding category"; - } - - identity ACCEPT { - base FORWARDING_ACTION; - description - "Accept the packet"; - } - - identity DROP { - base FORWARDING_ACTION; - description - "Drop packet without sending any ICMP error message"; - } - - identity REJECT { - base FORWARDING_ACTION; - description - "Drop the packet and send an ICMP error message to the source"; - } - - identity LOG_ACTION { - description - "Base identity for defining the destination for logging - actions"; - } - - identity LOG_SYSLOG { - base LOG_ACTION; - description - "Log the packet in Syslog"; - } - - identity LOG_NONE { - base LOG_ACTION; - description - "No logging"; - } - - identity ACL_COUNTER_CAPABILITY { - description - "Base identity for system to indicate how it is able to report - counters"; - } - - identity INTERFACE_ONLY { - base ACL_COUNTER_CAPABILITY; - description - "ACL counters are available and reported only per interface"; - } - - identity AGGREGATE_ONLY { - base ACL_COUNTER_CAPABILITY; - description - "ACL counters are aggregated over all interfaces, and reported - only per ACL entry"; - } - - identity INTERFACE_AGGREGATE { - base ACL_COUNTER_CAPABILITY; - description - "ACL counters are reported per interface, and also aggregated - and reported per ACL entry."; - } - - // grouping statements - - // input interface - grouping input-interface-config { - description - "Config of interface"; - - } - - grouping input-interface-state { - description - "State information of interface"; - } - - grouping input-interface-top { - description - "Input interface top level container"; - - container input-interface { - description - "Input interface container"; - - container config { - description - "Config data"; - uses input-interface-config; - } - - container state { - config false; - description - "State information"; - uses input-interface-config; - uses input-interface-state; - } - - uses oc-if:interface-ref; - - } - } - - // Action Type - grouping action-config { - description - "Config of action type"; - - - leaf forwarding-action { - type identityref { - base FORWARDING_ACTION; - } - mandatory true; - description - "Specifies the forwarding action. One forwarding action - must be specified for each ACL entry"; - } - - leaf log-action { - type identityref { - base LOG_ACTION; - } - default LOG_NONE; - description - "Specifies the log action and destination for - matched packets. The default is not to log the - packet."; - } - - - } - - grouping action-state { - description - "State information of action type"; - - } - - grouping action-top { - description - "ACL action type top level container"; - - container actions { - description - "Enclosing container for list of ACL actions associated - with an entry"; - - container config { - description - "Config data for ACL actions"; - uses action-config; - } - - container state { - config false; - description - "State information for ACL actions"; - uses action-config; - uses action-state; - } - } - } - - grouping acl-counters-state { - description - "Common grouping for ACL counters"; - - leaf matched-packets { - type oc-yang:counter64; - description - "Count of the number of packets matching the current ACL - entry. - - An implementation should provide this counter on a - per-interface per-ACL-entry if possible. - - If an implementation only supports ACL counters per entry - (i.e., not broken out per interface), then the value - should be equal to the aggregate count across all interfaces. - - An implementation that provides counters per entry per - interface is not required to also provide an aggregate count, - e.g., per entry -- the user is expected to be able implement - the required aggregation if such a count is needed."; - } - - leaf matched-octets { - type oc-yang:counter64; - description - "Count of the number of octets (bytes) matching the current - ACL entry. - - An implementation should provide this counter on a - per-interface per-ACL-entry if possible. - - If an implementation only supports ACL counters per entry - (i.e., not broken out per interface), then the value - should be equal to the aggregate count across all interfaces. - - An implementation that provides counters per entry per - interface is not required to also provide an aggregate count, - e.g., per entry -- the user is expected to be able implement - the required aggregation if such a count is needed."; - } - - } - - // Access List Entries - grouping access-list-entries-config { - description - "Access List Entries (ACE) config."; - - leaf sequence-id { - type uint32; - description - "The sequence id determines the order in which ACL entries - are applied. The sequence id must be unique for each entry - in an ACL set. Target devices should apply the ACL entry - rules in ascending order determined by sequence id (low to - high), rather than the relying only on order in the list."; - } - - leaf description { - type string; - description - "A user-defined description, or comment, for this Access List - Entry."; - } - - } - - grouping access-list-entries-state { - description - "Access List Entries state."; - - uses acl-counters-state; - - } - - grouping access-list-entries-top { - description - "Access list entries to level container"; - - container acl-entries { - description - "Access list entries container"; - - list acl-entry { - key "sequence-id"; - description - "List of ACL entries comprising an ACL set"; - - leaf sequence-id { - type leafref { - path "../config/sequence-id"; - } - description - "references the list key"; - } - - container config { - description - "Access list entries config"; - uses access-list-entries-config; - } - - container state { - config false; - description - "State information for ACL entries"; - uses access-list-entries-config; - uses access-list-entries-state; - } - - uses oc-match:ethernet-header-top { - when "../../config/type='ACL_L2'" { - description - "MAC-layer fields are valid when the ACL type is L2"; - } - } - uses oc-match:ipv4-protocol-fields-top { - when "../../config/type='ACL_IPV4'" { - description - "IPv4-layer fields are valid when the ACL type is - IPv4"; - } - } - uses oc-match:ipv6-protocol-fields-top { - when "../../config/type='ACL_IPV6'" { - description - "IPv6-layer fields are valid when the ACL type is - IPv6"; - } - } - uses oc-match:transport-fields-top { - when "../../config/type='ACL_IPV6' or " + - "../../config/type='ACL_IPV4'" { - description - "Transport-layer fields are valid when specifying - L3 ACL types"; - } - } - uses input-interface-top; - - uses action-top; - } - } - } - - grouping acl-set-config { - description - "Access Control List config"; - - leaf name { - type string; - description - "The name of the access-list set"; - } - - leaf type { - type identityref { - base ACL_TYPE; - } - description - "The type determines the fields allowed in the ACL entries - belonging to the ACL set (e.g., IPv4, IPv6, etc.)"; - } - - leaf description { - type string; - description - "Description, or comment, for the ACL set"; - } - - } - - grouping acl-set-state { - description - "Access Control List state"; - } - - grouping acl-set-top { - description - "Access list entries variables top level container"; - - container acl-sets { - description - "Access list entries variables enclosing container"; - - list acl-set { - key "name type"; - description - "List of ACL sets, each comprising of a list of ACL - entries"; - - leaf name { - type leafref { - path "../config/name"; - } - description - "Reference to the name list key"; - } - - leaf type { - type leafref { - path "../config/type"; - } - description - "Reference to the type list key"; - } - - container config { - description - "Access list config"; - uses acl-set-config; - } - - container state { - config false; - description - "Access list state information"; - uses acl-set-config; - uses acl-set-state; - } - uses access-list-entries-top; - } - } - } - - grouping interface-acl-entries-config { - description - "Configuration data for per-interface ACLs"; - - } - - grouping interface-acl-entries-state { - description - "Operational state data for per-interface ACL entries"; - - leaf sequence-id { - type leafref { - path "/acl/acl-sets/" + - "acl-set[name=current()/../../../../set-name]" + - "[type=current()/../../../../type]/" + - "acl-entries/acl-entry/sequence-id"; - } - description - "Reference to an entry in the ACL set applied to an - interface"; - } - - uses acl-counters-state; - - } - - grouping interface-acl-entries-top { - description - "Top-level grouping for per-interface ACL entries"; - - container acl-entries { - config false; - description - "Enclosing container for list of references to ACLs"; - - list acl-entry { - key "sequence-id"; - description - "List of ACL entries assigned to an interface"; - - leaf sequence-id { - type leafref { - path "../state/sequence-id"; - } - description - "Reference to per-interface acl entry key"; - } - - // no config container since the enclosing container is - // read-only - - container state { - - config false; - - description - "Operational state data for per-interface ACL entries"; - - uses interface-acl-entries-config; - uses interface-acl-entries-state; - } - } - } - } - - grouping interface-ingress-acl-config { - description - "Configuration data for per-interface ingress ACLs"; - - leaf set-name { - type leafref { - path "../../../../../../acl-sets/acl-set/config/name"; - } - description - "Reference to the ACL set name applied on ingress"; - } - - leaf type { - type leafref { - path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + - "/config/type"; - } - description - "Reference to the ACL set type applied on ingress"; - } - } - - grouping interface-ingress-acl-state { - description - "Operational state data for the per-interface ingress ACL"; - } - - grouping interface-ingress-acl-top { - description - "Top-level grouping for per-interface ingress ACL data"; - - container ingress-acl-sets { - description - "Enclosing container the list of ingress ACLs on the - interface"; - - list ingress-acl-set { - key "set-name type"; - description - "List of ingress ACLs on the interface"; - - leaf set-name { - type leafref { - path "../config/set-name"; - } - description - "Reference to set name list key"; - } - - leaf type { - type leafref { - path "../config/type"; - } - description - "Reference to type list key"; - } - - container config { - description - "Configuration data "; - - uses interface-ingress-acl-config; - } - - container state { - - config false; - - description - "Operational state data for interface ingress ACLs"; - - uses interface-ingress-acl-config; - uses interface-ingress-acl-state; - } - - uses interface-acl-entries-top; - } - } - } - - grouping interface-egress-acl-config { - description - "Configuration data for per-interface egress ACLs"; - - leaf set-name { - type leafref { - path "../../../../../../acl-sets/acl-set/config/name"; - } - description - "Reference to the ACL set name applied on egress"; - } - - leaf type { - type leafref { - path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + - "/config/type"; - } - description - "Reference to the ACL set type applied on egress."; - } - } - - grouping interface-egress-acl-state { - description - "Operational state data for the per-interface egress ACL"; - } - - grouping interface-egress-acl-top { - description - "Top-level grouping for per-interface egress ACL data"; - - container egress-acl-sets { - description - "Enclosing container the list of egress ACLs on the - interface"; - - list egress-acl-set { - key "set-name type"; - description - "List of egress ACLs on the interface"; - - leaf set-name { - type leafref { - path "../config/set-name"; - } - description - "Reference to set name list key"; - } - - leaf type { - type leafref { - path "../config/type"; - } - description - "Reference to type list key"; - } - - container config { - description - "Configuration data "; - - uses interface-egress-acl-config; - } - - container state { - - config false; - - description - "Operational state data for interface egress ACLs"; - - uses interface-egress-acl-config; - uses interface-egress-acl-state; - } - - uses interface-acl-entries-top; - } - } - } - - grouping acl-interfaces-config { - description - "Configuration data for interface references"; - - leaf id { - type oc-if:interface-id; - description - "User-defined identifier for the interface -- a common - convention could be '<if name>.<subif index>'"; - } - } - - grouping acl-interfaces-state { - description - "Operational state data for interface references"; - } - - grouping acl-interfaces-top { - description - "Top-level grouping for interface-specific ACL data"; - - container interfaces { - description - "Enclosing container for the list of interfaces on which - ACLs are set"; - - list interface { - key "id"; - description - "List of interfaces on which ACLs are set"; - - leaf id { - type leafref { - path "../config/id"; - } - description - "Reference to the interface id list key"; - } - - container config { - description - "Configuration for ACL per-interface data"; - - uses acl-interfaces-config; - } - - container state { - - config false; - - description - "Operational state for ACL per-interface data"; - - uses acl-interfaces-config; - uses acl-interfaces-state; - } - - uses oc-if:interface-ref; - uses interface-ingress-acl-top; - uses interface-egress-acl-top; - } - } - } - - grouping acl-config { - description - "Global configuration data for ACLs"; - } - - grouping acl-state { - description - "Global operational state data for ACLs"; - - leaf counter-capability { - type identityref { - base ACL_COUNTER_CAPABILITY; - } - description - "System reported indication of how ACL counters are reported - by the target"; - } - } - grouping acl-top { - description - "Top level grouping for ACL data and structure"; - - container acl { - description - "Top level enclosing container for ACL model config - and operational state data"; - - container config { - description - "Global config data for ACLs"; - - uses acl-config; - } - - container state { - - config false; - - description - "Global operational state data for ACLs"; - - uses acl-config; - uses acl-state; - } - - uses acl-set-top; - uses acl-interfaces-top; - } - } - - // data definition statements - uses acl-top; - - // augment statements - - -} |