From bda8bf51f84cc9fb7a2d875c1f35540e0b4a3db4 Mon Sep 17 00:00:00 2001 From: Pavel Kotucek Date: Mon, 15 Apr 2019 14:10:15 +0200 Subject: ACL yang models Added ACL openconfig yang models. Change-Id: If8075def912bfa5f980101221d781b4857d4ca45 Signed-off-by: Pavel Kotucek --- Makefile | 43 +- build-root/scripts/docker.sh | 7 +- src/plugins/yang/ietf/ietf-ip@2018-02-22.yang | 876 +++++++++++++++++++++ .../yang/openconfig/openconfig-acl@2018-11-21.yang | 847 ++++++++++++++++++++ .../openconfig-extensions@2018-10-17.yang | 165 ++++ .../openconfig-inet-types@2017-08-24.yang | 332 -------- .../openconfig-inet-types@2018-11-21.yang | 343 ++++++++ .../openconfig-packet-match-types@2018-11-21.yang | 309 ++++++++ .../openconfig-packet-match@2018-11-21.yang | 371 +++++++++ .../openconfig-yang-types@2018-04-24.yang | 180 ----- .../openconfig-yang-types@2018-11-21.yang | 191 +++++ test/util.py | 21 +- 12 files changed, 3135 insertions(+), 550 deletions(-) create mode 100644 src/plugins/yang/ietf/ietf-ip@2018-02-22.yang create mode 100644 src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang create mode 100644 src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang delete mode 100644 src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang create mode 100644 src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang create mode 100644 src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang create mode 100644 src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang delete mode 100644 src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang create mode 100644 src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang diff --git a/Makefile b/Makefile index 9eeead7..4eb02a3 100644 --- a/Makefile +++ b/Makefile @@ -28,6 +28,7 @@ export WS_ROOT=$(CURDIR) export BR=$(WS_ROOT)/build-root PLATFORM?=sweetcomb +REBUILD_DOCKER_IMAGE?=no ############## #OS Detection# @@ -244,25 +245,29 @@ build-package: rm -rf $(BR)/build-package/_CPack_Packages; install-models: - @cd src/plugins/yang/ietf \ - && sysrepoctl --install --yang=ietf-ip@2014-06-16.yang \ - && sysrepoctl --install --yang=ietf-nat@2017-11-16.yang \ - && sysrepoctl --install --yang=iana-if-type@2017-01-19.yang \ - && sysrepoctl -e if-mib -m ietf-interfaces; - @cd src/plugins/yang/openconfig \ - && sysrepoctl -S --install --yang=openconfig-local-routing@2017-05-15.yang \ - && sysrepoctl -S --install --yang=openconfig-interfaces@2018-08-07.yang \ - && sysrepoctl -S --install --yang=openconfig-if-ip@2018-01-05.yang; + @cd src/plugins/yang/ietf; \ + sysrepoctl --install --yang=iana-if-type@2017-01-19.yang > /dev/null; \ + sysrepoctl --install --yang=ietf-interfaces@2018-02-20.yang > /dev/null; \ + sysrepoctl --install --yang=ietf-ip@2014-06-16.yang > /dev/null; \ + sysrepoctl --install --yang=ietf-nat@2017-11-16.yang > /dev/null; \ + sysrepoctl -e if-mib -m ietf-interfaces; + @cd src/plugins/yang/openconfig; \ + sysrepoctl -S --install --yang=openconfig-local-routing@2017-05-15.yang > /dev/null; \ + sysrepoctl -S --install --yang=openconfig-interfaces@2018-08-07.yang > /dev/null; \ + sysrepoctl -S --install --yang=openconfig-if-ip@2018-01-05.yang > /dev/null; \ + sysrepoctl -S --install --yang=openconfig-acl@2018-11-21.yang > /dev/null; uninstall-models: - @sysrepoctl -u -m openconfig-if-ip \ - && sysrepoctl -u -m openconfig-if-aggregate \ - && sysrepoctl -u -m openconfig-local-routing \ - && sysrepoctl -u -m openconfig-interfaces \ - && sysrepoctl -u -m openconfig-vlan-types \ - && sysrepoctl -u -m ietf-ip \ - && sysrepoctl -u -m ietf-nat \ - && sysrepoctl -u -m iana-if-type; + @ sysrepoctl -u -m ietf-ip > /dev/null; \ + sysrepoctl -u -m openconfig-acl > /dev/null; \ + sysrepoctl -u -m openconfig-if-ip > /dev/null; \ + sysrepoctl -u -m openconfig-local-routing > /dev/null; \ + sysrepoctl -u -m openconfig-if-aggregate > /dev/null; \ + sysrepoctl -u -m openconfig-interfaces > /dev/null; \ + sysrepoctl -u -m ietf-nat > /dev/null; \ + sysrepoctl -u -m iana-if-type > /dev/null; \ + sysrepoctl -u -m ietf-interfaces > /dev/null; \ + sysrepoctl -u -m openconfig-vlan-types > /dev/null; clean: @if [ -d $(BR)/build-scvpp ] ; then cd $(BR)/build-scvpp && make clean; fi @@ -276,8 +281,8 @@ distclean: @rm -rf $(BR)/build-package @rm -rf $(BR)/build-gnmi -docker: distclean - @build-root/scripts/docker.sh +docker: + @build-root/scripts/docker.sh $(REBUILD_DOCKER_IMAGE) docker-test: @test/run_test.sh diff --git a/build-root/scripts/docker.sh b/build-root/scripts/docker.sh index baa994c..dce238a 100755 --- a/build-root/scripts/docker.sh +++ b/build-root/scripts/docker.sh @@ -18,10 +18,11 @@ IMAGE="sweetcomb_img" CONTAINER="sweetcomb" -#Clean previous build: container and image +# rebuild env if neccessary +echo "Remove previous container and image" docker rm ${CONTAINER} -f docker rmi ${IMAGE} -f -#Rebuild image and container +echo "Rebuild image and start container" docker build -t ${IMAGE} . -docker run -id --privileged --name ${CONTAINER} ${IMAGE} +docker run -id --privileged --name ${CONTAINER} ${IMAGE} \ No newline at end of file diff --git a/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang b/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang new file mode 100644 index 0000000..a270f67 --- /dev/null +++ b/src/plugins/yang/ietf/ietf-ip@2018-02-22.yang @@ -0,0 +1,876 @@ +module ietf-ip { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ip"; + prefix ip; + + import ietf-interfaces { + prefix if; + } + import ietf-inet-types { + prefix inet; + } + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (Network Modeling) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + "; + description + "This module contains a collection of YANG definitions for + managing IP implementations. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8344; see + the RFC itself for full legal notices."; + + revision 2018-02-22 { + description + "Updated to support NMDA."; + reference + "RFC 8344: A YANG Data Model for IP Management"; + } + + revision 2014-06-16 { + description + "Initial revision."; + reference + "RFC 7277: A YANG Data Model for IP Management"; + } + + /* + * Features + */ + + feature ipv4-non-contiguous-netmasks { + description + "Indicates support for configuring non-contiguous + subnet masks."; + } + + feature ipv6-privacy-autoconf { + description + "Indicates support for privacy extensions for stateless address + autoconfiguration in IPv6."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + /* + * Typedefs + */ + + typedef ip-address-origin { + type enumeration { + enum other { + description + "None of the following."; + } + + enum static { + description + "Indicates that the address has been statically + configured -- for example, using the Network Configuration + Protocol (NETCONF) or a command line interface."; + } + enum dhcp { + description + "Indicates an address that has been assigned to this + system by a DHCP server."; + } + enum link-layer { + description + "Indicates an address created by IPv6 stateless + autoconfiguration that embeds a link-layer address in its + interface identifier."; + } + enum random { + description + "Indicates an address chosen by the system at + random, e.g., an IPv4 address within 169.254/16, a + temporary address as described in RFC 4941, or a + semantically opaque address as described in RFC 7217."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + RFC 7217: A Method for Generating Semantically Opaque + Interface Identifiers with IPv6 Stateless + Address Autoconfiguration (SLAAC)"; + } + } + description + "The origin of an address."; + } + + typedef neighbor-origin { + type enumeration { + enum other { + description + "None of the following."; + } + enum static { + description + "Indicates that the mapping has been statically + configured -- for example, using NETCONF or a command line + interface."; + } + + enum dynamic { + description + "Indicates that the mapping has been dynamically resolved + using, for example, IPv4 ARP or the IPv6 Neighbor + Discovery protocol."; + } + } + description + "The origin of a neighbor entry."; + } + + /* + * Data nodes + */ + + augment "/if:interfaces/if:interface" { + description + "IP parameters on interfaces. + + If an interface is not capable of running IP, the server + must not allow the client to configure these parameters."; + + container ipv4 { + presence + "Enables IPv4 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv4 address family."; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv4 is enabled or disabled on this + interface. When IPv4 is enabled, this interface is + connected to an IPv4 stack, and the interface can send + and receive IPv4 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv4 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv4 routers + forward datagrams. IPv4 hosts do not (except those + source-routed via the host)."; + } + + leaf mtu { + type uint16 { + range "68..max"; + } + units "octets"; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + description + "The list of IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address on the interface."; + } + choice subnet { + mandatory true; + description + "The subnet can be specified as a prefix length or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + description + "The subnet specified as a netmask."; + } + } + + leaf origin { + type ip-address-origin; + config false; + description + "The origin of this address."; + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + Entries in this list in the intended configuration are + used as static entries in the ARP Cache. + + In the operational state, this list represents the ARP + Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + config false; + description + "The origin of this neighbor entry."; + } + } + } + + container ipv6 { + presence + "Enables IPv6 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv6 address family."; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv6 is enabled or disabled on this + interface. When IPv6 is enabled, this interface is + connected to an IPv6 stack, and the interface can send + and receive IPv6 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv6 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv6 routers + forward datagrams. IPv6 hosts do not (except those + source-routed via the host)."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units "octets"; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 8200: Internet Protocol, Version 6 (IPv6) + Specification + Section 5"; + } + + list address { + key "ip"; + description + "The list of IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + description + "The length of the subnet prefix."; + } + leaf origin { + type ip-address-origin; + config false; + description + "The origin of this address."; + } + leaf status { + type enumeration { + enum preferred { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum deprecated { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum invalid { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + + enum inaccessible { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum unknown { + description + "The status cannot be determined for some reason."; + } + enum tentative { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum duplicate { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + enum optimistic { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + config false; + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + + list neighbor { + key "ip"; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + Entries in this list in the intended configuration are + used as static entries in the Neighbor Cache. + + In the operational state, this list represents the + Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node. + + In the operational state, if the neighbor's 'state' leaf + is 'incomplete', this leaf is not instantiated."; + } + leaf origin { + type neighbor-origin; + config false; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type empty; + config false; + description + "Indicates that the neighbor node acts as a router."; + } + + leaf state { + type enumeration { + enum incomplete { + description + "Address resolution is in progress, and the + link-layer address of the neighbor has not yet been + determined."; + } + enum reachable { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum stale { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum delay { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum probe { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + config false; + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + + leaf dup-addr-detect-transmits { + type uint32; + default 1; + description + "The number of consecutive Neighbor Solicitation messages + sent while performing Duplicate Address Detection on a + tentative address. A value of zero indicates that + Duplicate Address Detection is not performed on + tentative addresses. A value of one indicates a single + transmission with no follow-up retransmissions."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + container autoconf { + description + "Parameters to control the autoconfiguration of IPv6 + addresses, as described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + + leaf create-global-addresses { + type boolean; + default true; + description + "If enabled, the host creates global addresses as + described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration + Section 5.5"; + } + leaf create-temporary-addresses { + if-feature ipv6-privacy-autoconf; + type boolean; + default false; + description + "If enabled, the host creates temporary addresses as + described in RFC 4941."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + leaf temporary-valid-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 604800; + description + "The time period during which the temporary address + is valid."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_VALID_LIFETIME"; + } + leaf temporary-preferred-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 86400; + description + "The time period during which the temporary address is + preferred."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_PREFERRED_LIFETIME"; + } + } + } + } + + /* + * Legacy operational state data nodes + */ + + augment "/if:interfaces-state/if:interface" { + status deprecated; + description + "Data nodes for the operational state of IP on interfaces."; + + container ipv4 { + presence + "Present if IPv4 is enabled on this interface"; + config false; + status deprecated; + description + "Interface-specific parameters for the IPv4 address family."; + + leaf forwarding { + type boolean; + status deprecated; + description + "Indicates whether IPv4 packet forwarding is enabled or + disabled on this interface."; + } + leaf mtu { + type uint16 { + range "68..max"; + } + units "octets"; + status deprecated; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + status deprecated; + description + "The list of IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + status deprecated; + description + "The IPv4 address on the interface."; + } + choice subnet { + status deprecated; + description + "The subnet can be specified as a prefix length or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + status deprecated; + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + status deprecated; + description + "The subnet specified as a netmask."; + } + } + leaf origin { + type ip-address-origin; + status deprecated; + description + "The origin of this address."; + } + } + list neighbor { + key "ip"; + status deprecated; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + This list represents the ARP Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + status deprecated; + description + "The IPv4 address of the neighbor node."; + } + + leaf link-layer-address { + type yang:phys-address; + status deprecated; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + status deprecated; + description + "The origin of this neighbor entry."; + } + } + } + + container ipv6 { + presence + "Present if IPv6 is enabled on this interface"; + config false; + status deprecated; + description + "Parameters for the IPv6 address family."; + + leaf forwarding { + type boolean; + default false; + status deprecated; + description + "Indicates whether IPv6 packet forwarding is enabled or + disabled on this interface."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units "octets"; + status deprecated; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive."; + reference + "RFC 8200: Internet Protocol, Version 6 (IPv6) + Specification + Section 5"; + } + list address { + key "ip"; + status deprecated; + description + "The list of IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + status deprecated; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + status deprecated; + description + "The length of the subnet prefix."; + } + leaf origin { + type ip-address-origin; + status deprecated; + description + "The origin of this address."; + } + leaf status { + type enumeration { + enum preferred { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum deprecated { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum invalid { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + + enum inaccessible { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum unknown { + description + "The status cannot be determined for some reason."; + } + enum tentative { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum duplicate { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + enum optimistic { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + status deprecated; + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + + list neighbor { + key "ip"; + status deprecated; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + This list represents the Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + status deprecated; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + status deprecated; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + status deprecated; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type empty; + status deprecated; + description + "Indicates that the neighbor node acts as a router."; + } + leaf state { + type enumeration { + enum incomplete { + description + "Address resolution is in progress, and the + link-layer address of the neighbor has not yet been + determined."; + } + enum reachable { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum stale { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum delay { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum probe { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + status deprecated; + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + } + } +} diff --git a/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang new file mode 100644 index 0000000..fe80988 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-acl@2018-11-21.yang @@ -0,0 +1,847 @@ +module openconfig-acl { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/acl"; + + prefix "oc-acl"; + + import openconfig-packet-match { prefix oc-match; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state + data for network access control lists (i.e., filters, rules, + etc.). ACLs are organized into ACL sets, with each set + containing one or more ACL entries. ACL sets are identified + by a unique name, while each entry within a set is assigned + a sequence-id that determines the order in which the ACL + rules are applied to a packet. Note that ACLs are evaluated + in ascending order based on the sequence-id (low to high). + + Individual ACL rules specify match criteria based on fields in + the packet, along with an action that defines how matching + packets should be handled. Entries have a type that indicates + the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc."; + + oc-ext:openconfig-version "1.0.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-24" { + description + "Clarified order of ACL evaluation"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated ACL entries by type"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-01-22" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + identity ACL_TYPE { + description + "Base identity for types of ACL sets"; + } + + identity ACL_IPV4 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv4 addresses"; + } + + identity ACL_IPV6 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv6 addresses"; + } + + identity ACL_L2 { + base ACL_TYPE; + description + "MAC-layer ACLs"; + } + + identity ACL_MIXED { + base ACL_TYPE; + description + "Mixed-mode ACL that specifies L2 and L3 protocol + fields. This ACL type is not implemented by many + routing/switching devices."; + } + + // ACL action type + + identity FORWARDING_ACTION { + description + "Base identity for actions in the forwarding category"; + } + + identity ACCEPT { + base FORWARDING_ACTION; + description + "Accept the packet"; + } + + identity DROP { + base FORWARDING_ACTION; + description + "Drop packet without sending any ICMP error message"; + } + + identity REJECT { + base FORWARDING_ACTION; + description + "Drop the packet and send an ICMP error message to the source"; + } + + identity LOG_ACTION { + description + "Base identity for defining the destination for logging + actions"; + } + + identity LOG_SYSLOG { + base LOG_ACTION; + description + "Log the packet in Syslog"; + } + + identity LOG_NONE { + base LOG_ACTION; + description + "No logging"; + } + + identity ACL_COUNTER_CAPABILITY { + description + "Base identity for system to indicate how it is able to report + counters"; + } + + identity INTERFACE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are available and reported only per interface"; + } + + identity AGGREGATE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are aggregated over all interfaces, and reported + only per ACL entry"; + } + + identity INTERFACE_AGGREGATE { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are reported per interface, and also aggregated + and reported per ACL entry."; + } + + // grouping statements + + // input interface + grouping input-interface-config { + description + "Config of interface"; + + } + + grouping input-interface-state { + description + "State information of interface"; + } + + grouping input-interface-top { + description + "Input interface top level container"; + + container input-interface { + description + "Input interface container"; + + container config { + description + "Config data"; + uses input-interface-config; + } + + container state { + config false; + description + "State information"; + uses input-interface-config; + uses input-interface-state; + } + + uses oc-if:interface-ref; + + } + } + + // Action Type + grouping action-config { + description + "Config of action type"; + + + leaf forwarding-action { + type identityref { + base FORWARDING_ACTION; + } + mandatory true; + description + "Specifies the forwarding action. One forwarding action + must be specified for each ACL entry"; + } + + leaf log-action { + type identityref { + base LOG_ACTION; + } + default LOG_NONE; + description + "Specifies the log action and destination for + matched packets. The default is not to log the + packet."; + } + + + } + + grouping action-state { + description + "State information of action type"; + + } + + grouping action-top { + description + "ACL action type top level container"; + + container actions { + description + "Enclosing container for list of ACL actions associated + with an entry"; + + container config { + description + "Config data for ACL actions"; + uses action-config; + } + + container state { + config false; + description + "State information for ACL actions"; + uses action-config; + uses action-state; + } + } + } + + grouping acl-counters-state { + description + "Common grouping for ACL counters"; + + leaf matched-packets { + type oc-yang:counter64; + description + "Count of the number of packets matching the current ACL + entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + leaf matched-octets { + type oc-yang:counter64; + description + "Count of the number of octets (bytes) matching the current + ACL entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + } + + // Access List Entries + grouping access-list-entries-config { + description + "Access List Entries (ACE) config."; + + leaf sequence-id { + type uint32; + description + "The sequence id determines the order in which ACL entries + are applied. The sequence id must be unique for each entry + in an ACL set. Target devices should apply the ACL entry + rules in ascending order determined by sequence id (low to + high), rather than the relying only on order in the list."; + } + + leaf description { + type string; + description + "A user-defined description, or comment, for this Access List + Entry."; + } + + } + + grouping access-list-entries-state { + description + "Access List Entries state."; + + uses acl-counters-state; + + } + + grouping access-list-entries-top { + description + "Access list entries to level container"; + + container acl-entries { + description + "Access list entries container"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries comprising an ACL set"; + + leaf sequence-id { + type leafref { + path "../config/sequence-id"; + } + description + "references the list key"; + } + + container config { + description + "Access list entries config"; + uses access-list-entries-config; + } + + container state { + config false; + description + "State information for ACL entries"; + uses access-list-entries-config; + uses access-list-entries-state; + } + + uses oc-match:ethernet-header-top { + when "../../config/type='ACL_L2'" { + description + "MAC-layer fields are valid when the ACL type is L2"; + } + } + uses oc-match:ipv4-protocol-fields-top { + when "../../config/type='ACL_IPV4'" { + description + "IPv4-layer fields are valid when the ACL type is + IPv4"; + } + } + uses oc-match:ipv6-protocol-fields-top { + when "../../config/type='ACL_IPV6'" { + description + "IPv6-layer fields are valid when the ACL type is + IPv6"; + } + } + uses oc-match:transport-fields-top { + when "../../config/type='ACL_IPV6' or " + + "../../config/type='ACL_IPV4'" { + description + "Transport-layer fields are valid when specifying + L3 ACL types"; + } + } + uses input-interface-top; + + uses action-top; + } + } + } + + grouping acl-set-config { + description + "Access Control List config"; + + leaf name { + type string; + description + "The name of the access-list set"; + } + + leaf type { + type identityref { + base ACL_TYPE; + } + description + "The type determines the fields allowed in the ACL entries + belonging to the ACL set (e.g., IPv4, IPv6, etc.)"; + } + + leaf description { + type string; + description + "Description, or comment, for the ACL set"; + } + + } + + grouping acl-set-state { + description + "Access Control List state"; + } + + grouping acl-set-top { + description + "Access list entries variables top level container"; + + container acl-sets { + description + "Access list entries variables enclosing container"; + + list acl-set { + key "name type"; + description + "List of ACL sets, each comprising of a list of ACL + entries"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to the type list key"; + } + + container config { + description + "Access list config"; + uses acl-set-config; + } + + container state { + config false; + description + "Access list state information"; + uses acl-set-config; + uses acl-set-state; + } + uses access-list-entries-top; + } + } + } + + grouping interface-acl-entries-config { + description + "Configuration data for per-interface ACLs"; + + } + + grouping interface-acl-entries-state { + description + "Operational state data for per-interface ACL entries"; + + leaf sequence-id { + type leafref { + path "/acl/acl-sets/" + + "acl-set[name=current()/../../../../set-name]" + + "[type=current()/../../../../type]/" + + "acl-entries/acl-entry/sequence-id"; + } + description + "Reference to an entry in the ACL set applied to an + interface"; + } + + uses acl-counters-state; + + } + + grouping interface-acl-entries-top { + description + "Top-level grouping for per-interface ACL entries"; + + container acl-entries { + config false; + description + "Enclosing container for list of references to ACLs"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries assigned to an interface"; + + leaf sequence-id { + type leafref { + path "../state/sequence-id"; + } + description + "Reference to per-interface acl entry key"; + } + + // no config container since the enclosing container is + // read-only + + container state { + + config false; + + description + "Operational state data for per-interface ACL entries"; + + uses interface-acl-entries-config; + uses interface-acl-entries-state; + } + } + } + } + + grouping interface-ingress-acl-config { + description + "Configuration data for per-interface ingress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on ingress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on ingress"; + } + } + + grouping interface-ingress-acl-state { + description + "Operational state data for the per-interface ingress ACL"; + } + + grouping interface-ingress-acl-top { + description + "Top-level grouping for per-interface ingress ACL data"; + + container ingress-acl-sets { + description + "Enclosing container the list of ingress ACLs on the + interface"; + + list ingress-acl-set { + key "set-name type"; + description + "List of ingress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-ingress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface ingress ACLs"; + + uses interface-ingress-acl-config; + uses interface-ingress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping interface-egress-acl-config { + description + "Configuration data for per-interface egress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on egress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on egress."; + } + } + + grouping interface-egress-acl-state { + description + "Operational state data for the per-interface egress ACL"; + } + + grouping interface-egress-acl-top { + description + "Top-level grouping for per-interface egress ACL data"; + + container egress-acl-sets { + description + "Enclosing container the list of egress ACLs on the + interface"; + + list egress-acl-set { + key "set-name type"; + description + "List of egress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-egress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface egress ACLs"; + + uses interface-egress-acl-config; + uses interface-egress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping acl-interfaces-config { + description + "Configuration data for interface references"; + + leaf id { + type oc-if:interface-id; + description + "User-defined identifier for the interface -- a common + convention could be '.'"; + } + } + + grouping acl-interfaces-state { + description + "Operational state data for interface references"; + } + + grouping acl-interfaces-top { + description + "Top-level grouping for interface-specific ACL data"; + + container interfaces { + description + "Enclosing container for the list of interfaces on which + ACLs are set"; + + list interface { + key "id"; + description + "List of interfaces on which ACLs are set"; + + leaf id { + type leafref { + path "../config/id"; + } + description + "Reference to the interface id list key"; + } + + container config { + description + "Configuration for ACL per-interface data"; + + uses acl-interfaces-config; + } + + container state { + + config false; + + description + "Operational state for ACL per-interface data"; + + uses acl-interfaces-config; + uses acl-interfaces-state; + } + + uses oc-if:interface-ref; + uses interface-ingress-acl-top; + uses interface-egress-acl-top; + } + } + } + + grouping acl-config { + description + "Global configuration data for ACLs"; + } + + grouping acl-state { + description + "Global operational state data for ACLs"; + + leaf counter-capability { + type identityref { + base ACL_COUNTER_CAPABILITY; + } + description + "System reported indication of how ACL counters are reported + by the target"; + } + } + grouping acl-top { + description + "Top level grouping for ACL data and structure"; + + container acl { + description + "Top level enclosing container for ACL model config + and operational state data"; + + container config { + description + "Global config data for ACLs"; + + uses acl-config; + } + + container state { + + config false; + + description + "Global operational state data for ACLs"; + + uses acl-config; + uses acl-state; + } + + uses acl-set-top; + uses acl-interfaces-top; + } + } + + // data definition statements + uses acl-top; + + // augment statements + + +} diff --git a/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang new file mode 100644 index 0000000..452d400 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-extensions@2018-10-17.yang @@ -0,0 +1,165 @@ +module openconfig-extensions { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/openconfig-ext"; + + prefix "oc-ext"; + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module provides extensions to the YANG language to allow + OpenConfig specific functionality and meta-data to be defined."; + + revision "2018-10-17" { + description + "Add extension for regular expression type."; + reference "0.4.0"; + } + + revision "2017-04-11" { + description + "rename password type to 'hashed' and clarify description"; + reference "0.3.0"; + } + + revision "2017-01-29" { + description + "Added extension for annotating encrypted values."; + reference "0.2.0"; + } + + revision "2015-10-09" { + description + "Initial OpenConfig public release"; + reference "0.1.0"; + } + + + // extension statements + extension openconfig-version { + argument "semver" { + yin-element false; + } + description + "The OpenConfig version number for the module. This is + expressed as a semantic version number of the form: + x.y.z + where: + * x corresponds to the major version, + * y corresponds to a minor version, + * z corresponds to a patch version. + This version corresponds to the model file within which it is + defined, and does not cover the whole set of OpenConfig models. + Where several modules are used to build up a single block of + functionality, the same module version is specified across each + file that makes up the module. + A major version number of 0 indicates that this model is still + in development (whether within OpenConfig or with industry + partners), and is potentially subject to change. + Following a release of major version 1, all modules will + increment major revision number where backwards incompatible + changes to the model are made. + The minor version is changed when features are added to the + model that do not impact current clients use of the model. + The patch-level version is incremented when non-feature changes + (such as bugfixes or clarifications to human-readable + descriptions that do not impact model functionality) are made + that maintain backwards compatibility. + The version number is stored in the module meta-data."; + } + + extension openconfig-hashed-value { + description + "This extension provides an annotation on schema nodes to + indicate that the corresponding value should be stored and + reported in hashed form. + Hash algorithms are by definition not reversible. Clients + reading the configuration or applied configuration for the node + should expect to receive only the hashed value. Values written + in cleartext will be hashed. This annotation may be used on + nodes such as secure passwords in which the device never reports + a cleartext value, even if the input is provided as cleartext."; + } + + extension regexp-posix { + description + "This extension indicates that the regular expressions included + within the YANG module specified are conformant with the POSIX + regular expression format rather than the W3C standard that is + specified by RFC6020 and RFC7950."; + } + + extension telemetry-on-change { + description + "The telemetry-on-change annotation is specified in the context + of a particular subtree (container, or list) or leaf within the + YANG schema. Where specified, it indicates that the value stored + by the nodes within the context change their value only in response + to an event occurring. The event may be local to the target, for + example - a configuration change, or external - such as the failure + of a link. + When a telemetry subscription allows the target to determine whether + to export the value of a leaf in a periodic or event-based fashion + (e.g., TARGET_DEFINED mode in gNMI), leaves marked as + telemetry-on-change should only be exported when they change, + i.e., event-based."; + } + + extension telemetry-atomic { + description + "The telemetry-atomic annotation is specified in the context of + a subtree (containre, or list), and indicates that all nodes + within the subtree are always updated together within the data + model. For example, all elements under the subtree may be updated + as a result of a new alarm being raised, or the arrival of a new + protocol message. + Transport protocols may use the atomic specification to determine + optimisations for sending or storing the corresponding data."; + } + + extension operational { + description + "The operational annotation is specified in the context of a + grouping, leaf, or leaf-list within a YANG module. It indicates + that the nodes within the context are derived state on the device. + OpenConfig data models divide nodes into the following three categories: + - intended configuration - these are leaves within a container named + 'config', and are the writable configuration of a target. + - applied configuration - these are leaves within a container named + 'state' and are the currently running value of the intended configuration. + - derived state - these are the values within the 'state' container which + are not part of the applied configuration of the device. Typically, they + represent state values reflecting underlying operational counters, or + protocol statuses."; + } + + extension catalog-organization { + argument "org" { + yin-element false; + } + description + "This extension specifies the organization name that should be used within + the module catalogue on the device for the specified YANG module. It stores + a pithy string where the YANG organization statement may contain more + details."; + } + + extension origin { + argument "origin" { + yin-element false; + } + description + "This extension specifies the name of the origin that the YANG module + falls within. This allows multiple overlapping schema trees to be used + on a single network element without requiring module based prefixing + of paths."; + } +} \ No newline at end of file diff --git a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang b/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang deleted file mode 100644 index fbb872f..0000000 --- a/src/plugins/yang/openconfig/openconfig-inet-types@2017-08-24.yang +++ /dev/null @@ -1,332 +0,0 @@ -module openconfig-inet-types { - - yang-version "1"; - namespace "http://openconfig.net/yang/types/inet"; - prefix "oc-inet"; - - import openconfig-extensions { prefix "oc-ext"; } - - organization - "OpenConfig working group"; - - contact - "OpenConfig working group - www.openconfig.net"; - - description - "This module contains a set of Internet address related - types for use in OpenConfig modules. - - Portions of this code were derived from IETF RFC 6021. - Please reproduce this note if possible. - - IETF code is subject to the following copyright and license: - Copyright (c) IETF Trust and the persons identified as authors of - the code. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, is permitted pursuant to, and subject to the license - terms contained in, the Simplified BSD License set forth in - Section 4.c of the IETF Trust's Legal Provisions Relating - to IETF Documents (http://trustee.ietf.org/license-info)."; - - oc-ext:openconfig-version "0.3.1"; - - revision 2017-08-24 { - description - "Minor formatting fixes."; - reference "0.3.1"; - } - - revision 2017-07-06 { - description - "Add domain-name and host typedefs"; - reference "0.3.0"; - } - - revision 2017-04-03 { - description - "Add ip-version typedef."; - reference "0.2.0"; - } - - revision 2017-04-03 { - description - "Update copyright notice."; - reference "0.1.1"; - } - - revision 2017-01-26 { - description - "Initial module for inet types"; - reference "0.1.0"; - } - - // IPv4 and IPv6 types. - - typedef ipv4-address { - type string { - pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + - '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])'; - } - description - "An IPv4 address in dotted quad notation using the default - zone."; - } - - typedef ipv4-address-zoned { - type string { - pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + - '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])(%[a-zA-Z0-9_]+)$'; - } - description - "An IPv4 address in dotted quad notation. This type allows - specification of a zone index to disambiguate identical - address values. For link-local addresses, the index is - typically the interface index or interface name."; - } - - typedef ipv6-address { - type string { - pattern - // Must support compression through different lengths - // therefore this regexp is complex. - '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + - '([0-9a-fA-F]{1,4}:){1,7}:|' + - '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + - '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + - '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + - '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + - '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + - '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + - ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + - ')$'; - } - description - "An IPv6 address represented as either a full address; shortened - or mixed-shortened formats, using the default zone."; - } - - typedef ipv6-address-zoned { - type string { - pattern - // Must support compression through different lengths - // therefore this regexp is complex. - '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + - '([0-9a-fA-F]{1,4}:){1,7}:|' + - '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + - '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + - '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + - '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + - '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + - '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + - ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + - ')(%[a-zA-Z0-9_]+)$'; - } - description - "An IPv6 address represented as either a full address; shortened - or mixed-shortened formats. This type allows specification of - a zone index to disambiguate identical address values. For - link-local addresses, the index is typically the interface - index or interface name."; - } - - typedef ipv4-prefix { - type string { - pattern '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + - '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))'; - } - description - "An IPv4 prefix represented in dotted quad notation followed by - a slash and a CIDR mask (0 <= mask <= 32)."; - } - - typedef ipv6-prefix { - type string { - pattern - '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + - '([0-9a-fA-F]{1,4}:){1,7}:|' + - '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}' + - '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + - '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + - '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + - '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + - '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + - ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + - ')/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$'; - } - description - "An IPv6 prefix represented in full, shortened, or mixed - shortened format followed by a slash and CIDR mask - (0 <= mask <= 128)."; - } - - typedef ip-address { - type union { - type ipv4-address; - type ipv6-address; - } - description - "An IPv4 or IPv6 address with no prefix specified."; - } - - typedef ip-prefix { - type union { - type ipv4-prefix; - type ipv6-prefix; - } - description - "An IPv4 or IPv6 prefix."; - } - - typedef ip-version { - type enumeration { - enum UNKNOWN { - value 0; - description - "An unknown or unspecified version of the Internet - protocol."; - } - enum IPV4 { - value 4; - description - "The IPv4 protocol as defined in RFC 791."; - } - enum IPV6 { - value 6; - description - "The IPv6 protocol as defined in RFC 2460."; - } - } - description - "This value represents the version of the IP protocol. - Note that integer representation of the enumerated values - are not specified, and are not required to follow the - InetVersion textual convention in SMIv2."; - reference - "RFC 791: Internet Protocol - RFC 2460: Internet Protocol, Version 6 (IPv6) Specification - RFC 4001: Textual Conventions for Internet Network Addresses"; - } - - typedef domain-name { - type string { - length "1..253"; - pattern - '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + - '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + - '|\.'; - } - description - "The domain-name type represents a DNS domain name. - Fully quallified left to the models which utilize this type. - - Internet domain names are only loosely specified. Section - 3.5 of RFC 1034 recommends a syntax (modified in Section - 2.1 of RFC 1123). The pattern above is intended to allow - for current practice in domain name use, and some possible - future expansion. It is designed to hold various types of - domain names, including names used for A or AAAA records - (host names) and other records, such as SRV records. Note - that Internet host names have a stricter syntax (described - in RFC 952) than the DNS recommendations in RFCs 1034 and - 1123, and that systems that want to store host names in - schema nodes using the domain-name type are recommended to - adhere to this stricter standard to ensure interoperability. - - The encoding of DNS names in the DNS protocol is limited - to 255 characters. Since the encoding consists of labels - prefixed by a length bytes and there is a trailing NULL - byte, only 253 characters can appear in the textual dotted - notation. - - Domain-name values use the US-ASCII encoding. Their canonical - format uses lowercase US-ASCII characters. Internationalized - domain names MUST be encoded in punycode as described in RFC - 3492"; - } - - typedef host { - type union { - type ip-address; - type domain-name; - } - description - "The host type represents either an unzoned IP address or a DNS - domain name."; - } - - typedef as-number { - type uint32; - description - "A numeric identifier for an autonomous system (AS). An AS is a - single domain, under common administrative control, which forms - a unit of routing policy. Autonomous systems can be assigned a - 2-byte identifier, or a 4-byte identifier which may have public - or private scope. Private ASNs are assigned from dedicated - ranges. Public ASNs are assigned from ranges allocated by IANA - to the regional internet registries (RIRs)."; - reference - "RFC 1930 Guidelines for creation, selection, and registration - of an Autonomous System (AS) - RFC 4271 A Border Gateway Protocol 4 (BGP-4)"; - } - - typedef dscp { - type uint8 { - range "0..63"; - } - description - "A differentiated services code point (DSCP) marking within the - IP header."; - reference - "RFC 2474 Definition of the Differentiated Services Field - (DS Field) in the IPv4 and IPv6 Headers"; - } - - typedef ipv6-flow-label { - type uint32 { - range "0..1048575"; - } - description - "The IPv6 flow-label is a 20-bit value within the IPv6 header - which is optionally used by the source of the IPv6 packet to - label sets of packets for which special handling may be - required."; - reference - "RFC 2460 Internet Protocol, Version 6 (IPv6) Specification"; - } - - typedef port-number { - type uint16; - description - "A 16-bit port number used by a transport protocol such as TCP - or UDP."; - reference - "RFC 768 User Datagram Protocol - RFC 793 Transmission Control Protocol"; - } - - typedef uri { - type string; - description - "An ASCII-encoded Uniform Resource Identifier (URI) as defined - in RFC 3986."; - reference - "RFC 3986 Uniform Resource Identifier (URI): Generic Syntax"; - } - - typedef url { - type string; - description - "An ASCII-encoded Uniform Resource Locator (URL) as defined - in RFC 3986, section 1.1.3"; - reference - "RFC 3986, paragraph 1.1.3"; - } - -} diff --git a/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang new file mode 100644 index 0000000..7c23d2b --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-inet-types@2018-11-21.yang @@ -0,0 +1,343 @@ +module openconfig-inet-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/inet"; + prefix "oc-inet"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of Internet address related + types for use in OpenConfig modules. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.3.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.3.2"; + } + + revision 2017-08-24 { + description + "Minor formatting fixes."; + reference "0.3.1"; + } + + revision 2017-07-06 { + description + "Add domain-name and host typedefs"; + reference "0.3.0"; + } + + revision 2017-04-03 { + description + "Add ip-version typedef."; + reference "0.2.0"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // IPv4 and IPv6 types. + + typedef ipv4-address { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])$'; + } + description + "An IPv4 address in dotted quad notation using the default + zone."; + } + + typedef ipv4-address-zoned { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])(%[a-zA-Z0-9_]+)$'; + } + description + "An IPv4 address in dotted quad notation. This type allows + specification of a zone index to disambiguate identical + address values. For link-local addresses, the index is + typically the interface index or interface name."; + } + + typedef ipv6-address { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats, using the default zone."; + } + + typedef ipv6-address-zoned { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')(%[a-zA-Z0-9_]+)$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats. This type allows specification of + a zone index to disambiguate identical address values. For + link-local addresses, the index is typically the interface + index or interface name."; + } + + typedef ipv4-prefix { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))$'; + } + description + "An IPv4 prefix represented in dotted quad notation followed by + a slash and a CIDR mask (0 <= mask <= 32)."; + } + + typedef ipv6-prefix { + type string { + pattern + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$'; + } + description + "An IPv6 prefix represented in full, shortened, or mixed + shortened format followed by a slash and CIDR mask + (0 <= mask <= 128)."; + } + + typedef ip-address { + type union { + type ipv4-address; + type ipv6-address; + } + description + "An IPv4 or IPv6 address with no prefix specified."; + } + + typedef ip-prefix { + type union { + type ipv4-prefix; + type ipv6-prefix; + } + description + "An IPv4 or IPv6 prefix."; + } + + typedef ip-version { + type enumeration { + enum UNKNOWN { + value 0; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum IPV4 { + value 4; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum IPV6 { + value 6; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + Note that integer representation of the enumerated values + are not specified, and are not required to follow the + InetVersion textual convention in SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + typedef domain-name { + type string { + length "1..253"; + pattern + '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.'; + } + description + "The domain-name type represents a DNS domain name. + Fully quallified left to the models which utilize this type. + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. It is designed to hold various types of + domain names, including names used for A or AAAA records + (host names) and other records, such as SRV records. Note + that Internet host names have a stricter syntax (described + in RFC 952) than the DNS recommendations in RFCs 1034 and + 1123, and that systems that want to store host names in + schema nodes using the domain-name type are recommended to + adhere to this stricter standard to ensure interoperability. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be encoded in punycode as described in RFC + 3492"; + } + + typedef host { + type union { + type ip-address; + type domain-name; + } + description + "The host type represents either an unzoned IP address or a DNS + domain name."; + } + + typedef as-number { + type uint32; + description + "A numeric identifier for an autonomous system (AS). An AS is a + single domain, under common administrative control, which forms + a unit of routing policy. Autonomous systems can be assigned a + 2-byte identifier, or a 4-byte identifier which may have public + or private scope. Private ASNs are assigned from dedicated + ranges. Public ASNs are assigned from ranges allocated by IANA + to the regional internet registries (RIRs)."; + reference + "RFC 1930 Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271 A Border Gateway Protocol 4 (BGP-4)"; + } + + typedef dscp { + type uint8 { + range "0..63"; + } + description + "A differentiated services code point (DSCP) marking within the + IP header."; + reference + "RFC 2474 Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The IPv6 flow-label is a 20-bit value within the IPv6 header + which is optionally used by the source of the IPv6 packet to + label sets of packets for which special handling may be + required."; + reference + "RFC 2460 Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16; + description + "A 16-bit port number used by a transport protocol such as TCP + or UDP."; + reference + "RFC 768 User Datagram Protocol + RFC 793 Transmission Control Protocol"; + } + + typedef uri { + type string; + description + "An ASCII-encoded Uniform Resource Identifier (URI) as defined + in RFC 3986."; + reference + "RFC 3986 Uniform Resource Identifier (URI): Generic Syntax"; + } + + typedef url { + type string; + description + "An ASCII-encoded Uniform Resource Locator (URL) as defined + in RFC 3986, section 1.1.3"; + reference + "RFC 3986, paragraph 1.1.3"; + } + +} diff --git a/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang new file mode 100644 index 0000000..1b93d52 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-packet-match-types@2018-11-21.yang @@ -0,0 +1,309 @@ +module openconfig-packet-match-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/packet-match-types"; + + prefix "oc-pkt-match-types"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines common types for use in models requiring + data definitions related to packet matches."; + + oc-ext:openconfig-version "1.0.2"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-15" { + description + "Corrected description and range for ethertype typedef"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // extension statements + + // feature statements + + // identity statements + + + //TODO: should replace this with an official IEEE module + // when available. Only a select number of types are + // defined in this identity. + identity ETHERTYPE { + description + "Base identity for commonly used Ethertype values used + in packet header matches on Ethernet frames. The Ethertype + indicates which protocol is encapsulated in the Ethernet + payload."; + reference + "IEEE 802.3"; + } + + identity ETHERTYPE_IPV4 { + base ETHERTYPE; + description + "IPv4 protocol (0x0800)"; + } + + identity ETHERTYPE_ARP { + base ETHERTYPE; + description + "Address resolution protocol (0x0806)"; + } + + identity ETHERTYPE_VLAN { + base ETHERTYPE; + description + "VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note + that this value is also used to represent Shortest Path + Bridging (IEEE 801.1aq) frames."; + } + + identity ETHERTYPE_IPV6 { + base ETHERTYPE; + description + "IPv6 protocol (0x86DD)"; + } + + identity ETHERTYPE_MPLS { + base ETHERTYPE; + description + "MPLS unicast (0x8847)"; + } + + identity ETHERTYPE_LLDP { + base ETHERTYPE; + description + "Link Layer Discovery Protocol (0x88CC)"; + } + + identity ETHERTYPE_ROCE { + base ETHERTYPE; + description + "RDMA over Converged Ethernet (0x8915)"; + } + + + //TODO: should replace this with an official IANA module when + //available. Only a select set of protocols are defined with + //this identity. + identity IP_PROTOCOL { + description + "Base identity for commonly used IP protocols used in + packet header matches"; + reference + "IANA Assigned Internet Protocol Numbers"; + } + + identity IP_TCP { + base IP_PROTOCOL; + description + "Transmission Control Protocol (6)"; + } + + identity IP_UDP { + base IP_PROTOCOL; + description + "User Datagram Protocol (17)"; + } + + identity IP_ICMP { + base IP_PROTOCOL; + description + "Internet Control Message Protocol (1)"; + } + + identity IP_IGMP { + base IP_PROTOCOL; + description + "Internet Group Membership Protocol (2)"; + } + + identity IP_PIM { + base IP_PROTOCOL; + description + "Protocol Independent Multicast (103)"; + } + + identity IP_RSVP { + base IP_PROTOCOL; + description + "Resource Reservation Protocol (46)"; + } + + identity IP_GRE { + base IP_PROTOCOL; + description + "Generic Routing Encapsulation (47)"; + } + + identity IP_AUTH { + base IP_PROTOCOL; + description + "Authentication header, e.g., for IPSEC (51)"; + } + + identity IP_L2TP { + base IP_PROTOCOL; + description + "Layer Two Tunneling Protocol v.3 (115)"; + } + + + + identity TCP_FLAGS { + description + "Common TCP flags used in packet header matches"; + reference + "IETF RFC 793 - Transmission Control Protocol + IETF RFC 3168 - The Addition of Explicit Congestion + Notification (ECN) to IP"; + } + + identity TCP_SYN { + base TCP_FLAGS; + description + "TCP SYN flag"; + } + + identity TCP_FIN { + base TCP_FLAGS; + description + "TCP FIN flag"; + } + + identity TCP_RST { + base TCP_FLAGS; + description + "TCP RST flag"; + } + + identity TCP_PSH { + base TCP_FLAGS; + description + "TCP push flag"; + } + + identity TCP_ACK { + base TCP_FLAGS; + description + "TCP ACK flag"; + } + + identity TCP_URG { + base TCP_FLAGS; + description + "TCP urgent flag"; + } + + identity TCP_ECE { + base TCP_FLAGS; + description + "TCP ECN-Echo flag. If the SYN flag is set, indicates that + the TCP peer is ECN-capable, otherwise indicates that a + packet with Congestion Experienced flag in the IP header + is set"; + } + + identity TCP_CWR { + base TCP_FLAGS; + description + "TCP Congestion Window Reduced flag"; + } + + // typedef statements + + typedef port-num-range { + type union { + type string { + pattern '^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?' + + '[0-9]?)\.\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?' + + '[0-9]?[0-9]?)$'; + } + type oc-inet:port-number; + type enumeration { + enum ANY { + description + "Indicates any valid port number (e.g., wildcard)"; + } + } + } + description + "Port numbers may be represented as a single value, + an inclusive range as .., or as ANY to + indicate a wildcard."; + } + + typedef ip-protocol-type { + type union { + type uint8 { + range 0..254; + } + type identityref { + base IP_PROTOCOL; + } + } + description + "The IP protocol number may be expressed as a valid protocol + number (integer) or using a protocol type defined by the + IP_PROTOCOL identity"; + } + + typedef ethertype-type { + type union { + type uint16 { + range 1536..65535; + } + type identityref { + base ETHERTYPE; + } + } + description + "The Ethertype value may be expressed as a 16-bit number in + decimal notation, or using a type defined by the + ETHERTYPE identity"; + } + +} diff --git a/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang new file mode 100644 index 0000000..510bc57 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-packet-match@2018-11-21.yang @@ -0,0 +1,371 @@ +module openconfig-packet-match { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/header-fields"; + + prefix "oc-pkt-match"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-packet-match-types { prefix oc-pkt-match-types; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data related to packet header fields + used in matching operations, for example in ACLs. When a + field is omitted from a match expression, the effect is a + wildcard ('any') for that field."; + + oc-ext:openconfig-version "1.1.1"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.1.1"; + } + + revision "2017-12-15" { + description + "Add MPLS packet field matches"; + reference "1.1.0"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // Physical Layer fields + // ethernet-header + grouping ethernet-header-config { + description + "Configuration data of fields in Ethernet header."; + + leaf source-mac { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address."; + } + + leaf source-mac-mask { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address mask."; + } + + leaf destination-mac { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address."; + } + + leaf destination-mac-mask { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address mask."; + } + + leaf ethertype { + type oc-pkt-match-types:ethertype-type; + description + "Ethertype field to match in Ethernet packets"; + } + } + + grouping ethernet-header-state { + description + "State information of fields in Ethernet header."; + } + + grouping ethernet-header-top { + description + "Top level container for fields in Ethernet header."; + + container l2 { + description + "Ethernet header fields"; + + container config { + description + "Configuration data"; + uses ethernet-header-config; + } + + container state { + config false; + description + "State Information."; + uses ethernet-header-config; + uses ethernet-header-state; + } + } + } + + grouping mpls-header-top { + description + "Top-level container for fields in an MPLS header."; + + container mpls { + description + "MPLS header fields"; + + container config { + description + "Configuration parameters relating to fields within + the MPLS header."; + uses mpls-header-config; + } + + container state { + config false; + description + "Operational state parameters relating to fields + within the MPLS header"; + uses mpls-header-config; + } + } + } + + grouping mpls-header-config { + description + "Configuration parameters relating to matches within + MPLS header fields."; + + leaf traffic-class { + type uint8 { + range "0..7"; + } + description + "The value of the MPLS traffic class (TC) bits, + formerly known as the EXP bits."; + } + } + + grouping ip-protocol-fields-common-config { + description + "IP protocol fields common to IPv4 and IPv6"; + + leaf dscp { + type oc-inet:dscp; + description + "Value of diffserv codepoint."; + } + + leaf protocol { + type oc-pkt-match-types:ip-protocol-type; + description + "The protocol carried in the IP packet, expressed either + as its IP protocol number, or by a defined identity."; + } + + leaf hop-limit { + type uint8 { + range 0..255; + } + description + "The IP packet's hop limit -- known as TTL (in hops) in + IPv4 packets, and hop limit in IPv6"; + } + } + + // IP Layer + // ip-protocol-fields + grouping ipv4-protocol-fields-config { + description + "Configuration data of IP protocol fields + for IPv4"; + + leaf source-address { + type oc-inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + + leaf destination-address { + type oc-inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + + uses ip-protocol-fields-common-config; + + } + + grouping ipv4-protocol-fields-state { + description + "State information of IP header fields for IPv4"; + } + + grouping ipv4-protocol-fields-top { + description + "IP header fields for IPv4"; + + container ipv4 { + description + "Top level container for IPv4 match field data"; + + container config { + description + "Configuration data for IPv4 match fields"; + uses ipv4-protocol-fields-config; + } + + container state { + config false; + description + "State information for IPv4 match fields"; + uses ipv4-protocol-fields-config; + uses ipv4-protocol-fields-state; + } + } + } + + grouping ipv6-protocol-fields-config { + description + "Configuration data for IPv6 match fields"; + + leaf source-address { + type oc-inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + + leaf source-flow-label { + type oc-inet:ipv6-flow-label; + description + "Source IPv6 Flow label."; + } + + leaf destination-address { + type oc-inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + + leaf destination-flow-label { + type oc-inet:ipv6-flow-label; + description + "Destination IPv6 Flow label."; + } + + uses ip-protocol-fields-common-config; + } + + grouping ipv6-protocol-fields-state { + description + "Operational state data for IPv6 match fields"; + } + + grouping ipv6-protocol-fields-top { + description + "Top-level grouping for IPv6 match fields"; + + container ipv6 { + description + "Top-level container for IPv6 match field data"; + + container config { + description + "Configuration data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + } + + container state { + + config false; + + description + "Operational state data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + uses ipv6-protocol-fields-state; + } + } + } + + // Transport fields + grouping transport-fields-config { + description + "Configuration data of transport-layer packet fields"; + + leaf source-port { + type oc-pkt-match-types:port-num-range; + description + "Source port or range"; + } + + leaf destination-port { + type oc-pkt-match-types:port-num-range; + description + "Destination port or range"; + } + + leaf-list tcp-flags { + type identityref { + base oc-pkt-match-types:TCP_FLAGS; + } + description + "List of TCP flags to match"; + } + } + + grouping transport-fields-state { + description + "State data of transport-fields"; + } + + grouping transport-fields-top { + description + "Destination transport-fields top level grouping"; + + container transport { + description + "Transport fields container"; + + container config { + description + "Configuration data"; + uses transport-fields-config; + } + + container state { + config false; + description + "State data"; + uses transport-fields-config; + uses transport-fields-state; + } + } + } + +} diff --git a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang b/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang deleted file mode 100644 index b3b2c16..0000000 --- a/src/plugins/yang/openconfig/openconfig-yang-types@2018-04-24.yang +++ /dev/null @@ -1,180 +0,0 @@ -module openconfig-yang-types { - - yang-version "1"; - namespace "http://openconfig.net/yang/types/yang"; - prefix "oc-yang"; - - import openconfig-extensions { prefix "oc-ext"; } - - organization - "OpenConfig working group"; - - contact - "OpenConfig working group - www.openconfig.net"; - - description - "This module contains a set of extension types to the - YANG builtin types that are used across multiple - OpenConfig models. - - Portions of this code were derived from IETF RFC 6021. - Please reproduce this note if possible. - - IETF code is subject to the following copyright and license: - Copyright (c) IETF Trust and the persons identified as authors of - the code. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, is permitted pursuant to, and subject to the license - terms contained in, the Simplified BSD License set forth in - Section 4.c of the IETF Trust's Legal Provisions Relating - to IETF Documents (http://trustee.ietf.org/license-info)."; - - oc-ext:openconfig-version "0.2.0"; - - revision 2018-04-24 { - description - "Add date typedef"; - reference "0.2.0"; - } - - revision 2017-07-30 { - description - "Fixed unprintable character"; - reference "0.1.2"; - } - - revision 2017-04-03 { - description - "Update copyright notice."; - reference "0.1.1"; - } - - revision 2017-01-26 { - description - "Initial module for inet types"; - reference "0.1.0"; - } - - typedef dotted-quad { - type string { - pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + - '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + - '[0-9]|25[0-5])$'; - } - description - "An unsigned 32-bit integer expressed as a dotted quad. The - format is four octets written as decimal numbers separated - with a period character."; - } - - typedef hex-string { - type string { - pattern '^[0-9a-fA-F]*$'; - } - description - "A string consisting of a hexadecimal characters."; - } - - typedef counter32 { - type uint32; - description - - "A 32-bit counter. A counter value is a monotonically increasing - value which is used to express a count of a number of - occurrences of a particular event or entity. When the counter - reaches its maximum value, in this case 2^32-1, it wraps to 0. - - Discontinuities in the counter are generally triggered only when - the counter is reset to zero."; - } - - typedef counter64 { - type uint64; - description - - "A 64-bit counter. A counter value is a monotonically increasing - value which is used to express a count of a number of - occurrences of a particular event or entity. When a counter64 - reaches its maximum value, 2^64-1, it loops to zero. - Discontinuities in a counter are generally triggered only when - the counter is reset to zero, through operator or system - intervention."; - } - - typedef date-and-time { - type string { - pattern - '^[0-9]{4}\-[0-9]{2}\-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' + - '(\.[0-9]+)?Z[+-][0-9]{2}:[0-9]{2}$'; - } - description - "A date and time, expressed in the format described in RFC3339. - That is to say: - - YYYY-MM-DDTHH:MM:SSZ+-hh:mm - - where YYYY is the year, MM is the month expressed as a two-digit - month (zero padding if required), DD is the day of the month, - expressed as a two digit value. T is the literal character 'T', - HH is the hour of the day expressed as a two digit number, using - the 24-hour clock, MM is the minute of the hour expressed as a - two digit number. Z is the literal character 'Z', followed by a - timezone offset expressed in hours (hh) and minutes (mm), both - expressed as two digit numbers. The time offset is specified as - a positive or negative offset to UTC using the '+' or '-' - character preceding the offset. - - Optionally, fractional seconds can be expressed after the minute - of the hour as a decimal number of unspecified precision - reflecting fractions of a second."; - reference - "RFC3339 - Date and Time on the Internet: Timestamps"; - } - - typedef date { - type string { - pattern '^[0-9]{4}\-[0-9]{2}\-[0-9]{2}$'; - } - description - "A full UTC date, expressed in the format described in RFC3339. - That is to say: - - YYYY-MM-DD - - where YYYY is the year, MM is the month expressed as a two-digit - month (zero padding if required), DD is the day of the month, - expressed as a two digit value."; - - reference - "RFC3339 - Date and Time on the Internet: full-date"; - } - - typedef gauge64 { - type uint64; - description - "A gauge value may increase or decrease - and reflects a value - at a particular point in time. If the value of the variable - being modeled using the gauge exceeds its maximum - 2^64-1 in - this case - the gauge is set to its maximum value."; - } - - typedef phys-address { - type string { - pattern '^([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?$'; - } - description - "A physical layer address, expressed as a series of pairs of - hexadecimal digits."; - } - - typedef mac-address { - type string { - pattern '^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'; - } - description - "An IEEE 802 MAC address"; - } -} diff --git a/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang new file mode 100644 index 0000000..1c2a7f5 --- /dev/null +++ b/src/plugins/yang/openconfig/openconfig-yang-types@2018-11-21.yang @@ -0,0 +1,191 @@ +module openconfig-yang-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/yang"; + prefix "oc-yang"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of extension types to the + YANG builtin types that are used across multiple + OpenConfig models. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.2.1"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.2.1"; + } + + revision 2018-04-24 { + description + "Add date typedef"; + reference "0.2.0"; + } + + revision 2017-07-30 { + description + "Fixed unprintable character"; + reference "0.1.2"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + typedef dotted-quad { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])$'; + } + description + "An unsigned 32-bit integer expressed as a dotted quad. The + format is four octets written as decimal numbers separated + with a period character."; + } + + typedef hex-string { + type string { + pattern '^[0-9a-fA-F]*$'; + } + description + "A string consisting of a hexadecimal characters."; + } + + typedef counter32 { + type uint32; + description + + "A 32-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When the counter + reaches its maximum value, in this case 2^32-1, it wraps to 0. + + Discontinuities in the counter are generally triggered only when + the counter is reset to zero."; + } + + typedef counter64 { + type uint64; + description + + "A 64-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When a counter64 + reaches its maximum value, 2^64-1, it loops to zero. + Discontinuities in a counter are generally triggered only when + the counter is reset to zero, through operator or system + intervention."; + } + + typedef date-and-time { + type string { + pattern + '^[0-9]{4}\-[0-9]{2}\-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' + + '(\.[0-9]+)?Z[+-][0-9]{2}:[0-9]{2}$'; + } + description + "A date and time, expressed in the format described in RFC3339. + That is to say: + + YYYY-MM-DDTHH:MM:SSZ+-hh:mm + + where YYYY is the year, MM is the month expressed as a two-digit + month (zero padding if required), DD is the day of the month, + expressed as a two digit value. T is the literal character 'T', + HH is the hour of the day expressed as a two digit number, using + the 24-hour clock, MM is the minute of the hour expressed as a + two digit number. Z is the literal character 'Z', followed by a + timezone offset expressed in hours (hh) and minutes (mm), both + expressed as two digit numbers. The time offset is specified as + a positive or negative offset to UTC using the '+' or '-' + character preceding the offset. + + Optionally, fractional seconds can be expressed after the minute + of the hour as a decimal number of unspecified precision + reflecting fractions of a second."; + reference + "RFC3339 - Date and Time on the Internet: Timestamps"; + } + + typedef date { + type string { + pattern '^[0-9]{4}\-[0-9]{2}\-[0-9]{2}$'; + } + description + "A full UTC date, expressed in the format described in RFC3339. + That is to say: + + YYYY-MM-DD + + where YYYY is the year, MM is the month expressed as a two-digit + month (zero padding if required), DD is the day of the month, + expressed as a two digit value."; + + reference + "RFC3339 - Date and Time on the Internet: full-date"; + } + + typedef gauge64 { + type uint64; + description + "A gauge value may increase or decrease - and reflects a value + at a particular point in time. If the value of the variable + being modeled using the gauge exceeds its maximum - 2^64-1 in + this case - the gauge is set to its maximum value."; + } + + typedef phys-address { + type string { + pattern '^([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?$'; + } + description + "A physical layer address, expressed as a series of pairs of + hexadecimal digits."; + } + + typedef mac-address { + type string { + pattern '^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'; + } + description + "An IEEE 802 MAC address"; + } +} diff --git a/test/util.py b/test/util.py index 6fe5427..c31439d 100644 --- a/test/util.py +++ b/test/util.py @@ -22,25 +22,14 @@ def ping(ip): subprocess.run("ping -c 4 " + ip, shell=True) def import_yang_modules(): - print("Import YANG modules to sysrepo.") + print("Import YANG models to sysrepo.") directory = '/root/src/sweetcomb/' - os.chdir(directory + "src/plugins/yang/ietf/") - subprocess.run(["sysrepoctl", "--install", "-S", ".", - "--yang=./ietf-interfaces.yang"]) - - os.chdir(directory + "src/plugins/yang/openconfig/") - subprocess.run(["sysrepoctl", "--install", "-S", ".", - "--yang=./openconfig-interfaces.yang"]) - subprocess.run(["sysrepoctl", "--install", "-S", ".", - "--yang=./openconfig-if-ip.yang"]) - subprocess.run(["sysrepoctl", "--install", "-S", ".", - "--yang=./openconfig-local-routing.yang"]) - - time.sleep(5) + os.chdir(directory) + subprocess.run(["make", "uninstall-models"]) + subprocess.run(["make", "install-models"]) os.chdir(directory + "test/conf/") - print("Import configuration to sysrepo datastore.") subprocess.run(["sysrepocfg", "--import=ietf-interfaces.xml", "--datastore=startup", "--format=xml", "--leve=0", @@ -49,4 +38,4 @@ def import_yang_modules(): "--datastore=running", "--format=xml", "--leve=0", "ietf-interfaces"]) os.chdir(directory) - time.sleep(2) + time.sleep(2) \ No newline at end of file -- cgit 1.2.3-korg