diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acl.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acl.py
new file mode 100644
index 0000000000000000000000000000000000000000..3e2f1389e6786a5cef322ecfaf64c12112409619
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acl.py
@@ -0,0 +1,75 @@
+# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json, logging, re
+from flask_restful import Resource
+from werkzeug.exceptions import NotFound
+from common.proto.context_pb2 import ConfigActionEnum, ConfigRule
+from common.tools.context_queries.Device import get_device
+from context.client.ContextClient import ContextClient
+from device.client.DeviceClient import DeviceClient
+from nbi.service.rest_server.nbi_plugins.tools.Authentication import HTTP_AUTH
+from .ietf_acl_parser import ietf_acl_from_config_rule_resource_value
+
+LOGGER = logging.getLogger(__name__)
+
+ACL_CONIG_RULE_KEY = r'\/device\[.+\]\/endpoint\[(.+)\]/acl_ruleset\[{}\]'
+
+class Acl(Resource):
+ @HTTP_AUTH.login_required
+ def get(self, device_uuid : str, acl_name : str):
+ LOGGER.debug('GET device_uuid={:s}, acl_name={:s}'.format(str(device_uuid), str(acl_name)))
+ RE_ACL_CONIG_RULE_KEY = re.compile(ACL_CONIG_RULE_KEY.format(acl_name))
+
+ context_client = ContextClient()
+ device = get_device(context_client, device_uuid, rw_copy=False, include_config_rules=True)
+ if device is None: raise NotFound('Device({:s}) not found'.format(str(device_uuid)))
+
+ for config_rule in device.device_config.config_rules:
+ if config_rule.WhichOneof('config_rule') != 'custom': continue
+ ep_uuid_match = RE_ACL_CONIG_RULE_KEY.match(config_rule.custom.resource_key)
+ if ep_uuid_match is None: continue
+ resource_value_dict = json.loads(config_rule.custom.resource_value)
+ return ietf_acl_from_config_rule_resource_value(resource_value_dict)
+
+ raise NotFound('Acl({:s}) not found in Device({:s})'.format(str(acl_name), str(device_uuid)))
+
+ @HTTP_AUTH.login_required
+ def delete(self, device_uuid : str, acl_name : str):
+ LOGGER.debug('DELETE device_uuid={:s}, acl_name={:s}'.format(str(device_uuid), str(acl_name)))
+ RE_ACL_CONIG_RULE_KEY = re.compile(ACL_CONIG_RULE_KEY.format(acl_name))
+
+ context_client = ContextClient()
+ device = get_device(context_client, device_uuid, rw_copy=True, include_config_rules=True)
+ if device is None: raise NotFound('Device({:s}) not found'.format(str(device_uuid)))
+
+ delete_config_rules = list()
+ for config_rule in device.device_config.config_rules:
+ if config_rule.WhichOneof('config_rule') != 'custom': continue
+ ep_uuid_match = RE_ACL_CONIG_RULE_KEY.match(config_rule.custom.resource_key)
+ if ep_uuid_match is None: continue
+
+ _config_rule = ConfigRule()
+ _config_rule.CopyFrom(config_rule)
+ _config_rule.action = ConfigActionEnum.CONFIGACTION_DELETE
+ delete_config_rules.append(_config_rule)
+
+ if len(delete_config_rules) == 0:
+ raise NotFound('Acl({:s}) not found in Device({:s})'.format(str(acl_name), str(device_uuid)))
+
+ device_client = DeviceClient()
+ del device.device_config.config_rules[:]
+ device.device_config.config_rules.extend(delete_config_rules)
+ device_client.ConfigureDevice(device)
+ return None
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acls.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acls.py
new file mode 100644
index 0000000000000000000000000000000000000000..1814abbb415cfbaee205ff7880fb299e70b5dba1
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/Acls.py
@@ -0,0 +1,131 @@
+# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json, logging
+from typing import Dict, List, Set
+from flask import jsonify, request
+from flask_restful import Resource
+from werkzeug.exceptions import BadRequest, NotFound, UnsupportedMediaType
+from common.proto.context_pb2 import ConfigRule
+from common.tools.context_queries.Device import get_device
+from common.tools.grpc.Tools import grpc_message_to_json_string
+from context.client.ContextClient import ContextClient
+from device.client.DeviceClient import DeviceClient
+from nbi.service.rest_server.nbi_plugins.tools.Authentication import HTTP_AUTH
+from .ietf_acl_parser import AclDirectionEnum, config_rule_from_ietf_acl
+from .YangValidator import YangValidator
+
+LOGGER = logging.getLogger(__name__)
+
+
+def compose_interface_direction_acl_rules(
+ device_name : str, interface_name : str, interface_data : Dict,
+ acl_direction : AclDirectionEnum, acl_name__to__acl_data : Dict[str, Dict]
+) -> List[ConfigRule]:
+ acl_direction_name = acl_direction.value
+ acl_direction_title = str(acl_direction_name).title()
+ direction_data : Dict[str, Dict] = interface_data.get(acl_direction_name, {})
+ acl_sets : Dict[str, Dict] = direction_data.get('acl-sets', {})
+ acl_set_list : List[Dict] = acl_sets .get('acl-set', [])
+ acl_set_names : Set[str] = {acl_set['name'] for acl_set in acl_set_list}
+
+ acl_config_rules : List[ConfigRule] = list()
+ for acl_set_name in acl_set_names:
+ acl_set = acl_name__to__acl_data.get(acl_set_name)
+ if acl_set is None:
+ MSG = 'Interface({:s})/{:s}/AclSet({:s}) not found'
+ raise NotFound(MSG.format(
+ str(interface_name), acl_direction_title,
+ str(acl_set_name)
+ ))
+
+ acl_config_rule = config_rule_from_ietf_acl(
+ device_name, interface_name, acl_set
+ )
+ MSG = 'Adding {:s} ACL Config Rule: {:s}'
+ LOGGER.info(MSG.format(
+ acl_direction_title, grpc_message_to_json_string(acl_config_rule)
+ ))
+ acl_config_rules.append(acl_config_rule)
+
+ return acl_config_rules
+
+class Acls(Resource):
+ @HTTP_AUTH.login_required
+ def get(self):
+ return {}
+
+ @HTTP_AUTH.login_required
+ def post(self, device_uuid : str):
+ if not request.is_json:
+ LOGGER.warning('POST device_uuid={:s}, body={:s}'.format(str(device_uuid), str(request.data)))
+ raise UnsupportedMediaType('JSON payload is required')
+ request_data : Dict = request.json
+ LOGGER.debug('POST device_uuid={:s}, body={:s}'.format(str(device_uuid), json.dumps(request_data)))
+
+ context_client = ContextClient()
+ device = get_device(
+ context_client, device_uuid, rw_copy=True, include_config_rules=False, include_components=False
+ )
+ if device is None:
+ raise NotFound('Device({:s}) not found'.format(str(device_uuid)))
+
+ device_name = device.name
+ interface_names : Set[str] = set()
+ for endpoint in device.device_endpoints:
+ interface_names.add(endpoint.endpoint_id.endpoint_uuid.uuid)
+ interface_names.add(endpoint.name)
+
+ yang_validator = YangValidator()
+ request_data = yang_validator.parse_to_dict(request_data, list(interface_names))
+ yang_validator.destroy()
+
+ acls : Dict = request_data.get('acls', {})
+ acl_list : List = acls.get('acl', [])
+ acl_name__to__acl_data = {
+ acl['name'] : acl
+ for acl in acl_list
+ }
+
+ if len(acl_name__to__acl_data) == 0:
+ raise BadRequest('No ACLs defined in the request')
+
+ interface_list : List = acls.get('attachment-points', {}).get('interface', [])
+ interface_name__to__interface_data = {
+ interface['interface-id'] : interface
+ for interface in interface_list
+ }
+
+ if len(interface_name__to__interface_data) == 0:
+ raise BadRequest('No interfaces defined in the request')
+
+ for interface_name in interface_names:
+ interface_data = interface_name__to__interface_data.get(interface_name)
+ if interface_data is None: continue
+
+ ingress_acl_config_rules = compose_interface_direction_acl_rules(
+ device_name, interface_name, interface_data, AclDirectionEnum.INGRESS,
+ acl_name__to__acl_data
+ )
+ device.device_config.config_rules.extend(ingress_acl_config_rules)
+
+ egress_acl_config_rules = compose_interface_direction_acl_rules(
+ device_name, interface_name, interface_data, AclDirectionEnum.EGRESS,
+ acl_name__to__acl_data
+ )
+ device.device_config.config_rules.extend(egress_acl_config_rules)
+
+ device_client = DeviceClient()
+ device_client.ConfigureDevice(device)
+ return jsonify({})
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/YangValidator.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/YangValidator.py
new file mode 100644
index 0000000000000000000000000000000000000000..56bf9b30c1bc2ab6a36a3d59519b544cd3c00ef3
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/YangValidator.py
@@ -0,0 +1,111 @@
+# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import copy, json, libyang, logging, os
+from typing import Dict, List, Optional
+
+LOGGER = logging.getLogger(__name__)
+
+YANG_DIR = os.path.join(os.path.dirname(__file__), 'yang')
+YANG_MODULES = [
+ 'ietf-yang-types',
+ 'ietf-interfaces',
+ 'iana-if-type',
+ 'ietf-access-control-list',
+]
+
+class YangValidator:
+ def __init__(self) -> None:
+ self._yang_context = libyang.Context(YANG_DIR)
+ for module_name in YANG_MODULES:
+ LOGGER.info('Loading module: {:s}'.format(str(module_name)))
+ yang_module = self._yang_context.load_module(module_name)
+ yang_module.feature_enable_all()
+
+ def parse_to_dict(self, message : Dict, interface_names : List[str]) -> Dict:
+ LOGGER.debug('[parse_to_dict] message={:s}'.format(json.dumps(message)))
+ LOGGER.debug('[parse_to_dict] interface_names={:s}'.format(json.dumps(interface_names)))
+
+ # Inject synthetic interfaces for validation purposes
+ interfaces = self._yang_context.create_data_path('/ietf-interfaces:interfaces')
+ for if_index,interface_name in enumerate(interface_names):
+ if_path = 'interface[name="{:s}"]'.format(str(interface_name))
+ interface = interfaces.create_path(if_path)
+ interface.create_path('if-index', if_index + 1)
+ interface.create_path('type', 'iana-if-type:ethernetCsmacd')
+ interface.create_path('admin-status', 'up')
+ interface.create_path('oper-status', 'up')
+ statistics = interface.create_path('statistics')
+ statistics.create_path('discontinuity-time', '2024-07-11T10:00:00.000000Z')
+
+ extended_message = copy.deepcopy(message)
+ extended_message['ietf-interfaces:interfaces'] = interfaces.print_dict()['interfaces']
+ LOGGER.debug('[parse_to_dict] extended_message={:s}'.format(json.dumps(extended_message)))
+
+ dnode : Optional[libyang.DNode] = self._yang_context.parse_data_mem(
+ json.dumps(extended_message), 'json', validate_present=True, strict=True
+ )
+ if dnode is None:
+ LOGGER.error('[parse_to_dict] unable to parse message')
+ raise Exception('Unable to parse Message({:s})'.format(str(message)))
+ message_dict = dnode.print_dict()
+ LOGGER.debug('[parse_to_dict] message_dict={:s}'.format(json.dumps(message_dict)))
+
+ dnode.free()
+ interfaces.free()
+ return message_dict
+
+ def destroy(self) -> None:
+ self._yang_context.destroy()
+ self._yang_context = None
+
+def main() -> None:
+ import uuid # pylint: disable=import-outside-toplevel
+ logging.basicConfig(level=logging.DEBUG)
+
+ interface_names = {'200', '500', str(uuid.uuid4()), str(uuid.uuid4())}
+ ACL_RULE = {"ietf-access-control-list:acls": {
+ "acl": [{
+ "name": "sample-ipv4-acl", "type": "ipv4-acl-type",
+ "aces": {"ace": [{
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "128.32.10.6/24",
+ "destination-ipv4-network": "172.10.33.0/24",
+ "dscp": 18
+ },
+ "tcp": {
+ "source-port": {"operator": "eq", "port": 1444},
+ "destination-port": {"operator": "eq", "port": 1333},
+ "flags": "syn"
+ }
+ },
+ "actions": {"forwarding": "drop"}
+ }]}
+ }],
+ "attachment-points": {"interface": [{
+ "interface-id": "200",
+ "ingress": {"acl-sets": {"acl-set": [{"name": "sample-ipv4-acl"}]}}
+ }]
+ }}}
+
+ yang_validator = YangValidator()
+ request_data = yang_validator.parse_to_dict(ACL_RULE, list(interface_names))
+ yang_validator.destroy()
+
+ LOGGER.info('request_data = {:s}'.format(str(request_data)))
+
+if __name__ == '__main__':
+ main()
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/__init__.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/__init__.py
index 29983807630ff884ade72da1b097c7b62fb97a64..3538b24ba56b2a6011b76b3878c4bef690fe1fc8 100644
--- a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/__init__.py
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/__init__.py
@@ -13,29 +13,26 @@
# limitations under the License.
from flask_restful import Resource
-
-from nbi.service.rest_server.nbi_plugins.ietf_acl.acl_service import ACL
-from nbi.service.rest_server.nbi_plugins.ietf_acl.acl_services import ACLs
from nbi.service.rest_server.RestServer import RestServer
+from .Acl import Acl
+from .Acls import Acls
-URL_PREFIX = "/restconf/data"
-
+URL_PREFIX = '/restconf/data'
def __add_resource(rest_server: RestServer, resource: Resource, *urls, **kwargs):
urls = [(URL_PREFIX + url) for url in urls]
rest_server.add_resource(resource, *urls, **kwargs)
-
def register_ietf_acl(rest_server: RestServer):
__add_resource(
rest_server,
- ACLs,
- "/device=<path:device_uuid>/ietf-access-control-list:acls",
+ Acls,
+ '/device=<path:device_uuid>/ietf-access-control-list:acls',
)
__add_resource(
rest_server,
- ACL,
- "/device=<path:device_uuid>/ietf-access-control-list:acl=<path:acl_name>",
- "/device=<path:device_uuid>/ietf-access-control-list:acl=<path:acl_name>/",
+ Acl,
+ '/device=<path:device_uuid>/ietf-access-control-list:acl=<path:acl_name>',
+ '/device=<path:device_uuid>/ietf-access-control-list:acl=<path:acl_name>/',
)
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_service.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_service.py
deleted file mode 100644
index e958f364892e1ebb7453705c5c59189b3e24fcd5..0000000000000000000000000000000000000000
--- a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_service.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import logging
-import re
-import json
-
-from flask_restful import Resource
-from werkzeug.exceptions import NotFound
-
-from nbi.service.rest_server.nbi_plugins.tools.Authentication import HTTP_AUTH
-from common.proto.acl_pb2 import AclRuleTypeEnum
-from common.proto.context_pb2 import (
- ConfigActionEnum,
- ConfigRule,
- Device,
- DeviceId,
-)
-from common.tools.object_factory.Device import json_device_id
-from common.tools.grpc.Tools import grpc_message_to_json_string
-from context.client.ContextClient import ContextClient
-from device.client.DeviceClient import DeviceClient
-
-
-from .ietf_acl_parser import ietf_acl_from_config_rule_resource_value
-
-LOGGER = logging.getLogger(__name__)
-
-ACL_CONIG_RULE_KEY = r'\/device\[.+\]\/endpoint\[(.+)\]/acl_ruleset\[{}\]'
-
-
-class ACL(Resource):
- # @HTTP_AUTH.login_required
- def get(self, device_uuid: str, acl_name: str):
- LOGGER.debug("GET device_uuid={:s}, acl_name={:s}".format(str(device_uuid), str(acl_name)))
- RE_ACL_CONIG_RULE_KEY = re.compile(ACL_CONIG_RULE_KEY.format(acl_name))
-
- context_client = ContextClient()
- device_client = DeviceClient()
-
- _device = context_client.GetDevice(DeviceId(**json_device_id(device_uuid)))
-
-
- for cr in _device.device_config.config_rules:
- if cr.WhichOneof('config_rule') == 'custom':
- if ep_uuid_match := RE_ACL_CONIG_RULE_KEY.match(cr.custom.resource_key):
- endpoint_uuid = ep_uuid_match.groups(0)[0]
- resource_value_dict = json.loads(cr.custom.resource_value)
- LOGGER.debug(f'P99: {resource_value_dict}')
- return ietf_acl_from_config_rule_resource_value(resource_value_dict)
- else:
- raise NotFound(f'ACL not found')
-
- # @HTTP_AUTH.login_required
- def delete(self, device_uuid: str, acl_name: str):
- LOGGER.debug("DELETE device_uuid={:s}, acl_name={:s}".format(str(device_uuid), str(acl_name)))
- RE_ACL_CONIG_RULE_KEY = re.compile(ACL_CONIG_RULE_KEY.format(acl_name))
-
- context_client = ContextClient()
- device_client = DeviceClient()
-
- _device = context_client.GetDevice(DeviceId(**json_device_id(device_uuid)))
-
-
- for cr in _device.device_config.config_rules:
- if cr.WhichOneof('config_rule') == 'custom':
- if ep_uuid_match := RE_ACL_CONIG_RULE_KEY.match(cr.custom.resource_key):
- endpoint_uuid = ep_uuid_match.groups(0)[0]
- resource_value_dict = json.loads(cr.custom.resource_value)
- type_str = resource_value_dict['rule_set']['type']
- interface = resource_value_dict['interface']
- break
- else:
- raise NotFound(f'ACL not found')
-
- acl_config_rule = ConfigRule()
- acl_config_rule.action = ConfigActionEnum.CONFIGACTION_DELETE
- acl_config_rule.acl.rule_set.name = acl_name
- acl_config_rule.acl.interface = interface
- acl_config_rule.acl.rule_set.type = getattr(AclRuleTypeEnum, type_str)
- acl_config_rule.acl.endpoint_id.device_id.device_uuid.uuid = device_uuid
- acl_config_rule.acl.endpoint_id.endpoint_uuid.uuid = endpoint_uuid
-
- device = Device()
- device.CopyFrom(_device)
- del device.device_config.config_rules[:]
- device.device_config.config_rules.append(acl_config_rule)
- response = device_client.ConfigureDevice(device)
- return (response.device_uuid.uuid).strip("\"\n")
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_services.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_services.py
deleted file mode 100644
index 1dd9ef27bb8c7ab62d34332a19e3545f72e812b5..0000000000000000000000000000000000000000
--- a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/acl_services.py
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import logging
-from typing import Dict
-from flask import request
-from flask_restful import Resource
-from werkzeug.exceptions import NotFound, UnsupportedMediaType
-from common.proto.context_pb2 import Device, DeviceId
-from common.tools.grpc.Tools import grpc_message_to_json_string
-from common.tools.object_factory.Device import json_device_id
-from context.client.ContextClient import ContextClient
-from device.client.DeviceClient import DeviceClient
-#from nbi.service.rest_server.nbi_plugins.tools.Authentication import HTTP_AUTH
-from .ietf_acl_parser import config_rule_from_ietf_acl
-
-LOGGER = logging.getLogger(__name__)
-
-class ACLs(Resource):
- # @HTTP_AUTH.login_required
- def get(self):
- return {}
-
- # @HTTP_AUTH.login_required
- def post(self, device_uuid: str):
- LOGGER.debug("POST device_uuid={:s}, body={:s}".format(str(device_uuid), str(request.data)))
- if not request.is_json:
- raise UnsupportedMediaType("JSON pyload is required")
- request_data: Dict = request.json
- LOGGER.debug("Request: {:s}".format(str(request_data)))
- attached_interface = request_data["ietf-access-control-list"]["acls"]['attachment-points']['interface'][0]['interface-id']
-
- context_client = ContextClient()
- device_client = DeviceClient()
-
- _device = context_client.GetDevice(DeviceId(**json_device_id(device_uuid)))
-
- for ep in _device.device_endpoints:
- if ep.name == attached_interface:
- endpoint_uuid = ep.endpoint_id.endpoint_uuid.uuid
- break
- else:
- raise NotFound(f'interface {attached_interface} not found in device {device_uuid}')
-
- acl_config_rule = config_rule_from_ietf_acl(request_data, device_uuid, endpoint_uuid, sequence_id=1, subinterface=0)
-
- LOGGER.info(f"ACL Config Rule: {grpc_message_to_json_string(acl_config_rule)}")
-
- device = Device()
- device.CopyFrom(_device)
- del device.device_config.config_rules[:]
- device.device_config.config_rules.append(acl_config_rule)
- response = device_client.ConfigureDevice(device)
- return (response.device_uuid.uuid).strip("\"\n")
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/ietf_acl_parser.py b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/ietf_acl_parser.py
index d418a8c3688f7d194493af86bad0c415f3456337..085d680d177d2f48d41c1160c3a70b6c7c4209cb 100644
--- a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/ietf_acl_parser.py
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/ietf_acl_parser.py
@@ -12,11 +12,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from enum import Enum
from typing import List, Dict
from pydantic import BaseModel, Field
+from werkzeug.exceptions import NotImplemented
from common.proto.acl_pb2 import AclForwardActionEnum, AclRuleTypeEnum, AclEntry
from common.proto.context_pb2 import ConfigActionEnum, ConfigRule
+class AclDirectionEnum(Enum):
+ INGRESS = 'ingress'
+ EGRESS = 'egress'
+
class Ipv4(BaseModel):
dscp: int = 0
source_ipv4_network: str = Field(serialization_alias="source-ipv4-network", default="")
@@ -61,11 +67,15 @@ class AclSets(BaseModel):
acl_sets: AclSet = Field(serialization_alias="acl-sets", default=AclSet())
class Ingress(BaseModel):
- ingress: AclSets = AclSets()
+ ingress : AclSets = AclSets()
+
+class Egress(BaseModel):
+ egress : AclSets = AclSets()
class Interface(BaseModel):
interface_id: str = Field(serialization_alias="interface-id", default="")
- ingress: Ingress = Ingress()
+ ingress : Ingress = Ingress()
+ egress : Egress = Egress()
class Interfaces(BaseModel):
interface: List[Interface] = [Interface()]
@@ -87,60 +97,109 @@ IETF_TFS_RULE_TYPE_MAPPING = {
}
IETF_TFS_FORWARDING_ACTION_MAPPING = {
- "drop": "ACLFORWARDINGACTION_DROP",
"accept": "ACLFORWARDINGACTION_ACCEPT",
+ "drop" : "ACLFORWARDINGACTION_DROP",
}
TFS_IETF_RULE_TYPE_MAPPING = {
"ACLRULETYPE_IPV4": "ipv4-acl-type",
- "ACLRULETYPE_IPV6": "ipv6-acl-type",
+ "ACLRULETYPE_IPV6": "ipv6-acl-type",
}
TFS_IETF_FORWARDING_ACTION_MAPPING = {
- "ACLFORWARDINGACTION_DROP": "drop",
"ACLFORWARDINGACTION_ACCEPT": "accept",
+ "ACLFORWARDINGACTION_DROP" : "drop",
}
def config_rule_from_ietf_acl(
- request: Dict,
- device_uuid: str,
- endpoint_uuid: str,
- sequence_id: int,
- subinterface: int,
+ device_name : str, endpoint_name : str, acl_set_data : Dict
) -> ConfigRule:
- the_acl = request["ietf-access-control-list"]["acls"]["acl"][0]
- acl_ip_data = the_acl["aces"]["ace"][0]["matches"]["ipv4"]
- acl_tcp_data = the_acl["aces"]["ace"][0]["matches"]["tcp"]
- attachemnt_interface = request["ietf-access-control-list"]["acls"]['attachment-points']['interface'][0]
- source_address = acl_ip_data["source-ipv4-network"]
- destination_address = acl_ip_data["destination-ipv4-network"]
- source_port = acl_tcp_data['source-port']['port']
- destination_port = acl_tcp_data['destination-port']['port']
- ietf_action = the_acl["aces"]["ace"][0]["actions"]["forwarding"]
- interface_id = attachemnt_interface['interface-id']
-
acl_config_rule = ConfigRule()
acl_config_rule.action = ConfigActionEnum.CONFIGACTION_SET
- acl_config_rule.acl.interface = interface_id
acl_endpoint_id = acl_config_rule.acl.endpoint_id
- acl_endpoint_id.device_id.device_uuid.uuid = device_uuid
- acl_endpoint_id.endpoint_uuid.uuid = endpoint_uuid
+ acl_endpoint_id.device_id.device_uuid.uuid = device_name
+ acl_endpoint_id.endpoint_uuid.uuid = endpoint_name
+
+ acl_name = acl_set_data['name']
+ acl_type = acl_set_data['type']
+ if acl_type.startswith('ietf-access-control-list:'):
+ acl_type = acl_type.replace('ietf-access-control-list:', '')
+ acl_type = getattr(AclRuleTypeEnum, IETF_TFS_RULE_TYPE_MAPPING[acl_type])
+
acl_rule_set = acl_config_rule.acl.rule_set
- acl_rule_set.name = the_acl["name"]
- acl_rule_set.type = getattr(AclRuleTypeEnum, IETF_TFS_RULE_TYPE_MAPPING[the_acl['type']])
- acl_rule_set.description = (
- f'{ietf_action} {the_acl["type"]}: {source_address}:{source_port}->{destination_address}:{destination_port}'
- )
- acl_entry = AclEntry()
- acl_entry.sequence_id = sequence_id
- acl_entry.match.src_address = source_address
- acl_entry.match.dst_address = destination_address
- acl_entry.match.src_port = source_port
- acl_entry.match.dst_port = destination_port
- acl_entry.match.dscp = acl_ip_data["dscp"]
- acl_entry.match.tcp_flags = acl_tcp_data["flags"]
- acl_entry.action.forward_action = getattr(AclForwardActionEnum, IETF_TFS_FORWARDING_ACTION_MAPPING[ietf_action])
- acl_rule_set.entries.append(acl_entry)
+ acl_rule_set.name = acl_name
+ acl_rule_set.type = acl_type
+ #acl_rule_set.description = ...
+
+ access_control_entry_list = acl_set_data.get('aces', {}).get('ace', [])
+ for sequence_id,ace in enumerate(access_control_entry_list):
+ ace_name = ace['name']
+ ace_matches = ace.get('matches', {})
+ ace_actions = ace.get('actions', {})
+
+ acl_entry = AclEntry()
+ acl_entry.sequence_id = sequence_id + 1
+ #acl_entry.description = ...
+
+ if 'ipv4' in ace_matches:
+ ipv4_data = ace_matches['ipv4']
+ if 'source-ipv4-network' in ipv4_data:
+ acl_entry.match.src_address = ipv4_data['source-ipv4-network']
+ if 'destination-ipv4-network' in ipv4_data:
+ acl_entry.match.dst_address = ipv4_data['destination-ipv4-network']
+ if 'dscp' in ipv4_data:
+ acl_entry.match.dscp = ipv4_data['dscp']
+ if 'protocol' in ipv4_data:
+ acl_entry.match.protocol = ipv4_data['protocol']
+
+ if 'tcp' in ace_matches:
+ # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+ acl_entry.match.protocol = 6
+ tcp_data = ace_matches['tcp']
+ if 'source-port' in tcp_data:
+ tcp_src_port : Dict = tcp_data['source-port']
+ tcp_src_port_op = tcp_src_port.get('operator', 'eq')
+ if tcp_src_port_op != 'eq':
+ MSG = 'Acl({:s})/Ace({:s})/Match/Tcp({:s}) operator not supported'
+ raise NotImplemented(MSG.format(acl_name, ace_name, str(tcp_data)))
+ acl_entry.match.src_port = tcp_src_port['port']
+ if 'destination-port' in tcp_data:
+ tcp_dst_port : Dict = tcp_data['destination-port']
+ tcp_dst_port_op = tcp_dst_port.get('operator', 'eq')
+ if tcp_dst_port_op != 'eq':
+ MSG = 'Acl({:s})/Ace({:s})/Match/Tcp({:s}) operator not supported'
+ raise NotImplemented(MSG.format(acl_name, ace_name, str(tcp_data)))
+ acl_entry.match.dst_port = tcp_dst_port['port']
+ if 'flags' in tcp_data:
+ acl_entry.match.tcp_flags = tcp_data['flags']
+
+ if 'udp' in ace_matches:
+ # https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+ acl_entry.match.protocol = 17
+ udp_data = ace_matches['udp']
+ if 'source-port' in udp_data:
+ udp_src_port : Dict = udp_data['source-port']
+ udp_src_port_op = udp_src_port.get('operator', 'eq')
+ if udp_src_port_op != 'eq':
+ MSG = 'Acl({:s})/Ace({:s})/Match/Udp({:s}) operator not supported'
+ raise NotImplemented(MSG.format(acl_name, ace_name, str(udp_data)))
+ acl_entry.match.src_port = udp_src_port['port']
+ if 'destination-port' in udp_data:
+ udp_dst_port : Dict = udp_data['destination-port']
+ udp_dst_port_op = udp_dst_port.get('operator', 'eq')
+ if udp_dst_port_op != 'eq':
+ MSG = 'Acl({:s})/Ace({:s})/Match/Udp({:s}) operator not supported'
+ raise NotImplemented(MSG.format(acl_name, ace_name, str(udp_data)))
+ acl_entry.match.dst_port = udp_dst_port['port']
+
+ if 'forwarding' in ace_actions:
+ ace_forward_action = ace_actions['forwarding']
+ if ace_forward_action.startswith('ietf-access-control-list:'):
+ ace_forward_action = ace_forward_action.replace('ietf-access-control-list:', '')
+ ace_forward_action = IETF_TFS_FORWARDING_ACTION_MAPPING[ace_forward_action]
+ acl_entry.action.forward_action = getattr(AclForwardActionEnum, ace_forward_action)
+
+ acl_rule_set.entries.append(acl_entry)
return acl_config_rule
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/iana-if-type@2014-05-08.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/iana-if-type@2014-05-08.yang
new file mode 100644
index 0000000000000000000000000000000000000000..8d52d16f505074ed5c147b22f248bb2ceb89352a
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/iana-if-type@2014-05-08.yang
@@ -0,0 +1,1508 @@
+module iana-if-type {
+ namespace "urn:ietf:params:xml:ns:yang:iana-if-type";
+ prefix ianaift;
+
+ import ietf-interfaces {
+ prefix if;
+ }
+
+ organization "IANA";
+ contact
+ " Internet Assigned Numbers Authority
+
+ Postal: ICANN
+ 4676 Admiralty Way, Suite 330
+ Marina del Rey, CA 90292
+
+ Tel: +1 310 823 9358
+ <mailto:iana@iana.org>";
+
+ description
+ "This YANG module defines YANG identities for IANA-registered
+ interface types.
+
+ This YANG module is maintained by IANA and reflects the
+ 'ifType definitions' registry.
+
+ The latest revision of this YANG module can be obtained from
+ the IANA web site.
+
+ Requests for new values should be made to IANA via
+ email (iana@iana.org).
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ The initial version of this YANG module is part of RFC 7224;
+ see the RFC itself for full legal notices.";
+ reference
+ "IANA 'ifType definitions' registry.
+ <http://www.iana.org/assignments/smi-numbers>";
+
+ revision 2014-05-08 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7224: IANA Interface Type YANG Module";
+ }
+
+ identity iana-interface-type {
+ base if:interface-type;
+ description
+ "This identity is used as a base for all interface types
+ defined in the 'ifType definitions' registry.";
+ }
+
+ identity other {
+ base iana-interface-type;
+ }
+ identity regular1822 {
+ base iana-interface-type;
+ }
+ identity hdh1822 {
+ base iana-interface-type;
+ }
+ identity ddnX25 {
+ base iana-interface-type;
+ }
+ identity rfc877x25 {
+ base iana-interface-type;
+ reference
+ "RFC 1382 - SNMP MIB Extension for the X.25 Packet Layer";
+ }
+ identity ethernetCsmacd {
+ base iana-interface-type;
+ description
+ "For all Ethernet-like interfaces, regardless of speed,
+ as per RFC 3635.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity iso88023Csmacd {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Deprecated via RFC 3635.
+ Use ethernetCsmacd(6) instead.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity iso88024TokenBus {
+ base iana-interface-type;
+ }
+ identity iso88025TokenRing {
+ base iana-interface-type;
+ }
+ identity iso88026Man {
+ base iana-interface-type;
+ }
+ identity starLan {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Deprecated via RFC 3635.
+ Use ethernetCsmacd(6) instead.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity proteon10Mbit {
+ base iana-interface-type;
+ }
+ identity proteon80Mbit {
+ base iana-interface-type;
+ }
+ identity hyperchannel {
+ base iana-interface-type;
+ }
+ identity fddi {
+ base iana-interface-type;
+ reference
+ "RFC 1512 - FDDI Management Information Base";
+ }
+ identity lapb {
+ base iana-interface-type;
+ reference
+ "RFC 1381 - SNMP MIB Extension for X.25 LAPB";
+ }
+ identity sdlc {
+ base iana-interface-type;
+ }
+ identity ds1 {
+ base iana-interface-type;
+ description
+ "DS1-MIB.";
+ reference
+ "RFC 4805 - Definitions of Managed Objects for the
+ DS1, J1, E1, DS2, and E2 Interface Types";
+ }
+ identity e1 {
+ base iana-interface-type;
+ status obsolete;
+ description
+ "Obsolete; see DS1-MIB.";
+ reference
+ "RFC 4805 - Definitions of Managed Objects for the
+ DS1, J1, E1, DS2, and E2 Interface Types";
+ }
+ identity basicISDN {
+ base iana-interface-type;
+ description
+ "No longer used. See also RFC 2127.";
+ }
+ identity primaryISDN {
+ base iana-interface-type;
+ description
+ "No longer used. See also RFC 2127.";
+ }
+ identity propPointToPointSerial {
+ base iana-interface-type;
+ description
+ "Proprietary serial.";
+ }
+ identity ppp {
+ base iana-interface-type;
+ }
+ identity softwareLoopback {
+ base iana-interface-type;
+ }
+ identity eon {
+ base iana-interface-type;
+ description
+ "CLNP over IP.";
+ }
+ identity ethernet3Mbit {
+ base iana-interface-type;
+ }
+ identity nsip {
+ base iana-interface-type;
+ description
+ "XNS over IP.";
+ }
+ identity slip {
+ base iana-interface-type;
+ description
+ "Generic SLIP.";
+ }
+ identity ultra {
+ base iana-interface-type;
+ description
+ "Ultra Technologies.";
+ }
+ identity ds3 {
+ base iana-interface-type;
+ description
+ "DS3-MIB.";
+ reference
+ "RFC 3896 - Definitions of Managed Objects for the
+ DS3/E3 Interface Type";
+ }
+ identity sip {
+ base iana-interface-type;
+ description
+ "SMDS, coffee.";
+ reference
+ "RFC 1694 - Definitions of Managed Objects for SMDS
+ Interfaces using SMIv2";
+ }
+ identity frameRelay {
+ base iana-interface-type;
+ description
+ "DTE only.";
+ reference
+ "RFC 2115 - Management Information Base for Frame Relay
+ DTEs Using SMIv2";
+ }
+ identity rs232 {
+ base iana-interface-type;
+ reference
+ "RFC 1659 - Definitions of Managed Objects for RS-232-like
+ Hardware Devices using SMIv2";
+ }
+ identity para {
+ base iana-interface-type;
+ description
+ "Parallel-port.";
+ reference
+ "RFC 1660 - Definitions of Managed Objects for
+ Parallel-printer-like Hardware Devices using
+ SMIv2";
+ }
+ identity arcnet {
+ base iana-interface-type;
+ description
+ "ARCnet.";
+ }
+ identity arcnetPlus {
+ base iana-interface-type;
+ description
+ "ARCnet Plus.";
+ }
+ identity atm {
+ base iana-interface-type;
+ description
+ "ATM cells.";
+ }
+ identity miox25 {
+ base iana-interface-type;
+ reference
+ "RFC 1461 - SNMP MIB extension for Multiprotocol
+ Interconnect over X.25";
+ }
+ identity sonet {
+ base iana-interface-type;
+ description
+ "SONET or SDH.";
+ }
+ identity x25ple {
+ base iana-interface-type;
+ reference
+ "RFC 2127 - ISDN Management Information Base using SMIv2";
+ }
+ identity iso88022llc {
+ base iana-interface-type;
+ }
+ identity localTalk {
+ base iana-interface-type;
+ }
+ identity smdsDxi {
+ base iana-interface-type;
+ }
+ identity frameRelayService {
+ base iana-interface-type;
+ description
+ "FRNETSERV-MIB.";
+ reference
+ "RFC 2954 - Definitions of Managed Objects for Frame
+ Relay Service";
+ }
+ identity v35 {
+ base iana-interface-type;
+ }
+ identity hssi {
+ base iana-interface-type;
+ }
+ identity hippi {
+ base iana-interface-type;
+ }
+ identity modem {
+ base iana-interface-type;
+ description
+ "Generic modem.";
+ }
+ identity aal5 {
+ base iana-interface-type;
+ description
+ "AAL5 over ATM.";
+ }
+ identity sonetPath {
+ base iana-interface-type;
+ }
+ identity sonetVT {
+ base iana-interface-type;
+ }
+ identity smdsIcip {
+ base iana-interface-type;
+ description
+ "SMDS InterCarrier Interface.";
+ }
+ identity propVirtual {
+ base iana-interface-type;
+ description
+ "Proprietary virtual/internal.";
+ reference
+ "RFC 2863 - The Interfaces Group MIB";
+ }
+ identity propMultiplexor {
+ base iana-interface-type;
+ description
+ "Proprietary multiplexing.";
+ reference
+ "RFC 2863 - The Interfaces Group MIB";
+ }
+ identity ieee80212 {
+ base iana-interface-type;
+ description
+ "100BaseVG.";
+ }
+ identity fibreChannel {
+ base iana-interface-type;
+ description
+ "Fibre Channel.";
+ }
+ identity hippiInterface {
+ base iana-interface-type;
+ description
+ "HIPPI interfaces.";
+ }
+ identity frameRelayInterconnect {
+ base iana-interface-type;
+ status obsolete;
+ description
+ "Obsolete; use either
+ frameRelay(32) or frameRelayService(44).";
+ }
+ identity aflane8023 {
+ base iana-interface-type;
+ description
+ "ATM Emulated LAN for 802.3.";
+ }
+ identity aflane8025 {
+ base iana-interface-type;
+ description
+ "ATM Emulated LAN for 802.5.";
+ }
+ identity cctEmul {
+ base iana-interface-type;
+ description
+ "ATM Emulated circuit.";
+ }
+ identity fastEther {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Obsoleted via RFC 3635.
+ ethernetCsmacd(6) should be used instead.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity isdn {
+ base iana-interface-type;
+ description
+ "ISDN and X.25.";
+ reference
+ "RFC 1356 - Multiprotocol Interconnect on X.25 and ISDN
+ in the Packet Mode";
+ }
+ identity v11 {
+ base iana-interface-type;
+ description
+ "CCITT V.11/X.21.";
+ }
+ identity v36 {
+ base iana-interface-type;
+ description
+ "CCITT V.36.";
+ }
+ identity g703at64k {
+ base iana-interface-type;
+ description
+ "CCITT G703 at 64Kbps.";
+ }
+ identity g703at2mb {
+ base iana-interface-type;
+ status obsolete;
+ description
+ "Obsolete; see DS1-MIB.";
+ }
+ identity qllc {
+ base iana-interface-type;
+ description
+ "SNA QLLC.";
+ }
+ identity fastEtherFX {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Obsoleted via RFC 3635.
+ ethernetCsmacd(6) should be used instead.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity channel {
+ base iana-interface-type;
+ description
+ "Channel.";
+ }
+ identity ieee80211 {
+ base iana-interface-type;
+ description
+ "Radio spread spectrum.";
+ }
+ identity ibm370parChan {
+ base iana-interface-type;
+ description
+ "IBM System 360/370 OEMI Channel.";
+ }
+ identity escon {
+ base iana-interface-type;
+ description
+ "IBM Enterprise Systems Connection.";
+ }
+ identity dlsw {
+ base iana-interface-type;
+ description
+ "Data Link Switching.";
+ }
+ identity isdns {
+ base iana-interface-type;
+ description
+ "ISDN S/T interface.";
+ }
+ identity isdnu {
+ base iana-interface-type;
+ description
+ "ISDN U interface.";
+ }
+ identity lapd {
+ base iana-interface-type;
+ description
+ "Link Access Protocol D.";
+ }
+ identity ipSwitch {
+ base iana-interface-type;
+ description
+ "IP Switching Objects.";
+ }
+ identity rsrb {
+ base iana-interface-type;
+ description
+ "Remote Source Route Bridging.";
+ }
+ identity atmLogical {
+ base iana-interface-type;
+ description
+ "ATM Logical Port.";
+ reference
+ "RFC 3606 - Definitions of Supplemental Managed Objects
+ for ATM Interface";
+ }
+ identity ds0 {
+ base iana-interface-type;
+ description
+ "Digital Signal Level 0.";
+ reference
+ "RFC 2494 - Definitions of Managed Objects for the DS0
+ and DS0 Bundle Interface Type";
+ }
+ identity ds0Bundle {
+ base iana-interface-type;
+ description
+ "Group of ds0s on the same ds1.";
+ reference
+ "RFC 2494 - Definitions of Managed Objects for the DS0
+ and DS0 Bundle Interface Type";
+ }
+ identity bsc {
+ base iana-interface-type;
+ description
+ "Bisynchronous Protocol.";
+ }
+ identity async {
+ base iana-interface-type;
+ description
+ "Asynchronous Protocol.";
+ }
+ identity cnr {
+ base iana-interface-type;
+ description
+ "Combat Net Radio.";
+ }
+ identity iso88025Dtr {
+ base iana-interface-type;
+ description
+ "ISO 802.5r DTR.";
+ }
+ identity eplrs {
+ base iana-interface-type;
+ description
+ "Ext Pos Loc Report Sys.";
+ }
+ identity arap {
+ base iana-interface-type;
+ description
+ "Appletalk Remote Access Protocol.";
+ }
+ identity propCnls {
+ base iana-interface-type;
+ description
+ "Proprietary Connectionless Protocol.";
+ }
+ identity hostPad {
+ base iana-interface-type;
+ description
+ "CCITT-ITU X.29 PAD Protocol.";
+ }
+ identity termPad {
+ base iana-interface-type;
+ description
+ "CCITT-ITU X.3 PAD Facility.";
+ }
+ identity frameRelayMPI {
+ base iana-interface-type;
+ description
+ "Multiproto Interconnect over FR.";
+ }
+ identity x213 {
+ base iana-interface-type;
+ description
+ "CCITT-ITU X213.";
+ }
+ identity adsl {
+ base iana-interface-type;
+ description
+ "Asymmetric Digital Subscriber Loop.";
+ }
+ identity radsl {
+ base iana-interface-type;
+ description
+ "Rate-Adapt. Digital Subscriber Loop.";
+ }
+ identity sdsl {
+ base iana-interface-type;
+ description
+ "Symmetric Digital Subscriber Loop.";
+ }
+ identity vdsl {
+ base iana-interface-type;
+ description
+ "Very H-Speed Digital Subscrib. Loop.";
+ }
+ identity iso88025CRFPInt {
+ base iana-interface-type;
+ description
+ "ISO 802.5 CRFP.";
+ }
+ identity myrinet {
+ base iana-interface-type;
+ description
+ "Myricom Myrinet.";
+ }
+ identity voiceEM {
+ base iana-interface-type;
+ description
+ "Voice recEive and transMit.";
+ }
+ identity voiceFXO {
+ base iana-interface-type;
+ description
+ "Voice Foreign Exchange Office.";
+ }
+ identity voiceFXS {
+ base iana-interface-type;
+ description
+ "Voice Foreign Exchange Station.";
+ }
+ identity voiceEncap {
+ base iana-interface-type;
+ description
+ "Voice encapsulation.";
+ }
+ identity voiceOverIp {
+ base iana-interface-type;
+ description
+ "Voice over IP encapsulation.";
+ }
+ identity atmDxi {
+ base iana-interface-type;
+ description
+ "ATM DXI.";
+ }
+ identity atmFuni {
+ base iana-interface-type;
+ description
+ "ATM FUNI.";
+ }
+ identity atmIma {
+ base iana-interface-type;
+ description
+ "ATM IMA.";
+ }
+ identity pppMultilinkBundle {
+ base iana-interface-type;
+ description
+ "PPP Multilink Bundle.";
+ }
+ identity ipOverCdlc {
+ base iana-interface-type;
+ description
+ "IBM ipOverCdlc.";
+ }
+ identity ipOverClaw {
+ base iana-interface-type;
+ description
+ "IBM Common Link Access to Workstn.";
+ }
+ identity stackToStack {
+ base iana-interface-type;
+ description
+ "IBM stackToStack.";
+ }
+ identity virtualIpAddress {
+ base iana-interface-type;
+ description
+ "IBM VIPA.";
+ }
+ identity mpc {
+ base iana-interface-type;
+ description
+ "IBM multi-protocol channel support.";
+ }
+ identity ipOverAtm {
+ base iana-interface-type;
+ description
+ "IBM ipOverAtm.";
+ reference
+ "RFC 2320 - Definitions of Managed Objects for Classical IP
+ and ARP Over ATM Using SMIv2 (IPOA-MIB)";
+ }
+ identity iso88025Fiber {
+ base iana-interface-type;
+ description
+ "ISO 802.5j Fiber Token Ring.";
+ }
+ identity tdlc {
+ base iana-interface-type;
+ description
+ "IBM twinaxial data link control.";
+ }
+ identity gigabitEthernet {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Obsoleted via RFC 3635.
+ ethernetCsmacd(6) should be used instead.";
+ reference
+ "RFC 3635 - Definitions of Managed Objects for the
+ Ethernet-like Interface Types";
+ }
+ identity hdlc {
+ base iana-interface-type;
+ description
+ "HDLC.";
+ }
+ identity lapf {
+ base iana-interface-type;
+ description
+ "LAP F.";
+ }
+ identity v37 {
+ base iana-interface-type;
+ description
+ "V.37.";
+ }
+ identity x25mlp {
+ base iana-interface-type;
+ description
+ "Multi-Link Protocol.";
+ }
+ identity x25huntGroup {
+ base iana-interface-type;
+ description
+ "X25 Hunt Group.";
+ }
+ identity transpHdlc {
+ base iana-interface-type;
+ description
+ "Transp HDLC.";
+ }
+ identity interleave {
+ base iana-interface-type;
+ description
+ "Interleave channel.";
+ }
+ identity fast {
+ base iana-interface-type;
+ description
+ "Fast channel.";
+ }
+ identity ip {
+ base iana-interface-type;
+ description
+ "IP (for APPN HPR in IP networks).";
+ }
+ identity docsCableMaclayer {
+ base iana-interface-type;
+ description
+ "CATV Mac Layer.";
+ }
+ identity docsCableDownstream {
+ base iana-interface-type;
+ description
+ "CATV Downstream interface.";
+ }
+ identity docsCableUpstream {
+ base iana-interface-type;
+ description
+ "CATV Upstream interface.";
+ }
+ identity a12MppSwitch {
+ base iana-interface-type;
+ description
+ "Avalon Parallel Processor.";
+ }
+ identity tunnel {
+ base iana-interface-type;
+ description
+ "Encapsulation interface.";
+ }
+ identity coffee {
+ base iana-interface-type;
+ description
+ "Coffee pot.";
+ reference
+ "RFC 2325 - Coffee MIB";
+ }
+ identity ces {
+ base iana-interface-type;
+ description
+ "Circuit Emulation Service.";
+ }
+ identity atmSubInterface {
+ base iana-interface-type;
+ description
+ "ATM Sub Interface.";
+ }
+ identity l2vlan {
+ base iana-interface-type;
+ description
+ "Layer 2 Virtual LAN using 802.1Q.";
+ }
+ identity l3ipvlan {
+ base iana-interface-type;
+ description
+ "Layer 3 Virtual LAN using IP.";
+ }
+ identity l3ipxvlan {
+ base iana-interface-type;
+ description
+ "Layer 3 Virtual LAN using IPX.";
+ }
+ identity digitalPowerline {
+ base iana-interface-type;
+ description
+ "IP over Power Lines.";
+ }
+ identity mediaMailOverIp {
+ base iana-interface-type;
+ description
+ "Multimedia Mail over IP.";
+ }
+ identity dtm {
+ base iana-interface-type;
+ description
+ "Dynamic synchronous Transfer Mode.";
+ }
+ identity dcn {
+ base iana-interface-type;
+ description
+ "Data Communications Network.";
+ }
+ identity ipForward {
+ base iana-interface-type;
+ description
+ "IP Forwarding Interface.";
+ }
+ identity msdsl {
+ base iana-interface-type;
+ description
+ "Multi-rate Symmetric DSL.";
+ }
+ identity ieee1394 {
+ base iana-interface-type;
+ description
+ "IEEE1394 High Performance Serial Bus.";
+ }
+ identity if-gsn {
+ base iana-interface-type;
+ description
+ "HIPPI-6400.";
+ }
+ identity dvbRccMacLayer {
+ base iana-interface-type;
+ description
+ "DVB-RCC MAC Layer.";
+ }
+ identity dvbRccDownstream {
+ base iana-interface-type;
+ description
+ "DVB-RCC Downstream Channel.";
+ }
+ identity dvbRccUpstream {
+ base iana-interface-type;
+ description
+ "DVB-RCC Upstream Channel.";
+ }
+ identity atmVirtual {
+ base iana-interface-type;
+ description
+ "ATM Virtual Interface.";
+ }
+ identity mplsTunnel {
+ base iana-interface-type;
+ description
+ "MPLS Tunnel Virtual Interface.";
+ }
+ identity srp {
+ base iana-interface-type;
+ description
+ "Spatial Reuse Protocol.";
+ }
+ identity voiceOverAtm {
+ base iana-interface-type;
+ description
+ "Voice over ATM.";
+ }
+ identity voiceOverFrameRelay {
+ base iana-interface-type;
+ description
+ "Voice Over Frame Relay.";
+ }
+ identity idsl {
+ base iana-interface-type;
+ description
+ "Digital Subscriber Loop over ISDN.";
+ }
+ identity compositeLink {
+ base iana-interface-type;
+ description
+ "Avici Composite Link Interface.";
+ }
+ identity ss7SigLink {
+ base iana-interface-type;
+ description
+ "SS7 Signaling Link.";
+ }
+ identity propWirelessP2P {
+ base iana-interface-type;
+ description
+ "Prop. P2P wireless interface.";
+ }
+ identity frForward {
+ base iana-interface-type;
+ description
+ "Frame Forward Interface.";
+ }
+ identity rfc1483 {
+ base iana-interface-type;
+ description
+ "Multiprotocol over ATM AAL5.";
+ reference
+ "RFC 1483 - Multiprotocol Encapsulation over ATM
+ Adaptation Layer 5";
+ }
+ identity usb {
+ base iana-interface-type;
+ description
+ "USB Interface.";
+ }
+ identity ieee8023adLag {
+ base iana-interface-type;
+ description
+ "IEEE 802.3ad Link Aggregate.";
+ }
+ identity bgppolicyaccounting {
+ base iana-interface-type;
+ description
+ "BGP Policy Accounting.";
+ }
+ identity frf16MfrBundle {
+ base iana-interface-type;
+ description
+ "FRF.16 Multilink Frame Relay.";
+ }
+ identity h323Gatekeeper {
+ base iana-interface-type;
+ description
+ "H323 Gatekeeper.";
+ }
+ identity h323Proxy {
+ base iana-interface-type;
+ description
+ "H323 Voice and Video Proxy.";
+ }
+ identity mpls {
+ base iana-interface-type;
+ description
+ "MPLS.";
+ }
+ identity mfSigLink {
+ base iana-interface-type;
+ description
+ "Multi-frequency signaling link.";
+ }
+ identity hdsl2 {
+ base iana-interface-type;
+ description
+ "High Bit-Rate DSL - 2nd generation.";
+ }
+ identity shdsl {
+ base iana-interface-type;
+ description
+ "Multirate HDSL2.";
+ }
+ identity ds1FDL {
+ base iana-interface-type;
+ description
+ "Facility Data Link (4Kbps) on a DS1.";
+ }
+ identity pos {
+ base iana-interface-type;
+ description
+ "Packet over SONET/SDH Interface.";
+ }
+ identity dvbAsiIn {
+ base iana-interface-type;
+ description
+ "DVB-ASI Input.";
+ }
+ identity dvbAsiOut {
+ base iana-interface-type;
+ description
+ "DVB-ASI Output.";
+ }
+ identity plc {
+ base iana-interface-type;
+ description
+ "Power Line Communications.";
+ }
+ identity nfas {
+ base iana-interface-type;
+ description
+ "Non-Facility Associated Signaling.";
+ }
+ identity tr008 {
+ base iana-interface-type;
+ description
+ "TR008.";
+ }
+ identity gr303RDT {
+ base iana-interface-type;
+ description
+ "Remote Digital Terminal.";
+ }
+ identity gr303IDT {
+ base iana-interface-type;
+ description
+ "Integrated Digital Terminal.";
+ }
+ identity isup {
+ base iana-interface-type;
+ description
+ "ISUP.";
+ }
+ identity propDocsWirelessMaclayer {
+ base iana-interface-type;
+ description
+ "Cisco proprietary Maclayer.";
+ }
+ identity propDocsWirelessDownstream {
+ base iana-interface-type;
+ description
+ "Cisco proprietary Downstream.";
+ }
+ identity propDocsWirelessUpstream {
+ base iana-interface-type;
+ description
+ "Cisco proprietary Upstream.";
+ }
+ identity hiperlan2 {
+ base iana-interface-type;
+ description
+ "HIPERLAN Type 2 Radio Interface.";
+ }
+ identity propBWAp2Mp {
+ base iana-interface-type;
+ description
+ "PropBroadbandWirelessAccesspt2Multipt (use of this value
+ for IEEE 802.16 WMAN interfaces as per IEEE Std 802.16f
+ is deprecated, and ieee80216WMAN(237) should be used
+ instead).";
+ }
+ identity sonetOverheadChannel {
+ base iana-interface-type;
+ description
+ "SONET Overhead Channel.";
+ }
+ identity digitalWrapperOverheadChannel {
+ base iana-interface-type;
+ description
+ "Digital Wrapper.";
+ }
+ identity aal2 {
+ base iana-interface-type;
+ description
+ "ATM adaptation layer 2.";
+ }
+ identity radioMAC {
+ base iana-interface-type;
+ description
+ "MAC layer over radio links.";
+ }
+ identity atmRadio {
+ base iana-interface-type;
+ description
+ "ATM over radio links.";
+ }
+ identity imt {
+ base iana-interface-type;
+ description
+ "Inter-Machine Trunks.";
+ }
+ identity mvl {
+ base iana-interface-type;
+ description
+ "Multiple Virtual Lines DSL.";
+ }
+ identity reachDSL {
+ base iana-interface-type;
+ description
+ "Long Reach DSL.";
+ }
+ identity frDlciEndPt {
+ base iana-interface-type;
+ description
+ "Frame Relay DLCI End Point.";
+ }
+ identity atmVciEndPt {
+ base iana-interface-type;
+ description
+ "ATM VCI End Point.";
+ }
+ identity opticalChannel {
+ base iana-interface-type;
+ description
+ "Optical Channel.";
+ }
+ identity opticalTransport {
+ base iana-interface-type;
+ description
+ "Optical Transport.";
+ }
+ identity propAtm {
+ base iana-interface-type;
+ description
+ "Proprietary ATM.";
+ }
+ identity voiceOverCable {
+ base iana-interface-type;
+ description
+ "Voice Over Cable Interface.";
+ }
+ identity infiniband {
+ base iana-interface-type;
+ description
+ "Infiniband.";
+ }
+ identity teLink {
+ base iana-interface-type;
+ description
+ "TE Link.";
+ }
+ identity q2931 {
+ base iana-interface-type;
+ description
+ "Q.2931.";
+ }
+ identity virtualTg {
+ base iana-interface-type;
+ description
+ "Virtual Trunk Group.";
+ }
+ identity sipTg {
+ base iana-interface-type;
+ description
+ "SIP Trunk Group.";
+ }
+ identity sipSig {
+ base iana-interface-type;
+ description
+ "SIP Signaling.";
+ }
+ identity docsCableUpstreamChannel {
+ base iana-interface-type;
+ description
+ "CATV Upstream Channel.";
+ }
+ identity econet {
+ base iana-interface-type;
+ description
+ "Acorn Econet.";
+ }
+ identity pon155 {
+ base iana-interface-type;
+ description
+ "FSAN 155Mb Symetrical PON interface.";
+ }
+ identity pon622 {
+ base iana-interface-type;
+ description
+ "FSAN 622Mb Symetrical PON interface.";
+ }
+ identity bridge {
+ base iana-interface-type;
+ description
+ "Transparent bridge interface.";
+ }
+ identity linegroup {
+ base iana-interface-type;
+ description
+ "Interface common to multiple lines.";
+ }
+ identity voiceEMFGD {
+ base iana-interface-type;
+ description
+ "Voice E&M Feature Group D.";
+ }
+ identity voiceFGDEANA {
+ base iana-interface-type;
+ description
+ "Voice FGD Exchange Access North American.";
+ }
+ identity voiceDID {
+ base iana-interface-type;
+ description
+ "Voice Direct Inward Dialing.";
+ }
+ identity mpegTransport {
+ base iana-interface-type;
+ description
+ "MPEG transport interface.";
+ }
+ identity sixToFour {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "6to4 interface (DEPRECATED).";
+ reference
+ "RFC 4087 - IP Tunnel MIB";
+ }
+ identity gtp {
+ base iana-interface-type;
+ description
+ "GTP (GPRS Tunneling Protocol).";
+ }
+ identity pdnEtherLoop1 {
+ base iana-interface-type;
+ description
+ "Paradyne EtherLoop 1.";
+ }
+ identity pdnEtherLoop2 {
+ base iana-interface-type;
+ description
+ "Paradyne EtherLoop 2.";
+ }
+ identity opticalChannelGroup {
+ base iana-interface-type;
+ description
+ "Optical Channel Group.";
+ }
+ identity homepna {
+ base iana-interface-type;
+ description
+ "HomePNA ITU-T G.989.";
+ }
+ identity gfp {
+ base iana-interface-type;
+ description
+ "Generic Framing Procedure (GFP).";
+ }
+ identity ciscoISLvlan {
+ base iana-interface-type;
+ description
+ "Layer 2 Virtual LAN using Cisco ISL.";
+ }
+ identity actelisMetaLOOP {
+ base iana-interface-type;
+ description
+ "Acteleis proprietary MetaLOOP High Speed Link.";
+ }
+ identity fcipLink {
+ base iana-interface-type;
+ description
+ "FCIP Link.";
+ }
+ identity rpr {
+ base iana-interface-type;
+ description
+ "Resilient Packet Ring Interface Type.";
+ }
+ identity qam {
+ base iana-interface-type;
+ description
+ "RF Qam Interface.";
+ }
+ identity lmp {
+ base iana-interface-type;
+ description
+ "Link Management Protocol.";
+ reference
+ "RFC 4327 - Link Management Protocol (LMP) Management
+ Information Base (MIB)";
+ }
+ identity cblVectaStar {
+ base iana-interface-type;
+ description
+ "Cambridge Broadband Networks Limited VectaStar.";
+ }
+ identity docsCableMCmtsDownstream {
+ base iana-interface-type;
+ description
+ "CATV Modular CMTS Downstream Interface.";
+ }
+ identity adsl2 {
+ base iana-interface-type;
+ status deprecated;
+ description
+ "Asymmetric Digital Subscriber Loop Version 2
+ (DEPRECATED/OBSOLETED - please use adsl2plus(238)
+ instead).";
+ reference
+ "RFC 4706 - Definitions of Managed Objects for Asymmetric
+ Digital Subscriber Line 2 (ADSL2)";
+ }
+ identity macSecControlledIF {
+ base iana-interface-type;
+ description
+ "MACSecControlled.";
+ }
+ identity macSecUncontrolledIF {
+ base iana-interface-type;
+ description
+ "MACSecUncontrolled.";
+ }
+ identity aviciOpticalEther {
+ base iana-interface-type;
+ description
+ "Avici Optical Ethernet Aggregate.";
+ }
+ identity atmbond {
+ base iana-interface-type;
+ description
+ "atmbond.";
+ }
+ identity voiceFGDOS {
+ base iana-interface-type;
+ description
+ "Voice FGD Operator Services.";
+ }
+ identity mocaVersion1 {
+ base iana-interface-type;
+ description
+ "MultiMedia over Coax Alliance (MoCA) Interface
+ as documented in information provided privately to IANA.";
+ }
+ identity ieee80216WMAN {
+ base iana-interface-type;
+ description
+ "IEEE 802.16 WMAN interface.";
+ }
+ identity adsl2plus {
+ base iana-interface-type;
+ description
+ "Asymmetric Digital Subscriber Loop Version 2 -
+ Version 2 Plus and all variants.";
+ }
+ identity dvbRcsMacLayer {
+ base iana-interface-type;
+ description
+ "DVB-RCS MAC Layer.";
+ reference
+ "RFC 5728 - The SatLabs Group DVB-RCS MIB";
+ }
+ identity dvbTdm {
+ base iana-interface-type;
+ description
+ "DVB Satellite TDM.";
+ reference
+ "RFC 5728 - The SatLabs Group DVB-RCS MIB";
+ }
+ identity dvbRcsTdma {
+ base iana-interface-type;
+ description
+ "DVB-RCS TDMA.";
+ reference
+ "RFC 5728 - The SatLabs Group DVB-RCS MIB";
+ }
+ identity x86Laps {
+ base iana-interface-type;
+ description
+ "LAPS based on ITU-T X.86/Y.1323.";
+ }
+ identity wwanPP {
+ base iana-interface-type;
+ description
+ "3GPP WWAN.";
+ }
+ identity wwanPP2 {
+ base iana-interface-type;
+ description
+ "3GPP2 WWAN.";
+ }
+ identity voiceEBS {
+ base iana-interface-type;
+ description
+ "Voice P-phone EBS physical interface.";
+ }
+ identity ifPwType {
+ base iana-interface-type;
+ description
+ "Pseudowire interface type.";
+ reference
+ "RFC 5601 - Pseudowire (PW) Management Information Base (MIB)";
+ }
+ identity ilan {
+ base iana-interface-type;
+ description
+ "Internal LAN on a bridge per IEEE 802.1ap.";
+ }
+ identity pip {
+ base iana-interface-type;
+ description
+ "Provider Instance Port on a bridge per IEEE 802.1ah PBB.";
+ }
+ identity aluELP {
+ base iana-interface-type;
+ description
+ "Alcatel-Lucent Ethernet Link Protection.";
+ }
+ identity gpon {
+ base iana-interface-type;
+ description
+ "Gigabit-capable passive optical networks (G-PON) as per
+ ITU-T G.948.";
+ }
+ identity vdsl2 {
+ base iana-interface-type;
+ description
+ "Very high speed digital subscriber line Version 2
+ (as per ITU-T Recommendation G.993.2).";
+ reference
+ "RFC 5650 - Definitions of Managed Objects for Very High
+ Speed Digital Subscriber Line 2 (VDSL2)";
+ }
+ identity capwapDot11Profile {
+ base iana-interface-type;
+ description
+ "WLAN Profile Interface.";
+ reference
+ "RFC 5834 - Control and Provisioning of Wireless Access
+ Points (CAPWAP) Protocol Binding MIB for
+ IEEE 802.11";
+ }
+ identity capwapDot11Bss {
+ base iana-interface-type;
+ description
+ "WLAN BSS Interface.";
+ reference
+ "RFC 5834 - Control and Provisioning of Wireless Access
+ Points (CAPWAP) Protocol Binding MIB for
+ IEEE 802.11";
+ }
+ identity capwapWtpVirtualRadio {
+ base iana-interface-type;
+ description
+ "WTP Virtual Radio Interface.";
+ reference
+ "RFC 5833 - Control and Provisioning of Wireless Access
+ Points (CAPWAP) Protocol Base MIB";
+ }
+ identity bits {
+ base iana-interface-type;
+ description
+ "bitsport.";
+ }
+ identity docsCableUpstreamRfPort {
+ base iana-interface-type;
+ description
+ "DOCSIS CATV Upstream RF Port.";
+ }
+ identity cableDownstreamRfPort {
+ base iana-interface-type;
+ description
+ "CATV downstream RF Port.";
+ }
+ identity vmwareVirtualNic {
+ base iana-interface-type;
+ description
+ "VMware Virtual Network Interface.";
+ }
+ identity ieee802154 {
+ base iana-interface-type;
+ description
+ "IEEE 802.15.4 WPAN interface.";
+ reference
+ "IEEE 802.15.4-2006";
+ }
+ identity otnOdu {
+ base iana-interface-type;
+ description
+ "OTN Optical Data Unit.";
+ }
+ identity otnOtu {
+ base iana-interface-type;
+ description
+ "OTN Optical channel Transport Unit.";
+ }
+ identity ifVfiType {
+ base iana-interface-type;
+ description
+ "VPLS Forwarding Instance Interface Type.";
+ }
+ identity g9981 {
+ base iana-interface-type;
+ description
+ "G.998.1 bonded interface.";
+ }
+ identity g9982 {
+ base iana-interface-type;
+ description
+ "G.998.2 bonded interface.";
+ }
+ identity g9983 {
+ base iana-interface-type;
+ description
+ "G.998.3 bonded interface.";
+ }
+ identity aluEpon {
+ base iana-interface-type;
+ description
+ "Ethernet Passive Optical Networks (E-PON).";
+ }
+ identity aluEponOnu {
+ base iana-interface-type;
+ description
+ "EPON Optical Network Unit.";
+ }
+ identity aluEponPhysicalUni {
+ base iana-interface-type;
+ description
+ "EPON physical User to Network interface.";
+ }
+ identity aluEponLogicalLink {
+ base iana-interface-type;
+ description
+ "The emulation of a point-to-point link over the EPON
+ layer.";
+ }
+ identity aluGponOnu {
+ base iana-interface-type;
+ description
+ "GPON Optical Network Unit.";
+ reference
+ "ITU-T G.984.2";
+ }
+ identity aluGponPhysicalUni {
+ base iana-interface-type;
+ description
+ "GPON physical User to Network interface.";
+ reference
+ "ITU-T G.984.2";
+ }
+ identity vmwareNicTeam {
+ base iana-interface-type;
+ description
+ "VMware NIC Team.";
+ }
+}
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-access-control-list@2019-03-04.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-access-control-list@2019-03-04.yang
new file mode 100644
index 0000000000000000000000000000000000000000..00ae58ee6a63d385c583231f0b84bcdd1bdc41bf
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-access-control-list@2019-03-04.yang
@@ -0,0 +1,674 @@
+module ietf-access-control-list {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+ prefix acl;
+
+ import ietf-yang-types {
+ prefix yang;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-packet-fields {
+ prefix pf;
+ reference
+ "RFC 8519 - YANG Data Model for Network Access Control
+ Lists (ACLs).";
+ }
+
+ import ietf-interfaces {
+ prefix if;
+ reference
+ "RFC 8343 - A YANG Data Model for Interface Management.";
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling) Working Group.";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: netmod@ietf.org
+
+ Editor: Mahesh Jethanandani
+ mjethanandani@gmail.com
+ Editor: Lisa Huang
+ huangyi_99@yahoo.com
+ Editor: Sonal Agarwal
+ sagarwal12@gmail.com
+ Editor: Dana Blair
+ dana@blairhome.com";
+
+ description
+ "This YANG module defines a component that describes the
+ configuration and monitoring of Access Control Lists (ACLs).
+
+ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
+ 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
+ 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
+ are to be interpreted as described in BCP 14 (RFC 2119)
+ (RFC 8174) when, and only when, they appear in all
+ capitals, as shown here.
+
+ Copyright (c) 2019 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8519; see
+ the RFC itself for full legal notices.";
+
+ revision 2019-03-04 {
+ description
+ "Initial version.";
+ reference
+ "RFC 8519: YANG Data Model for Network Access Control
+ Lists (ACLs).";
+ }
+
+ /*
+ * Identities
+ */
+ /*
+ * Forwarding actions for a packet
+ */
+
+ identity forwarding-action {
+ description
+ "Base identity for actions in the forwarding category.";
+ }
+
+ identity accept {
+ base forwarding-action;
+ description
+ "Accept the packet.";
+ }
+
+ identity drop {
+ base forwarding-action;
+ description
+ "Drop packet without sending any ICMP error message.";
+ }
+
+ identity reject {
+ base forwarding-action;
+ description
+ "Drop the packet and send an ICMP error message to the source.";
+ }
+
+ /*
+ * Logging actions for a packet
+ */
+
+ identity log-action {
+ description
+ "Base identity for defining the destination for logging
+ actions.";
+ }
+
+ identity log-syslog {
+ base log-action;
+ description
+ "System log (syslog) the information for the packet.";
+ }
+
+ identity log-none {
+ base log-action;
+ description
+ "No logging for the packet.";
+ }
+
+ /*
+ * ACL type identities
+ */
+
+ identity acl-base {
+ description
+ "Base Access Control List type for all Access Control List type
+ identifiers.";
+ }
+
+ identity ipv4-acl-type {
+ base acl:acl-base;
+ if-feature "ipv4";
+ description
+ "An ACL that matches on fields from the IPv4 header
+ (e.g., IPv4 destination address) and Layer 4 headers (e.g., TCP
+ destination port). An ACL of type ipv4 does not contain
+ matches on fields in the Ethernet header or the IPv6 header.";
+ }
+
+ identity ipv6-acl-type {
+ base acl:acl-base;
+ if-feature "ipv6";
+ description
+ "An ACL that matches on fields from the IPv6 header
+ (e.g., IPv6 destination address) and Layer 4 headers (e.g., TCP
+ destination port). An ACL of type ipv6 does not contain
+ matches on fields in the Ethernet header or the IPv4 header.";
+ }
+
+ identity eth-acl-type {
+ base acl:acl-base;
+ if-feature "eth";
+ description
+ "An ACL that matches on fields in the Ethernet header,
+ like 10/100/1000baseT or a Wi-Fi Access Control List. An ACL
+ of type ethernet does not contain matches on fields in the
+ IPv4 header, the IPv6 header, or Layer 4 headers.";
+ }
+
+ identity mixed-eth-ipv4-acl-type {
+ base acl:eth-acl-type;
+ base acl:ipv4-acl-type;
+ if-feature "mixed-eth-ipv4";
+ description
+ "An ACL that contains a mix of entries that match
+ on fields in Ethernet headers and in IPv4 headers.
+ Matching on Layer 4 header fields may also exist in the
+ list.";
+ }
+
+ identity mixed-eth-ipv6-acl-type {
+ base acl:eth-acl-type;
+ base acl:ipv6-acl-type;
+ if-feature "mixed-eth-ipv6";
+ description
+ "An ACL that contains a mix of entries that match on fields
+ in Ethernet headers and in IPv6 headers. Matching
+ on Layer 4 header fields may also exist in the list.";
+ }
+
+ identity mixed-eth-ipv4-ipv6-acl-type {
+ base acl:eth-acl-type;
+ base acl:ipv4-acl-type;
+ base acl:ipv6-acl-type;
+ if-feature "mixed-eth-ipv4-ipv6";
+ description
+ "An ACL that contains a mix of entries that
+ match on fields in Ethernet headers, IPv4 headers, and IPv6
+ headers. Matching on Layer 4 header fields may also exist
+ in the list.";
+ }
+
+ /*
+ * Features
+ */
+
+ /*
+ * Features supported by device
+ */
+ feature match-on-eth {
+ description
+ "The device can support matching on Ethernet headers.";
+ }
+
+ feature match-on-ipv4 {
+ description
+ "The device can support matching on IPv4 headers.";
+ }
+
+ feature match-on-ipv6 {
+ description
+ "The device can support matching on IPv6 headers.";
+ }
+
+ feature match-on-tcp {
+ description
+ "The device can support matching on TCP headers.";
+ }
+
+ feature match-on-udp {
+ description
+ "The device can support matching on UDP headers.";
+ }
+
+ feature match-on-icmp {
+ description
+ "The device can support matching on ICMP (v4 and v6) headers.";
+ }
+
+ /*
+ * Header classifications combinations supported by
+ * device
+ */
+
+ feature eth {
+ if-feature "match-on-eth";
+ description
+ "Plain Ethernet ACL supported.";
+ }
+
+ feature ipv4 {
+ if-feature "match-on-ipv4";
+ description
+ "Plain IPv4 ACL supported.";
+ }
+
+ feature ipv6 {
+ if-feature "match-on-ipv6";
+ description
+ "Plain IPv6 ACL supported.";
+ }
+
+ feature mixed-eth-ipv4 {
+ if-feature "match-on-eth and match-on-ipv4";
+ description
+ "Ethernet and IPv4 ACL combinations supported.";
+ }
+
+ feature mixed-eth-ipv6 {
+ if-feature "match-on-eth and match-on-ipv6";
+ description
+ "Ethernet and IPv6 ACL combinations supported.";
+ }
+
+ feature mixed-eth-ipv4-ipv6 {
+ if-feature
+ "match-on-eth and match-on-ipv4
+ and match-on-ipv6";
+ description
+ "Ethernet, IPv4, and IPv6 ACL combinations supported.";
+ }
+
+ /*
+ * Stats Features
+ */
+ feature interface-stats {
+ description
+ "ACL counters are available and reported only per interface.";
+ }
+
+ feature acl-aggregate-stats {
+ description
+ "ACL counters are aggregated over all interfaces and reported
+ only per ACL entry.";
+ }
+
+ /*
+ * Attachment point features
+ */
+ feature interface-attachment {
+ description
+ "ACLs are set on interfaces.";
+ }
+
+ /*
+ * Typedefs
+ */
+ typedef acl-type {
+ type identityref {
+ base acl-base;
+ }
+ description
+ "This type is used to refer to an ACL type.";
+ }
+
+ /*
+ * Groupings
+ */
+ grouping acl-counters {
+ description
+ "Common grouping for ACL counters.";
+ leaf matched-packets {
+ type yang:counter64;
+ config false;
+ description
+ "Count of the number of packets matching the current ACL
+ entry.
+
+ An implementation should provide this counter on a
+ per-interface, per-ACL-entry basis if possible.
+
+ If an implementation only supports ACL counters on a per-
+ entry basis (i.e., not broken out per interface), then the
+ value should be equal to the aggregate count across all
+ interfaces.
+
+ An implementation that provides counters on a per-entry, per-
+ interface basis is not required to also provide an aggregate
+ count, e.g., per entry -- the user is expected to be able to
+ implement the required aggregation if such a count is
+ needed.";
+ }
+
+ leaf matched-octets {
+ type yang:counter64;
+ config false;
+ description
+ "Count of the number of octets (bytes) matching the current
+ ACL entry.
+
+ An implementation should provide this counter on a
+ per-interface, per-ACL-entry basis if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able to
+ implement the required aggregation if such a count is needed.";
+ }
+ }
+
+ /*
+ * Configuration and monitoring data nodes
+ */
+
+ container acls {
+ description
+ "This is a top-level container for Access Control Lists.
+ It can have one or more acl nodes.";
+ list acl {
+ key "name";
+ description
+ "An ACL is an ordered list of ACEs. Each ACE has a
+ list of match criteria and a list of actions.
+ Since there are several kinds of ACLs implemented
+ with different attributes for different vendors,
+ this model accommodates customizing ACLs for
+ each kind and for each vendor.";
+ leaf name {
+ type string {
+ length "1..64";
+ }
+ description
+ "The name of the access list. A device MAY further
+ restrict the length of this name; space and special
+ characters are not allowed.";
+ }
+ leaf type {
+ type acl-type;
+ description
+ "Type of ACL. Indicates the primary intended
+ type of match criteria (e.g., Ethernet, IPv4, IPv6, mixed,
+ etc.) used in the list instance.";
+ }
+ container aces {
+ description
+ "The aces container contains one or more ACE nodes.";
+ list ace {
+ key "name";
+ ordered-by user;
+ description
+ "List of ACEs.";
+ leaf name {
+ type string {
+ length "1..64";
+ }
+ description
+ "A unique name identifying this ACE.";
+ }
+
+ container matches {
+ description
+ "The rules in this set determine what fields will be
+ matched upon before any action is taken on them.
+ The rules are selected based on the feature set
+ defined by the server and the acl-type defined.
+ If no matches are defined in a particular container,
+ then any packet will match that container. If no
+ matches are specified at all in an ACE, then any
+ packet will match the ACE.";
+
+ choice l2 {
+ container eth {
+ when "derived-from-or-self(/acls/acl/type, "
+ + "'acl:eth-acl-type')";
+ if-feature "match-on-eth";
+ uses pf:acl-eth-header-fields;
+ description
+ "Rule set that matches Ethernet headers.";
+ }
+ description
+ "Match Layer 2 headers, for example, Ethernet
+ header fields.";
+ }
+
+ choice l3 {
+ container ipv4 {
+ when "derived-from-or-self(/acls/acl/type, "
+ + "'acl:ipv4-acl-type')";
+ if-feature "match-on-ipv4";
+ uses pf:acl-ip-header-fields;
+ uses pf:acl-ipv4-header-fields;
+ description
+ "Rule set that matches IPv4 headers.";
+ }
+
+ container ipv6 {
+ when "derived-from-or-self(/acls/acl/type, "
+ + "'acl:ipv6-acl-type')";
+ if-feature "match-on-ipv6";
+ uses pf:acl-ip-header-fields;
+ uses pf:acl-ipv6-header-fields;
+ description
+ "Rule set that matches IPv6 headers.";
+ }
+ description
+ "Choice of either IPv4 or IPv6 headers";
+ }
+
+ choice l4 {
+ container tcp {
+ if-feature "match-on-tcp";
+ uses pf:acl-tcp-header-fields;
+ container source-port {
+ choice source-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Source port definition from range or
+ operator.";
+ }
+ description
+ "Choice of source port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of source ports to be referenced.";
+ }
+ description
+ "Source port definition.";
+ }
+ container destination-port {
+ choice destination-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Destination port definition from range or
+ operator.";
+ }
+ description
+ "Choice of destination port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of destination ports to be referenced.";
+ }
+ description
+ "Destination port definition.";
+ }
+ description
+ "Rule set that matches TCP headers.";
+ }
+
+ container udp {
+ if-feature "match-on-udp";
+ uses pf:acl-udp-header-fields;
+ container source-port {
+ choice source-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Source port definition from range or
+ operator.";
+ }
+ description
+ "Choice of source port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of source ports to be referenced.";
+ }
+ description
+ "Source port definition.";
+ }
+ container destination-port {
+ choice destination-port {
+ case range-or-operator {
+ uses pf:port-range-or-operator;
+ description
+ "Destination port definition from range or
+ operator.";
+ }
+ description
+ "Choice of destination port definition using
+ range/operator or a choice to support future
+ 'case' statements, such as one enabling a
+ group of destination ports to be referenced.";
+ }
+ description
+ "Destination port definition.";
+ }
+ description
+ "Rule set that matches UDP headers.";
+ }
+
+ container icmp {
+ if-feature "match-on-icmp";
+ uses pf:acl-icmp-header-fields;
+ description
+ "Rule set that matches ICMP headers.";
+ }
+ description
+ "Choice of TCP, UDP, or ICMP headers.";
+ }
+
+ leaf egress-interface {
+ type if:interface-ref;
+ description
+
+ "Egress interface. This should not be used if this ACL
+ is attached as an egress ACL (or the value should
+ equal the interface to which the ACL is attached).";
+ }
+
+ leaf ingress-interface {
+ type if:interface-ref;
+ description
+ "Ingress interface. This should not be used if this ACL
+ is attached as an ingress ACL (or the value should
+ equal the interface to which the ACL is attached).";
+ }
+ }
+
+ container actions {
+ description
+ "Definition of actions for this ace entry.";
+ leaf forwarding {
+ type identityref {
+ base forwarding-action;
+ }
+ mandatory true;
+ description
+ "Specifies the forwarding action per ace entry.";
+ }
+
+ leaf logging {
+ type identityref {
+ base log-action;
+ }
+ default "log-none";
+ description
+ "Specifies the log action and destination for
+ matched packets. Default value is not to log the
+ packet.";
+ }
+ }
+ container statistics {
+ if-feature "acl-aggregate-stats";
+ config false;
+ description
+ "Statistics gathered across all attachment points for the
+ given ACL.";
+ uses acl-counters;
+ }
+ }
+ }
+ }
+
+ container attachment-points {
+ description
+ "Enclosing container for the list of
+ attachment points on which ACLs are set.";
+ /*
+ * Groupings
+ */
+ grouping interface-acl {
+ description
+ "Grouping for per-interface ingress ACL data.";
+ container acl-sets {
+ description
+ "Enclosing container for the list of ingress ACLs on the
+ interface.";
+ list acl-set {
+ key "name";
+ ordered-by user;
+ description
+ "List of ingress ACLs on the interface.";
+ leaf name {
+ type leafref {
+ path "/acls/acl/name";
+ }
+ description
+ "Reference to the ACL name applied on the ingress.";
+ }
+ list ace-statistics {
+ if-feature "interface-stats";
+ key "name";
+ config false;
+ description
+ "List of ACEs.";
+ leaf name {
+ type leafref {
+ path "/acls/acl/aces/ace/name";
+ }
+ description
+ "Name of the ace entry.";
+ }
+ uses acl-counters;
+ }
+ }
+ }
+ }
+
+ list interface {
+ if-feature "interface-attachment";
+ key "interface-id";
+ description
+ "List of interfaces on which ACLs are set.";
+
+ leaf interface-id {
+ type if:interface-ref;
+ description
+ "Reference to the interface id list key.";
+ }
+
+ container ingress {
+ uses interface-acl;
+ description
+ "The ACLs applied to the ingress interface.";
+ }
+ container egress {
+ uses interface-acl;
+ description
+ "The ACLs applied to the egress interface.";
+ }
+ }
+ }
+ }
+}
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-ethertypes@2019-03-04.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-ethertypes@2019-03-04.yang
new file mode 100644
index 0000000000000000000000000000000000000000..115c05ce0644ccfab07a96f6b8e5bc31b954a5f6
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-ethertypes@2019-03-04.yang
@@ -0,0 +1,381 @@
+module ietf-ethertypes {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-ethertypes";
+ prefix ethertypes;
+
+ organization
+ "IETF NETMOD (Network Modeling) Working Group.";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Mahesh Jethanandani
+ <mjethanandani@gmail.com>";
+
+ description
+ "This module contains common definitions for the
+ Ethertype used by different modules. It is a
+ placeholder module, till such time that IEEE
+ starts a project to define these Ethertypes
+ and publishes a standard.
+
+ At that time, this module can be deprecated.
+
+ Copyright (c) 2019 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8519; see
+ the RFC itself for full legal notices.";
+
+ revision 2019-03-04 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 8519: YANG Data Model for Network Access Control
+ Lists (ACLs).";
+ }
+
+ typedef ethertype {
+ type union {
+ type uint16;
+ type enumeration {
+ enum ipv4 {
+ value 2048;
+ description
+ "Internet Protocol version 4 (IPv4) with a
+ hex value of 0x0800.";
+ reference
+ "RFC 791: Internet Protocol.";
+ }
+ enum arp {
+ value 2054;
+ description
+ "Address Resolution Protocol (ARP) with a
+ hex value of 0x0806.";
+ reference
+ "RFC 826: An Ethernet Address Resolution Protocol: Or
+ Converting Network Protocol Addresses to 48.bit
+ Ethernet Address for Transmission on Ethernet
+ Hardware.";
+ }
+ enum wlan {
+ value 2114;
+ description
+ "Wake-on-LAN. Hex value of 0x0842.";
+ }
+ enum trill {
+ value 8947;
+ description
+ "Transparent Interconnection of Lots of Links.
+ Hex value of 0x22F3.";
+ reference
+ "RFC 6325: Routing Bridges (RBridges): Base Protocol
+ Specification.";
+ }
+ enum srp {
+ value 8938;
+ description
+ "Stream Reservation Protocol. Hex value of
+ 0x22EA.";
+ reference
+ "IEEE 801.1Q-2011.";
+ }
+ enum decnet {
+ value 24579;
+ description
+ "DECnet Phase IV. Hex value of 0x6003.";
+ }
+ enum rarp {
+ value 32821;
+ description
+ "Reverse Address Resolution Protocol.
+ Hex value 0x8035.";
+ reference
+ "RFC 903: A Reverse Address Resolution Protocol.";
+ }
+ enum appletalk {
+ value 32923;
+ description
+ "Appletalk (Ethertalk). Hex value of 0x809B.";
+ }
+ enum aarp {
+ value 33011;
+ description
+ "Appletalk Address Resolution Protocol. Hex value
+ of 0x80F3.";
+ }
+ enum vlan {
+ value 33024;
+ description
+ "VLAN-tagged frame (IEEE 802.1Q) and Shortest Path
+ Bridging IEEE 802.1aq with Network-Network
+ Interface (NNI) compatibility. Hex value of
+ 0x8100.";
+ reference
+ "IEEE 802.1Q.";
+ }
+ enum ipx {
+ value 33079;
+ description
+ "Internetwork Packet Exchange (IPX). Hex value
+ of 0x8137.";
+ }
+ enum qnx {
+ value 33284;
+ description
+ "QNX Qnet. Hex value of 0x8204.";
+ }
+ enum ipv6 {
+ value 34525;
+ description
+ "Internet Protocol Version 6 (IPv6). Hex value
+ of 0x86DD.";
+ reference
+ "RFC 8200: Internet Protocol, Version 6 (IPv6)
+ Specification
+ RFC 8201: Path MTU Discovery for IP version 6.";
+ }
+ enum efc {
+ value 34824;
+ description
+ "Ethernet flow control using pause frames.
+ Hex value of 0x8808.";
+ reference
+ "IEEE 802.1Qbb.";
+ }
+ enum esp {
+ value 34825;
+ description
+ "Ethernet Slow Protocol. Hex value of 0x8809.";
+ reference
+ "IEEE 802.3-2015.";
+ }
+ enum cobranet {
+ value 34841;
+ description
+ "CobraNet. Hex value of 0x8819.";
+ }
+ enum mpls-unicast {
+ value 34887;
+ description
+ "Multiprotocol Label Switching (MPLS) unicast traffic.
+ Hex value of 0x8847.";
+ reference
+ "RFC 3031: Multiprotocol Label Switching Architecture.";
+ }
+ enum mpls-multicast {
+ value 34888;
+ description
+ "MPLS multicast traffic. Hex value of 0x8848.";
+ reference
+ "RFC 3031: Multiprotocol Label Switching Architecture.";
+ }
+ enum pppoe-discovery {
+ value 34915;
+ description
+ "Point-to-Point Protocol over Ethernet. Used during
+ the discovery process. Hex value of 0x8863.";
+ reference
+ "RFC 2516: A Method for Transmitting PPP Over Ethernet
+ (PPPoE).";
+ }
+ enum pppoe-session {
+ value 34916;
+ description
+ "Point-to-Point Protocol over Ethernet. Used during
+ session stage. Hex value of 0x8864.";
+ reference
+ "RFC 2516: A Method for Transmitting PPP Over Ethernet
+ (PPPoE).";
+ }
+ enum intel-ans {
+ value 34925;
+ description
+ "Intel Advanced Networking Services. Hex value of
+ 0x886D.";
+ }
+ enum jumbo-frames {
+ value 34928;
+ description
+ "Jumbo frames or Ethernet frames with more than
+ 1500 bytes of payload, up to 9000 bytes.";
+ }
+ enum homeplug {
+ value 34939;
+ description
+ "Family name for the various power line
+ communications. Hex value of 0x887B.";
+ }
+ enum eap {
+ value 34958;
+ description
+ "Ethernet Access Protocol (EAP) over LAN. Hex value
+ of 0x888E.";
+ reference
+ "IEEE 802.1X.";
+ }
+ enum profinet {
+ value 34962;
+ description
+ "PROcess FIeld Net (PROFINET). Hex value of 0x8892.";
+ }
+ enum hyperscsi {
+ value 34970;
+ description
+ "Small Computer System Interface (SCSI) over Ethernet.
+ Hex value of 0x889A.";
+ }
+ enum aoe {
+ value 34978;
+ description
+ "Advanced Technology Advancement (ATA) over Ethernet.
+ Hex value of 0x88A2.";
+ }
+ enum ethercat {
+ value 34980;
+ description
+ "Ethernet for Control Automation Technology (EtherCAT).
+ Hex value of 0x88A4.";
+ }
+ enum provider-bridging {
+ value 34984;
+ description
+ "Provider Bridging (802.1ad) and Shortest Path Bridging
+ (801.1aq). Hex value of 0x88A8.";
+ reference
+ "IEEE 802.1ad and IEEE 802.1aq).";
+ }
+ enum ethernet-powerlink {
+ value 34987;
+ description
+ "Ethernet Powerlink. Hex value of 0x88AB.";
+ }
+ enum goose {
+ value 35000;
+ description
+ "Generic Object Oriented Substation Event (GOOSE).
+ Hex value of 0x88B8.";
+ reference
+ "IEC/ISO 8802-2 and 8802-3.";
+ }
+ enum gse {
+ value 35001;
+ description
+ "Generic Substation Events. Hex value of 88B9.";
+ reference
+ "IEC 61850.";
+ }
+ enum sv {
+ value 35002;
+ description
+ "Sampled Value Transmission. Hex value of 0x88BA.";
+ reference
+ "IEC 61850.";
+ }
+ enum lldp {
+ value 35020;
+ description
+ "Link Layer Discovery Protocol (LLDP). Hex value of
+ 0x88CC.";
+ reference
+ "IEEE 802.1AB.";
+ }
+ enum sercos {
+ value 35021;
+ description
+ "Sercos Interface. Hex value of 0x88CD.";
+ }
+ enum wsmp {
+ value 35036;
+ description
+ "WAVE Short Message Protocol (WSMP). Hex value of
+ 0x88DC.";
+ }
+ enum homeplug-av-mme {
+ value 35041;
+ description
+ "HomePlug AV Mobile Management Entity (MME). Hex value
+ of 88E1.";
+ }
+ enum mrp {
+ value 35043;
+ description
+ "Media Redundancy Protocol (MRP). Hex value of
+ 0x88E3.";
+ reference
+ "IEC 62439-2.";
+ }
+ enum macsec {
+ value 35045;
+ description
+ "MAC Security. Hex value of 0x88E5.";
+ reference
+ "IEEE 802.1AE.";
+ }
+ enum pbb {
+ value 35047;
+ description
+ "Provider Backbone Bridges (PBB). Hex value of
+ 0x88E7.";
+ reference
+ "IEEE 802.1ah.";
+ }
+ enum cfm {
+ value 35074;
+ description
+ "Connectivity Fault Management (CFM). Hex value of
+ 0x8902.";
+ reference
+ "IEEE 802.1ag.";
+ }
+ enum fcoe {
+ value 35078;
+ description
+ "Fiber Channel over Ethernet (FCoE). Hex value of
+ 0x8906.";
+ reference
+ "T11 FC-BB-5.";
+ }
+ enum fcoe-ip {
+ value 35092;
+ description
+ "FCoE Initialization Protocol. Hex value of 0x8914.";
+ }
+ enum roce {
+ value 35093;
+ description
+ "RDMA over Converged Ethernet (RoCE). Hex value of
+ 0x8915.";
+ }
+ enum tte {
+ value 35101;
+ description
+ "TTEthernet Protocol Control Frame (TTE). Hex value
+ of 0x891D.";
+ reference
+ "SAE AS6802.";
+ }
+ enum hsr {
+ value 35119;
+ description
+ "High-availability Seamless Redundancy (HSR). Hex
+ value of 0x892F.";
+ reference
+ "IEC 62439-3:2016.";
+ }
+ }
+ }
+ description
+ "The uint16 type placeholder is defined to enable
+ users to manage their own ethertypes not
+ covered by the module. Otherwise, the module contains
+ enum definitions for the more commonly used ethertypes.";
+ }
+}
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-inet-types@2013-07-15.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-inet-types@2013-07-15.yang
new file mode 100644
index 0000000000000000000000000000000000000000..790bafc31dd7dc3582ef1c765fe104145b8a6016
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-inet-types@2013-07-15.yang
@@ -0,0 +1,459 @@
+ module ietf-inet-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types";
+ prefix "inet";
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types for Internet addresses and related things.
+
+ Copyright (c) 2013 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6991; see
+ the RFC itself for full legal notices.";
+
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - ip-address-no-zone
+ - ipv4-address-no-zone
+ - ipv6-address-no-zone";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of types related to protocol fields ***/
+
+ typedef ip-version {
+ type enumeration {
+ enum unknown {
+ value "0";
+ description
+ "An unknown or unspecified version of the Internet
+ protocol.";
+ }
+ enum ipv4 {
+ value "1";
+ description
+ "The IPv4 protocol as defined in RFC 791.";
+ }
+ enum ipv6 {
+ value "2";
+ description
+ "The IPv6 protocol as defined in RFC 2460.";
+ }
+ }
+ description
+ "This value represents the version of the IP protocol.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetVersion textual convention of the SMIv2.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+
+ typedef dscp {
+ type uint8 {
+ range "0..63";
+ }
+ description
+ "The dscp type represents a Differentiated Services Code Point
+ that may be used for marking packets in a traffic stream.
+
+ In the value set and its semantics, this type is equivalent
+ to the Dscp textual convention of the SMIv2.";
+ reference
+ "RFC 3289: Management Information Base for the Differentiated
+ Services Architecture
+ RFC 2474: Definition of the Differentiated Services Field
+ (DS Field) in the IPv4 and IPv6 Headers
+ RFC 2780: IANA Allocation Guidelines For Values In
+ the Internet Protocol and Related Headers";
+ }
+
+ typedef ipv6-flow-label {
+ type uint32 {
+ range "0..1048575";
+ }
+ description
+ "The ipv6-flow-label type represents the flow identifier or Flow
+ Label in an IPv6 packet header that may be used to
+ discriminate traffic flows.
+
+ In the value set and its semantics, this type is equivalent
+ to the IPv6FlowLabel textual convention of the SMIv2.";
+ reference
+ "RFC 3595: Textual Conventions for IPv6 Flow Label
+ RFC 2460: Internet Protocol, Version 6 (IPv6) Specification";
+ }
+
+ typedef port-number {
+ type uint16 {
+ range "0..65535";
+ }
+ description
+ "The port-number type represents a 16-bit port number of an
+ Internet transport-layer protocol such as UDP, TCP, DCCP, or
+ SCTP. Port numbers are assigned by IANA. A current list of
+ all assignments is available from <http://www.iana.org/>.
+
+ Note that the port number value zero is reserved by IANA. In
+ situations where the value zero does not make sense, it can
+ be excluded by subtyping the port-number type.
+ In the value set and its semantics, this type is equivalent
+ to the InetPortNumber textual convention of the SMIv2.";
+ reference
+ "RFC 768: User Datagram Protocol
+ RFC 793: Transmission Control Protocol
+ RFC 4960: Stream Control Transmission Protocol
+ RFC 4340: Datagram Congestion Control Protocol (DCCP)
+ RFC 4001: Textual Conventions for Internet Network Addresses";
+ }
+
+ /*** collection of types related to autonomous systems ***/
+
+ typedef as-number {
+ type uint32;
+ description
+ "The as-number type represents autonomous system numbers
+ which identify an Autonomous System (AS). An AS is a set
+ of routers under a single technical administration, using
+ an interior gateway protocol and common metrics to route
+ packets within the AS, and using an exterior gateway
+ protocol to route packets to other ASes. IANA maintains
+ the AS number space and has delegated large parts to the
+ regional registries.
+
+ Autonomous system numbers were originally limited to 16
+ bits. BGP extensions have enlarged the autonomous system
+ number space to 32 bits. This type therefore uses an uint32
+ base type without a range restriction in order to support
+ a larger autonomous system number space.
+
+ In the value set and its semantics, this type is equivalent
+ to the InetAutonomousSystemNumber textual convention of
+ the SMIv2.";
+ reference
+ "RFC 1930: Guidelines for creation, selection, and registration
+ of an Autonomous System (AS)
+ RFC 4271: A Border Gateway Protocol 4 (BGP-4)
+ RFC 4001: Textual Conventions for Internet Network Addresses
+ RFC 6793: BGP Support for Four-Octet Autonomous System (AS)
+ Number Space";
+ }
+
+ /*** collection of types related to IP addresses and hostnames ***/
+
+ typedef ip-address {
+ type union {
+ type inet:ipv4-address;
+ type inet:ipv6-address;
+ }
+ description
+ "The ip-address type represents an IP address and is IP
+ version neutral. The format of the textual representation
+ implies the IP version. This type supports scoped addresses
+ by allowing zone identifiers in the address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '(%[\p{N}\p{L}]+)?';
+ }
+ description
+ "The ipv4-address type represents an IPv4 address in
+ dotted-quad notation. The IPv4 address may include a zone
+ index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format for the zone index is the numerical
+ format";
+ }
+
+ typedef ipv6-address {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(%[\p{N}\p{L}]+)?';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(%.+)?';
+ }
+ description
+ "The ipv6-address type represents an IPv6 address in full,
+ mixed, shortened, and shortened-mixed notation. The IPv6
+ address may include a zone index, separated by a % sign.
+
+ The zone index is used to disambiguate identical address
+ values. For link-local addresses, the zone index will
+ typically be the interface index number or the name of an
+ interface. If the zone index is not present, the default
+ zone of the device will be used.
+
+ The canonical format of IPv6 addresses uses the textual
+ representation defined in Section 4 of RFC 5952. The
+ canonical format for the zone index is the numerical
+ format as described in Section 11.2 of RFC 4007.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-address-no-zone {
+ type union {
+ type inet:ipv4-address-no-zone;
+ type inet:ipv6-address-no-zone;
+ }
+ description
+ "The ip-address-no-zone type represents an IP address and is
+ IP version neutral. The format of the textual representation
+ implies the IP version. This type does not support scoped
+ addresses since it does not allow zone identifiers in the
+ address format.";
+ reference
+ "RFC 4007: IPv6 Scoped Address Architecture";
+ }
+
+ typedef ipv4-address-no-zone {
+ type inet:ipv4-address {
+ pattern '[0-9\.]*';
+ }
+ description
+ "An IPv4 address without a zone index. This type, derived from
+ ipv4-address, may be used in situations where the zone is
+ known from the context and hence no zone index is needed.";
+ }
+
+ typedef ipv6-address-no-zone {
+ type inet:ipv6-address {
+ pattern '[0-9a-fA-F:\.]*';
+ }
+ description
+ "An IPv6 address without a zone index. This type, derived from
+ ipv6-address, may be used in situations where the zone is
+ known from the context and hence no zone index is needed.";
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ typedef ip-prefix {
+ type union {
+ type inet:ipv4-prefix;
+ type inet:ipv6-prefix;
+ }
+ description
+ "The ip-prefix type represents an IP prefix and is IP
+ version neutral. The format of the textual representations
+ implies the IP version.";
+ }
+
+ typedef ipv4-prefix {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
+ + '/(([0-9])|([1-2][0-9])|(3[0-2]))';
+ }
+ description
+ "The ipv4-prefix type represents an IPv4 address prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 32.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The canonical format of an IPv4 prefix has all bits of
+ the IPv4 address set to zero that are not part of the
+ IPv4 prefix.";
+ }
+
+ typedef ipv6-prefix {
+ type string {
+ pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}'
+ + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|'
+ + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}'
+ + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))'
+ + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))';
+ pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|'
+ + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)'
+ + '(/.+)';
+ }
+
+ description
+ "The ipv6-prefix type represents an IPv6 address prefix.
+ The prefix length is given by the number following the
+ slash character and must be less than or equal to 128.
+
+ A prefix length value of n corresponds to an IP address
+ mask that has n contiguous 1-bits from the most
+ significant bit (MSB) and all other bits set to 0.
+
+ The IPv6 address should have all bits that do not belong
+ to the prefix set to zero.
+
+ The canonical format of an IPv6 prefix has all bits of
+ the IPv6 address set to zero that are not part of the
+ IPv6 prefix. Furthermore, the IPv6 address is represented
+ as defined in Section 4 of RFC 5952.";
+ reference
+ "RFC 5952: A Recommendation for IPv6 Address Text
+ Representation";
+ }
+
+ /*** collection of domain name and URI types ***/
+
+ typedef domain-name {
+ type string {
+ pattern
+ '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'
+ + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'
+ + '|\.';
+ length "1..253";
+ }
+ description
+ "The domain-name type represents a DNS domain name. The
+ name SHOULD be fully qualified whenever possible.
+
+ Internet domain names are only loosely specified. Section
+ 3.5 of RFC 1034 recommends a syntax (modified in Section
+ 2.1 of RFC 1123). The pattern above is intended to allow
+ for current practice in domain name use, and some possible
+ future expansion. It is designed to hold various types of
+ domain names, including names used for A or AAAA records
+ (host names) and other records, such as SRV records. Note
+ that Internet host names have a stricter syntax (described
+ in RFC 952) than the DNS recommendations in RFCs 1034 and
+ 1123, and that systems that want to store host names in
+ schema nodes using the domain-name type are recommended to
+ adhere to this stricter standard to ensure interoperability.
+
+ The encoding of DNS names in the DNS protocol is limited
+ to 255 characters. Since the encoding consists of labels
+ prefixed by a length bytes and there is a trailing NULL
+ byte, only 253 characters can appear in the textual dotted
+ notation.
+
+ The description clause of schema nodes using the domain-name
+ type MUST describe when and how these names are resolved to
+ IP addresses. Note that the resolution of a domain-name value
+ may require to query multiple DNS records (e.g., A for IPv4
+ and AAAA for IPv6). The order of the resolution process and
+ which DNS record takes precedence can either be defined
+ explicitly or may depend on the configuration of the
+ resolver.
+
+ Domain-name values use the US-ASCII encoding. Their canonical
+ format uses lowercase US-ASCII characters. Internationalized
+ domain names MUST be A-labels as per RFC 5890.";
+ reference
+ "RFC 952: DoD Internet Host Table Specification
+ RFC 1034: Domain Names - Concepts and Facilities
+ RFC 1123: Requirements for Internet Hosts -- Application
+ and Support
+ RFC 2782: A DNS RR for specifying the location of services
+ (DNS SRV)
+ RFC 5890: Internationalized Domain Names in Applications
+ (IDNA): Definitions and Document Framework";
+ }
+
+ typedef host {
+ type union {
+ type inet:ip-address;
+ type inet:domain-name;
+ }
+ description
+ "The host type represents either an IP address or a DNS
+ domain name.";
+ }
+
+ typedef uri {
+ type string;
+ description
+ "The uri type represents a Uniform Resource Identifier
+ (URI) as defined by STD 66.
+
+ Objects using the uri type MUST be in US-ASCII encoding,
+ and MUST be normalized as described by RFC 3986 Sections
+ 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary
+ percent-encoding is removed, and all case-insensitive
+ characters are set to lowercase except for hexadecimal
+ digits, which are normalized to uppercase as described in
+ Section 6.2.2.1.
+
+ The purpose of this normalization is to help provide
+ unique URIs. Note that this normalization is not
+ sufficient to provide uniqueness. Two URIs that are
+ textually distinct after this normalization may still be
+ equivalent.
+
+ Objects using the uri type may restrict the schemes that
+ they permit. For example, 'data:' and 'urn:' schemes
+ might not be appropriate.
+
+ A zero-length URI is not a valid URI. This can be used to
+ express 'URI absent' where required.
+
+ In the value set and its semantics, this type is equivalent
+ to the Uri SMIv2 textual convention defined in RFC 5017.";
+ reference
+ "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax
+ RFC 3305: Report from the Joint W3C/IETF URI Planning Interest
+ Group: Uniform Resource Identifiers (URIs), URLs,
+ and Uniform Resource Names (URNs): Clarifications
+ and Recommendations
+ RFC 5017: MIB Textual Conventions for Uniform Resource
+ Identifiers (URIs)";
+ }
+
+ }
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-interfaces@2018-02-20.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-interfaces@2018-02-20.yang
new file mode 100644
index 0000000000000000000000000000000000000000..e53675b9d3caab79e15e1d7453d118df8c177089
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-interfaces@2018-02-20.yang
@@ -0,0 +1,1123 @@
+module ietf-interfaces {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces";
+ prefix if;
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling) Working Group";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>";
+
+ description
+ "This module contains a collection of YANG definitions for
+ managing network interfaces.
+
+ Copyright (c) 2018 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8343; see
+ the RFC itself for full legal notices.";
+
+ revision 2018-02-20 {
+ description
+ "Updated to support NMDA.";
+ reference
+ "RFC 8343: A YANG Data Model for Interface Management";
+ }
+
+ revision 2014-05-08 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7223: A YANG Data Model for Interface Management";
+ }
+
+ /*
+ * Typedefs
+ */
+
+ typedef interface-ref {
+ type leafref {
+ path "/if:interfaces/if:interface/if:name";
+ }
+ description
+ "This type is used by data models that need to reference
+ interfaces.";
+ }
+
+ /*
+ * Identities
+ */
+
+ identity interface-type {
+ description
+ "Base identity from which specific interface types are
+ derived.";
+ }
+
+ /*
+ * Features
+ */
+
+ feature arbitrary-names {
+ description
+ "This feature indicates that the device allows user-controlled
+ interfaces to be named arbitrarily.";
+ }
+ feature pre-provisioning {
+ description
+ "This feature indicates that the device supports
+ pre-provisioning of interface configuration, i.e., it is
+ possible to configure an interface whose physical interface
+ hardware is not present on the device.";
+ }
+ feature if-mib {
+ description
+ "This feature indicates that the device implements
+ the IF-MIB.";
+ reference
+ "RFC 2863: The Interfaces Group MIB";
+ }
+
+ /*
+ * Data nodes
+ */
+
+ container interfaces {
+ description
+ "Interface parameters.";
+
+ list interface {
+ key "name";
+
+ description
+ "The list of interfaces on the device.
+
+ The status of an interface is available in this list in the
+ operational state. If the configuration of a
+ system-controlled interface cannot be used by the system
+ (e.g., the interface hardware present does not match the
+ interface type), then the configuration is not applied to
+ the system-controlled interface shown in the operational
+ state. If the configuration of a user-controlled interface
+ cannot be used by the system, the configured interface is
+ not instantiated in the operational state.
+
+ System-controlled interfaces created by the system are
+ always present in this list in the operational state,
+ whether or not they are configured.";
+
+ leaf name {
+ type string;
+ description
+ "The name of the interface.
+
+ A device MAY restrict the allowed values for this leaf,
+ possibly depending on the type of the interface.
+ For system-controlled interfaces, this leaf is the
+ device-specific name of the interface.
+
+ If a client tries to create configuration for a
+ system-controlled interface that is not present in the
+ operational state, the server MAY reject the request if
+ the implementation does not support pre-provisioning of
+ interfaces or if the name refers to an interface that can
+ never exist in the system. A Network Configuration
+ Protocol (NETCONF) server MUST reply with an rpc-error
+ with the error-tag 'invalid-value' in this case.
+
+ If the device supports pre-provisioning of interface
+ configuration, the 'pre-provisioning' feature is
+ advertised.
+
+ If the device allows arbitrarily named user-controlled
+ interfaces, the 'arbitrary-names' feature is advertised.
+
+ When a configured user-controlled interface is created by
+ the system, it is instantiated with the same name in the
+ operational state.
+
+ A server implementation MAY map this leaf to the ifName
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and ifName. The definition of
+ such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifName";
+ }
+
+ leaf description {
+ type string;
+ description
+ "A textual description of the interface.
+
+ A server implementation MAY map this leaf to the ifAlias
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and ifAlias. The definition of
+ such a mechanism is outside the scope of this document.
+
+ Since ifAlias is defined to be stored in non-volatile
+ storage, the MIB implementation MUST map ifAlias to the
+ value of 'description' in the persistently stored
+ configuration.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifAlias";
+ }
+
+ leaf type {
+ type identityref {
+ base interface-type;
+ }
+ mandatory true;
+ description
+ "The type of the interface.
+
+ When an interface entry is created, a server MAY
+ initialize the type leaf with a valid value, e.g., if it
+ is possible to derive the type from the name of the
+ interface.
+
+ If a client tries to set the type of an interface to a
+ value that can never be used by the system, e.g., if the
+ type is not supported or if the type does not match the
+ name of the interface, the server MUST reject the request.
+ A NETCONF server MUST reply with an rpc-error with the
+ error-tag 'invalid-value' in this case.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifType";
+ }
+
+ leaf enabled {
+ type boolean;
+ default "true";
+ description
+ "This leaf contains the configured, desired state of the
+ interface.
+
+ Systems that implement the IF-MIB use the value of this
+ leaf in the intended configuration to set
+ IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry
+ has been initialized, as described in RFC 2863.
+
+ Changes in this leaf in the intended configuration are
+ reflected in ifAdminStatus.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifAdminStatus";
+ }
+
+ leaf link-up-down-trap-enable {
+ if-feature if-mib;
+ type enumeration {
+ enum enabled {
+ value 1;
+ description
+ "The device will generate linkUp/linkDown SNMP
+ notifications for this interface.";
+ }
+ enum disabled {
+ value 2;
+ description
+ "The device will not generate linkUp/linkDown SNMP
+ notifications for this interface.";
+ }
+ }
+ description
+ "Controls whether linkUp/linkDown SNMP notifications
+ should be generated for this interface.
+
+ If this node is not configured, the value 'enabled' is
+ operationally used by the server for interfaces that do
+ not operate on top of any other interface (i.e., there are
+ no 'lower-layer-if' entries), and 'disabled' otherwise.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifLinkUpDownTrapEnable";
+ }
+
+ leaf admin-status {
+ if-feature if-mib;
+ type enumeration {
+ enum up {
+ value 1;
+ description
+ "Ready to pass packets.";
+ }
+ enum down {
+ value 2;
+ description
+ "Not ready to pass packets and not in some test mode.";
+ }
+ enum testing {
+ value 3;
+ description
+ "In some test mode.";
+ }
+ }
+ config false;
+ mandatory true;
+ description
+ "The desired state of the interface.
+
+ This leaf has the same read semantics as ifAdminStatus.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifAdminStatus";
+ }
+
+ leaf oper-status {
+ type enumeration {
+ enum up {
+ value 1;
+ description
+ "Ready to pass packets.";
+ }
+ enum down {
+ value 2;
+
+ description
+ "The interface does not pass any packets.";
+ }
+ enum testing {
+ value 3;
+ description
+ "In some test mode. No operational packets can
+ be passed.";
+ }
+ enum unknown {
+ value 4;
+ description
+ "Status cannot be determined for some reason.";
+ }
+ enum dormant {
+ value 5;
+ description
+ "Waiting for some external event.";
+ }
+ enum not-present {
+ value 6;
+ description
+ "Some component (typically hardware) is missing.";
+ }
+ enum lower-layer-down {
+ value 7;
+ description
+ "Down due to state of lower-layer interface(s).";
+ }
+ }
+ config false;
+ mandatory true;
+ description
+ "The current operational state of the interface.
+
+ This leaf has the same semantics as ifOperStatus.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOperStatus";
+ }
+
+ leaf last-change {
+ type yang:date-and-time;
+ config false;
+ description
+ "The time the interface entered its current operational
+ state. If the current state was entered prior to the
+ last re-initialization of the local network management
+ subsystem, then this node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifLastChange";
+ }
+
+ leaf if-index {
+ if-feature if-mib;
+ type int32 {
+ range "1..2147483647";
+ }
+ config false;
+ mandatory true;
+ description
+ "The ifIndex value for the ifEntry represented by this
+ interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifIndex";
+ }
+
+ leaf phys-address {
+ type yang:phys-address;
+ config false;
+ description
+ "The interface's address at its protocol sub-layer. For
+ example, for an 802.x interface, this object normally
+ contains a Media Access Control (MAC) address. The
+ interface's media-specific modules must define the bit
+ and byte ordering and the format of the value of this
+ object. For interfaces that do not have such an address
+ (e.g., a serial line), this node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifPhysAddress";
+ }
+
+ leaf-list higher-layer-if {
+ type interface-ref;
+ config false;
+ description
+ "A list of references to interfaces layered on top of this
+ interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifStackTable";
+ }
+
+ leaf-list lower-layer-if {
+ type interface-ref;
+ config false;
+
+ description
+ "A list of references to interfaces layered underneath this
+ interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifStackTable";
+ }
+
+ leaf speed {
+ type yang:gauge64;
+ units "bits/second";
+ config false;
+ description
+ "An estimate of the interface's current bandwidth in bits
+ per second. For interfaces that do not vary in
+ bandwidth or for those where no accurate estimation can
+ be made, this node should contain the nominal bandwidth.
+ For interfaces that have no concept of bandwidth, this
+ node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifSpeed, ifHighSpeed";
+ }
+
+ container statistics {
+ config false;
+ description
+ "A collection of interface-related statistics objects.";
+
+ leaf discontinuity-time {
+ type yang:date-and-time;
+ mandatory true;
+ description
+ "The time on the most recent occasion at which any one or
+ more of this interface's counters suffered a
+ discontinuity. If no such discontinuities have occurred
+ since the last re-initialization of the local management
+ subsystem, then this node contains the time the local
+ management subsystem re-initialized itself.";
+ }
+
+ leaf in-octets {
+ type yang:counter64;
+ description
+ "The total number of octets received on the interface,
+ including framing characters.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCInOctets";
+ }
+
+ leaf in-unicast-pkts {
+ type yang:counter64;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were not addressed to a
+ multicast or broadcast address at this sub-layer.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts";
+ }
+
+ leaf in-broadcast-pkts {
+ type yang:counter64;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were addressed to a broadcast
+ address at this sub-layer.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCInBroadcastPkts";
+ }
+
+ leaf in-multicast-pkts {
+ type yang:counter64;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were addressed to a multicast
+ address at this sub-layer. For a MAC-layer protocol,
+ this includes both Group and Functional addresses.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCInMulticastPkts";
+ }
+
+ leaf in-discards {
+ type yang:counter32;
+ description
+ "The number of inbound packets that were chosen to be
+ discarded even though no errors had been detected to
+ prevent their being deliverable to a higher-layer
+ protocol. One possible reason for discarding such a
+ packet could be to free up buffer space.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInDiscards";
+ }
+
+ leaf in-errors {
+ type yang:counter32;
+ description
+ "For packet-oriented interfaces, the number of inbound
+ packets that contained errors preventing them from being
+ deliverable to a higher-layer protocol. For character-
+ oriented or fixed-length interfaces, the number of
+ inbound transmission units that contained errors
+ preventing them from being deliverable to a higher-layer
+ protocol.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInErrors";
+ }
+
+ leaf in-unknown-protos {
+ type yang:counter32;
+
+ description
+ "For packet-oriented interfaces, the number of packets
+ received via the interface that were discarded because
+ of an unknown or unsupported protocol. For
+ character-oriented or fixed-length interfaces that
+ support protocol multiplexing, the number of
+ transmission units received via the interface that were
+ discarded because of an unknown or unsupported protocol.
+ For any interface that does not support protocol
+ multiplexing, this counter is not present.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos";
+ }
+
+ leaf out-octets {
+ type yang:counter64;
+ description
+ "The total number of octets transmitted out of the
+ interface, including framing characters.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCOutOctets";
+ }
+
+ leaf out-unicast-pkts {
+ type yang:counter64;
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were not addressed
+ to a multicast or broadcast address at this sub-layer,
+ including those that were discarded or not sent.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts";
+ }
+
+ leaf out-broadcast-pkts {
+ type yang:counter64;
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were addressed to a
+ broadcast address at this sub-layer, including those
+ that were discarded or not sent.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCOutBroadcastPkts";
+ }
+
+ leaf out-multicast-pkts {
+ type yang:counter64;
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were addressed to a
+ multicast address at this sub-layer, including those
+ that were discarded or not sent. For a MAC-layer
+ protocol, this includes both Group and Functional
+ addresses.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCOutMulticastPkts";
+ }
+
+ leaf out-discards {
+ type yang:counter32;
+ description
+ "The number of outbound packets that were chosen to be
+ discarded even though no errors had been detected to
+ prevent their being transmitted. One possible reason
+ for discarding such a packet could be to free up buffer
+ space.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOutDiscards";
+ }
+
+ leaf out-errors {
+ type yang:counter32;
+ description
+ "For packet-oriented interfaces, the number of outbound
+ packets that could not be transmitted because of errors.
+ For character-oriented or fixed-length interfaces, the
+ number of outbound transmission units that could not be
+ transmitted because of errors.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOutErrors";
+ }
+ }
+
+ }
+ }
+
+ /*
+ * Legacy typedefs
+ */
+
+ typedef interface-state-ref {
+ type leafref {
+ path "/if:interfaces-state/if:interface/if:name";
+ }
+ status deprecated;
+ description
+ "This type is used by data models that need to reference
+ the operationally present interfaces.";
+ }
+
+ /*
+ * Legacy operational state data nodes
+ */
+
+ container interfaces-state {
+ config false;
+ status deprecated;
+ description
+ "Data nodes for the operational state of interfaces.";
+
+ list interface {
+ key "name";
+ status deprecated;
+
+ description
+ "The list of interfaces on the device.
+
+ System-controlled interfaces created by the system are
+ always present in this list, whether or not they are
+ configured.";
+
+ leaf name {
+ type string;
+ status deprecated;
+ description
+ "The name of the interface.
+
+ A server implementation MAY map this leaf to the ifName
+ MIB object. Such an implementation needs to use some
+ mechanism to handle the differences in size and characters
+ allowed between this leaf and ifName. The definition of
+ such a mechanism is outside the scope of this document.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifName";
+ }
+
+ leaf type {
+ type identityref {
+ base interface-type;
+ }
+ mandatory true;
+ status deprecated;
+ description
+ "The type of the interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifType";
+ }
+
+ leaf admin-status {
+ if-feature if-mib;
+ type enumeration {
+ enum up {
+ value 1;
+ description
+ "Ready to pass packets.";
+ }
+ enum down {
+ value 2;
+ description
+ "Not ready to pass packets and not in some test mode.";
+ }
+ enum testing {
+ value 3;
+ description
+ "In some test mode.";
+ }
+ }
+ mandatory true;
+ status deprecated;
+ description
+ "The desired state of the interface.
+
+ This leaf has the same read semantics as ifAdminStatus.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifAdminStatus";
+ }
+
+ leaf oper-status {
+ type enumeration {
+ enum up {
+ value 1;
+ description
+ "Ready to pass packets.";
+ }
+ enum down {
+ value 2;
+ description
+ "The interface does not pass any packets.";
+ }
+ enum testing {
+ value 3;
+ description
+ "In some test mode. No operational packets can
+ be passed.";
+ }
+ enum unknown {
+ value 4;
+ description
+ "Status cannot be determined for some reason.";
+ }
+ enum dormant {
+ value 5;
+ description
+ "Waiting for some external event.";
+ }
+ enum not-present {
+ value 6;
+ description
+ "Some component (typically hardware) is missing.";
+ }
+ enum lower-layer-down {
+ value 7;
+ description
+ "Down due to state of lower-layer interface(s).";
+ }
+ }
+ mandatory true;
+ status deprecated;
+ description
+ "The current operational state of the interface.
+
+ This leaf has the same semantics as ifOperStatus.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOperStatus";
+ }
+
+ leaf last-change {
+ type yang:date-and-time;
+ status deprecated;
+ description
+ "The time the interface entered its current operational
+ state. If the current state was entered prior to the
+ last re-initialization of the local network management
+ subsystem, then this node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifLastChange";
+ }
+
+ leaf if-index {
+ if-feature if-mib;
+ type int32 {
+ range "1..2147483647";
+ }
+ mandatory true;
+ status deprecated;
+ description
+ "The ifIndex value for the ifEntry represented by this
+ interface.";
+
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifIndex";
+ }
+
+ leaf phys-address {
+ type yang:phys-address;
+ status deprecated;
+ description
+ "The interface's address at its protocol sub-layer. For
+ example, for an 802.x interface, this object normally
+ contains a Media Access Control (MAC) address. The
+ interface's media-specific modules must define the bit
+ and byte ordering and the format of the value of this
+ object. For interfaces that do not have such an address
+ (e.g., a serial line), this node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifPhysAddress";
+ }
+
+ leaf-list higher-layer-if {
+ type interface-state-ref;
+ status deprecated;
+ description
+ "A list of references to interfaces layered on top of this
+ interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifStackTable";
+ }
+
+ leaf-list lower-layer-if {
+ type interface-state-ref;
+ status deprecated;
+ description
+ "A list of references to interfaces layered underneath this
+ interface.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifStackTable";
+ }
+
+ leaf speed {
+ type yang:gauge64;
+ units "bits/second";
+ status deprecated;
+ description
+ "An estimate of the interface's current bandwidth in bits
+ per second. For interfaces that do not vary in
+ bandwidth or for those where no accurate estimation can
+
+ be made, this node should contain the nominal bandwidth.
+ For interfaces that have no concept of bandwidth, this
+ node is not present.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifSpeed, ifHighSpeed";
+ }
+
+ container statistics {
+ status deprecated;
+ description
+ "A collection of interface-related statistics objects.";
+
+ leaf discontinuity-time {
+ type yang:date-and-time;
+ mandatory true;
+ status deprecated;
+ description
+ "The time on the most recent occasion at which any one or
+ more of this interface's counters suffered a
+ discontinuity. If no such discontinuities have occurred
+ since the last re-initialization of the local management
+ subsystem, then this node contains the time the local
+ management subsystem re-initialized itself.";
+ }
+
+ leaf in-octets {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The total number of octets received on the interface,
+ including framing characters.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCInOctets";
+ }
+
+ leaf in-unicast-pkts {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were not addressed to a
+ multicast or broadcast address at this sub-layer.
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts";
+ }
+
+ leaf in-broadcast-pkts {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were addressed to a broadcast
+ address at this sub-layer.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCInBroadcastPkts";
+ }
+
+ leaf in-multicast-pkts {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The number of packets, delivered by this sub-layer to a
+ higher (sub-)layer, that were addressed to a multicast
+ address at this sub-layer. For a MAC-layer protocol,
+ this includes both Group and Functional addresses.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCInMulticastPkts";
+ }
+
+ leaf in-discards {
+ type yang:counter32;
+ status deprecated;
+
+ description
+ "The number of inbound packets that were chosen to be
+ discarded even though no errors had been detected to
+ prevent their being deliverable to a higher-layer
+ protocol. One possible reason for discarding such a
+ packet could be to free up buffer space.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInDiscards";
+ }
+
+ leaf in-errors {
+ type yang:counter32;
+ status deprecated;
+ description
+ "For packet-oriented interfaces, the number of inbound
+ packets that contained errors preventing them from being
+ deliverable to a higher-layer protocol. For character-
+ oriented or fixed-length interfaces, the number of
+ inbound transmission units that contained errors
+ preventing them from being deliverable to a higher-layer
+ protocol.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInErrors";
+ }
+
+ leaf in-unknown-protos {
+ type yang:counter32;
+ status deprecated;
+ description
+ "For packet-oriented interfaces, the number of packets
+ received via the interface that were discarded because
+ of an unknown or unsupported protocol. For
+ character-oriented or fixed-length interfaces that
+ support protocol multiplexing, the number of
+ transmission units received via the interface that were
+ discarded because of an unknown or unsupported protocol.
+ For any interface that does not support protocol
+ multiplexing, this counter is not present.
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos";
+ }
+
+ leaf out-octets {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The total number of octets transmitted out of the
+ interface, including framing characters.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCOutOctets";
+ }
+
+ leaf out-unicast-pkts {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were not addressed
+ to a multicast or broadcast address at this sub-layer,
+ including those that were discarded or not sent.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts";
+ }
+
+ leaf out-broadcast-pkts {
+ type yang:counter64;
+ status deprecated;
+
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were addressed to a
+ broadcast address at this sub-layer, including those
+ that were discarded or not sent.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCOutBroadcastPkts";
+ }
+
+ leaf out-multicast-pkts {
+ type yang:counter64;
+ status deprecated;
+ description
+ "The total number of packets that higher-level protocols
+ requested be transmitted and that were addressed to a
+ multicast address at this sub-layer, including those
+ that were discarded or not sent. For a MAC-layer
+ protocol, this includes both Group and Functional
+ addresses.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB -
+ ifHCOutMulticastPkts";
+ }
+
+ leaf out-discards {
+ type yang:counter32;
+ status deprecated;
+ description
+ "The number of outbound packets that were chosen to be
+ discarded even though no errors had been detected to
+ prevent their being transmitted. One possible reason
+ for discarding such a packet could be to free up buffer
+ space.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOutDiscards";
+ }
+
+ leaf out-errors {
+ type yang:counter32;
+ status deprecated;
+ description
+ "For packet-oriented interfaces, the number of outbound
+ packets that could not be transmitted because of errors.
+ For character-oriented or fixed-length interfaces, the
+ number of outbound transmission units that could not be
+ transmitted because of errors.
+
+ Discontinuities in the value of this counter can occur
+ at re-initialization of the management system and at
+ other times as indicated by the value of
+ 'discontinuity-time'.";
+ reference
+ "RFC 2863: The Interfaces Group MIB - ifOutErrors";
+ }
+ }
+ }
+ }
+}
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-packet-fields@2019-03-04.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-packet-fields@2019-03-04.yang
new file mode 100644
index 0000000000000000000000000000000000000000..2fb797bd87bf4ed825f83ec788df707b94c5f68b
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-packet-fields@2019-03-04.yang
@@ -0,0 +1,576 @@
+module ietf-packet-fields {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
+ prefix packet-fields;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-yang-types {
+ prefix yang;
+ reference
+ "RFC 6991 - Common YANG Data Types.";
+ }
+
+ import ietf-ethertypes {
+ prefix eth;
+ reference
+ "RFC 8519 - YANG Data Model for Network Access Control
+ Lists (ACLs).";
+ }
+
+ organization
+ "IETF NETMOD (Network Modeling) Working Group.";
+
+ contact
+ "WG Web: <https://datatracker.ietf.org/wg/netmod/>
+ WG List: netmod@ietf.org
+
+ Editor: Mahesh Jethanandani
+ mjethanandani@gmail.com
+ Editor: Lisa Huang
+ huangyi_99@yahoo.com
+ Editor: Sonal Agarwal
+ sagarwal12@gmail.com
+ Editor: Dana Blair
+ dana@blairhome.com";
+
+ description
+ "This YANG module defines groupings that are used by
+ the ietf-access-control-list YANG module. Their usage
+ is not limited to ietf-access-control-list and can be
+ used anywhere as applicable.
+
+ Copyright (c) 2019 IETF Trust and the persons identified as
+ the document authors. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 8519; see
+ the RFC itself for full legal notices.";
+
+ revision 2019-03-04 {
+ description
+ "Initial version.";
+ reference
+ "RFC 8519: YANG Data Model for Network Access Control
+ Lists (ACLs).";
+ }
+
+ /*
+ * Typedefs
+ */
+ typedef operator {
+ type enumeration {
+ enum lte {
+ description
+ "Less than or equal to.";
+ }
+ enum gte {
+ description
+ "Greater than or equal to.";
+ }
+ enum eq {
+ description
+ "Equal to.";
+ }
+ enum neq {
+ description
+ "Not equal to.";
+ }
+ }
+ description
+ "The source and destination port range definitions
+ can be further qualified using an operator. An
+ operator is needed only if the lower-port is specified
+ and the upper-port is not specified. The operator
+ therefore further qualifies the lower-port only.";
+ }
+
+ /*
+ * Groupings
+ */
+ grouping port-range-or-operator {
+ choice port-range-or-operator {
+ case range {
+ leaf lower-port {
+ type inet:port-number;
+ must '. <= ../upper-port' {
+ error-message
+ "The lower-port must be less than or equal to
+ the upper-port.";
+ }
+ mandatory true;
+ description
+ "Lower boundary for a port.";
+ }
+ leaf upper-port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Upper boundary for a port.";
+ }
+ }
+ case operator {
+ leaf operator {
+ type operator;
+ default "eq";
+ description
+ "Operator to be applied on the port below.";
+ }
+ leaf port {
+ type inet:port-number;
+ mandatory true;
+ description
+ "Port number along with the operator on which to
+ match.";
+ }
+ }
+ description
+ "Choice of specifying a port range or a single
+ port along with an operator.";
+ }
+ description
+ "Grouping for port definitions in the form of a
+ choice statement.";
+ }
+
+ grouping acl-ip-header-fields {
+ description
+ "IP header fields common to IPv4 and IPv6";
+ reference
+ "RFC 791: Internet Protocol.";
+
+ leaf dscp {
+ type inet:dscp;
+ description
+ "Differentiated Services Code Point.";
+ reference
+ "RFC 2474: Definition of the Differentiated Services
+ Field (DS Field) in the IPv4 and IPv6
+ Headers.";
+ }
+
+ leaf ecn {
+ type uint8 {
+ range "0..3";
+ }
+ description
+ "Explicit Congestion Notification.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+
+ leaf length {
+ type uint16;
+ description
+ "In the IPv4 header field, this field is known as the Total
+ Length. Total Length is the length of the datagram, measured
+ in octets, including internet header and data.
+
+ In the IPv6 header field, this field is known as the Payload
+ Length, which is the length of the IPv6 payload, i.e., the rest
+ of the packet following the IPv6 header, in octets.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+ leaf ttl {
+ type uint8;
+ description
+ "This field indicates the maximum time the datagram is allowed
+ to remain in the internet system. If this field contains the
+ value zero, then the datagram must be dropped.
+
+ In IPv6, this field is known as the Hop Limit.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+ leaf protocol {
+ type uint8;
+ description
+ "Internet Protocol number. Refers to the protocol of the
+ payload. In IPv6, this field is known as 'next-header',
+ and if extension headers are present, the protocol is
+ present in the 'upper-layer' header.";
+ reference
+ "RFC 791: Internet Protocol
+ RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
+ }
+ }
+
+ grouping acl-ipv4-header-fields {
+ description
+ "Fields in the IPv4 header.";
+ leaf ihl {
+ type uint8 {
+ range "5..60";
+ }
+ description
+ "In an IPv4 header field, the Internet Header Length (IHL) is
+ the length of the internet header in 32-bit words and
+ thus points to the beginning of the data. Note that the
+ minimum value for a correct header is 5.";
+ }
+ leaf flags {
+ type bits {
+ bit reserved {
+ position 0;
+ description
+ "Reserved. Must be zero.";
+ }
+ bit fragment {
+ position 1;
+ description
+ "Setting the value to 0 indicates may fragment, while
+ setting the value to 1 indicates do not fragment.";
+ }
+ bit more {
+ position 2;
+ description
+ "Setting the value to 0 indicates this is the last fragment,
+ and setting the value to 1 indicates more fragments are
+ coming.";
+ }
+ }
+ description
+ "Bit definitions for the Flags field in the IPv4 header.";
+ }
+ leaf offset {
+ type uint16 {
+ range "20..65535";
+ }
+ description
+ "The fragment offset is measured in units of 8 octets (64 bits).
+ The first fragment has offset zero. The length is 13 bits";
+ }
+ leaf identification {
+ type uint16;
+ description
+ "An identifying value assigned by the sender to aid in
+ assembling the fragments of a datagram.";
+ }
+
+ choice destination-network {
+ case destination-ipv4-network {
+ leaf destination-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Destination IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv4 address or
+ referring to a group of IPv4 destination addresses.";
+ }
+
+ choice source-network {
+ case source-ipv4-network {
+ leaf source-ipv4-network {
+ type inet:ipv4-prefix;
+ description
+ "Source IPv4 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv4 address or
+ referring to a group of IPv4 source addresses.";
+ }
+ }
+
+ grouping acl-ipv6-header-fields {
+ description
+ "Fields in the IPv6 header.";
+
+ choice destination-network {
+ case destination-ipv6-network {
+ leaf destination-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Destination IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a destination IPv6 address
+ or referring to a group of IPv6 destination
+ addresses.";
+ }
+
+ choice source-network {
+ case source-ipv6-network {
+ leaf source-ipv6-network {
+ type inet:ipv6-prefix;
+ description
+ "Source IPv6 address prefix.";
+ }
+ }
+ description
+ "Choice of specifying a source IPv6 address or
+ referring to a group of IPv6 source addresses.";
+ }
+
+ leaf flow-label {
+ type inet:ipv6-flow-label;
+ description
+ "IPv6 Flow label.";
+ }
+ reference
+ "RFC 4291: IP Version 6 Addressing Architecture
+ RFC 4007: IPv6 Scoped Address Architecture
+ RFC 5952: A Recommendation for IPv6 Address Text
+ Representation.";
+ }
+
+ grouping acl-eth-header-fields {
+ description
+ "Fields in the Ethernet header.";
+ leaf destination-mac-address {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 Media Access Control (MAC)
+ address.";
+ }
+ leaf destination-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address mask.";
+ }
+ leaf source-mac-address {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address.";
+ }
+ leaf source-mac-address-mask {
+ type yang:mac-address;
+ description
+ "Source IEEE 802 MAC address mask.";
+ }
+ leaf ethertype {
+ type eth:ethertype;
+ description
+ "The Ethernet Type (or Length) value represented
+ in the canonical order defined by IEEE 802.
+ The canonical representation uses lowercase
+ characters.";
+ reference
+ "IEEE 802-2014, Clause 9.2.";
+ }
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan
+ Area Networks: Overview and Architecture.";
+ }
+
+ grouping acl-tcp-header-fields {
+ description
+ "Collection of TCP header fields that can be used to
+ set up a match filter.";
+ leaf sequence-number {
+ type uint32;
+ description
+ "Sequence number that appears in the packet.";
+ }
+ leaf acknowledgement-number {
+ type uint32;
+ description
+ "The acknowledgement number that appears in the
+ packet.";
+ }
+ leaf data-offset {
+ type uint8 {
+ range "5..15";
+ }
+ description
+ "Specifies the size of the TCP header in 32-bit
+ words. The minimum size header is 5 words and
+ the maximum is 15 words; thus, this gives a
+ minimum size of 20 bytes and a maximum of 60
+ bytes, allowing for up to 40 bytes of options
+ in the header.";
+ }
+ leaf reserved {
+ type uint8;
+ description
+ "Reserved for future use.";
+ }
+ leaf flags {
+ type bits {
+ bit cwr {
+ position 1;
+ description
+ "The Congestion Window Reduced (CWR) flag is set
+ by the sending host to indicate that it received
+ a TCP segment with the ECN-Echo (ECE) flag set
+ and had responded in the congestion control
+ mechanism.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit ece {
+ position 2;
+ description
+ "ECN-Echo has a dual role, depending on the value
+ of the SYN flag. It indicates the following: if
+ the SYN flag is set (1), the TCP peer is ECN
+ capable, and if the SYN flag is clear (0), a packet
+ with the Congestion Experienced flag set (ECN=11)
+ in the IP header was received during normal
+ transmission (added to the header by RFC 3168).
+ This serves as an indication of network congestion
+ (or impending congestion) to the TCP sender.";
+ reference
+ "RFC 3168: The Addition of Explicit Congestion
+ Notification (ECN) to IP.";
+ }
+ bit urg {
+ position 3;
+ description
+ "Indicates that the Urgent Pointer field is significant.";
+ }
+ bit ack {
+ position 4;
+ description
+ "Indicates that the Acknowledgement field is significant.
+ All packets after the initial SYN packet sent by the
+ client should have this flag set.";
+ }
+ bit psh {
+ position 5;
+ description
+ "Push function. Asks to push the buffered data to the
+ receiving application.";
+ }
+ bit rst {
+ position 6;
+ description
+ "Reset the connection.";
+ }
+ bit syn {
+ position 7;
+ description
+ "Synchronize sequence numbers. Only the first packet
+ sent from each end should have this flag set. Some
+ other flags and fields change meaning based on this
+ flag, and some are only valid for when it is set,
+ and others when it is clear.";
+ }
+ bit fin {
+ position 8;
+ description
+ "Last package from the sender.";
+ }
+ }
+ description
+ "Also known as Control Bits. Contains nine 1-bit flags.";
+ reference
+ "RFC 793: Transmission Control Protocol.";
+ }
+ leaf window-size {
+ type uint16;
+ units "bytes";
+ description
+ "The size of the receive window, which specifies
+ the number of window size units beyond the segment
+ identified by the sequence number in the Acknowledgement
+ field that the sender of this segment is currently
+ willing to receive.";
+ }
+ leaf urgent-pointer {
+ type uint16;
+ description
+ "This field is an offset from the sequence number
+ indicating the last urgent data byte.";
+ }
+ leaf options {
+ type binary {
+ length "1..40";
+ }
+ description
+ "The length of this field is determined by the
+ Data Offset field. Options have up to three
+ fields: Option-Kind (1 byte), Option-Length
+ (1 byte), and Option-Data (variable). The Option-Kind
+ field indicates the type of option and is the
+ only field that is not optional. Depending on
+ what kind of option we are dealing with,
+ the next two fields may be set: the Option-Length
+ field indicates the total length of the option,
+ and the Option-Data field contains the value of
+ the option, if applicable.";
+ }
+ }
+
+ grouping acl-udp-header-fields {
+ description
+ "Collection of UDP header fields that can be used
+ to set up a match filter.";
+ leaf length {
+ type uint16;
+ description
+ "A field that specifies the length in bytes of
+ the UDP header and UDP data. The minimum
+ length is 8 bytes because that is the length of
+ the header. The field size sets a theoretical
+ limit of 65,535 bytes (8-byte header plus 65,527
+ bytes of data) for a UDP datagram. However, the
+ actual limit for the data length, which is
+ imposed by the underlying IPv4 protocol, is
+ 65,507 bytes (65,535 minus 8-byte UDP header
+ minus 20-byte IP header).
+
+ In IPv6 jumbograms, it is possible to have
+ UDP packets of a size greater than 65,535 bytes.
+ RFC 2675 specifies that the Length field is set
+ to zero if the length of the UDP header plus
+ UDP data is greater than 65,535.";
+ }
+ }
+
+ grouping acl-icmp-header-fields {
+ description
+ "Collection of ICMP header fields that can be
+ used to set up a match filter.";
+ leaf type {
+ type uint8;
+ description
+ "Also known as control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specification.";
+ }
+ leaf code {
+ type uint8;
+ description
+ "ICMP subtype. Also known as control messages.";
+ reference
+ "RFC 792: Internet Control Message Protocol
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specification.";
+ }
+ leaf rest-of-header {
+ type binary;
+ description
+ "Unbounded in length, the contents vary based on the
+ ICMP type and code. Also referred to as 'Message Body'
+ in ICMPv6.";
+ reference
+ "RFC 792: Internet Control Message Protocol
+ RFC 4443: Internet Control Message Protocol (ICMPv6)
+ for Internet Protocol Version 6 (IPv6)
+ Specification.";
+ }
+ }
+}
diff --git a/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-yang-types@2013-07-15.yang b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-yang-types@2013-07-15.yang
new file mode 100644
index 0000000000000000000000000000000000000000..956562a7b342055127961732d8bde4be21c80d7d
--- /dev/null
+++ b/src/nbi/service/rest_server/nbi_plugins/ietf_acl/yang/ietf-yang-types@2013-07-15.yang
@@ -0,0 +1,475 @@
+ module ietf-yang-types {
+
+ namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types";
+ prefix "yang";
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module contains a collection of generally useful derived
+ YANG data types.
+
+ Copyright (c) 2013 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 6991; see
+ the RFC itself for full legal notices.";
+
+ revision 2013-07-15 {
+ description
+ "This revision adds the following new data types:
+ - yang-identifier
+ - hex-string
+ - uuid
+ - dotted-quad";
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ revision 2010-09-24 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 6021: Common YANG Data Types";
+ }
+
+ /*** collection of counter and gauge types ***/
+
+ typedef counter32 {
+ type uint32;
+ description
+ "The counter32 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^32-1 (4294967295 decimal), when it
+ wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the creation of
+ a schema node of type counter32 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter32 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter32.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter32 {
+ type yang:counter32;
+ default "0";
+ description
+ "The zero-based-counter32 type represents a counter32
+ that has the defined 'initial' value zero.
+
+ A schema node of this type will be set to zero (0) on creation
+ and will thereafter increase monotonically until it reaches
+ a maximum value of 2^32-1 (4294967295 decimal), when it
+ wraps around and starts increasing again from zero.
+
+ Provided that an application discovers a new schema node
+ of this type within the minimum time to wrap, it can use the
+ 'initial' value as a delta. It is important for a management
+ station to be aware of this minimum time and the actual time
+ between polls, and to discard data if the actual time is too
+ long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter32 textual convention of the SMIv2.";
+ reference
+ "RFC 4502: Remote Network Monitoring Management Information
+ Base Version 2";
+ }
+
+ typedef counter64 {
+ type uint64;
+ description
+ "The counter64 type represents a non-negative integer
+ that monotonically increases until it reaches a
+ maximum value of 2^64-1 (18446744073709551615 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Counters have no defined 'initial' value, and thus, a
+ single value of a counter has (in general) no information
+ content. Discontinuities in the monotonically increasing
+ value normally occur at re-initialization of the
+ management system, and at other times as specified in the
+ description of a schema node using this type. If such
+ other times can occur, for example, the creation of
+ a schema node of type counter64 at times other than
+ re-initialization, then a corresponding schema node
+ should be defined, with an appropriate type, to indicate
+ the last discontinuity.
+
+ The counter64 type should not be used for configuration
+ schema nodes. A default statement SHOULD NOT be used in
+ combination with the type counter64.
+
+ In the value set and its semantics, this type is equivalent
+ to the Counter64 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef zero-based-counter64 {
+ type yang:counter64;
+ default "0";
+ description
+ "The zero-based-counter64 type represents a counter64 that
+ has the defined 'initial' value zero.
+
+ A schema node of this type will be set to zero (0) on creation
+ and will thereafter increase monotonically until it reaches
+ a maximum value of 2^64-1 (18446744073709551615 decimal),
+ when it wraps around and starts increasing again from zero.
+
+ Provided that an application discovers a new schema node
+ of this type within the minimum time to wrap, it can use the
+ 'initial' value as a delta. It is important for a management
+ station to be aware of this minimum time and the actual time
+ between polls, and to discard data if the actual time is too
+ long or there is no defined minimum time.
+
+ In the value set and its semantics, this type is equivalent
+ to the ZeroBasedCounter64 textual convention of the SMIv2.";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ typedef gauge32 {
+ type uint32;
+ description
+ "The gauge32 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^32-1 (4294967295 decimal), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge32 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge32 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the Gauge32 type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef gauge64 {
+ type uint64;
+ description
+ "The gauge64 type represents a non-negative integer, which
+ may increase or decrease, but shall never exceed a maximum
+ value, nor fall below a minimum value. The maximum value
+ cannot be greater than 2^64-1 (18446744073709551615), and
+ the minimum value cannot be smaller than 0. The value of
+ a gauge64 has its maximum value whenever the information
+ being modeled is greater than or equal to its maximum
+ value, and has its minimum value whenever the information
+ being modeled is smaller than or equal to its minimum value.
+ If the information being modeled subsequently decreases
+ below (increases above) the maximum (minimum) value, the
+ gauge64 also decreases (increases).
+
+ In the value set and its semantics, this type is equivalent
+ to the CounterBasedGauge64 SMIv2 textual convention defined
+ in RFC 2856";
+ reference
+ "RFC 2856: Textual Conventions for Additional High Capacity
+ Data Types";
+ }
+
+ /*** collection of identifier-related types ***/
+
+ typedef object-identifier {
+ type string {
+ pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))'
+ + '(\.(0|([1-9]\d*)))*';
+ }
+ description
+ "The object-identifier type represents administratively
+ assigned names in a registration-hierarchical-name tree.
+
+ Values of this type are denoted as a sequence of numerical
+ non-negative sub-identifier values. Each sub-identifier
+ value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers
+ are separated by single dots and without any intermediate
+ whitespace.
+
+ The ASN.1 standard restricts the value space of the first
+ sub-identifier to 0, 1, or 2. Furthermore, the value space
+ of the second sub-identifier is restricted to the range
+ 0 to 39 if the first sub-identifier is 0 or 1. Finally,
+ the ASN.1 standard requires that an object identifier
+ has always at least two sub-identifiers. The pattern
+ captures these restrictions.
+
+ Although the number of sub-identifiers is not limited,
+ module designers should realize that there may be
+ implementations that stick with the SMIv2 limit of 128
+ sub-identifiers.
+
+ This type is a superset of the SMIv2 OBJECT IDENTIFIER type
+ since it is not restricted to 128 sub-identifiers. Hence,
+ this type SHOULD NOT be used to represent the SMIv2 OBJECT
+ IDENTIFIER type; the object-identifier-128 type SHOULD be
+ used instead.";
+ reference
+ "ISO9834-1: Information technology -- Open Systems
+ Interconnection -- Procedures for the operation of OSI
+ Registration Authorities: General procedures and top
+ arcs of the ASN.1 Object Identifier tree";
+ }
+
+ typedef object-identifier-128 {
+ type object-identifier {
+ pattern '\d*(\.\d*){1,127}';
+ }
+ description
+ "This type represents object-identifiers restricted to 128
+ sub-identifiers.
+
+ In the value set and its semantics, this type is equivalent
+ to the OBJECT IDENTIFIER type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef yang-identifier {
+ type string {
+ length "1..max";
+ pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*';
+ pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*';
+ }
+ description
+ "A YANG identifier string as defined by the 'identifier'
+ rule in Section 12 of RFC 6020. An identifier must
+ start with an alphabetic character or an underscore
+ followed by an arbitrary sequence of alphabetic or
+ numeric characters, underscores, hyphens, or dots.
+
+ A YANG identifier MUST NOT start with any possible
+ combination of the lowercase or uppercase character
+ sequence 'xml'.";
+ reference
+ "RFC 6020: YANG - A Data Modeling Language for the Network
+ Configuration Protocol (NETCONF)";
+ }
+
+ /*** collection of types related to date and time***/
+
+ typedef date-and-time {
+ type string {
+ pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?'
+ + '(Z|[\+\-]\d{2}:\d{2})';
+ }
+ description
+ "The date-and-time type is a profile of the ISO 8601
+ standard for representation of dates and times using the
+ Gregorian calendar. The profile is defined by the
+ date-time production in Section 5.6 of RFC 3339.
+
+ The date-and-time type is compatible with the dateTime XML
+ schema type with the following notable exceptions:
+
+ (a) The date-and-time type does not allow negative years.
+
+ (b) The date-and-time time-offset -00:00 indicates an unknown
+ time zone (see RFC 3339) while -00:00 and +00:00 and Z
+ all represent the same time zone in dateTime.
+
+ (c) The canonical format (see below) of data-and-time values
+ differs from the canonical format used by the dateTime XML
+ schema type, which requires all times to be in UTC using
+ the time-offset 'Z'.
+
+ This type is not equivalent to the DateAndTime textual
+ convention of the SMIv2 since RFC 3339 uses a different
+ separator between full-date and full-time and provides
+ higher resolution of time-secfrac.
+
+ The canonical format for date-and-time values with a known time
+ zone uses a numeric time zone offset that is calculated using
+ the device's configured known offset to UTC time. A change of
+ the device's offset to UTC time will cause date-and-time values
+ to change accordingly. Such changes might happen periodically
+ in case a server follows automatically daylight saving time
+ (DST) time zone offset changes. The canonical format for
+ date-and-time values with an unknown time zone (usually
+ referring to the notion of local time) uses the time-offset
+ -00:00.";
+ reference
+ "RFC 3339: Date and Time on the Internet: Timestamps
+ RFC 2579: Textual Conventions for SMIv2
+ XSD-TYPES: XML Schema Part 2: Datatypes Second Edition";
+ }
+
+ typedef timeticks {
+ type uint32;
+ description
+ "The timeticks type represents a non-negative integer that
+ represents the time, modulo 2^32 (4294967296 decimal), in
+ hundredths of a second between two epochs. When a schema
+ node is defined that uses this type, the description of
+ the schema node identifies both of the reference epochs.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeTicks type of the SMIv2.";
+ reference
+ "RFC 2578: Structure of Management Information Version 2
+ (SMIv2)";
+ }
+
+ typedef timestamp {
+ type yang:timeticks;
+ description
+ "The timestamp type represents the value of an associated
+ timeticks schema node at which a specific occurrence
+ happened. The specific occurrence must be defined in the
+ description of any schema node defined using this type. When
+ the specific occurrence occurred prior to the last time the
+ associated timeticks attribute was zero, then the timestamp
+ value is zero. Note that this requires all timestamp values
+ to be reset to zero when the value of the associated timeticks
+ attribute reaches 497+ days and wraps around to zero.
+
+ The associated timeticks schema node must be specified
+ in the description of any schema node using this type.
+
+ In the value set and its semantics, this type is equivalent
+ to the TimeStamp textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of generic address types ***/
+
+ typedef phys-address {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+
+ description
+ "Represents media- or physical-level addresses represented
+ as a sequence octets, each octet represented by two hexadecimal
+ numbers. Octets are separated by colons. The canonical
+ representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the PhysAddress textual convention of the SMIv2.";
+ reference
+ "RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ typedef mac-address {
+ type string {
+ pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}';
+ }
+ description
+ "The mac-address type represents an IEEE 802 MAC address.
+ The canonical representation uses lowercase characters.
+
+ In the value set and its semantics, this type is equivalent
+ to the MacAddress textual convention of the SMIv2.";
+ reference
+ "IEEE 802: IEEE Standard for Local and Metropolitan Area
+ Networks: Overview and Architecture
+ RFC 2579: Textual Conventions for SMIv2";
+ }
+
+ /*** collection of XML-specific types ***/
+
+ typedef xpath1.0 {
+ type string;
+ description
+ "This type represents an XPATH 1.0 expression.
+
+ When a schema node is defined that uses this type, the
+ description of the schema node MUST specify the XPath
+ context in which the XPath expression is evaluated.";
+ reference
+ "XPATH: XML Path Language (XPath) Version 1.0";
+ }
+
+ /*** collection of string types ***/
+
+ typedef hex-string {
+ type string {
+ pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?';
+ }
+
+ description
+ "A hexadecimal string with octets represented as hex digits
+ separated by colons. The canonical representation uses
+ lowercase characters.";
+ }
+
+ typedef uuid {
+ type string {
+ pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-'
+ + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}';
+ }
+ description
+ "A Universally Unique IDentifier in the string representation
+ defined in RFC 4122. The canonical representation uses
+ lowercase characters.
+
+ The following is an example of a UUID in string representation:
+ f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+ ";
+ reference
+ "RFC 4122: A Universally Unique IDentifier (UUID) URN
+ Namespace";
+ }
+
+ typedef dotted-quad {
+ type string {
+ pattern
+ '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}'
+ + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])';
+ }
+ description
+ "An unsigned 32-bit number expressed in the dotted-quad
+ notation, i.e., four octets written as decimal numbers
+ and separated with the '.' (full stop) character.";
+ }
+ }
diff --git a/src/nbi/tests/ietf_acl_client.py b/src/nbi/tests/ietf_acl_client.py
index aea784aa2b976a09a0a8999e0826ac8bf4fee291..155244a9261ec2a915512cd6e8f9f2df703b7868 100644
--- a/src/nbi/tests/ietf_acl_client.py
+++ b/src/nbi/tests/ietf_acl_client.py
@@ -22,7 +22,7 @@ ACL_URL = '{:s}/device={:s}/ietf-access-control-list:acl={:s}'
CSG1_DEVICE_UUID = '118295c8-318a-52ec-a394-529fc4b70f2f' # router: 128.32.10.1
ACL_NAME = 'sample-ipv4-acl'
-ACL_RULE = {"ietf-access-control-list": {"acls": {
+ACL_RULE = {"ietf-access-control-list:acls": {
"acl": [{
"name": "sample-ipv4-acl", "type": "ipv4-acl-type",
"aces": {"ace": [{
@@ -46,7 +46,7 @@ ACL_RULE = {"ietf-access-control-list": {"acls": {
"interface-id": "200",
"ingress": {"acl-sets": {"acl-set": [{"name": "sample-ipv4-acl"}]}}
}]
-}}}}
+}}}
class TfsIetfAclClient:
def __init__(
diff --git a/src/nbi/tests/test_yang_acl.py b/src/nbi/tests/test_yang_acl.py
new file mode 100644
index 0000000000000000000000000000000000000000..607001870fa69e79bd7ef53fa92d88bbf353e45e
--- /dev/null
+++ b/src/nbi/tests/test_yang_acl.py
@@ -0,0 +1,104 @@
+# Copyright 2022-2024 ETSI OSG/SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import copy, json, libyang, logging, os
+from typing import Dict, List, Optional
+
+LOGGER = logging.getLogger(__name__)
+
+YANG_DIR = os.path.join(os.path.dirname(__file__), 'yang')
+YANG_MODULES = [
+ 'ietf-yang-types',
+ 'ietf-interfaces',
+ 'iana-if-type',
+ 'ietf-access-control-list',
+]
+
+class YangValidator:
+ def __init__(self) -> None:
+ self._yang_context = libyang.Context(YANG_DIR)
+ for module_name in YANG_MODULES:
+ LOGGER.info('Loading module: {:s}'.format(str(module_name)))
+ yang_module = self._yang_context.load_module(module_name)
+ yang_module.feature_enable_all()
+ yang_module_prefix = yang_module.prefix()
+ LOGGER.info(' Prefix: {:s}'.format(str(yang_module_prefix)))
+
+ def parse_to_dict(self, message : Dict, interface_names : List[str]) -> Dict:
+ interfaces = self._yang_context.create_data_path('/ietf-interfaces:interfaces')
+ for if_index,interface_name in enumerate(interface_names):
+ if_path = 'interface[name="{:s}"]'.format(str(interface_name))
+ interface = interfaces.create_path(if_path)
+ interface.create_path('if-index', if_index + 1)
+ interface.create_path('type', 'iana-if-type:ethernetCsmacd')
+ interface.create_path('admin-status', 'up')
+ interface.create_path('oper-status', 'up')
+ statistics = interface.create_path('statistics')
+ statistics.create_path('discontinuity-time', '2024-07-11T10:00:00.000000Z')
+
+ message = copy.deepcopy(message)
+ message['ietf-interfaces:interfaces'] = interfaces.print_dict()['interfaces']
+
+ dnode : Optional[libyang.DNode] = self._yang_context.parse_data_mem(
+ json.dumps(message), 'json', validate_present=True, strict=True
+ )
+ if dnode is None: raise Exception('Unable to parse Message({:s})'.format(str(message)))
+ message = dnode.print_dict()
+ dnode.free()
+ interfaces.free()
+ return message
+
+ def destroy(self) -> None:
+ self._yang_context.destroy()
+ self._yang_context = None
+
+def main() -> None:
+ import uuid # pylint: disable=import-outside-toplevel
+ logging.basicConfig(level=logging.DEBUG)
+
+ interface_names = {'200', '500', str(uuid.uuid4()), str(uuid.uuid4())}
+ ACL_RULE = {"ietf-access-control-list:acls": {
+ "acl": [{
+ "name": "sample-ipv4-acl", "type": "ipv4-acl-type",
+ "aces": {"ace": [{
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "128.32.10.6/24",
+ "destination-ipv4-network": "172.10.33.0/24",
+ "dscp": 18
+ },
+ "tcp": {
+ "source-port": {"operator": "eq", "port": 1444},
+ "destination-port": {"operator": "eq", "port": 1333},
+ "flags": "syn"
+ }
+ },
+ "actions": {"forwarding": "drop"}
+ }]}
+ }],
+ "attachment-points": {"interface": [{
+ "interface-id": "200",
+ "ingress": {"acl-sets": {"acl-set": [{"name": "sample-ipv4-acl"}]}}
+ }]
+ }}}
+
+ yang_validator = YangValidator()
+ request_data = yang_validator.parse_to_dict(ACL_RULE, list(interface_names))
+ yang_validator.destroy()
+
+ LOGGER.info('request_data = {:s}'.format(str(request_data)))
+
+if __name__ == '__main__':
+ main()