diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa5009dc82f49783a871223ac52ac337fe52e33c..e11c8474ae5ec34838b346e4fc9fc87faea06edf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. + # stages of the cicd pipeline stages: #- dependencies diff --git a/proto/context.proto b/proto/context.proto index 320e553c59a9da18f4869041d16f637873bb937e..62b21b4497a2ac000ddc9405c8693e7490c35ce2 100644 --- a/proto/context.proto +++ b/proto/context.proto @@ -254,6 +254,7 @@ enum DeviceDriverEnum { DEVICEDRIVER_RYU = 18; DEVICEDRIVER_GNMI_NOKIA_SRLINUX = 19; DEVICEDRIVER_OPENROADM = 20; + DEVICEDRIVER_RESTCONF_OPENCONFIG = 21; } enum DeviceOperationalStatusEnum { diff --git a/scripts/run_tests_locally-device-restconf-openconfig.sh b/scripts/run_tests_locally-device-restconf-openconfig.sh new file mode 100755 index 0000000000000000000000000000000000000000..974d584b195a8337ee239caab935120e697c2a31 --- /dev/null +++ b/scripts/run_tests_locally-device-restconf-openconfig.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +PROJECTDIR=`pwd` + +cd $PROJECTDIR/src +RCFILE=$PROJECTDIR/coverage/.coveragerc + +# Run unitary tests and analyze coverage of code at same time +# helpful pytest flags: --log-level=INFO -o log_cli=true --verbose --maxfail=1 --durations=0 +coverage run --rcfile=$RCFILE --append -m pytest --log-level=DEBUG --verbose -o log_cli=true \ + device/tests/restconf_openconfig/test_unitary_restconf_openconfig.py diff --git a/src/common/DeviceTypes.py b/src/common/DeviceTypes.py index a8006b3da7dba0dc990574ff07f08816a6257712..948de0e98b42a4de9762d65c51690ea5e6dd96ef 100644 --- a/src/common/DeviceTypes.py +++ b/src/common/DeviceTypes.py @@ -33,6 +33,7 @@ class DeviceTypeEnum(Enum): EMULATED_OPEN_ROADM = 'emu-optical-openroadm' EMULATED_OPTICAL_SPLITTER = 'emu-optical-splitter' # passive component required for XR Constellation EMULATED_P4_SWITCH = 'emu-p4-switch' + EMULATED_PACKET_FIREWALL = 'emu-packet-firewall' EMULATED_PACKET_RADIO_ROUTER = 'emu-packet-radio-router' EMULATED_PACKET_ROUTER = 'emu-packet-router' EMULATED_PACKET_SWITCH = 'emu-packet-switch' @@ -51,6 +52,7 @@ class DeviceTypeEnum(Enum): OPTICAL_ROADM = 'optical-roadm' OPTICAL_TRANSPONDER = 'optical-transponder' P4_SWITCH = 'p4-switch' + PACKET_FIREWALL = 'packet-firewall' PACKET_POP = 'packet-pop' PACKET_RADIO_ROUTER = 'packet-radio-router' PACKET_ROUTER = 'packet-router' diff --git a/src/common/tools/rest_conf/client/RestConfClient.py b/src/common/tools/rest_conf/client/RestConfClient.py index 088bb4ae14c4308d11c07f4efb6e6ed1817995eb..953e68716b5c522145570aaa773c0942eb2fd6c5 100644 --- a/src/common/tools/rest_conf/client/RestConfClient.py +++ b/src/common/tools/rest_conf/client/RestConfClient.py @@ -61,6 +61,10 @@ class RestConfClient(RestApiClient): self._base_url = str(href).replace('//', '/') if self._restconf_version is not None: self._base_url += '/{:s}'.format(self._restconf_version) + if self._base_url.endswith('/data/'): + self._base_url = self._base_url.split('/data/')[0] + elif self._base_url.endswith('/data'): + self._base_url = self._base_url.split('/data')[0] def get( diff --git a/src/common/tools/rest_conf/server/restconf_server/Callbacks.py b/src/common/tools/rest_conf/server/restconf_server/Callbacks.py index e3e4d0f452434509f8caa083fb39d529e4f7efbd..04a8b8bd9cb4dca5908029918393abfa27780b38 100644 --- a/src/common/tools/rest_conf/server/restconf_server/Callbacks.py +++ b/src/common/tools/rest_conf/server/restconf_server/Callbacks.py @@ -38,7 +38,22 @@ class _Callback: ''' return self._path_pattern.fullmatch(path) - def execute_data( + def execute_data_pre_get( + self, match : re.Match, path : str, old_data : Optional[Dict] + ) -> bool: + ''' + Execute the callback action for a matched data path. + This method should be implemented for each specific callback. + @param match: `re.Match` object returned by `match()`. + @param path: Original request path that was matched. + @param old_data: Resource representation before retrieval, if applicable, otherwise `None` + @returns boolean indicating whether additional callbacks should be executed, defaults to False + ''' + MSG = 'match={:s}, path={:s}, old_data={:s}' + msg = MSG.format(match.groupdict(), path, old_data) + raise NotImplementedError(msg) + + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -78,14 +93,24 @@ class CallbackDispatcher: def register(self, callback : _Callback) -> None: self._callbacks.append(callback) - def dispatch_data( + def dispatch_data_pre_get( + self, path : str, old_data : Optional[Dict] = None + ) -> None: + LOGGER.warning('[dispatch_data_pre_get] Checking Callbacks for path={:s}'.format(str(path))) + for callback in self._callbacks: + match = callback.match(path) + if match is None: continue + keep_running_callbacks = callback.execute_data_pre_get(match, path, old_data) + if not keep_running_callbacks: break + + def dispatch_data_update( self, path : str, old_data : Optional[Dict] = None, new_data : Optional[Dict] = None ) -> None: - LOGGER.warning('[dispatch_data] Checking Callbacks for path={:s}'.format(str(path))) + LOGGER.warning('[dispatch_data_update] Checking Callbacks for path={:s}'.format(str(path))) for callback in self._callbacks: match = callback.match(path) if match is None: continue - keep_running_callbacks = callback.execute_data(match, path, old_data, new_data) + keep_running_callbacks = callback.execute_data_update(match, path, old_data, new_data) if not keep_running_callbacks: break def dispatch_operation( @@ -113,7 +138,7 @@ class CallbackOnNetwork(_Callback): pattern += r'/ietf-network:networks/network=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -127,7 +152,7 @@ class CallbackOnNode(_Callback): pattern += r'/node=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -141,7 +166,7 @@ class CallbackOnLink(_Callback): pattern += r'/ietf-network-topology:link=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -167,12 +192,12 @@ def main() -> None: callbacks.register(CallbackOnLink()) callbacks.register(CallbackShutdown()) - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin') - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin/node=P-PE2') - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin/ietf-network-topology:link=L6') - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin/') - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin/node=P-PE1/') - callbacks.dispatch_data('/restconf/data/ietf-network:networks/network=admin/ietf-network-topology:link=L4/') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin/node=P-PE2') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin/ietf-network-topology:link=L6') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin/') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin/node=P-PE1/') + callbacks.dispatch_data_update('/restconf/data/ietf-network:networks/network=admin/ietf-network-topology:link=L4/') callbacks.dispatch_operation('/restconf/operations/shutdown/') if __name__ == '__main__': diff --git a/src/common/tools/rest_conf/server/restconf_server/DispatchData.py b/src/common/tools/rest_conf/server/restconf_server/DispatchData.py index 89cb8206e9d2126e6e5ef78b9a9fa89a940cf038..0dff60d3a7075a43d3b3abf70be1039d54461560 100644 --- a/src/common/tools/rest_conf/server/restconf_server/DispatchData.py +++ b/src/common/tools/rest_conf/server/restconf_server/DispatchData.py @@ -31,6 +31,11 @@ class RestConfDispatchData(Resource): self._callback_dispatcher = callback_dispatcher def get(self, subpath : str = '/') -> Response: + data = self._yang_handler.get(subpath) + self._callback_dispatcher.dispatch_data_pre_get( + '/restconf/data/' + subpath, old_data=data + ) + data = self._yang_handler.get(subpath) if data is None: abort( @@ -70,7 +75,7 @@ class RestConfDispatchData(Resource): LOGGER.info('[POST] {:s} {:s} => {:s}'.format(subpath, str(payload), str(json_data))) - self._callback_dispatcher.dispatch_data( + self._callback_dispatcher.dispatch_data_update( '/restconf/data/' + subpath, old_data=None, new_data=json_data ) @@ -102,7 +107,7 @@ class RestConfDispatchData(Resource): diff_data = deepdiff.DeepDiff(old_data, new_data) updated = len(diff_data) > 0 - self._callback_dispatcher.dispatch_data( + self._callback_dispatcher.dispatch_data_update( '/restconf/data/' + subpath, old_data=old_data, new_data=new_data ) @@ -140,7 +145,7 @@ class RestConfDispatchData(Resource): #diff_data = deepdiff.DeepDiff(old_data, new_data) #updated = len(diff_data) > 0 - self._callback_dispatcher.dispatch_data( + self._callback_dispatcher.dispatch_data_update( '/restconf/data/' + subpath, old_data=old_data, new_data=new_data ) @@ -170,7 +175,7 @@ class RestConfDispatchData(Resource): description='Path({:s}) not found'.format(str(subpath)) ) - self._callback_dispatcher.dispatch_data( + self._callback_dispatcher.dispatch_data_update( '/restconf/data/' + subpath, old_data=old_data, new_data=None ) diff --git a/src/common/tools/rest_conf/server/restconf_server/RestConfServerApplication.py b/src/common/tools/rest_conf/server/restconf_server/RestConfServerApplication.py index 58384299cba8dfbee37dc776863d180153e83b45..1da9f7069b23e6034efc3406f24e7f14182c8137 100644 --- a/src/common/tools/rest_conf/server/restconf_server/RestConfServerApplication.py +++ b/src/common/tools/rest_conf/server/restconf_server/RestConfServerApplication.py @@ -63,6 +63,9 @@ class RestConfServerApplication: self._app.after_request(log_request) self._api = Api(self._app) + @property + def yang_handler(self): return self._yang_handler + @property def callback_dispatcher(self): return self._callback_dispatcher diff --git a/src/common/tools/rest_conf/server/restconf_server/YangHandler.py b/src/common/tools/rest_conf/server/restconf_server/YangHandler.py index 9df57528f93a9e599da259d30d9fb88f618346a9..22e5b63d7c15e67fb54ab157c13c784e95972b54 100644 --- a/src/common/tools/rest_conf/server/restconf_server/YangHandler.py +++ b/src/common/tools/rest_conf/server/restconf_server/YangHandler.py @@ -54,6 +54,12 @@ class YangHandler: json.dumps(yang_startup_data), fmt='json' ) + @property + def yang_context(self): return self._yang_context + + @property + def yang_datastore(self): return self._datastore + def destroy(self) -> None: self._yang_context.destroy() @@ -165,13 +171,20 @@ class YangHandler: name, val = part.split('=', 1) # keep original name (may include prefix) for output, but # use local name (without module prefix) to lookup schema - local_name = name.split(':', 1)[1] if ':' in name else name + local_name = name #.split(':', 1)[1] if ':' in name else name schema_path = schema_path + '/' + local_name if schema_path else '/' + local_name schema_nodes = list(self._yang_context.find_path(schema_path)) if len(schema_nodes) != 1: MSG = 'No/Multiple SchemaNodes({:s}) for SchemaPath({:s})' raise Exception(MSG.format( - str([repr(sn) for sn in schema_nodes]), schema_path + #str([repr(sn) for sn in schema_nodes]), schema_path + str([ + '{:s}({:s}) => {:s}'.format( + repr(sn), + str(sn.schema_path()), + str([repr(snn) for snn in sn.iter_tree()]) + ) + for sn in schema_nodes]), schema_path )) schema_node = schema_nodes[0] @@ -219,7 +232,7 @@ class YangHandler: out_parts.append(name + ''.join(preds)) else: - local_part = part.split(':', 1)[1] if ':' in part else part + local_part = part #.split(':', 1)[1] if ':' in part else part schema_path = schema_path + '/' + local_part if schema_path else '/' + local_part out_parts.append(part) diff --git a/src/common/tools/rest_conf/server/restconf_server/YangModelDiscoverer.py b/src/common/tools/rest_conf/server/restconf_server/YangModelDiscoverer.py index f31305280e45cf2ec00756cb4c2c4116e869246f..ff9ddee50923278e86c8ad52fb6f68f358dbbd2b 100644 --- a/src/common/tools/rest_conf/server/restconf_server/YangModelDiscoverer.py +++ b/src/common/tools/rest_conf/server/restconf_server/YangModelDiscoverer.py @@ -32,8 +32,14 @@ IMPORT_BLOCK_RE = re.compile(r"\bimport\s+([A-Za-z0-9_.-]+)\s*\{", re.IGNORECASE # import foo; (very rare, but we’ll support it) IMPORT_SEMI_RE = re.compile(r"\bimport\s+([A-Za-z0-9_.-]+)\s*;", re.IGNORECASE) +# include foo { ... } (most common form) +INCLUDE_BLOCK_RE = re.compile(r"\binclude\s+([A-Za-z0-9_.-]+)\s*\{", re.IGNORECASE) -def _parse_yang_file(path: Path) -> Tuple[Optional[str], Set[str]]: +# include foo; (very rare, but we’ll support it) +INCLUDE_SEMI_RE = re.compile(r"\binclude\s+([A-Za-z0-9_.-]+)\s*;", re.IGNORECASE) + + +def _parse_yang_file(path: Path) -> Tuple[Optional[str], Set[str], Set[str]]: path_stem = path.stem # file name without extension expected_module_name = path_stem.split('@', 1)[0] @@ -54,14 +60,20 @@ def _parse_yang_file(path: Path) -> Tuple[Optional[str], Set[str]]: raise Exception(MSG.format(str(module_name), str(expected_module_name))) module_imports = set() + module_includes = set() if module_name is not None: module_imports.update(IMPORT_BLOCK_RE.findall(data)) module_imports.update(IMPORT_SEMI_RE.findall(data)) + module_includes.update(INCLUDE_BLOCK_RE.findall(data)) + module_includes.update(INCLUDE_SEMI_RE.findall(data)) # ignore modules importing themselves, just in case module_imports.discard(module_name) - return module_name, module_imports + # ignore modules including themselves, just in case + module_includes.discard(module_name) + + return module_name, module_imports, module_includes class YangModuleDiscoverer: @@ -70,9 +82,9 @@ class YangModuleDiscoverer: self._module_to_paths : Dict[str, List[Path]] = defaultdict(list) self._module_to_imports : Dict[str, Set[str]] = defaultdict(set) + self._module_to_includes : Dict[str, Set[str]] = defaultdict(set) self._ordered_module_names : Optional[List[str]] = None - def run( self, do_print_order : bool = False, do_log_order : bool = False, logger : Optional[logging.Logger] = None, level : int = logging.INFO @@ -97,10 +109,30 @@ class YangModuleDiscoverer: raise Exception(MSG.format(str(self._yang_search_path))) for yang_path in yang_root.rglob('*.yang'): - module_name, module_imports = _parse_yang_file(yang_path) + module_name, module_imports, module_includes = _parse_yang_file(yang_path) if module_name is None: continue - self._module_to_paths[module_name].append(yang_path) - self._module_to_imports[module_name] = module_imports + self._module_to_paths.setdefault(module_name, list()).append(yang_path) + self._module_to_imports.setdefault(module_name, set()).update(module_imports) + self._module_to_includes.setdefault(module_name, set()).update(module_includes) + + # Propagate modules imported by included modules to modules including them: + # openconfig-platform includes openconfig-platform-common + # openconfig-platform-common imports ( + # openconfig-platform-types, openconfig-extensions, openconfig-types + # ) + # => propagate ( + # openconfig-platform-types, openconfig-extensions, openconfig-types + # ) as imports of openconfig-platform + # => remove openconfig-platform-common from list of modules_to_imports as + # cannot be imported by itself + included_modules : Set[str] = set() + for module_name, module_includes in self._module_to_includes.items(): + for inc_mdl_name in module_includes: + included_module_imports = self._module_to_imports.get(inc_mdl_name, set()) + self._module_to_imports.setdefault(module_name, set()).update(included_module_imports) + included_modules.update(module_includes) + for included_module in included_modules: + self._module_to_imports.pop(included_module) if len(self._module_to_paths) == 0: MSG = 'No modules found in Path({:s})' @@ -128,8 +160,8 @@ class YangModuleDiscoverer: def _check_missing_modules(self) -> None: local_module_names = set(self._module_to_imports.keys()) missing_modules : List[str] = list() - for module_name, imported_modules in self._module_to_imports.items(): - missing = imported_modules.difference(local_module_names) + for module_name, module_imports in self._module_to_imports.items(): + missing = module_imports.difference(local_module_names) if len(missing) == 0: continue missing_modules.append( ' {:s} => {:s}'.format(module_name, str(missing)) @@ -143,8 +175,8 @@ class YangModuleDiscoverer: def _sort_modules(self) -> None: ts = TopologicalSorter() - for module_name, imported_modules in self._module_to_imports.items(): - ts.add(module_name, *imported_modules) + for module_name, module_imports in self._module_to_imports.items(): + ts.add(module_name, *module_imports) try: self._ordered_module_names = list(ts.static_order()) # raises CycleError on cycles diff --git a/src/common/type_checkers/Assertions.py b/src/common/type_checkers/Assertions.py index 478186059c542dec6d6197f8bce2addccfc25200..4ceb620a5430ecae9bc34d93678b9d4b048d4d8e 100644 --- a/src/common/type_checkers/Assertions.py +++ b/src/common/type_checkers/Assertions.py @@ -58,6 +58,8 @@ def validate_device_driver_enum(message): 'DEVICEDRIVER_MORPHEUS', 'DEVICEDRIVER_RYU', 'DEVICEDRIVER_GNMI_NOKIA_SRLINUX', + 'DEVICEDRIVER_OPENROADM', + 'DEVICEDRIVER_GNMI_OPENCONFIG', ] def validate_device_operational_status_enum(message): diff --git a/src/context/service/database/models/enums/DeviceDriver.py b/src/context/service/database/models/enums/DeviceDriver.py index faa8ace3af721368e843fd95a604f029d5534371..7f45d82ec6b264761fbb92fb19d1f21afcb868ea 100644 --- a/src/context/service/database/models/enums/DeviceDriver.py +++ b/src/context/service/database/models/enums/DeviceDriver.py @@ -43,6 +43,7 @@ class ORM_DeviceDriverEnum(enum.Enum): RYU = DeviceDriverEnum.DEVICEDRIVER_RYU GNMI_NOKIA_SRLINUX = DeviceDriverEnum.DEVICEDRIVER_GNMI_NOKIA_SRLINUX OPENROADM = DeviceDriverEnum.DEVICEDRIVER_OPENROADM + RESTCONF_OPENCONFIG = DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG grpc_to_enum__device_driver = functools.partial( grpc_to_enum, DeviceDriverEnum, ORM_DeviceDriverEnum) diff --git a/src/device/service/drivers/__init__.py b/src/device/service/drivers/__init__.py index ba5298292fbccb04381050c82c388fa2d3ee39c7..ff0419a3e50d64141e6dd6b3d2cf5bccd4fbf6ab 100644 --- a/src/device/service/drivers/__init__.py +++ b/src/device/service/drivers/__init__.py @@ -249,3 +249,24 @@ if LOAD_ALL_DEVICE_DRIVERS: FilterFieldEnum.DRIVER : DeviceDriverEnum.DEVICEDRIVER_QKD, } ])) + +if LOAD_ALL_DEVICE_DRIVERS: + # pylint: disable=wrong-import-position + from .restconf_openconfig.RestConfOpenConfigDriver import RestConfOpenConfigDriver + DRIVERS.append( + (RestConfOpenConfigDriver, [ + { + FilterFieldEnum.DEVICE_TYPE: [ + DeviceTypeEnum.CLIENT, + DeviceTypeEnum.DATACENTER, + DeviceTypeEnum.EMULATED_CLIENT, + DeviceTypeEnum.EMULATED_COMPUTER, + DeviceTypeEnum.EMULATED_DATACENTER, + DeviceTypeEnum.EMULATED_PACKET_FIREWALL, + DeviceTypeEnum.EMULATED_VIRTUAL_MACHINE, + DeviceTypeEnum.NETWORK, + DeviceTypeEnum.PACKET_FIREWALL, + ], + FilterFieldEnum.DRIVER : DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG, + } + ])) diff --git a/src/device/service/drivers/ietf_l2vpn/TfsApiClient.py b/src/device/service/drivers/ietf_l2vpn/TfsApiClient.py index ac210671608f5f764e82c3a3288459f086d080ac..1b906b82000f5f8ab421e2bb34fa6686468a8f5d 100644 --- a/src/device/service/drivers/ietf_l2vpn/TfsApiClient.py +++ b/src/device/service/drivers/ietf_l2vpn/TfsApiClient.py @@ -47,6 +47,9 @@ MAPPING_DRIVER = { 'DEVICEDRIVER_SMARTNIC' : 16, 'DEVICEDRIVER_MORPHEUS' : 17, 'DEVICEDRIVER_RYU' : 18, + 'DEVICEDRIVER_GNMI_NOKIA_SRLINUX' : 19, + 'DEVICEDRIVER_OPENROADM' : 20, + 'DEVICEDRIVER_RESTCONF_OPENCONFIG' : 21, } LOGGER = logging.getLogger(__name__) diff --git a/src/device/service/drivers/ietf_l3vpn/TfsApiClient.py b/src/device/service/drivers/ietf_l3vpn/TfsApiClient.py index de695685cbf9b85d3e3f020df3f83d5acd0f1fdf..c984c1adf2200b6150a5b59e416c85bf0ec7cdb3 100644 --- a/src/device/service/drivers/ietf_l3vpn/TfsApiClient.py +++ b/src/device/service/drivers/ietf_l3vpn/TfsApiClient.py @@ -53,6 +53,9 @@ MAPPING_DRIVER = { 'DEVICEDRIVER_SMARTNIC' : 16, 'DEVICEDRIVER_MORPHEUS' : 17, 'DEVICEDRIVER_RYU' : 18, + 'DEVICEDRIVER_GNMI_NOKIA_SRLINUX' : 19, + 'DEVICEDRIVER_OPENROADM' : 20, + 'DEVICEDRIVER_RESTCONF_OPENCONFIG' : 21, } diff --git a/src/device/service/drivers/ietf_slice/TfsApiClient.py b/src/device/service/drivers/ietf_slice/TfsApiClient.py index 08c9b78e06a6797bde1be175ba1dd9b2eeebc0a6..0388e91057ad7d65631f66d495112de03f02b72d 100644 --- a/src/device/service/drivers/ietf_slice/TfsApiClient.py +++ b/src/device/service/drivers/ietf_slice/TfsApiClient.py @@ -54,6 +54,9 @@ MAPPING_DRIVER = { 'DEVICEDRIVER_SMARTNIC' : 16, 'DEVICEDRIVER_MORPHEUS' : 17, 'DEVICEDRIVER_RYU' : 18, + 'DEVICEDRIVER_GNMI_NOKIA_SRLINUX' : 19, + 'DEVICEDRIVER_OPENROADM' : 20, + 'DEVICEDRIVER_RESTCONF_OPENCONFIG' : 21, } diff --git a/src/device/service/drivers/optical_tfs/TfsApiClient.py b/src/device/service/drivers/optical_tfs/TfsApiClient.py index 79802fcf6d2708fe12fceccd68c0b1460c1e5ef8..59126c7b1734a3cc298c26cfdebc5aaa904e02b9 100644 --- a/src/device/service/drivers/optical_tfs/TfsApiClient.py +++ b/src/device/service/drivers/optical_tfs/TfsApiClient.py @@ -55,6 +55,9 @@ MAPPING_DRIVER = { 'DEVICEDRIVER_SMARTNIC' : 16, 'DEVICEDRIVER_MORPHEUS' : 17, 'DEVICEDRIVER_RYU' : 18, + 'DEVICEDRIVER_GNMI_NOKIA_SRLINUX' : 19, + 'DEVICEDRIVER_OPENROADM' : 20, + 'DEVICEDRIVER_RESTCONF_OPENCONFIG' : 21, } LOGGER = logging.getLogger(__name__) diff --git a/src/device/service/drivers/restconf_openconfig/RestConfOpenConfigDriver.py b/src/device/service/drivers/restconf_openconfig/RestConfOpenConfigDriver.py new file mode 100644 index 0000000000000000000000000000000000000000..b940f27baf16774f1648b60ce010b98d7d7eb8f2 --- /dev/null +++ b/src/device/service/drivers/restconf_openconfig/RestConfOpenConfigDriver.py @@ -0,0 +1,173 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import copy, json, logging, re, requests, threading +from typing import Any, Iterator, List, Optional, Tuple, Union +from common.method_wrappers.Decorator import MetricsPool, metered_subclass_method +from common.tools.rest_conf.client.RestConfClient import RestConfClient +from common.type_checkers.Checkers import chk_string, chk_type +from device.service.driver_api._Driver import ( + _Driver, RESOURCE_ACL, RESOURCE_ENDPOINTS, RESOURCE_INTERFACES +) +from .handlers.ComponentsHandler import ComponentsHandler +from .handlers.AclRuleSetHandler import AclRuleSetHandler + + +ALL_RESOURCE_KEYS = [ + RESOURCE_ACL, + RESOURCE_ENDPOINTS, + RESOURCE_INTERFACES, +] + + +RE_ACL_RULESET = re.compile( + r'^\/device\[([^\]]+)\]\/endpoint\[([^\]]+)\]\/acl\_ruleset\[([^\]]+)\]$' +) + +def parse_resource_key(resource_key : str) -> Optional[Tuple[str, str, str]]: + re_match_acl_ruleset = RE_ACL_RULESET.match(resource_key) + if re_match_acl_ruleset is None: return None + device_key, endpoint_key, acl_ruleset_name = re_match_acl_ruleset.groups() + return device_key, endpoint_key, acl_ruleset_name + + + +DRIVER_NAME = 'restconf_openconfig' +METRICS_POOL = MetricsPool('Device', 'Driver', labels={'driver': DRIVER_NAME}) + + +class RestConfOpenConfigDriver(_Driver): + def __init__(self, address : str, port : int, **settings) -> None: + super().__init__(DRIVER_NAME, address, port, **settings) + logger_prefix = '{:s}:[{:s}:{:s}]'.format( + str(__name__), str(self.address), str(self.port) + ) + self.__logger = logging.getLogger(logger_prefix) + self.__lock = threading.Lock() + self.__started = threading.Event() + self.__terminate = threading.Event() + + restconf_settings = copy.deepcopy(settings) + restconf_settings['logger'] = logging.getLogger(logger_prefix + '.RestConfClient_v1') + + self._rest_conf_client = RestConfClient(address, port=port, **restconf_settings) + self._handler_components = ComponentsHandler(self._rest_conf_client) + self._handler_acl_ruleset = AclRuleSetHandler(self._rest_conf_client) + + def Connect(self) -> bool: + with self.__lock: + if self.__started.is_set(): return True + try: + self._rest_conf_client._discover_base_url() + except requests.exceptions.Timeout: + self.__logger.exception('Timeout exception checking connectivity') + return False + except Exception: # pylint: disable=broad-except + self.__logger.exception('Unhandled exception checking connectivity') + return False + else: + self.__started.set() + return True + + def Disconnect(self) -> bool: + with self.__lock: + self.__terminate.set() + if not self.__started.is_set(): return True + return True + + @metered_subclass_method(METRICS_POOL) + def GetInitialConfig(self) -> List[Tuple[str, Any]]: + with self.__lock: + return [] + + @metered_subclass_method(METRICS_POOL) + def GetConfig(self, resource_keys : List[str] = []) -> List[Tuple[str, Union[Any, None, Exception]]]: + chk_type('resources', resource_keys, list) + results = list() + with self.__lock: + if len(resource_keys) == 0: resource_keys = ALL_RESOURCE_KEYS + for i, resource_key in enumerate(resource_keys): + str_resource_name = 'resource_key[#{:d}]'.format(i) + try: + chk_string(str_resource_name, resource_key, allow_empty=False) + if resource_key == RESOURCE_ENDPOINTS: + results.extend(self._handler_components.get()) + elif resource_key == RESOURCE_ACL: + results.extend(self._handler_acl_ruleset.get()) + else: + parts = parse_resource_key(resource_key) + if parts is None: continue + device_key, endpoint_key, acl_ruleset_name = parts + results.extend(self._handler_acl_ruleset.get(acl_ruleset_name=acl_ruleset_name)) + except Exception as e: + MSG = 'Error processing resource_key({:s}, {:s})' + self.__logger.exception(MSG.format(str_resource_name, str(resource_key))) + results.append((resource_key, e)) # if processing fails, store the exception + + return results + + @metered_subclass_method(METRICS_POOL) + def SetConfig(self, resources : List[Tuple[str, Any]]) -> List[Union[bool, Exception]]: + chk_type('resources', resources, list) + if len(resources) == 0: return [] + + results = [] + with self.__lock: + for resource_key, resource_value in resources: + self.__logger.info('resource: key({:s}) => value({:s})'.format(str(resource_key), str(resource_value))) + try: + if isinstance(resource_value, str): resource_value = json.loads(resource_value) + if parse_resource_key(resource_key) is None: continue + results.append(self._handler_acl_ruleset.update(resource_value)) + except Exception as e: + results.append(e) + + return results + + @metered_subclass_method(METRICS_POOL) + def DeleteConfig(self, resources : List[Tuple[str, Any]]) -> List[Union[bool, Exception]]: + chk_type('resources', resources, list) + if len(resources) == 0: return [] + + results = [] + with self.__lock: + for resource_key, resource_value in resources: + self.__logger.info('resource: key({:s}) => value({:s})'.format(str(resource_key), str(resource_value))) + try: + #if isinstance(resource_value, str): resource_value = json.loads(resource_value) + resource_key_parts = parse_resource_key(resource_key) + if resource_key_parts is None: continue + _, _, acl_ruleset_name = resource_key_parts + results.append(self._handler_acl_ruleset.delete(acl_ruleset_name)) + except Exception as e: + results.append(e) + + return results + + @metered_subclass_method(METRICS_POOL) + def SubscribeState(self, subscriptions : List[Tuple[str, float, float]]) -> List[Union[bool, Exception]]: + # TODO: RESTCONF OPENCONFIG does not support monitoring by now + return [False for _ in subscriptions] + + @metered_subclass_method(METRICS_POOL) + def UnsubscribeState(self, subscriptions : List[Tuple[str, float, float]]) -> List[Union[bool, Exception]]: + # TODO: RESTCONF OPENCONFIG does not support monitoring by now + return [False for _ in subscriptions] + + def GetState( + self, blocking=False, terminate : Optional[threading.Event] = None + ) -> Iterator[Tuple[float, str, Any]]: + # TODO: RESTCONF OPENCONFIG does not support monitoring by now + return [] diff --git a/src/device/service/drivers/restconf_openconfig/__init__.py b/src/device/service/drivers/restconf_openconfig/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..3ccc21c7db78aac26daa1f8c5ff8e1ffd3f35460 --- /dev/null +++ b/src/device/service/drivers/restconf_openconfig/__init__.py @@ -0,0 +1,14 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/src/device/service/drivers/restconf_openconfig/handlers/AclRuleSetHandler.py b/src/device/service/drivers/restconf_openconfig/handlers/AclRuleSetHandler.py new file mode 100644 index 0000000000000000000000000000000000000000..9ef029c0969d4091c3a11248b45a785c4fb9f5c3 --- /dev/null +++ b/src/device/service/drivers/restconf_openconfig/handlers/AclRuleSetHandler.py @@ -0,0 +1,248 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import logging +from typing import Any, Dict, List, Optional, Tuple, Union +from common.proto.context_pb2 import AclDirectionEnum +from common.tools.rest_conf.client.RestConfClient import RestConfClient + + +LOGGER = logging.getLogger(__name__) + + +_TFS_2_OC_RULE_TYPE = { + 'ACLRULETYPE_IPV4': 'ACL_IPV4', + 'ACLRULETYPE_IPV6': 'ACL_IPV6', +} +_OC_2_TFS_RULE_TYPE = {v: k for k, v in _TFS_2_OC_RULE_TYPE.items() } + +_TFS_2_OC_PROTOCOL = { + 1 : 'IP_ICMP', + 6 : 'IP_TCP', + 17 : 'IP_UDP', +} +_OC_2_TFS_PROTOCOL = {v: k for k, v in _TFS_2_OC_PROTOCOL.items() } + +_TFS_2_OC_FWD_ACTION = { + 'ACLFORWARDINGACTION_DROP' : 'DROP', + 'ACLFORWARDINGACTION_ACCEPT': 'ACCEPT', + 'ACLFORWARDINGACTION_REJECT': 'REJECT', +} +_OC_2_TFS_FWD_ACTION = {v: k for k, v in _TFS_2_OC_FWD_ACTION.items()} + + +DIRECTION_INGRESS = { + AclDirectionEnum.ACLDIRECTION_BOTH, + AclDirectionEnum.Name(AclDirectionEnum.ACLDIRECTION_BOTH), + AclDirectionEnum.ACLDIRECTION_INGRESS, + AclDirectionEnum.Name(AclDirectionEnum.ACLDIRECTION_INGRESS), +} + +DIRECTION_EGRESS = { + AclDirectionEnum.ACLDIRECTION_BOTH, + AclDirectionEnum.Name(AclDirectionEnum.ACLDIRECTION_BOTH), + AclDirectionEnum.ACLDIRECTION_EGRESS, + AclDirectionEnum.Name(AclDirectionEnum.ACLDIRECTION_EGRESS), +} + + +class AclRuleSetHandler: + def __init__(self, rest_conf_client : RestConfClient) -> None: + self._rest_conf_client = rest_conf_client + self._subpath_root = '/openconfig-acl:acl' + self._subpath_item = self._subpath_root + '/acl-sets/acl-set={acl_ruleset_name:s}' + + + def get(self, acl_ruleset_name : Optional[str] = None) -> Union[Dict, List]: + if acl_ruleset_name is None: + subpath_url = self._subpath_root + else: + subpath_url = self._subpath_item.format(acl_ruleset_name=acl_ruleset_name) + + reply = self._rest_conf_client.get(subpath_url) + + if 'openconfig-acl:acl' not in reply: + raise Exception('Malformed reply. "openconfig-acl:acl" missing') + acls = reply['openconfig-acl:acl'] + + if 'acl-sets' not in acls: + raise Exception('Malformed reply. "openconfig-acl:acl/acl-sets" missing') + aclsets = acls['acl-sets'] + + if 'acl-set' not in aclsets: + raise Exception('Malformed reply. "openconfig-acl:acl/acl-sets/acl-set" missing') + aclset_lst = aclsets['acl-set'] + + if len(aclset_lst) == 0: + MSG = '[get] No ACL-Sets are reported' + LOGGER.debug(MSG) + return list() + + results : List[Tuple[str, Dict[str, Any]]] = list() + for acl_set in aclset_lst: + acl_set_name = acl_set['name'] + oc_acl_set_type = acl_set['config']['type'] + tfs_acl_set_type = _OC_2_TFS_RULE_TYPE[oc_acl_set_type] + + rule_set: Dict[str, Any] = { + 'name' : acl_set_name, + 'type' : tfs_acl_set_type, + 'entries' : [], + } + + acl_set_config : Dict = acl_set.get('config', {}) + acl_set_description = acl_set_config.get('description') + if acl_set_description is not None: + rule_set['description'] = acl_set_description + + for ace in acl_set.get('acl-entries', {}).get('acl-entry', []): + seq = ace['sequence-id'] + + ipv4_cfg = ace.get('ipv4', {}).get('config', {}) + match = dict() + if 'source-address' in ipv4_cfg: + match['src_address'] = ipv4_cfg['source-address'] + if 'destination-address' in ipv4_cfg: + match['dst_address'] = ipv4_cfg['destination-address'] + if 'protocol' in ipv4_cfg: + match['protocol'] = _OC_2_TFS_PROTOCOL[ipv4_cfg['protocol']] + + transp_cfg = ace.get('transport', {}).get('config', {}) + if 'source-port' in transp_cfg: + match['src_port'] = transp_cfg['source-port'] + if 'destination-port' in transp_cfg: + match['dst_port'] = transp_cfg['destination-port'] + + act = ace.get('actions', {}).get('config', {}).get('forwarding-action', 'DROP') + fwd_tfs = _OC_2_TFS_FWD_ACTION[act] + + rule_set['entries'].append({ + 'sequence_id': seq, + 'match': match, + 'action': {'forward_action': fwd_tfs}, + }) + + # find where that ACL is bound (first matching interface) + if_name = '' + for intf in acls.get('interfaces', {}).get('interface', []): + for ing in intf.get('ingress-acl-sets', {}).get('ingress-acl-set', []): + if ing['set-name'] == acl_set_name: + if_name = intf['id'] + break + + path = '/device[]/endpoint[{:s}]/acl_ruleset[{:s}]'.format( + if_name, acl_set_name + ) + tfs_acl_data = { + 'endpoint_id': {'endpoint_uuid': {'uuid': if_name}}, + 'direction': 'ACLDIRECTION_INGRESS', + 'rule_set': rule_set, + } + results.append((path, tfs_acl_data)) + + return results + + + def update(self, acl_data : Dict) -> bool: + if_name = acl_data['endpoint_id']['endpoint_uuid']['uuid'] + direction = acl_data['direction'] + rule_set = acl_data['rule_set'] + + if direction in DIRECTION_INGRESS: + acl_set_name = 'ip-filter-input' + elif direction in DIRECTION_EGRESS: + acl_set_name = 'ip-filter-output' + else: + MSG = 'Unsupported direction: {:s}' + raise Exception(MSG.format(str(direction))) + + acl_entry_desc = rule_set['name'] + acl_set_type = _TFS_2_OC_RULE_TYPE[rule_set['type']] + + oc_acl_entries = list() + sequence_ids : List[int] = list() + for entry in rule_set.get('entries', []): + sequence_id = int(entry['sequence_id']) + oc_action = _TFS_2_OC_FWD_ACTION[entry['action']['forward_action']] + oc_acl_entry = { + 'sequence-id': sequence_id, + 'config': {'sequence-id': sequence_id, 'description' : acl_entry_desc}, + 'actions': {'config': {'forwarding-action': oc_action}} + } + + entry_match = entry.get('match', dict()) + + ipv4_config = dict() + if 'protocol' in entry_match and entry_match['protocol'] > 0: + ipv4_config['protocol'] = _TFS_2_OC_PROTOCOL[entry_match['protocol']] + if 'src_address' in entry_match and len(entry_match['src_address']) > 0: + ipv4_config['source-address'] = entry_match['src_address'] + if 'dst_address' in entry_match and len(entry_match['dst_address']) > 0: + ipv4_config['destination-address'] = entry_match['dst_address'] + if len(ipv4_config) > 0: + oc_acl_entry.setdefault('ipv4', dict())['config'] = ipv4_config + + transport_config = dict() + if 'src_port' in entry_match and entry_match['src_port'] > 0: + transport_config['source-port'] = entry_match['src_port'] + if 'dst_port' in entry_match and entry_match['dst_port'] > 0: + transport_config['destination-port'] = entry_match['dst_port'] + if len(transport_config) > 0: + oc_acl_entry.setdefault('transport', dict())['config'] = transport_config + + oc_acl_entries.append(oc_acl_entry) + sequence_ids.append(sequence_id) + + oc_interface = { + 'id': if_name, + 'config': {'id': if_name}, + 'interface-ref': {'config': {'interface': if_name, 'subinterface': 1}}, + } + + if direction in DIRECTION_INGRESS: + oc_interface['ingress-acl-sets'] = {'ingress-acl-set': [{ + 'set-name': acl_set_name, 'type': acl_set_type, + 'config': {'set-name': acl_set_name, 'type': acl_set_type}, + 'acl-entries': {'acl-entry': [ + {'sequence-id': sequence_id} + for sequence_id in sequence_ids + ]} + }]} + + if direction in DIRECTION_EGRESS: + oc_interface['egress-acl-sets'] = {'egress-acl-set': [{ + 'set-name': acl_set_name, 'type': acl_set_type, + 'config': {'set-name': acl_set_name, 'type': acl_set_type}, + 'acl-entries': {'acl-entry': [ + {'sequence-id': sequence_id} + for sequence_id in sequence_ids + ]} + }]} + + oc_acl_data = {'openconfig-acl:acl': { + 'acl-sets': {'acl-set': [{ + 'name': acl_set_name, 'type': acl_set_type, + 'config': {'name': acl_set_name, 'type': acl_set_type}, + 'acl-entries': {'acl-entry': oc_acl_entries}, + }]}, + 'interfaces': {'interface': [oc_interface]}, + }} + return self._rest_conf_client.post(self._subpath_root, body=oc_acl_data) is not None + + + def delete(self, acl_ruleset_name : str) -> bool: + if acl_ruleset_name is None: raise Exception('acl_ruleset_name is None') + subpath_url = self._subpath_item.format(acl_ruleset_name=acl_ruleset_name) + return self._rest_conf_client.delete(subpath_url) diff --git a/src/device/service/drivers/restconf_openconfig/handlers/ComponentsHandler.py b/src/device/service/drivers/restconf_openconfig/handlers/ComponentsHandler.py new file mode 100644 index 0000000000000000000000000000000000000000..f2c9fc6e380cf52fdc559caf9efa7d260ecfad83 --- /dev/null +++ b/src/device/service/drivers/restconf_openconfig/handlers/ComponentsHandler.py @@ -0,0 +1,71 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import logging +from typing import Dict, List, Tuple +from common.tools.rest_conf.client.RestConfClient import RestConfClient + + +LOGGER = logging.getLogger(__name__) + + +class ComponentsHandler: + def __init__(self, rest_conf_client : RestConfClient) -> None: + self._rest_conf_client = rest_conf_client + self._subpath_root = '/openconfig-platform:components' + + def get(self) -> List[Tuple[str, Dict]]: + reply = self._rest_conf_client.get(self._subpath_root) + + if 'openconfig-platform:components' not in reply: + raise Exception('Malformed reply. "openconfig-platform:components" missing') + components = reply['openconfig-platform:components'] + + if 'component' not in components: + raise Exception('Malformed reply. "openconfig-platform:components/component" missing') + component_lst = components['component'] + + if len(component_lst) == 0: + MSG = '[get] No components are reported' + LOGGER.debug(MSG) + return list() + + entries : List[Tuple[str, Dict]] = list() + for component in component_lst: + if 'state' not in component: + MSG = 'Malformed component. "state" missing: {:s}' + raise Exception(MSG.format(str(component))) + comp_state = component['state'] + + if 'type' not in comp_state: + MSG = 'Malformed component. "state/type" missing: {:s}' + raise Exception(MSG.format(str(component))) + comp_type : str = comp_state['type'] + comp_type = comp_type.split(':')[-1] + if comp_type != 'PORT': continue + + if 'name' not in component: + MSG = 'Malformed component. "name" missing: {:s}' + raise Exception(MSG.format(str(component))) + comp_name = component['name'] + + if comp_name.startswith('cali'): continue # calico port + if comp_name.startswith('vxlan'): continue # vxlan.calico port + if comp_name.startswith('docker'): continue # docker port + if comp_name in {'lo', 'loop', 'loopback'}: continue # loopback port + + endpoint = {'uuid': comp_name, 'type': '-'} + entries.append(('/endpoints/endpoint[{:s}]'.format(endpoint['uuid']), endpoint)) + + return entries diff --git a/src/device/service/drivers/restconf_openconfig/handlers/__init__.py b/src/device/service/drivers/restconf_openconfig/handlers/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..7363515f07a52d996229bcbd72932ce1423258d7 --- /dev/null +++ b/src/device/service/drivers/restconf_openconfig/handlers/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/src/device/tests/restconf_openconfig/__init__.py b/src/device/tests/restconf_openconfig/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..3ccc21c7db78aac26daa1f8c5ff8e1ffd3f35460 --- /dev/null +++ b/src/device/tests/restconf_openconfig/__init__.py @@ -0,0 +1,14 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_10.json b/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_10.json new file mode 100644 index 0000000000000000000000000000000000000000..edb3b917741b075d19325d1c88988b5be61f09e5 --- /dev/null +++ b/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_10.json @@ -0,0 +1,19 @@ +{ + "endpoint_id": { + "device_id": {"device_uuid": {"uuid": "my-firewall"}}, + "endpoint_uuid": {"uuid": "enp0s3"} + }, + "direction": "ACLDIRECTION_INGRESS", + "rule_set": { + "name" : "accept-30435-from-10-0-2-10", + "type" : "ACLRULETYPE_IPV4", + "description" : "accept-30435-from-10-0-2-10", + "user_id" : "teraflowsdn", + "entries" : [{ + "sequence_id" : 1, + "description" : "accept-30435-from-10-0-2-10", + "match" : {"src_address": "10.0.2.10/32", "protocol": 6, "dst_port": 30435}, + "action" : {"forward_action": "ACLFORWARDINGACTION_ACCEPT"} + }] + } +} diff --git a/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_2.json b/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_2.json new file mode 100644 index 0000000000000000000000000000000000000000..9a2b7c7c16807fb9957a6149afe57520bf19f478 --- /dev/null +++ b/src/device/tests/restconf_openconfig/data/accept_30435_from_10_0_2_2.json @@ -0,0 +1,19 @@ +{ + "endpoint_id": { + "device_id": {"device_uuid": {"uuid": "my-firewall"}}, + "endpoint_uuid": {"uuid": "enp0s3"} + }, + "direction": "ACLDIRECTION_INGRESS", + "rule_set": { + "name" : "accept-30435-from-10-0-2-2", + "type" : "ACLRULETYPE_IPV4", + "description" : "accept-30435-from-10-0-2-2", + "user_id" : "teraflowsdn", + "entries" : [{ + "sequence_id" : 1, + "description" : "accept-30435-from-10-0-2-2", + "match" : {"src_address": "10.0.2.2/32", "protocol": 6, "dst_port": 30435}, + "action" : {"forward_action": "ACLFORWARDINGACTION_ACCEPT"} + }] + } +} diff --git a/src/device/tests/restconf_openconfig/data/reject_30435_from_all.json b/src/device/tests/restconf_openconfig/data/reject_30435_from_all.json new file mode 100644 index 0000000000000000000000000000000000000000..79a87086ae381eabc52c27f5bfc7e18f0d6ad63d --- /dev/null +++ b/src/device/tests/restconf_openconfig/data/reject_30435_from_all.json @@ -0,0 +1,19 @@ +{ + "endpoint_id": { + "device_id": {"device_uuid": {"uuid": "my-firewall"}}, + "endpoint_uuid": {"uuid": "enp0s3"} + }, + "direction": "ACLDIRECTION_INGRESS", + "rule_set": { + "name" : "reject-30435-from-all", + "type" : "ACLRULETYPE_IPV4", + "description" : "reject-30435-from-all", + "user_id" : "teraflowsdn", + "entries" : [{ + "sequence_id" : 10000, + "description" : "reject-30435-from-all", + "match" : {"protocol": 6, "dst_port": 30435}, + "action" : {"forward_action": "ACLFORWARDINGACTION_REJECT"} + }] + } +} diff --git a/src/device/tests/restconf_openconfig/test_unitary_restconf_openconfig.py b/src/device/tests/restconf_openconfig/test_unitary_restconf_openconfig.py new file mode 100644 index 0000000000000000000000000000000000000000..0d4aa6253a39cc7cd033f286ce2d763c16c40957 --- /dev/null +++ b/src/device/tests/restconf_openconfig/test_unitary_restconf_openconfig.py @@ -0,0 +1,150 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +os.environ['DEVICE_EMULATED_ONLY'] = 'YES' + + +# pylint: disable=wrong-import-position +import json, logging, pytest, time +from typing import Dict, List, Tuple, Union +from device.service.driver_api._Driver import RESOURCE_ACL, RESOURCE_ENDPOINTS +from device.service.drivers.restconf_openconfig.RestConfOpenConfigDriver import RestConfOpenConfigDriver + + +DATA_FILE_PATH = 'device/tests/restconf_openconfig/data/' + +##### LOGGERS ########################################################################################################## + +logging.basicConfig(level=logging.DEBUG) +LOGGER = logging.getLogger(__name__) +LOGGER.setLevel(logging.DEBUG) + + +##### DRIVER FIXTURE ################################################################################################### + +DRIVER_ADDRESS = '10.0.2.25' +DRIVER_PORT = 8888 +DRIVER_SETTINGS = dict( + scheme='http', username='admin', password='admin', + timeout=30, verify_certs=False, allow_redirects=True, +) + +@pytest.fixture(scope='session') +def driver() -> RestConfOpenConfigDriver: + _driver = RestConfOpenConfigDriver( + DRIVER_ADDRESS, DRIVER_PORT, **DRIVER_SETTINGS + ) + _driver.Connect() + yield _driver + time.sleep(1) + _driver.Disconnect() + + +##### HELPER METHODS ################################################################################################### + +def get_config( + driver : RestConfOpenConfigDriver, resources_to_get : List[str] +) -> List[Tuple[str, Dict]]: + LOGGER.info('[get_config] resources_to_get = {:s}'.format(str(resources_to_get))) + results_getconfig = driver.GetConfig(resources_to_get) + LOGGER.info('[get_config] results_getconfig = {:s}'.format(str(results_getconfig))) + return results_getconfig + +def set_config( + driver : RestConfOpenConfigDriver, resources_to_set : List[Tuple[str, Dict]] +) -> List[Tuple[str, Union[bool, Exception]]]: + LOGGER.info('[set_config] resources_to_set = {:s}'.format(str(resources_to_set))) + results_setconfig = driver.SetConfig(resources_to_set) + LOGGER.info('[set_config] results_setconfig = {:s}'.format(str(results_setconfig))) + return results_setconfig + +def del_config( + driver : RestConfOpenConfigDriver, resources_to_delete : List[Tuple[str, Dict]] +) -> List[Tuple[str, Union[bool, Exception]]]: + LOGGER.info('[del_config] resources_to_delete = {:s}'.format(str(resources_to_delete))) + results_deleteconfig = driver.DeleteConfig(resources_to_delete) + LOGGER.info('[del_config] results_deleteconfig = {:s}'.format(str(results_deleteconfig))) + return results_deleteconfig + +def create_acl_from_file(file_name : str) -> Tuple[str, Dict]: + with open(DATA_FILE_PATH + file_name, 'r', encoding='UTF-8') as f: + acl_data = json.load(f) + device_uuid = acl_data['endpoint_id']['device_id']['device_uuid']['uuid'] + endpoint_uuid = acl_data['endpoint_id']['endpoint_uuid']['uuid'] + aclset_name = acl_data['rule_set']['name'] + key_or_path = '/device[{:s}]/endpoint[{:s}]/acl_ruleset[{:s}]'.format( + device_uuid, endpoint_uuid, aclset_name + ) + return key_or_path, acl_data + + +##### TEST METHODS ##################################################################################################### + +def test_get_endpoints( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + results_getconfig = get_config(driver, [RESOURCE_ENDPOINTS]) + assert len(results_getconfig) > 0 + endpoint_names = {res_val['uuid'] for _, res_val in results_getconfig} + assert len(endpoint_names) == 1 + assert 'enp0s3' in endpoint_names + + +def test_get_acls( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + get_config(driver, [RESOURCE_ACL]) + + +def test_set_acl_reject_30435_from_all( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_set = [create_acl_from_file('reject_30435_from_all.json')] + set_config(driver, resources_to_set) + + +def test_set_acl_accept_30435_from_10_0_2_2( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_set = [create_acl_from_file('accept_30435_from_10_0_2_2.json')] + set_config(driver, resources_to_set) + + +def test_set_acl_accept_30435_from_10_0_2_10( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_set = [create_acl_from_file('accept_30435_from_10_0_2_10.json')] + set_config(driver, resources_to_set) + + +def test_del_acl_accept_30435_from_10_0_2_10( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_delete = [create_acl_from_file('accept_30435_from_10_0_2_10.json')] + del_config(driver, resources_to_delete) + + +def test_del_acl_accept_30435_from_10_0_2_2( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_delete = [create_acl_from_file('accept_30435_from_10_0_2_2.json')] + del_config(driver, resources_to_delete) + + +def test_del_acl_reject_30435_from_all( + driver : RestConfOpenConfigDriver, # pylint: disable=redefined-outer-name +) -> None: + resources_to_delete = [create_acl_from_file('reject_30435_from_all.json')] + del_config(driver, resources_to_delete) diff --git a/src/load_generator/requirements.in b/src/load_generator/requirements.in index a2ee41d8317c5146977ef173654b823f476d2237..aa83a97e393b2fb344655a742d98047a8b8fc69a 100644 --- a/src/load_generator/requirements.in +++ b/src/load_generator/requirements.in @@ -13,3 +13,4 @@ # limitations under the License. APScheduler>=3.10.4 +pytz>=2025.2 diff --git a/src/nbi/service/ietf_acl/ietf_acl_parser.py b/src/nbi/service/ietf_acl/ietf_acl_parser.py index 65e9129a25d693327c29e503cdd832bac38b4561..7305775b8f83392afc9902e350729073ada1a6fd 100644 --- a/src/nbi/service/ietf_acl/ietf_acl_parser.py +++ b/src/nbi/service/ietf_acl/ietf_acl_parser.py @@ -118,7 +118,8 @@ IETF_TFS_RULE_TYPE_MAPPING = { IETF_TFS_FORWARDING_ACTION_MAPPING = { 'accept': 'ACLFORWARDINGACTION_ACCEPT', - 'drop': 'ACLFORWARDINGACTION_DROP', + 'drop' : 'ACLFORWARDINGACTION_DROP', + 'reject': 'ACLFORWARDINGACTION_REJECT', } TFS_IETF_RULE_TYPE_MAPPING = { @@ -128,7 +129,8 @@ TFS_IETF_RULE_TYPE_MAPPING = { TFS_IETF_FORWARDING_ACTION_MAPPING = { 'ACLFORWARDINGACTION_ACCEPT': 'accept', - 'ACLFORWARDINGACTION_DROP': 'drop', + 'ACLFORWARDINGACTION_DROP' : 'drop', + 'ACLFORWARDINGACTION_REJECT': 'reject', } diff --git a/src/policy/src/main/java/org/etsi/tfs/policy/Serializer.java b/src/policy/src/main/java/org/etsi/tfs/policy/Serializer.java index 7fc4c8b8cd1b02050ad655059b5d747538eb3b2b..20dcd2bd3dc3bc764ade1160eaf3ab7d836241d0 100644 --- a/src/policy/src/main/java/org/etsi/tfs/policy/Serializer.java +++ b/src/policy/src/main/java/org/etsi/tfs/policy/Serializer.java @@ -2319,8 +2319,28 @@ public class Serializer { return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OPTICAL_TFS; case IETF_ACTN: return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_ACTN; + case OC: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OC; + case QKD: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_QKD; + case IETF_L3VPN: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_L3VPN; + case IETF_SLICE: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_SLICE; + case NCE: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_NCE; case SMARTNIC: return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_SMARTNIC; + case MORPHEUS: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_MORPHEUS; + case RYU: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_RYU; + case GNMI_NOKIA_SRLINUX: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_GNMI_NOKIA_SRLINUX; + case OPENROADM: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OPENROADM; + case RESTCONF_OPENCONFIG: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG; case UNDEFINED: default: return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_UNDEFINED; @@ -2350,8 +2370,28 @@ public class Serializer { return DeviceDriverEnum.OPTICAL_TFS; case DEVICEDRIVER_IETF_ACTN: return DeviceDriverEnum.IETF_ACTN; + case DEVICEDRIVER_OC: + return DeviceDriverEnum.OC; + case DEVICEDRIVER_QKD: + return DeviceDriverEnum.QKD; + case DEVICEDRIVER_IETF_L3VPN: + return DeviceDriverEnum.IETF_L3VPN; + case DEVICEDRIVER_IETF_SLICE: + return DeviceDriverEnum.IETF_SLICE; + case DEVICEDRIVER_NCE: + return DeviceDriverEnum.NCE; case DEVICEDRIVER_SMARTNIC: return DeviceDriverEnum.SMARTNIC; + case DEVICEDRIVER_MORPHEUS: + return DeviceDriverEnum.MORPHEUS; + case DEVICEDRIVER_RYU: + return DeviceDriverEnum.RYU; + case DEVICEDRIVER_GNMI_NOKIA_SRLINUX: + return DeviceDriverEnum.GNMI_NOKIA_SRLINUX; + case DEVICEDRIVER_OPENROADM: + return DeviceDriverEnum.OPENROADM; + case DEVICEDRIVER_RESTCONF_OPENCONFIG: + return DeviceDriverEnum.RESTCONF_OPENCONFIG; case DEVICEDRIVER_UNDEFINED: case UNRECOGNIZED: default: diff --git a/src/policy/src/main/java/org/etsi/tfs/policy/context/model/DeviceDriverEnum.java b/src/policy/src/main/java/org/etsi/tfs/policy/context/model/DeviceDriverEnum.java index 1f7a4368cb28fca1a7008c519908389f64e7671f..d7db46f47dfea4bf9441ad53bc4dbdeb7e80f964 100644 --- a/src/policy/src/main/java/org/etsi/tfs/policy/context/model/DeviceDriverEnum.java +++ b/src/policy/src/main/java/org/etsi/tfs/policy/context/model/DeviceDriverEnum.java @@ -37,5 +37,6 @@ public enum DeviceDriverEnum { MORPHEUS, RYU, GNMI_NOKIA_SRLINUX, - OPENROADM + OPENROADM, + RESTCONF_OPENCONFIG } diff --git a/src/policy/target/generated-sources/grpc/context/ContextOuterClass.java b/src/policy/target/generated-sources/grpc/context/ContextOuterClass.java index 558aa9778e38dfa529a0241fc03723e9d8685dcf..27cde66fb4d01c41c0ae39bba4f4da897b2cd0c5 100644 --- a/src/policy/target/generated-sources/grpc/context/ContextOuterClass.java +++ b/src/policy/target/generated-sources/grpc/context/ContextOuterClass.java @@ -231,6 +231,10 @@ public final class ContextOuterClass { * DEVICEDRIVER_OPENROADM = 20; */ DEVICEDRIVER_OPENROADM(20), + /** + * DEVICEDRIVER_RESTCONF_OPENCONFIG = 21; + */ + DEVICEDRIVER_RESTCONF_OPENCONFIG(21), UNRECOGNIZED(-1); /** @@ -342,6 +346,11 @@ public final class ContextOuterClass { */ public static final int DEVICEDRIVER_OPENROADM_VALUE = 20; + /** + * DEVICEDRIVER_RESTCONF_OPENCONFIG = 21; + */ + public static final int DEVICEDRIVER_RESTCONF_OPENCONFIG_VALUE = 21; + public final int getNumber() { if (this == UNRECOGNIZED) { throw new java.lang.IllegalArgumentException("Can't get the number of an unknown enum value."); @@ -407,6 +416,8 @@ public final class ContextOuterClass { return DEVICEDRIVER_GNMI_NOKIA_SRLINUX; case 20: return DEVICEDRIVER_OPENROADM; + case 21: + return DEVICEDRIVER_RESTCONF_OPENCONFIG; default: return null; } @@ -90370,7 +90381,7 @@ public final class ContextOuterClass { private static com.google.protobuf.Descriptors.FileDescriptor descriptor; static { - java.lang.String[] descriptorData = { "\n\rcontext.proto\022\007context\032\031google/protobu" + "f/any.proto\032\tacl.proto\032\014ipowdm.proto\032\rip" + "_link.proto\032\026kpi_sample_types.proto\032\016tap" + "i_lsp.proto\"\007\n\005Empty\"\024\n\004Uuid\022\014\n\004uuid\030\001 \001" + "(\t\"\036\n\tTimestamp\022\021\n\ttimestamp\030\001 \001(\001\"Z\n\005Ev" + "ent\022%\n\ttimestamp\030\001 \001(\0132\022.context.Timesta" + "mp\022*\n\nevent_type\030\002 \001(\0162\026.context.EventTy" + "peEnum\"\265\002\n\010AnyEvent\022(\n\007context\030\001 \001(\0132\025.c" + "ontext.ContextEventH\000\022*\n\010topology\030\002 \001(\0132" + "\026.context.TopologyEventH\000\022&\n\006device\030\003 \001(" + "\0132\024.context.DeviceEventH\000\022\"\n\004link\030\004 \001(\0132" + "\022.context.LinkEventH\000\022(\n\007service\030\005 \001(\0132\025" + ".context.ServiceEventH\000\022$\n\005slice\030\006 \001(\0132\023" + ".context.SliceEventH\000\022.\n\nconnection\030\007 \001(" + "\0132\030.context.ConnectionEventH\000B\007\n\005event\"0" + "\n\tContextId\022#\n\014context_uuid\030\001 \001(\0132\r.cont" + "ext.Uuid\"\351\001\n\007Context\022&\n\ncontext_id\030\001 \001(\013" + "2\022.context.ContextId\022\014\n\004name\030\002 \001(\t\022)\n\014to" + "pology_ids\030\003 \003(\0132\023.context.TopologyId\022\'\n" + "\013service_ids\030\004 \003(\0132\022.context.ServiceId\022#" + "\n\tslice_ids\030\005 \003(\0132\020.context.SliceId\022/\n\nc" + "ontroller\030\006 \001(\0132\033.context.TeraFlowContro" + "ller\"8\n\rContextIdList\022\'\n\013context_ids\030\001 \003" + "(\0132\022.context.ContextId\"1\n\013ContextList\022\"\n" + "\010contexts\030\001 \003(\0132\020.context.Context\"U\n\014Con" + "textEvent\022\035\n\005event\030\001 \001(\0132\016.context.Event" + "\022&\n\ncontext_id\030\002 \001(\0132\022.context.ContextId" + "\"Z\n\nTopologyId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022$\n\rtopology_uuid\030\002 \001(\0132\r." + "context.Uuid\"\267\001\n\010Topology\022(\n\013topology_id" + "\030\001 \001(\0132\023.context.TopologyId\022\014\n\004name\030\002 \001(" + "\t\022%\n\ndevice_ids\030\003 \003(\0132\021.context.DeviceId" + "\022!\n\010link_ids\030\004 \003(\0132\017.context.LinkId\022)\n\020o" + "ptical_link_ids\030\005 \003(\0132\017.context.LinkId\"\266" + "\001\n\017TopologyDetails\022(\n\013topology_id\030\001 \001(\0132" + "\023.context.TopologyId\022\014\n\004name\030\002 \001(\t\022 \n\007de" + "vices\030\003 \003(\0132\017.context.Device\022\034\n\005links\030\004 " + "\003(\0132\r.context.Link\022+\n\roptical_links\030\005 \003(" + "\0132\024.context.OpticalLink\";\n\016TopologyIdLis" + "t\022)\n\014topology_ids\030\001 \003(\0132\023.context.Topolo" + "gyId\"5\n\014TopologyList\022%\n\ntopologies\030\001 \003(\013" + "2\021.context.Topology\"X\n\rTopologyEvent\022\035\n\005" + "event\030\001 \001(\0132\016.context.Event\022(\n\013topology_" + "id\030\002 \001(\0132\023.context.TopologyId\".\n\010DeviceI" + "d\022\"\n\013device_uuid\030\001 \001(\0132\r.context.Uuid\"\372\002" + "\n\006Device\022$\n\tdevice_id\030\001 \001(\0132\021.context.De" + "viceId\022\014\n\004name\030\002 \001(\t\022\023\n\013device_type\030\003 \001(" + "\t\022,\n\rdevice_config\030\004 \001(\0132\025.context.Devic" + "eConfig\022G\n\031device_operational_status\030\005 \001" + "(\0162$.context.DeviceOperationalStatusEnum" + "\0221\n\016device_drivers\030\006 \003(\0162\031.context.Devic" + "eDriverEnum\022+\n\020device_endpoints\030\007 \003(\0132\021." + "context.EndPoint\022&\n\ncomponents\030\010 \003(\0132\022.c" + "ontext.Component\022(\n\rcontroller_id\030\t \001(\0132" + "\021.context.DeviceId\"\311\001\n\tComponent\022%\n\016comp" + "onent_uuid\030\001 \001(\0132\r.context.Uuid\022\014\n\004name\030" + "\002 \001(\t\022\014\n\004type\030\003 \001(\t\0226\n\nattributes\030\004 \003(\0132" + "\".context.Component.AttributesEntry\022\016\n\006p" + "arent\030\005 \001(\t\0321\n\017AttributesEntry\022\013\n\003key\030\001 " + "\001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"9\n\014DeviceConfig\022)" + "\n\014config_rules\030\001 \003(\0132\023.context.ConfigRul" + "e\"5\n\014DeviceIdList\022%\n\ndevice_ids\030\001 \003(\0132\021." + "context.DeviceId\".\n\nDeviceList\022 \n\007device" + "s\030\001 \003(\0132\017.context.Device\"\216\001\n\014DeviceFilte" + "r\022)\n\ndevice_ids\030\001 \001(\0132\025.context.DeviceId" + "List\022\031\n\021include_endpoints\030\002 \001(\010\022\034\n\024inclu" + "de_config_rules\030\003 \001(\010\022\032\n\022include_compone" + "nts\030\004 \001(\010\"\200\001\n\013DeviceEvent\022\035\n\005event\030\001 \001(\013" + "2\016.context.Event\022$\n\tdevice_id\030\002 \001(\0132\021.co" + "ntext.DeviceId\022,\n\rdevice_config\030\003 \001(\0132\025." + "context.DeviceConfig\"*\n\006LinkId\022 \n\tlink_u" + "uid\030\001 \001(\0132\r.context.Uuid\"c\n\016LinkAttribut" + "es\022\030\n\020is_bidirectional\030\001 \001(\010\022\033\n\023total_ca" + "pacity_gbps\030\002 \001(\002\022\032\n\022used_capacity_gbps\030" + "\003 \001(\002\"\275\001\n\004Link\022 \n\007link_id\030\001 \001(\0132\017.contex" + "t.LinkId\022\014\n\004name\030\002 \001(\t\022(\n\tlink_type\030\003 \001(" + "\0162\025.context.LinkTypeEnum\022.\n\021link_endpoin" + "t_ids\030\004 \003(\0132\023.context.EndPointId\022+\n\nattr" + "ibutes\030\005 \001(\0132\027.context.LinkAttributes\"/\n" + "\nLinkIdList\022!\n\010link_ids\030\001 \003(\0132\017.context." + "LinkId\"(\n\010LinkList\022\034\n\005links\030\001 \003(\0132\r.cont" + "ext.Link\"L\n\tLinkEvent\022\035\n\005event\030\001 \001(\0132\016.c" + "ontext.Event\022 \n\007link_id\030\002 \001(\0132\017.context." + "LinkId\"X\n\tServiceId\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022#\n\014service_uuid\030\002 \001(" + "\0132\r.context.Uuid\"\333\002\n\007Service\022&\n\nservice_" + "id\030\001 \001(\0132\022.context.ServiceId\022\014\n\004name\030\002 \001" + "(\t\022.\n\014service_type\030\003 \001(\0162\030.context.Servi" + "ceTypeEnum\0221\n\024service_endpoint_ids\030\004 \003(\013" + "2\023.context.EndPointId\0220\n\023service_constra" + "ints\030\005 \003(\0132\023.context.Constraint\022.\n\016servi" + "ce_status\030\006 \001(\0132\026.context.ServiceStatus\022" + ".\n\016service_config\030\007 \001(\0132\026.context.Servic" + "eConfig\022%\n\ttimestamp\030\010 \001(\0132\022.context.Tim" + "estamp\"C\n\rServiceStatus\0222\n\016service_statu" + "s\030\001 \001(\0162\032.context.ServiceStatusEnum\":\n\rS" + "erviceConfig\022)\n\014config_rules\030\001 \003(\0132\023.con" + "text.ConfigRule\"8\n\rServiceIdList\022\'\n\013serv" + "ice_ids\030\001 \003(\0132\022.context.ServiceId\"1\n\013Ser" + "viceList\022\"\n\010services\030\001 \003(\0132\020.context.Ser" + "vice\"\225\001\n\rServiceFilter\022+\n\013service_ids\030\001 " + "\001(\0132\026.context.ServiceIdList\022\034\n\024include_e" + "ndpoint_ids\030\002 \001(\010\022\033\n\023include_constraints" + "\030\003 \001(\010\022\034\n\024include_config_rules\030\004 \001(\010\"U\n\014" + "ServiceEvent\022\035\n\005event\030\001 \001(\0132\016.context.Ev" + "ent\022&\n\nservice_id\030\002 \001(\0132\022.context.Servic" + "eId\"T\n\007SliceId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022!\n\nslice_uuid\030\002 \001(\0132\r.con" + "text.Uuid\"\240\003\n\005Slice\022\"\n\010slice_id\030\001 \001(\0132\020." + "context.SliceId\022\014\n\004name\030\002 \001(\t\022/\n\022slice_e" + "ndpoint_ids\030\003 \003(\0132\023.context.EndPointId\022." + "\n\021slice_constraints\030\004 \003(\0132\023.context.Cons" + "traint\022-\n\021slice_service_ids\030\005 \003(\0132\022.cont" + "ext.ServiceId\022,\n\022slice_subslice_ids\030\006 \003(" + "\0132\020.context.SliceId\022*\n\014slice_status\030\007 \001(" + "\0132\024.context.SliceStatus\022*\n\014slice_config\030" + "\010 \001(\0132\024.context.SliceConfig\022(\n\013slice_own" + "er\030\t \001(\0132\023.context.SliceOwner\022%\n\ttimesta" + "mp\030\n \001(\0132\022.context.Timestamp\"E\n\nSliceOwn" + "er\022!\n\nowner_uuid\030\001 \001(\0132\r.context.Uuid\022\024\n" + "\014owner_string\030\002 \001(\t\"=\n\013SliceStatus\022.\n\014sl" + "ice_status\030\001 \001(\0162\030.context.SliceStatusEn" + "um\"8\n\013SliceConfig\022)\n\014config_rules\030\001 \003(\0132" + "\023.context.ConfigRule\"2\n\013SliceIdList\022#\n\ts" + "lice_ids\030\001 \003(\0132\020.context.SliceId\"+\n\tSlic" + "eList\022\036\n\006slices\030\001 \003(\0132\016.context.Slice\"\312\001" + "\n\013SliceFilter\022\'\n\tslice_ids\030\001 \001(\0132\024.conte" + "xt.SliceIdList\022\034\n\024include_endpoint_ids\030\002" + " \001(\010\022\033\n\023include_constraints\030\003 \001(\010\022\033\n\023inc" + "lude_service_ids\030\004 \001(\010\022\034\n\024include_subsli" + "ce_ids\030\005 \001(\010\022\034\n\024include_config_rules\030\006 \001" + "(\010\"O\n\nSliceEvent\022\035\n\005event\030\001 \001(\0132\016.contex" + "t.Event\022\"\n\010slice_id\030\002 \001(\0132\020.context.Slic" + "eId\"6\n\014ConnectionId\022&\n\017connection_uuid\030\001" + " \001(\0132\r.context.Uuid\"2\n\025ConnectionSetting" + "s_L0\022\031\n\021lsp_symbolic_name\030\001 \001(\t\"\236\001\n\025Conn" + "ectionSettings_L2\022\027\n\017src_mac_address\030\001 \001" + "(\t\022\027\n\017dst_mac_address\030\002 \001(\t\022\022\n\nether_typ" + "e\030\003 \001(\r\022\017\n\007vlan_id\030\004 \001(\r\022\022\n\nmpls_label\030\005" + " \001(\r\022\032\n\022mpls_traffic_class\030\006 \001(\r\"t\n\025Conn" + "ectionSettings_L3\022\026\n\016src_ip_address\030\001 \001(" + "\t\022\026\n\016dst_ip_address\030\002 \001(\t\022\014\n\004dscp\030\003 \001(\r\022" + "\020\n\010protocol\030\004 \001(\r\022\013\n\003ttl\030\005 \001(\r\"[\n\025Connec" + "tionSettings_L4\022\020\n\010src_port\030\001 \001(\r\022\020\n\010dst" + "_port\030\002 \001(\r\022\021\n\ttcp_flags\030\003 \001(\r\022\013\n\003ttl\030\004 " + "\001(\r\"\304\001\n\022ConnectionSettings\022*\n\002l0\030\001 \001(\0132\036" + ".context.ConnectionSettings_L0\022*\n\002l2\030\002 \001" + "(\0132\036.context.ConnectionSettings_L2\022*\n\002l3" + "\030\003 \001(\0132\036.context.ConnectionSettings_L3\022*" + "\n\002l4\030\004 \001(\0132\036.context.ConnectionSettings_" + "L4\"\363\001\n\nConnection\022,\n\rconnection_id\030\001 \001(\013" + "2\025.context.ConnectionId\022&\n\nservice_id\030\002 " + "\001(\0132\022.context.ServiceId\0223\n\026path_hops_end" + "point_ids\030\003 \003(\0132\023.context.EndPointId\022+\n\017" + "sub_service_ids\030\004 \003(\0132\022.context.ServiceI" + "d\022-\n\010settings\030\005 \001(\0132\033.context.Connection" + "Settings\"A\n\020ConnectionIdList\022-\n\016connecti" + "on_ids\030\001 \003(\0132\025.context.ConnectionId\":\n\016C" + "onnectionList\022(\n\013connections\030\001 \003(\0132\023.con" + "text.Connection\"^\n\017ConnectionEvent\022\035\n\005ev" + "ent\030\001 \001(\0132\016.context.Event\022,\n\rconnection_" + "id\030\002 \001(\0132\025.context.ConnectionId\"\202\001\n\nEndP" + "ointId\022(\n\013topology_id\030\001 \001(\0132\023.context.To" + "pologyId\022$\n\tdevice_id\030\002 \001(\0132\021.context.De" + "viceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context." + "Uuid\"\310\002\n\010EndPoint\022(\n\013endpoint_id\030\001 \001(\0132\023" + ".context.EndPointId\022\014\n\004name\030\002 \001(\t\022\025\n\rend" + "point_type\030\003 \001(\t\0229\n\020kpi_sample_types\030\004 \003" + "(\0162\037.kpi_sample_types.KpiSampleType\022,\n\021e" + "ndpoint_location\030\005 \001(\0132\021.context.Locatio" + "n\0229\n\014capabilities\030\006 \003(\0132#.context.EndPoi" + "nt.CapabilitiesEntry\032I\n\021CapabilitiesEntr" + "y\022\013\n\003key\030\001 \001(\t\022#\n\005value\030\002 \001(\0132\024.google.p" + "rotobuf.Any:\0028\001\"{\n\014EndPointName\022(\n\013endpo" + "int_id\030\001 \001(\0132\023.context.EndPointId\022\023\n\013dev" + "ice_name\030\002 \001(\t\022\025\n\rendpoint_name\030\003 \001(\t\022\025\n" + "\rendpoint_type\030\004 \001(\t\";\n\016EndPointIdList\022)" + "\n\014endpoint_ids\030\001 \003(\0132\023.context.EndPointI" + "d\"A\n\020EndPointNameList\022-\n\016endpoint_names\030" + "\001 \003(\0132\025.context.EndPointName\"A\n\021ConfigRu" + "le_Custom\022\024\n\014resource_key\030\001 \001(\t\022\026\n\016resou" + "rce_value\030\002 \001(\t\"\213\001\n\016ConfigRule_ACL\022(\n\013en" + "dpoint_id\030\001 \001(\0132\023.context.EndPointId\022,\n\t" + "direction\030\002 \001(\0162\031.context.AclDirectionEn" + "um\022!\n\010rule_set\030\003 \001(\0132\017.acl.AclRuleSet\"f\n" + "\021ConfigRule_IPOWDM\022(\n\013endpoint_id\030\001 \001(\0132" + "\023.context.EndPointId\022\'\n\010rule_set\030\002 \001(\0132\025" + ".ipowdm.IpowdmRuleSet\"k\n\023ConfigRule_TAPI" + "_LSP\022(\n\013endpoint_id\030\001 \001(\0132\023.context.EndP" + "ointId\022*\n\010rule_set\030\002 \003(\0132\030.tapi_lsp.Tapi" + "LspRuleSet\"h\n\022ConfigRule_IP_LINK\022(\n\013endp" + "oint_id\030\001 \001(\0132\023.context.EndPointId\022(\n\010ru" + "le_set\030\002 \001(\0132\026.ip_link.IpLinkRuleSet\"\254\002\n" + "\nConfigRule\022)\n\006action\030\001 \001(\0162\031.context.Co" + "nfigActionEnum\022,\n\006custom\030\002 \001(\0132\032.context" + ".ConfigRule_CustomH\000\022&\n\003acl\030\003 \001(\0132\027.cont" + "ext.ConfigRule_ACLH\000\022.\n\007ip_link\030\004 \001(\0132\033." + "context.ConfigRule_IP_LINKH\000\0220\n\010tapi_lsp" + "\030\005 \001(\0132\034.context.ConfigRule_TAPI_LSPH\000\022," + "\n\006ipowdm\030\006 \001(\0132\032.context.ConfigRule_IPOW" + "DMH\000B\r\n\013config_rule\"F\n\021Constraint_Custom" + "\022\027\n\017constraint_type\030\001 \001(\t\022\030\n\020constraint_" + "value\030\002 \001(\t\"E\n\023Constraint_Schedule\022\027\n\017st" + "art_timestamp\030\001 \001(\001\022\025\n\rduration_days\030\002 \001" + "(\002\"3\n\014GPS_Position\022\020\n\010latitude\030\001 \001(\002\022\021\n\t" + "longitude\030\002 \001(\002\"\204\001\n\010Location\022\020\n\006region\030\001" + " \001(\tH\000\022-\n\014gps_position\030\002 \001(\0132\025.context.G" + "PS_PositionH\000\022\023\n\tinterface\030\003 \001(\tH\000\022\026\n\014ci" + "rcuit_pack\030\004 \001(\tH\000B\n\n\010location\"l\n\033Constr" + "aint_EndPointLocation\022(\n\013endpoint_id\030\001 \001" + "(\0132\023.context.EndPointId\022#\n\010location\030\002 \001(" + "\0132\021.context.Location\"Y\n\033Constraint_EndPo" + "intPriority\022(\n\013endpoint_id\030\001 \001(\0132\023.conte" + "xt.EndPointId\022\020\n\010priority\030\002 \001(\r\"0\n\026Const" + "raint_SLA_Latency\022\026\n\016e2e_latency_ms\030\001 \001(" + "\002\"0\n\027Constraint_SLA_Capacity\022\025\n\rcapacity" + "_gbps\030\001 \001(\002\"c\n\033Constraint_SLA_Availabili" + "ty\022\032\n\022num_disjoint_paths\030\001 \001(\r\022\022\n\nall_ac" + "tive\030\002 \001(\010\022\024\n\014availability\030\003 \001(\002\"V\n\036Cons" + "traint_SLA_Isolation_level\0224\n\017isolation_" + "level\030\001 \003(\0162\033.context.IsolationLevelEnum" + "\"\242\001\n\025Constraint_Exclusions\022\024\n\014is_permane" + "nt\030\001 \001(\010\022%\n\ndevice_ids\030\002 \003(\0132\021.context.D" + "eviceId\022)\n\014endpoint_ids\030\003 \003(\0132\023.context." + "EndPointId\022!\n\010link_ids\030\004 \003(\0132\017.context.L" + "inkId\"5\n\014QoSProfileId\022%\n\016qos_profile_id\030" + "\001 \001(\0132\r.context.Uuid\"`\n\025Constraint_QoSPr" + "ofile\022-\n\016qos_profile_id\030\001 \001(\0132\025.context." + "QoSProfileId\022\030\n\020qos_profile_name\030\002 \001(\t\"\222" + "\005\n\nConstraint\022-\n\006action\030\001 \001(\0162\035.context." + "ConstraintActionEnum\022,\n\006custom\030\002 \001(\0132\032.c" + "ontext.Constraint_CustomH\000\0220\n\010schedule\030\003" + " \001(\0132\034.context.Constraint_ScheduleH\000\022A\n\021" + "endpoint_location\030\004 \001(\0132$.context.Constr" + "aint_EndPointLocationH\000\022A\n\021endpoint_prio" + "rity\030\005 \001(\0132$.context.Constraint_EndPoint" + "PriorityH\000\0228\n\014sla_capacity\030\006 \001(\0132 .conte" + "xt.Constraint_SLA_CapacityH\000\0226\n\013sla_late" + "ncy\030\007 \001(\0132\037.context.Constraint_SLA_Laten" + "cyH\000\022@\n\020sla_availability\030\010 \001(\0132$.context" + ".Constraint_SLA_AvailabilityH\000\022@\n\rsla_is" + "olation\030\t \001(\0132\'.context.Constraint_SLA_I" + "solation_levelH\000\0224\n\nexclusions\030\n \001(\0132\036.c" + "ontext.Constraint_ExclusionsH\000\0225\n\013qos_pr" + "ofile\030\013 \001(\0132\036.context.Constraint_QoSProf" + "ileH\000B\014\n\nconstraint\"^\n\022TeraFlowControlle" + "r\022&\n\ncontext_id\030\001 \001(\0132\022.context.ContextI" + "d\022\022\n\nip_address\030\002 \001(\t\022\014\n\004port\030\003 \001(\r\"U\n\024A" + "uthenticationResult\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022\025\n\rauthenticated\030\002 \001" + "(\010\"-\n\017OpticalConfigId\022\032\n\022opticalconfig_u" + "uid\030\001 \001(\t\"y\n\rOpticalConfig\0222\n\020opticalcon" + "fig_id\030\001 \001(\0132\030.context.OpticalConfigId\022\016" + "\n\006config\030\002 \001(\t\022$\n\tdevice_id\030\003 \001(\0132\021.cont" + "ext.DeviceId\"C\n\021OpticalConfigList\022.\n\016opt" + "icalconfigs\030\001 \003(\0132\026.context.OpticalConfi" + "g\"g\n\022OpticalConfigEvent\022\035\n\005event\030\001 \001(\0132\016" + ".context.Event\0222\n\020opticalconfig_id\030\002 \001(\013" + "2\030.context.OpticalConfigId\"_\n\021OpticalEnd" + "PointId\022$\n\tdevice_id\030\002 \001(\0132\021.context.Dev" + "iceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context.U" + "uid\">\n\017OpticalLinkList\022+\n\roptical_links\030" + "\001 \003(\0132\024.context.OpticalLink\"\304\003\n\022OpticalL" + "inkDetails\022\016\n\006length\030\001 \001(\002\022\020\n\010src_port\030\002" + " \001(\t\022\020\n\010dst_port\030\003 \001(\t\022\027\n\017local_peer_por" + "t\030\004 \001(\t\022\030\n\020remote_peer_port\030\005 \001(\t\022\014\n\004use" + "d\030\006 \001(\010\0228\n\007c_slots\030\007 \003(\0132\'.context.Optic" + "alLinkDetails.CSlotsEntry\0228\n\007l_slots\030\010 \003" + "(\0132\'.context.OpticalLinkDetails.LSlotsEn" + "try\0228\n\007s_slots\030\t \003(\0132\'.context.OpticalLi" + "nkDetails.SSlotsEntry\032-\n\013CSlotsEntry\022\013\n\003" + "key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013LSlotsEn" + "try\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013S" + "SlotsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\002" + "8\001\"\243\001\n\013OpticalLink\022\014\n\004name\030\001 \001(\t\0224\n\017opti" + "cal_details\030\002 \001(\0132\033.context.OpticalLinkD" + "etails\022 \n\007link_id\030\003 \001(\0132\017.context.LinkId" + "\022.\n\021link_endpoint_ids\030\004 \003(\0132\023.context.En" + "dPointId\"0\n\tChannelId\022#\n\014channel_uuid\030\001 " + "\001(\0132\r.context.Uuid\"8\n\rOpticalBandId\022\'\n\020o" + "pticalband_uuid\030\001 \001(\0132\r.context.Uuid\"\247\002\n" + "\013OpticalBand\022.\n\016opticalband_id\030\001 \001(\0132\026.c" + "ontext.OpticalBandId\022,\n\rconnection_id\030\002 " + "\001(\0132\025.context.ConnectionId\022&\n\nchannel_id" + "\030\003 \001(\0132\022.context.ChannelId\022&\n\nservice_id" + "\030\004 \001(\0132\022.context.ServiceId\022#\n\007service\030\005 " + "\001(\0132\020.context.ServiceH\000\022)\n\nconnection\030\006 " + "\001(\0132\023.context.ConnectionH\000\022\021\n\007channel\030\007 " + "\001(\tH\000B\007\n\005field\"=\n\017OpticalBandList\022*\n\014opt" + "icalbands\030\001 \003(\0132\024.context.OpticalBand\"r\n" + "\021ServiceConfigRule\022&\n\nservice_id\030\001 \001(\0132\022" + ".context.ServiceId\0225\n\021configrule_custom\030" + "\002 \001(\0132\032.context.ConfigRule_Custom*j\n\rEve" + "ntTypeEnum\022\027\n\023EVENTTYPE_UNDEFINED\020\000\022\024\n\020E" + "VENTTYPE_CREATE\020\001\022\024\n\020EVENTTYPE_UPDATE\020\002\022" + "\024\n\020EVENTTYPE_REMOVE\020\003*\333\004\n\020DeviceDriverEn" + "um\022\032\n\026DEVICEDRIVER_UNDEFINED\020\000\022\033\n\027DEVICE" + "DRIVER_OPENCONFIG\020\001\022\036\n\032DEVICEDRIVER_TRAN" + "SPORT_API\020\002\022\023\n\017DEVICEDRIVER_P4\020\003\022&\n\"DEVI" + "CEDRIVER_IETF_NETWORK_TOPOLOGY\020\004\022\033\n\027DEVI" + "CEDRIVER_ONF_TR_532\020\005\022\023\n\017DEVICEDRIVER_XR" + "\020\006\022\033\n\027DEVICEDRIVER_IETF_L2VPN\020\007\022 \n\034DEVIC" + "EDRIVER_GNMI_OPENCONFIG\020\010\022\034\n\030DEVICEDRIVE" + "R_OPTICAL_TFS\020\t\022\032\n\026DEVICEDRIVER_IETF_ACT" + "N\020\n\022\023\n\017DEVICEDRIVER_OC\020\013\022\024\n\020DEVICEDRIVER" + "_QKD\020\014\022\033\n\027DEVICEDRIVER_IETF_L3VPN\020\r\022\033\n\027D" + "EVICEDRIVER_IETF_SLICE\020\016\022\024\n\020DEVICEDRIVER" + "_NCE\020\017\022\031\n\025DEVICEDRIVER_SMARTNIC\020\020\022\031\n\025DEV" + "ICEDRIVER_MORPHEUS\020\021\022\024\n\020DEVICEDRIVER_RYU" + "\020\022\022#\n\037DEVICEDRIVER_GNMI_NOKIA_SRLINUX\020\023\022" + "\032\n\026DEVICEDRIVER_OPENROADM\020\024*\217\001\n\033DeviceOp" + "erationalStatusEnum\022%\n!DEVICEOPERATIONAL" + "STATUS_UNDEFINED\020\000\022$\n DEVICEOPERATIONALS" + "TATUS_DISABLED\020\001\022#\n\037DEVICEOPERATIONALSTA" + "TUS_ENABLED\020\002*\245\001\n\014LinkTypeEnum\022\024\n\020LINKTY" + "PE_UNKNOWN\020\000\022\023\n\017LINKTYPE_COPPER\020\001\022\022\n\016LIN" + "KTYPE_FIBER\020\002\022\022\n\016LINKTYPE_RADIO\020\003\022\024\n\020LIN" + "KTYPE_VIRTUAL\020\004\022\027\n\023LINKTYPE_MANAGEMENT\020\005" + "\022\023\n\017LINKTYPE_REMOTE\020\006*\360\002\n\017ServiceTypeEnu" + "m\022\027\n\023SERVICETYPE_UNKNOWN\020\000\022\024\n\020SERVICETYP" + "E_L3NM\020\001\022\024\n\020SERVICETYPE_L2NM\020\002\022)\n%SERVIC" + "ETYPE_TAPI_CONNECTIVITY_SERVICE\020\003\022\022\n\016SER" + "VICETYPE_TE\020\004\022\023\n\017SERVICETYPE_E2E\020\005\022$\n SE" + "RVICETYPE_OPTICAL_CONNECTIVITY\020\006\022\023\n\017SERV" + "ICETYPE_QKD\020\007\022\024\n\020SERVICETYPE_L1NM\020\010\022\023\n\017S" + "ERVICETYPE_INT\020\t\022\023\n\017SERVICETYPE_ACL\020\n\022\027\n" + "\023SERVICETYPE_IP_LINK\020\013\022\030\n\024SERVICETYPE_TA" + "PI_LSP\020\014\022\026\n\022SERVICETYPE_IPOWDM\020\r*\304\001\n\021Ser" + "viceStatusEnum\022\033\n\027SERVICESTATUS_UNDEFINE" + "D\020\000\022\031\n\025SERVICESTATUS_PLANNED\020\001\022\030\n\024SERVIC" + "ESTATUS_ACTIVE\020\002\022\032\n\026SERVICESTATUS_UPDATI" + "NG\020\003\022!\n\035SERVICESTATUS_PENDING_REMOVAL\020\004\022" + "\036\n\032SERVICESTATUS_SLA_VIOLATED\020\005*\251\001\n\017Slic" + "eStatusEnum\022\031\n\025SLICESTATUS_UNDEFINED\020\000\022\027" + "\n\023SLICESTATUS_PLANNED\020\001\022\024\n\020SLICESTATUS_I" + "NIT\020\002\022\026\n\022SLICESTATUS_ACTIVE\020\003\022\026\n\022SLICEST" + "ATUS_DEINIT\020\004\022\034\n\030SLICESTATUS_SLA_VIOLATE" + "D\020\005*]\n\020ConfigActionEnum\022\032\n\026CONFIGACTION_" + "UNDEFINED\020\000\022\024\n\020CONFIGACTION_SET\020\001\022\027\n\023CON" + "FIGACTION_DELETE\020\002*\\\n\020AclDirectionEnum\022\025" + "\n\021ACLDIRECTION_BOTH\020\000\022\030\n\024ACLDIRECTION_IN" + "GRESS\020\001\022\027\n\023ACLDIRECTION_EGRESS\020\002*m\n\024Cons" + "traintActionEnum\022\036\n\032CONSTRAINTACTION_UND" + "EFINED\020\000\022\030\n\024CONSTRAINTACTION_SET\020\001\022\033\n\027CO" + "NSTRAINTACTION_DELETE\020\002*\203\002\n\022IsolationLev" + "elEnum\022\020\n\014NO_ISOLATION\020\000\022\026\n\022PHYSICAL_ISO" + "LATION\020\001\022\025\n\021LOGICAL_ISOLATION\020\002\022\025\n\021PROCE" + "SS_ISOLATION\020\003\022\035\n\031PHYSICAL_MEMORY_ISOLAT" + "ION\020\004\022\036\n\032PHYSICAL_NETWORK_ISOLATION\020\005\022\036\n" + "\032VIRTUAL_RESOURCE_ISOLATION\020\006\022\037\n\033NETWORK" + "_FUNCTIONS_ISOLATION\020\007\022\025\n\021SERVICE_ISOLAT" + "ION\020\0102\274\035\n\016ContextService\022:\n\016ListContextI" + "ds\022\016.context.Empty\032\026.context.ContextIdLi" + "st\"\000\0226\n\014ListContexts\022\016.context.Empty\032\024.c" + "ontext.ContextList\"\000\0224\n\nGetContext\022\022.con" + "text.ContextId\032\020.context.Context\"\000\0224\n\nSe" + "tContext\022\020.context.Context\032\022.context.Con" + "textId\"\000\0225\n\rRemoveContext\022\022.context.Cont" + "extId\032\016.context.Empty\"\000\022=\n\020GetContextEve" + "nts\022\016.context.Empty\032\025.context.ContextEve" + "nt\"\0000\001\022@\n\017ListTopologyIds\022\022.context.Cont" + "extId\032\027.context.TopologyIdList\"\000\022=\n\016List" + "Topologies\022\022.context.ContextId\032\025.context" + ".TopologyList\"\000\0227\n\013GetTopology\022\023.context" + ".TopologyId\032\021.context.Topology\"\000\022E\n\022GetT" + "opologyDetails\022\023.context.TopologyId\032\030.co" + "ntext.TopologyDetails\"\000\0227\n\013SetTopology\022\021" + ".context.Topology\032\023.context.TopologyId\"\000" + "\0227\n\016RemoveTopology\022\023.context.TopologyId\032" + "\016.context.Empty\"\000\022?\n\021GetTopologyEvents\022\016" + ".context.Empty\032\026.context.TopologyEvent\"\000" + "0\001\0228\n\rListDeviceIds\022\016.context.Empty\032\025.co" + "ntext.DeviceIdList\"\000\0224\n\013ListDevices\022\016.co" + "ntext.Empty\032\023.context.DeviceList\"\000\0221\n\tGe" + "tDevice\022\021.context.DeviceId\032\017.context.Dev" + "ice\"\000\0221\n\tSetDevice\022\017.context.Device\032\021.co" + "ntext.DeviceId\"\000\0223\n\014RemoveDevice\022\021.conte" + "xt.DeviceId\032\016.context.Empty\"\000\022;\n\017GetDevi" + "ceEvents\022\016.context.Empty\032\024.context.Devic" + "eEvent\"\0000\001\022<\n\014SelectDevice\022\025.context.Dev" + "iceFilter\032\023.context.DeviceList\"\000\022I\n\021List" + "EndPointNames\022\027.context.EndPointIdList\032\031" + ".context.EndPointNameList\"\000\0224\n\013ListLinkI" + "ds\022\016.context.Empty\032\023.context.LinkIdList\"" + "\000\0220\n\tListLinks\022\016.context.Empty\032\021.context" + ".LinkList\"\000\022+\n\007GetLink\022\017.context.LinkId\032" + "\r.context.Link\"\000\022+\n\007SetLink\022\r.context.Li" + "nk\032\017.context.LinkId\"\000\022/\n\nRemoveLink\022\017.co" + "ntext.LinkId\032\016.context.Empty\"\000\0227\n\rGetLin" + "kEvents\022\016.context.Empty\032\022.context.LinkEv" + "ent\"\0000\001\022>\n\016ListServiceIds\022\022.context.Cont" + "extId\032\026.context.ServiceIdList\"\000\022:\n\014ListS" + "ervices\022\022.context.ContextId\032\024.context.Se" + "rviceList\"\000\0224\n\nGetService\022\022.context.Serv" + "iceId\032\020.context.Service\"\000\0224\n\nSetService\022" + "\020.context.Service\032\022.context.ServiceId\"\000\022" + "6\n\014UnsetService\022\020.context.Service\032\022.cont" + "ext.ServiceId\"\000\0225\n\rRemoveService\022\022.conte" + "xt.ServiceId\032\016.context.Empty\"\000\022=\n\020GetSer" + "viceEvents\022\016.context.Empty\032\025.context.Ser", "viceEvent\"\0000\001\022?\n\rSelectService\022\026.context" + ".ServiceFilter\032\024.context.ServiceList\"\000\022:" + "\n\014ListSliceIds\022\022.context.ContextId\032\024.con" + "text.SliceIdList\"\000\0226\n\nListSlices\022\022.conte" + "xt.ContextId\032\022.context.SliceList\"\000\022.\n\010Ge" + "tSlice\022\020.context.SliceId\032\016.context.Slice" + "\"\000\022.\n\010SetSlice\022\016.context.Slice\032\020.context" + ".SliceId\"\000\0220\n\nUnsetSlice\022\016.context.Slice" + "\032\020.context.SliceId\"\000\0221\n\013RemoveSlice\022\020.co" + "ntext.SliceId\032\016.context.Empty\"\000\0229\n\016GetSl" + "iceEvents\022\016.context.Empty\032\023.context.Slic" + "eEvent\"\0000\001\0229\n\013SelectSlice\022\024.context.Slic" + "eFilter\032\022.context.SliceList\"\000\022D\n\021ListCon" + "nectionIds\022\022.context.ServiceId\032\031.context" + ".ConnectionIdList\"\000\022@\n\017ListConnections\022\022" + ".context.ServiceId\032\027.context.ConnectionL" + "ist\"\000\022=\n\rGetConnection\022\025.context.Connect" + "ionId\032\023.context.Connection\"\000\022=\n\rSetConne" + "ction\022\023.context.Connection\032\025.context.Con" + "nectionId\"\000\022;\n\020RemoveConnection\022\025.contex" + "t.ConnectionId\032\016.context.Empty\"\000\022C\n\023GetC" + "onnectionEvents\022\016.context.Empty\032\030.contex" + "t.ConnectionEvent\"\0000\001\0225\n\014GetAllEvents\022\016." + "context.Empty\032\021.context.AnyEvent\"\0000\001\022@\n\020" + "GetOpticalConfig\022\016.context.Empty\032\032.conte" + "xt.OpticalConfigList\"\000\022F\n\020SetOpticalConf" + "ig\022\026.context.OpticalConfig\032\030.context.Opt" + "icalConfigId\"\000\022I\n\023UpdateOpticalConfig\022\026." + "context.OpticalConfig\032\030.context.OpticalC" + "onfigId\"\000\022I\n\023SelectOpticalConfig\022\030.conte" + "xt.OpticalConfigId\032\026.context.OpticalConf" + "ig\"\000\022A\n\023DeleteOpticalConfig\022\030.context.Op" + "ticalConfigId\032\016.context.Empty\"\000\022@\n\024Delet" + "eOpticalChannel\022\026.context.OpticalConfig\032" + "\016.context.Empty\"\000\0228\n\016SetOpticalLink\022\024.co" + "ntext.OpticalLink\032\016.context.Empty\"\000\0229\n\016G" + "etOpticalLink\022\017.context.LinkId\032\024.context" + ".OpticalLink\"\000\0226\n\021DeleteOpticalLink\022\017.co" + "ntext.LinkId\032\016.context.Empty\"\000\022@\n\022GetOpt" + "icalLinkList\022\016.context.Empty\032\030.context.O" + "pticalLinkList\"\000\022<\n\016GetOpticalBand\022\016.con" + "text.Empty\032\030.context.OpticalBandList\"\000\022C" + "\n\021SelectOpticalBand\022\026.context.OpticalBan" + "dId\032\024.context.OpticalBand\"\000\022G\n\027DeleteSer" + "viceConfigRule\022\032.context.ServiceConfigRu" + "le\032\016.context.Empty\"\000b\006proto3" }; + java.lang.String[] descriptorData = { "\n\rcontext.proto\022\007context\032\031google/protobu" + "f/any.proto\032\tacl.proto\032\014ipowdm.proto\032\rip" + "_link.proto\032\026kpi_sample_types.proto\032\016tap" + "i_lsp.proto\"\007\n\005Empty\"\024\n\004Uuid\022\014\n\004uuid\030\001 \001" + "(\t\"\036\n\tTimestamp\022\021\n\ttimestamp\030\001 \001(\001\"Z\n\005Ev" + "ent\022%\n\ttimestamp\030\001 \001(\0132\022.context.Timesta" + "mp\022*\n\nevent_type\030\002 \001(\0162\026.context.EventTy" + "peEnum\"\265\002\n\010AnyEvent\022(\n\007context\030\001 \001(\0132\025.c" + "ontext.ContextEventH\000\022*\n\010topology\030\002 \001(\0132" + "\026.context.TopologyEventH\000\022&\n\006device\030\003 \001(" + "\0132\024.context.DeviceEventH\000\022\"\n\004link\030\004 \001(\0132" + "\022.context.LinkEventH\000\022(\n\007service\030\005 \001(\0132\025" + ".context.ServiceEventH\000\022$\n\005slice\030\006 \001(\0132\023" + ".context.SliceEventH\000\022.\n\nconnection\030\007 \001(" + "\0132\030.context.ConnectionEventH\000B\007\n\005event\"0" + "\n\tContextId\022#\n\014context_uuid\030\001 \001(\0132\r.cont" + "ext.Uuid\"\351\001\n\007Context\022&\n\ncontext_id\030\001 \001(\013" + "2\022.context.ContextId\022\014\n\004name\030\002 \001(\t\022)\n\014to" + "pology_ids\030\003 \003(\0132\023.context.TopologyId\022\'\n" + "\013service_ids\030\004 \003(\0132\022.context.ServiceId\022#" + "\n\tslice_ids\030\005 \003(\0132\020.context.SliceId\022/\n\nc" + "ontroller\030\006 \001(\0132\033.context.TeraFlowContro" + "ller\"8\n\rContextIdList\022\'\n\013context_ids\030\001 \003" + "(\0132\022.context.ContextId\"1\n\013ContextList\022\"\n" + "\010contexts\030\001 \003(\0132\020.context.Context\"U\n\014Con" + "textEvent\022\035\n\005event\030\001 \001(\0132\016.context.Event" + "\022&\n\ncontext_id\030\002 \001(\0132\022.context.ContextId" + "\"Z\n\nTopologyId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022$\n\rtopology_uuid\030\002 \001(\0132\r." + "context.Uuid\"\267\001\n\010Topology\022(\n\013topology_id" + "\030\001 \001(\0132\023.context.TopologyId\022\014\n\004name\030\002 \001(" + "\t\022%\n\ndevice_ids\030\003 \003(\0132\021.context.DeviceId" + "\022!\n\010link_ids\030\004 \003(\0132\017.context.LinkId\022)\n\020o" + "ptical_link_ids\030\005 \003(\0132\017.context.LinkId\"\266" + "\001\n\017TopologyDetails\022(\n\013topology_id\030\001 \001(\0132" + "\023.context.TopologyId\022\014\n\004name\030\002 \001(\t\022 \n\007de" + "vices\030\003 \003(\0132\017.context.Device\022\034\n\005links\030\004 " + "\003(\0132\r.context.Link\022+\n\roptical_links\030\005 \003(" + "\0132\024.context.OpticalLink\";\n\016TopologyIdLis" + "t\022)\n\014topology_ids\030\001 \003(\0132\023.context.Topolo" + "gyId\"5\n\014TopologyList\022%\n\ntopologies\030\001 \003(\013" + "2\021.context.Topology\"X\n\rTopologyEvent\022\035\n\005" + "event\030\001 \001(\0132\016.context.Event\022(\n\013topology_" + "id\030\002 \001(\0132\023.context.TopologyId\".\n\010DeviceI" + "d\022\"\n\013device_uuid\030\001 \001(\0132\r.context.Uuid\"\372\002" + "\n\006Device\022$\n\tdevice_id\030\001 \001(\0132\021.context.De" + "viceId\022\014\n\004name\030\002 \001(\t\022\023\n\013device_type\030\003 \001(" + "\t\022,\n\rdevice_config\030\004 \001(\0132\025.context.Devic" + "eConfig\022G\n\031device_operational_status\030\005 \001" + "(\0162$.context.DeviceOperationalStatusEnum" + "\0221\n\016device_drivers\030\006 \003(\0162\031.context.Devic" + "eDriverEnum\022+\n\020device_endpoints\030\007 \003(\0132\021." + "context.EndPoint\022&\n\ncomponents\030\010 \003(\0132\022.c" + "ontext.Component\022(\n\rcontroller_id\030\t \001(\0132" + "\021.context.DeviceId\"\311\001\n\tComponent\022%\n\016comp" + "onent_uuid\030\001 \001(\0132\r.context.Uuid\022\014\n\004name\030" + "\002 \001(\t\022\014\n\004type\030\003 \001(\t\0226\n\nattributes\030\004 \003(\0132" + "\".context.Component.AttributesEntry\022\016\n\006p" + "arent\030\005 \001(\t\0321\n\017AttributesEntry\022\013\n\003key\030\001 " + "\001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"9\n\014DeviceConfig\022)" + "\n\014config_rules\030\001 \003(\0132\023.context.ConfigRul" + "e\"5\n\014DeviceIdList\022%\n\ndevice_ids\030\001 \003(\0132\021." + "context.DeviceId\".\n\nDeviceList\022 \n\007device" + "s\030\001 \003(\0132\017.context.Device\"\216\001\n\014DeviceFilte" + "r\022)\n\ndevice_ids\030\001 \001(\0132\025.context.DeviceId" + "List\022\031\n\021include_endpoints\030\002 \001(\010\022\034\n\024inclu" + "de_config_rules\030\003 \001(\010\022\032\n\022include_compone" + "nts\030\004 \001(\010\"\200\001\n\013DeviceEvent\022\035\n\005event\030\001 \001(\013" + "2\016.context.Event\022$\n\tdevice_id\030\002 \001(\0132\021.co" + "ntext.DeviceId\022,\n\rdevice_config\030\003 \001(\0132\025." + "context.DeviceConfig\"*\n\006LinkId\022 \n\tlink_u" + "uid\030\001 \001(\0132\r.context.Uuid\"c\n\016LinkAttribut" + "es\022\030\n\020is_bidirectional\030\001 \001(\010\022\033\n\023total_ca" + "pacity_gbps\030\002 \001(\002\022\032\n\022used_capacity_gbps\030" + "\003 \001(\002\"\275\001\n\004Link\022 \n\007link_id\030\001 \001(\0132\017.contex" + "t.LinkId\022\014\n\004name\030\002 \001(\t\022(\n\tlink_type\030\003 \001(" + "\0162\025.context.LinkTypeEnum\022.\n\021link_endpoin" + "t_ids\030\004 \003(\0132\023.context.EndPointId\022+\n\nattr" + "ibutes\030\005 \001(\0132\027.context.LinkAttributes\"/\n" + "\nLinkIdList\022!\n\010link_ids\030\001 \003(\0132\017.context." + "LinkId\"(\n\010LinkList\022\034\n\005links\030\001 \003(\0132\r.cont" + "ext.Link\"L\n\tLinkEvent\022\035\n\005event\030\001 \001(\0132\016.c" + "ontext.Event\022 \n\007link_id\030\002 \001(\0132\017.context." + "LinkId\"X\n\tServiceId\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022#\n\014service_uuid\030\002 \001(" + "\0132\r.context.Uuid\"\333\002\n\007Service\022&\n\nservice_" + "id\030\001 \001(\0132\022.context.ServiceId\022\014\n\004name\030\002 \001" + "(\t\022.\n\014service_type\030\003 \001(\0162\030.context.Servi" + "ceTypeEnum\0221\n\024service_endpoint_ids\030\004 \003(\013" + "2\023.context.EndPointId\0220\n\023service_constra" + "ints\030\005 \003(\0132\023.context.Constraint\022.\n\016servi" + "ce_status\030\006 \001(\0132\026.context.ServiceStatus\022" + ".\n\016service_config\030\007 \001(\0132\026.context.Servic" + "eConfig\022%\n\ttimestamp\030\010 \001(\0132\022.context.Tim" + "estamp\"C\n\rServiceStatus\0222\n\016service_statu" + "s\030\001 \001(\0162\032.context.ServiceStatusEnum\":\n\rS" + "erviceConfig\022)\n\014config_rules\030\001 \003(\0132\023.con" + "text.ConfigRule\"8\n\rServiceIdList\022\'\n\013serv" + "ice_ids\030\001 \003(\0132\022.context.ServiceId\"1\n\013Ser" + "viceList\022\"\n\010services\030\001 \003(\0132\020.context.Ser" + "vice\"\225\001\n\rServiceFilter\022+\n\013service_ids\030\001 " + "\001(\0132\026.context.ServiceIdList\022\034\n\024include_e" + "ndpoint_ids\030\002 \001(\010\022\033\n\023include_constraints" + "\030\003 \001(\010\022\034\n\024include_config_rules\030\004 \001(\010\"U\n\014" + "ServiceEvent\022\035\n\005event\030\001 \001(\0132\016.context.Ev" + "ent\022&\n\nservice_id\030\002 \001(\0132\022.context.Servic" + "eId\"T\n\007SliceId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022!\n\nslice_uuid\030\002 \001(\0132\r.con" + "text.Uuid\"\240\003\n\005Slice\022\"\n\010slice_id\030\001 \001(\0132\020." + "context.SliceId\022\014\n\004name\030\002 \001(\t\022/\n\022slice_e" + "ndpoint_ids\030\003 \003(\0132\023.context.EndPointId\022." + "\n\021slice_constraints\030\004 \003(\0132\023.context.Cons" + "traint\022-\n\021slice_service_ids\030\005 \003(\0132\022.cont" + "ext.ServiceId\022,\n\022slice_subslice_ids\030\006 \003(" + "\0132\020.context.SliceId\022*\n\014slice_status\030\007 \001(" + "\0132\024.context.SliceStatus\022*\n\014slice_config\030" + "\010 \001(\0132\024.context.SliceConfig\022(\n\013slice_own" + "er\030\t \001(\0132\023.context.SliceOwner\022%\n\ttimesta" + "mp\030\n \001(\0132\022.context.Timestamp\"E\n\nSliceOwn" + "er\022!\n\nowner_uuid\030\001 \001(\0132\r.context.Uuid\022\024\n" + "\014owner_string\030\002 \001(\t\"=\n\013SliceStatus\022.\n\014sl" + "ice_status\030\001 \001(\0162\030.context.SliceStatusEn" + "um\"8\n\013SliceConfig\022)\n\014config_rules\030\001 \003(\0132" + "\023.context.ConfigRule\"2\n\013SliceIdList\022#\n\ts" + "lice_ids\030\001 \003(\0132\020.context.SliceId\"+\n\tSlic" + "eList\022\036\n\006slices\030\001 \003(\0132\016.context.Slice\"\312\001" + "\n\013SliceFilter\022\'\n\tslice_ids\030\001 \001(\0132\024.conte" + "xt.SliceIdList\022\034\n\024include_endpoint_ids\030\002" + " \001(\010\022\033\n\023include_constraints\030\003 \001(\010\022\033\n\023inc" + "lude_service_ids\030\004 \001(\010\022\034\n\024include_subsli" + "ce_ids\030\005 \001(\010\022\034\n\024include_config_rules\030\006 \001" + "(\010\"O\n\nSliceEvent\022\035\n\005event\030\001 \001(\0132\016.contex" + "t.Event\022\"\n\010slice_id\030\002 \001(\0132\020.context.Slic" + "eId\"6\n\014ConnectionId\022&\n\017connection_uuid\030\001" + " \001(\0132\r.context.Uuid\"2\n\025ConnectionSetting" + "s_L0\022\031\n\021lsp_symbolic_name\030\001 \001(\t\"\236\001\n\025Conn" + "ectionSettings_L2\022\027\n\017src_mac_address\030\001 \001" + "(\t\022\027\n\017dst_mac_address\030\002 \001(\t\022\022\n\nether_typ" + "e\030\003 \001(\r\022\017\n\007vlan_id\030\004 \001(\r\022\022\n\nmpls_label\030\005" + " \001(\r\022\032\n\022mpls_traffic_class\030\006 \001(\r\"t\n\025Conn" + "ectionSettings_L3\022\026\n\016src_ip_address\030\001 \001(" + "\t\022\026\n\016dst_ip_address\030\002 \001(\t\022\014\n\004dscp\030\003 \001(\r\022" + "\020\n\010protocol\030\004 \001(\r\022\013\n\003ttl\030\005 \001(\r\"[\n\025Connec" + "tionSettings_L4\022\020\n\010src_port\030\001 \001(\r\022\020\n\010dst" + "_port\030\002 \001(\r\022\021\n\ttcp_flags\030\003 \001(\r\022\013\n\003ttl\030\004 " + "\001(\r\"\304\001\n\022ConnectionSettings\022*\n\002l0\030\001 \001(\0132\036" + ".context.ConnectionSettings_L0\022*\n\002l2\030\002 \001" + "(\0132\036.context.ConnectionSettings_L2\022*\n\002l3" + "\030\003 \001(\0132\036.context.ConnectionSettings_L3\022*" + "\n\002l4\030\004 \001(\0132\036.context.ConnectionSettings_" + "L4\"\363\001\n\nConnection\022,\n\rconnection_id\030\001 \001(\013" + "2\025.context.ConnectionId\022&\n\nservice_id\030\002 " + "\001(\0132\022.context.ServiceId\0223\n\026path_hops_end" + "point_ids\030\003 \003(\0132\023.context.EndPointId\022+\n\017" + "sub_service_ids\030\004 \003(\0132\022.context.ServiceI" + "d\022-\n\010settings\030\005 \001(\0132\033.context.Connection" + "Settings\"A\n\020ConnectionIdList\022-\n\016connecti" + "on_ids\030\001 \003(\0132\025.context.ConnectionId\":\n\016C" + "onnectionList\022(\n\013connections\030\001 \003(\0132\023.con" + "text.Connection\"^\n\017ConnectionEvent\022\035\n\005ev" + "ent\030\001 \001(\0132\016.context.Event\022,\n\rconnection_" + "id\030\002 \001(\0132\025.context.ConnectionId\"\202\001\n\nEndP" + "ointId\022(\n\013topology_id\030\001 \001(\0132\023.context.To" + "pologyId\022$\n\tdevice_id\030\002 \001(\0132\021.context.De" + "viceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context." + "Uuid\"\310\002\n\010EndPoint\022(\n\013endpoint_id\030\001 \001(\0132\023" + ".context.EndPointId\022\014\n\004name\030\002 \001(\t\022\025\n\rend" + "point_type\030\003 \001(\t\0229\n\020kpi_sample_types\030\004 \003" + "(\0162\037.kpi_sample_types.KpiSampleType\022,\n\021e" + "ndpoint_location\030\005 \001(\0132\021.context.Locatio" + "n\0229\n\014capabilities\030\006 \003(\0132#.context.EndPoi" + "nt.CapabilitiesEntry\032I\n\021CapabilitiesEntr" + "y\022\013\n\003key\030\001 \001(\t\022#\n\005value\030\002 \001(\0132\024.google.p" + "rotobuf.Any:\0028\001\"{\n\014EndPointName\022(\n\013endpo" + "int_id\030\001 \001(\0132\023.context.EndPointId\022\023\n\013dev" + "ice_name\030\002 \001(\t\022\025\n\rendpoint_name\030\003 \001(\t\022\025\n" + "\rendpoint_type\030\004 \001(\t\";\n\016EndPointIdList\022)" + "\n\014endpoint_ids\030\001 \003(\0132\023.context.EndPointI" + "d\"A\n\020EndPointNameList\022-\n\016endpoint_names\030" + "\001 \003(\0132\025.context.EndPointName\"A\n\021ConfigRu" + "le_Custom\022\024\n\014resource_key\030\001 \001(\t\022\026\n\016resou" + "rce_value\030\002 \001(\t\"\213\001\n\016ConfigRule_ACL\022(\n\013en" + "dpoint_id\030\001 \001(\0132\023.context.EndPointId\022,\n\t" + "direction\030\002 \001(\0162\031.context.AclDirectionEn" + "um\022!\n\010rule_set\030\003 \001(\0132\017.acl.AclRuleSet\"f\n" + "\021ConfigRule_IPOWDM\022(\n\013endpoint_id\030\001 \001(\0132" + "\023.context.EndPointId\022\'\n\010rule_set\030\002 \001(\0132\025" + ".ipowdm.IpowdmRuleSet\"k\n\023ConfigRule_TAPI" + "_LSP\022(\n\013endpoint_id\030\001 \001(\0132\023.context.EndP" + "ointId\022*\n\010rule_set\030\002 \003(\0132\030.tapi_lsp.Tapi" + "LspRuleSet\"h\n\022ConfigRule_IP_LINK\022(\n\013endp" + "oint_id\030\001 \001(\0132\023.context.EndPointId\022(\n\010ru" + "le_set\030\002 \001(\0132\026.ip_link.IpLinkRuleSet\"\254\002\n" + "\nConfigRule\022)\n\006action\030\001 \001(\0162\031.context.Co" + "nfigActionEnum\022,\n\006custom\030\002 \001(\0132\032.context" + ".ConfigRule_CustomH\000\022&\n\003acl\030\003 \001(\0132\027.cont" + "ext.ConfigRule_ACLH\000\022.\n\007ip_link\030\004 \001(\0132\033." + "context.ConfigRule_IP_LINKH\000\0220\n\010tapi_lsp" + "\030\005 \001(\0132\034.context.ConfigRule_TAPI_LSPH\000\022," + "\n\006ipowdm\030\006 \001(\0132\032.context.ConfigRule_IPOW" + "DMH\000B\r\n\013config_rule\"F\n\021Constraint_Custom" + "\022\027\n\017constraint_type\030\001 \001(\t\022\030\n\020constraint_" + "value\030\002 \001(\t\"E\n\023Constraint_Schedule\022\027\n\017st" + "art_timestamp\030\001 \001(\001\022\025\n\rduration_days\030\002 \001" + "(\002\"3\n\014GPS_Position\022\020\n\010latitude\030\001 \001(\002\022\021\n\t" + "longitude\030\002 \001(\002\"\204\001\n\010Location\022\020\n\006region\030\001" + " \001(\tH\000\022-\n\014gps_position\030\002 \001(\0132\025.context.G" + "PS_PositionH\000\022\023\n\tinterface\030\003 \001(\tH\000\022\026\n\014ci" + "rcuit_pack\030\004 \001(\tH\000B\n\n\010location\"l\n\033Constr" + "aint_EndPointLocation\022(\n\013endpoint_id\030\001 \001" + "(\0132\023.context.EndPointId\022#\n\010location\030\002 \001(" + "\0132\021.context.Location\"Y\n\033Constraint_EndPo" + "intPriority\022(\n\013endpoint_id\030\001 \001(\0132\023.conte" + "xt.EndPointId\022\020\n\010priority\030\002 \001(\r\"0\n\026Const" + "raint_SLA_Latency\022\026\n\016e2e_latency_ms\030\001 \001(" + "\002\"0\n\027Constraint_SLA_Capacity\022\025\n\rcapacity" + "_gbps\030\001 \001(\002\"c\n\033Constraint_SLA_Availabili" + "ty\022\032\n\022num_disjoint_paths\030\001 \001(\r\022\022\n\nall_ac" + "tive\030\002 \001(\010\022\024\n\014availability\030\003 \001(\002\"V\n\036Cons" + "traint_SLA_Isolation_level\0224\n\017isolation_" + "level\030\001 \003(\0162\033.context.IsolationLevelEnum" + "\"\242\001\n\025Constraint_Exclusions\022\024\n\014is_permane" + "nt\030\001 \001(\010\022%\n\ndevice_ids\030\002 \003(\0132\021.context.D" + "eviceId\022)\n\014endpoint_ids\030\003 \003(\0132\023.context." + "EndPointId\022!\n\010link_ids\030\004 \003(\0132\017.context.L" + "inkId\"5\n\014QoSProfileId\022%\n\016qos_profile_id\030" + "\001 \001(\0132\r.context.Uuid\"`\n\025Constraint_QoSPr" + "ofile\022-\n\016qos_profile_id\030\001 \001(\0132\025.context." + "QoSProfileId\022\030\n\020qos_profile_name\030\002 \001(\t\"\222" + "\005\n\nConstraint\022-\n\006action\030\001 \001(\0162\035.context." + "ConstraintActionEnum\022,\n\006custom\030\002 \001(\0132\032.c" + "ontext.Constraint_CustomH\000\0220\n\010schedule\030\003" + " \001(\0132\034.context.Constraint_ScheduleH\000\022A\n\021" + "endpoint_location\030\004 \001(\0132$.context.Constr" + "aint_EndPointLocationH\000\022A\n\021endpoint_prio" + "rity\030\005 \001(\0132$.context.Constraint_EndPoint" + "PriorityH\000\0228\n\014sla_capacity\030\006 \001(\0132 .conte" + "xt.Constraint_SLA_CapacityH\000\0226\n\013sla_late" + "ncy\030\007 \001(\0132\037.context.Constraint_SLA_Laten" + "cyH\000\022@\n\020sla_availability\030\010 \001(\0132$.context" + ".Constraint_SLA_AvailabilityH\000\022@\n\rsla_is" + "olation\030\t \001(\0132\'.context.Constraint_SLA_I" + "solation_levelH\000\0224\n\nexclusions\030\n \001(\0132\036.c" + "ontext.Constraint_ExclusionsH\000\0225\n\013qos_pr" + "ofile\030\013 \001(\0132\036.context.Constraint_QoSProf" + "ileH\000B\014\n\nconstraint\"^\n\022TeraFlowControlle" + "r\022&\n\ncontext_id\030\001 \001(\0132\022.context.ContextI" + "d\022\022\n\nip_address\030\002 \001(\t\022\014\n\004port\030\003 \001(\r\"U\n\024A" + "uthenticationResult\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022\025\n\rauthenticated\030\002 \001" + "(\010\"-\n\017OpticalConfigId\022\032\n\022opticalconfig_u" + "uid\030\001 \001(\t\"y\n\rOpticalConfig\0222\n\020opticalcon" + "fig_id\030\001 \001(\0132\030.context.OpticalConfigId\022\016" + "\n\006config\030\002 \001(\t\022$\n\tdevice_id\030\003 \001(\0132\021.cont" + "ext.DeviceId\"C\n\021OpticalConfigList\022.\n\016opt" + "icalconfigs\030\001 \003(\0132\026.context.OpticalConfi" + "g\"g\n\022OpticalConfigEvent\022\035\n\005event\030\001 \001(\0132\016" + ".context.Event\0222\n\020opticalconfig_id\030\002 \001(\013" + "2\030.context.OpticalConfigId\"_\n\021OpticalEnd" + "PointId\022$\n\tdevice_id\030\002 \001(\0132\021.context.Dev" + "iceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context.U" + "uid\">\n\017OpticalLinkList\022+\n\roptical_links\030" + "\001 \003(\0132\024.context.OpticalLink\"\304\003\n\022OpticalL" + "inkDetails\022\016\n\006length\030\001 \001(\002\022\020\n\010src_port\030\002" + " \001(\t\022\020\n\010dst_port\030\003 \001(\t\022\027\n\017local_peer_por" + "t\030\004 \001(\t\022\030\n\020remote_peer_port\030\005 \001(\t\022\014\n\004use" + "d\030\006 \001(\010\0228\n\007c_slots\030\007 \003(\0132\'.context.Optic" + "alLinkDetails.CSlotsEntry\0228\n\007l_slots\030\010 \003" + "(\0132\'.context.OpticalLinkDetails.LSlotsEn" + "try\0228\n\007s_slots\030\t \003(\0132\'.context.OpticalLi" + "nkDetails.SSlotsEntry\032-\n\013CSlotsEntry\022\013\n\003" + "key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013LSlotsEn" + "try\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013S" + "SlotsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\002" + "8\001\"\243\001\n\013OpticalLink\022\014\n\004name\030\001 \001(\t\0224\n\017opti" + "cal_details\030\002 \001(\0132\033.context.OpticalLinkD" + "etails\022 \n\007link_id\030\003 \001(\0132\017.context.LinkId" + "\022.\n\021link_endpoint_ids\030\004 \003(\0132\023.context.En" + "dPointId\"0\n\tChannelId\022#\n\014channel_uuid\030\001 " + "\001(\0132\r.context.Uuid\"8\n\rOpticalBandId\022\'\n\020o" + "pticalband_uuid\030\001 \001(\0132\r.context.Uuid\"\247\002\n" + "\013OpticalBand\022.\n\016opticalband_id\030\001 \001(\0132\026.c" + "ontext.OpticalBandId\022,\n\rconnection_id\030\002 " + "\001(\0132\025.context.ConnectionId\022&\n\nchannel_id" + "\030\003 \001(\0132\022.context.ChannelId\022&\n\nservice_id" + "\030\004 \001(\0132\022.context.ServiceId\022#\n\007service\030\005 " + "\001(\0132\020.context.ServiceH\000\022)\n\nconnection\030\006 " + "\001(\0132\023.context.ConnectionH\000\022\021\n\007channel\030\007 " + "\001(\tH\000B\007\n\005field\"=\n\017OpticalBandList\022*\n\014opt" + "icalbands\030\001 \003(\0132\024.context.OpticalBand\"r\n" + "\021ServiceConfigRule\022&\n\nservice_id\030\001 \001(\0132\022" + ".context.ServiceId\0225\n\021configrule_custom\030" + "\002 \001(\0132\032.context.ConfigRule_Custom*j\n\rEve" + "ntTypeEnum\022\027\n\023EVENTTYPE_UNDEFINED\020\000\022\024\n\020E" + "VENTTYPE_CREATE\020\001\022\024\n\020EVENTTYPE_UPDATE\020\002\022" + "\024\n\020EVENTTYPE_REMOVE\020\003*\201\005\n\020DeviceDriverEn" + "um\022\032\n\026DEVICEDRIVER_UNDEFINED\020\000\022\033\n\027DEVICE" + "DRIVER_OPENCONFIG\020\001\022\036\n\032DEVICEDRIVER_TRAN" + "SPORT_API\020\002\022\023\n\017DEVICEDRIVER_P4\020\003\022&\n\"DEVI" + "CEDRIVER_IETF_NETWORK_TOPOLOGY\020\004\022\033\n\027DEVI" + "CEDRIVER_ONF_TR_532\020\005\022\023\n\017DEVICEDRIVER_XR" + "\020\006\022\033\n\027DEVICEDRIVER_IETF_L2VPN\020\007\022 \n\034DEVIC" + "EDRIVER_GNMI_OPENCONFIG\020\010\022\034\n\030DEVICEDRIVE" + "R_OPTICAL_TFS\020\t\022\032\n\026DEVICEDRIVER_IETF_ACT" + "N\020\n\022\023\n\017DEVICEDRIVER_OC\020\013\022\024\n\020DEVICEDRIVER" + "_QKD\020\014\022\033\n\027DEVICEDRIVER_IETF_L3VPN\020\r\022\033\n\027D" + "EVICEDRIVER_IETF_SLICE\020\016\022\024\n\020DEVICEDRIVER" + "_NCE\020\017\022\031\n\025DEVICEDRIVER_SMARTNIC\020\020\022\031\n\025DEV" + "ICEDRIVER_MORPHEUS\020\021\022\024\n\020DEVICEDRIVER_RYU" + "\020\022\022#\n\037DEVICEDRIVER_GNMI_NOKIA_SRLINUX\020\023\022" + "\032\n\026DEVICEDRIVER_OPENROADM\020\024\022$\n DEVICEDRI" + "VER_RESTCONF_OPENCONFIG\020\025*\217\001\n\033DeviceOper" + "ationalStatusEnum\022%\n!DEVICEOPERATIONALST" + "ATUS_UNDEFINED\020\000\022$\n DEVICEOPERATIONALSTA" + "TUS_DISABLED\020\001\022#\n\037DEVICEOPERATIONALSTATU" + "S_ENABLED\020\002*\245\001\n\014LinkTypeEnum\022\024\n\020LINKTYPE" + "_UNKNOWN\020\000\022\023\n\017LINKTYPE_COPPER\020\001\022\022\n\016LINKT" + "YPE_FIBER\020\002\022\022\n\016LINKTYPE_RADIO\020\003\022\024\n\020LINKT" + "YPE_VIRTUAL\020\004\022\027\n\023LINKTYPE_MANAGEMENT\020\005\022\023" + "\n\017LINKTYPE_REMOTE\020\006*\360\002\n\017ServiceTypeEnum\022" + "\027\n\023SERVICETYPE_UNKNOWN\020\000\022\024\n\020SERVICETYPE_" + "L3NM\020\001\022\024\n\020SERVICETYPE_L2NM\020\002\022)\n%SERVICET" + "YPE_TAPI_CONNECTIVITY_SERVICE\020\003\022\022\n\016SERVI" + "CETYPE_TE\020\004\022\023\n\017SERVICETYPE_E2E\020\005\022$\n SERV" + "ICETYPE_OPTICAL_CONNECTIVITY\020\006\022\023\n\017SERVIC" + "ETYPE_QKD\020\007\022\024\n\020SERVICETYPE_L1NM\020\010\022\023\n\017SER" + "VICETYPE_INT\020\t\022\023\n\017SERVICETYPE_ACL\020\n\022\027\n\023S" + "ERVICETYPE_IP_LINK\020\013\022\030\n\024SERVICETYPE_TAPI" + "_LSP\020\014\022\026\n\022SERVICETYPE_IPOWDM\020\r*\304\001\n\021Servi" + "ceStatusEnum\022\033\n\027SERVICESTATUS_UNDEFINED\020" + "\000\022\031\n\025SERVICESTATUS_PLANNED\020\001\022\030\n\024SERVICES" + "TATUS_ACTIVE\020\002\022\032\n\026SERVICESTATUS_UPDATING" + "\020\003\022!\n\035SERVICESTATUS_PENDING_REMOVAL\020\004\022\036\n" + "\032SERVICESTATUS_SLA_VIOLATED\020\005*\251\001\n\017SliceS" + "tatusEnum\022\031\n\025SLICESTATUS_UNDEFINED\020\000\022\027\n\023" + "SLICESTATUS_PLANNED\020\001\022\024\n\020SLICESTATUS_INI" + "T\020\002\022\026\n\022SLICESTATUS_ACTIVE\020\003\022\026\n\022SLICESTAT" + "US_DEINIT\020\004\022\034\n\030SLICESTATUS_SLA_VIOLATED\020" + "\005*]\n\020ConfigActionEnum\022\032\n\026CONFIGACTION_UN" + "DEFINED\020\000\022\024\n\020CONFIGACTION_SET\020\001\022\027\n\023CONFI" + "GACTION_DELETE\020\002*\\\n\020AclDirectionEnum\022\025\n\021" + "ACLDIRECTION_BOTH\020\000\022\030\n\024ACLDIRECTION_INGR" + "ESS\020\001\022\027\n\023ACLDIRECTION_EGRESS\020\002*m\n\024Constr" + "aintActionEnum\022\036\n\032CONSTRAINTACTION_UNDEF" + "INED\020\000\022\030\n\024CONSTRAINTACTION_SET\020\001\022\033\n\027CONS" + "TRAINTACTION_DELETE\020\002*\203\002\n\022IsolationLevel" + "Enum\022\020\n\014NO_ISOLATION\020\000\022\026\n\022PHYSICAL_ISOLA" + "TION\020\001\022\025\n\021LOGICAL_ISOLATION\020\002\022\025\n\021PROCESS" + "_ISOLATION\020\003\022\035\n\031PHYSICAL_MEMORY_ISOLATIO" + "N\020\004\022\036\n\032PHYSICAL_NETWORK_ISOLATION\020\005\022\036\n\032V" + "IRTUAL_RESOURCE_ISOLATION\020\006\022\037\n\033NETWORK_F" + "UNCTIONS_ISOLATION\020\007\022\025\n\021SERVICE_ISOLATIO" + "N\020\0102\274\035\n\016ContextService\022:\n\016ListContextIds" + "\022\016.context.Empty\032\026.context.ContextIdList" + "\"\000\0226\n\014ListContexts\022\016.context.Empty\032\024.con" + "text.ContextList\"\000\0224\n\nGetContext\022\022.conte" + "xt.ContextId\032\020.context.Context\"\000\0224\n\nSetC" + "ontext\022\020.context.Context\032\022.context.Conte" + "xtId\"\000\0225\n\rRemoveContext\022\022.context.Contex" + "tId\032\016.context.Empty\"\000\022=\n\020GetContextEvent" + "s\022\016.context.Empty\032\025.context.ContextEvent" + "\"\0000\001\022@\n\017ListTopologyIds\022\022.context.Contex" + "tId\032\027.context.TopologyIdList\"\000\022=\n\016ListTo" + "pologies\022\022.context.ContextId\032\025.context.T" + "opologyList\"\000\0227\n\013GetTopology\022\023.context.T" + "opologyId\032\021.context.Topology\"\000\022E\n\022GetTop" + "ologyDetails\022\023.context.TopologyId\032\030.cont" + "ext.TopologyDetails\"\000\0227\n\013SetTopology\022\021.c" + "ontext.Topology\032\023.context.TopologyId\"\000\0227" + "\n\016RemoveTopology\022\023.context.TopologyId\032\016." + "context.Empty\"\000\022?\n\021GetTopologyEvents\022\016.c" + "ontext.Empty\032\026.context.TopologyEvent\"\0000\001" + "\0228\n\rListDeviceIds\022\016.context.Empty\032\025.cont" + "ext.DeviceIdList\"\000\0224\n\013ListDevices\022\016.cont" + "ext.Empty\032\023.context.DeviceList\"\000\0221\n\tGetD" + "evice\022\021.context.DeviceId\032\017.context.Devic" + "e\"\000\0221\n\tSetDevice\022\017.context.Device\032\021.cont" + "ext.DeviceId\"\000\0223\n\014RemoveDevice\022\021.context" + ".DeviceId\032\016.context.Empty\"\000\022;\n\017GetDevice" + "Events\022\016.context.Empty\032\024.context.DeviceE" + "vent\"\0000\001\022<\n\014SelectDevice\022\025.context.Devic" + "eFilter\032\023.context.DeviceList\"\000\022I\n\021ListEn" + "dPointNames\022\027.context.EndPointIdList\032\031.c" + "ontext.EndPointNameList\"\000\0224\n\013ListLinkIds" + "\022\016.context.Empty\032\023.context.LinkIdList\"\000\022" + "0\n\tListLinks\022\016.context.Empty\032\021.context.L" + "inkList\"\000\022+\n\007GetLink\022\017.context.LinkId\032\r." + "context.Link\"\000\022+\n\007SetLink\022\r.context.Link" + "\032\017.context.LinkId\"\000\022/\n\nRemoveLink\022\017.cont" + "ext.LinkId\032\016.context.Empty\"\000\0227\n\rGetLinkE" + "vents\022\016.context.Empty\032\022.context.LinkEven" + "t\"\0000\001\022>\n\016ListServiceIds\022\022.context.Contex" + "tId\032\026.context.ServiceIdList\"\000\022:\n\014ListSer" + "vices\022\022.context.ContextId\032\024.context.Serv" + "iceList\"\000\0224\n\nGetService\022\022.context.Servic" + "eId\032\020.context.Service\"\000\0224\n\nSetService\022\020." + "context.Service\032\022.context.ServiceId\"\000\0226\n" + "\014UnsetService\022\020.context.Service\032\022.contex" + "t.ServiceId\"\000\0225\n\rRemoveService\022\022.context" + ".ServiceId\032\016.context.Empty\"\000\022=\n\020GetServi", "ceEvents\022\016.context.Empty\032\025.context.Servi" + "ceEvent\"\0000\001\022?\n\rSelectService\022\026.context.S" + "erviceFilter\032\024.context.ServiceList\"\000\022:\n\014" + "ListSliceIds\022\022.context.ContextId\032\024.conte" + "xt.SliceIdList\"\000\0226\n\nListSlices\022\022.context" + ".ContextId\032\022.context.SliceList\"\000\022.\n\010GetS" + "lice\022\020.context.SliceId\032\016.context.Slice\"\000" + "\022.\n\010SetSlice\022\016.context.Slice\032\020.context.S" + "liceId\"\000\0220\n\nUnsetSlice\022\016.context.Slice\032\020" + ".context.SliceId\"\000\0221\n\013RemoveSlice\022\020.cont" + "ext.SliceId\032\016.context.Empty\"\000\0229\n\016GetSlic" + "eEvents\022\016.context.Empty\032\023.context.SliceE" + "vent\"\0000\001\0229\n\013SelectSlice\022\024.context.SliceF" + "ilter\032\022.context.SliceList\"\000\022D\n\021ListConne" + "ctionIds\022\022.context.ServiceId\032\031.context.C" + "onnectionIdList\"\000\022@\n\017ListConnections\022\022.c" + "ontext.ServiceId\032\027.context.ConnectionLis" + "t\"\000\022=\n\rGetConnection\022\025.context.Connectio" + "nId\032\023.context.Connection\"\000\022=\n\rSetConnect" + "ion\022\023.context.Connection\032\025.context.Conne" + "ctionId\"\000\022;\n\020RemoveConnection\022\025.context." + "ConnectionId\032\016.context.Empty\"\000\022C\n\023GetCon" + "nectionEvents\022\016.context.Empty\032\030.context." + "ConnectionEvent\"\0000\001\0225\n\014GetAllEvents\022\016.co" + "ntext.Empty\032\021.context.AnyEvent\"\0000\001\022@\n\020Ge" + "tOpticalConfig\022\016.context.Empty\032\032.context" + ".OpticalConfigList\"\000\022F\n\020SetOpticalConfig" + "\022\026.context.OpticalConfig\032\030.context.Optic" + "alConfigId\"\000\022I\n\023UpdateOpticalConfig\022\026.co" + "ntext.OpticalConfig\032\030.context.OpticalCon" + "figId\"\000\022I\n\023SelectOpticalConfig\022\030.context" + ".OpticalConfigId\032\026.context.OpticalConfig" + "\"\000\022A\n\023DeleteOpticalConfig\022\030.context.Opti" + "calConfigId\032\016.context.Empty\"\000\022@\n\024DeleteO" + "pticalChannel\022\026.context.OpticalConfig\032\016." + "context.Empty\"\000\0228\n\016SetOpticalLink\022\024.cont" + "ext.OpticalLink\032\016.context.Empty\"\000\0229\n\016Get" + "OpticalLink\022\017.context.LinkId\032\024.context.O" + "pticalLink\"\000\0226\n\021DeleteOpticalLink\022\017.cont" + "ext.LinkId\032\016.context.Empty\"\000\022@\n\022GetOptic" + "alLinkList\022\016.context.Empty\032\030.context.Opt" + "icalLinkList\"\000\022<\n\016GetOpticalBand\022\016.conte" + "xt.Empty\032\030.context.OpticalBandList\"\000\022C\n\021" + "SelectOpticalBand\022\026.context.OpticalBandI" + "d\032\024.context.OpticalBand\"\000\022G\n\027DeleteServi" + "ceConfigRule\022\032.context.ServiceConfigRule" + "\032\016.context.Empty\"\000b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(descriptorData, new com.google.protobuf.Descriptors.FileDescriptor[] { com.google.protobuf.AnyProto.getDescriptor(), acl.Acl.getDescriptor(), ipowdm.Ipowdm.getDescriptor(), ip_link.IpLink.getDescriptor(), kpi_sample_types.KpiSampleTypes.getDescriptor(), tapi_lsp.TapiLsp.getDescriptor() }); internal_static_context_Empty_descriptor = getDescriptor().getMessageTypes().get(0); internal_static_context_Empty_fieldAccessorTable = new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(internal_static_context_Empty_descriptor, new java.lang.String[] {}); diff --git a/src/policy/target/kubernetes/kubernetes.yml b/src/policy/target/kubernetes/kubernetes.yml index cab8865e081bed2991ff9df730d5efe97c0b9e9e..820135c62bdac4f0114f9d23a03c0cad715fba50 100644 --- a/src/policy/target/kubernetes/kubernetes.yml +++ b/src/policy/target/kubernetes/kubernetes.yml @@ -3,8 +3,8 @@ apiVersion: v1 kind: Service metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:10:47 +0000 + app.quarkus.io/commit-id: 011890de6d6852d8308c9774d504a002cbbeca55 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:21:22 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -17,18 +17,18 @@ metadata: name: policyservice spec: ports: - - name: http - port: 9192 + - name: https + port: 443 protocol: TCP - targetPort: 8080 + targetPort: 8443 - name: grpc port: 6060 protocol: TCP targetPort: 6060 - - name: https - port: 443 + - name: http + port: 9192 protocol: TCP - targetPort: 8443 + targetPort: 8080 selector: app.kubernetes.io/name: policyservice type: ClusterIP @@ -37,8 +37,8 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:10:47 +0000 + app.quarkus.io/commit-id: 011890de6d6852d8308c9774d504a002cbbeca55 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:21:22 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -46,8 +46,8 @@ metadata: labels: app: policyservice app.kubernetes.io/managed-by: quarkus - app.kubernetes.io/version: 0.1.0 app.kubernetes.io/name: policyservice + app.kubernetes.io/version: 0.1.0 name: policyservice spec: replicas: 1 @@ -57,8 +57,8 @@ spec: template: metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:10:47 +0000 + app.quarkus.io/commit-id: 011890de6d6852d8308c9774d504a002cbbeca55 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:21:22 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -66,8 +66,8 @@ spec: labels: app: policyservice app.kubernetes.io/managed-by: quarkus - app.kubernetes.io/version: 0.1.0 app.kubernetes.io/name: policyservice + app.kubernetes.io/version: 0.1.0 spec: containers: - env: @@ -75,14 +75,14 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MONITORING_SERVICE_HOST + value: monitoringservice - name: CONTEXT_SERVICE_HOST value: contextservice - - name: KAFKA_BROKER_HOST - value: kafka-service.kafka.svc.cluster.local - name: SERVICE_SERVICE_HOST value: serviceservice - - name: MONITORING_SERVICE_HOST - value: monitoringservice + - name: KAFKA_BROKER_HOST + value: kafka-service.kafka.svc.cluster.local image: labs.etsi.org:5050/tfs/controller/policy:0.1.0 imagePullPolicy: Always livenessProbe: @@ -97,14 +97,14 @@ spec: timeoutSeconds: 10 name: policyservice ports: - - containerPort: 8080 - name: http + - containerPort: 8443 + name: https protocol: TCP - containerPort: 6060 name: grpc protocol: TCP - - containerPort: 8443 - name: https + - containerPort: 8080 + name: http protocol: TCP readinessProbe: failureThreshold: 3 diff --git a/src/service/service/service_handler_api/FilterFields.py b/src/service/service/service_handler_api/FilterFields.py index 6da1d6f55c587322d71f4a3a2f28055d260ee5ed..473efa3e0f3fc1a0845974fcf4f58d8dfd65127d 100644 --- a/src/service/service/service_handler_api/FilterFields.py +++ b/src/service/service/service_handler_api/FilterFields.py @@ -58,6 +58,7 @@ DEVICE_DRIVER_VALUES = { DeviceDriverEnum.DEVICEDRIVER_RYU, DeviceDriverEnum.DEVICEDRIVER_GNMI_NOKIA_SRLINUX, DeviceDriverEnum.DEVICEDRIVER_OPENROADM, + DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG, } # Map allowed filter fields to allowed values per Filter field. If no restriction (free text) None is specified diff --git a/src/tests/tools/firewall_agent/DeploymentSet.yaml b/src/tests/tools/firewall_agent/DeploymentSet.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f23b33f26c4a4d63c23d20a0c06e75160cc1354e --- /dev/null +++ b/src/tests/tools/firewall_agent/DeploymentSet.yaml @@ -0,0 +1,73 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: firewall-agent +spec: + replicas: 1 + selector: + matchLabels: + app: firewall-agent + template: + metadata: + labels: + app: firewall-agent + spec: + hostNetwork: true # like --network host + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: firewall-agent + image: firewall-agent:dev + #image: localhost:32000/tfs/firewall-agent:dev + imagePullPolicy: Always + securityContext: + capabilities: + add: ["NET_ADMIN"] # like --cap-add=NET_ADMIN + # privileged: true # uncomment if your code needs full net admin / sysctl + ports: + - containerPort: 8888 # container listens on 8888 on the host now + hostPort: 8888 # optional, but makes it explicit + readinessProbe: + httpGet: + path: /restconf/data + port: 8888 + initialDelaySeconds: 5 + timeoutSeconds: 1 + livenessProbe: + httpGet: + path: /restconf/data + port: 8888 + initialDelaySeconds: 5 + timeoutSeconds: 1 +## Service not needed as pod is directly exposed on host network +#--- +#apiVersion: v1 +#kind: Service +#metadata: +# name: firewall-agent +# labels: +# app: firewall-agent +#spec: +# type: NodePort +# selector: +# app: firewall-agent +# ports: +# - name: mgmt +# protocol: TCP +# port: 8888 +# targetPort: 8888 +# nodePort: 30888 diff --git a/src/tests/tools/firewall_agent/Dockerfile b/src/tests/tools/firewall_agent/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..3207a5fff7f0140414f480ba1ebe2cfb5b44fcc8 --- /dev/null +++ b/src/tests/tools/firewall_agent/Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +FROM python:3.11-slim + +ENV PYTHONUNBUFFERED=0 + +RUN apt-get --yes --quiet --quiet update && \ + apt-get --yes --quiet --quiet install --no-install-recommends libxtables-dev iptables gcc libc6-dev python3-nftables && \ + apt-get clean -y && rm -rf /var/lib/apt/lists/* + +WORKDIR /app +COPY requirements.txt ./ +RUN pip install --no-cache-dir -r requirements.txt +COPY firewall_agent ./firewall_agent + +EXPOSE 8888 +CMD ["python", "-m", "firewall_agent.app"] diff --git a/src/tests/tools/firewall_agent/README.md b/src/tests/tools/firewall_agent/README.md new file mode 100644 index 0000000000000000000000000000000000000000..2f07034de861091f89d23d02e21161fb7eb493cf --- /dev/null +++ b/src/tests/tools/firewall_agent/README.md @@ -0,0 +1,6 @@ +# Firewall Agent + +This repository contains a simple RESTCONF/OpenConfig firewall agent and a test deployment that demonstrates ACL behavior using two minimal HTTP servers. + +__NOTE: TO BE COMPLETED__ + diff --git a/src/tests/tools/firewall_agent/docs/Docs-and-Commands.md b/src/tests/tools/firewall_agent/docs/Docs-and-Commands.md new file mode 100644 index 0000000000000000000000000000000000000000..2c133c875f897457ade5438f9803c8c052ceeb37 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/Docs-and-Commands.md @@ -0,0 +1,1009 @@ +# Docs and Commands + +- Ref: https://ral-arturo.org/2020/11/22/python-nftables-tutorial.html +- Ref: https://www.netfilter.org/projects/nftables/manpage.html +- Ref: https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes + +- Note: table and chain can have comment as well. + +## Example Commands: + +```bash +sudo nft --interactive --handle + +# WORKS to block traffic, but weird as external facing port is 30435, not 85 +insert rule ip filter FORWARD iifname "enp0s3" tcp dport 85 drop + +# WORKS to block/allow traffic by external facing port 30435 +add table ip filter +add chain ip filter PREROUTING { type filter hook prerouting priority raw; policy accept; } +add rule ip filter PREROUTING tcp dport 30435 reject +insert rule ip filter PREROUTING ip saddr 10.0.2.2/32 tcp dport 30435 accept +insert rule ip filter PREROUTING ip saddr 10.0.2.10/32 tcp dport 30435 accept + +list chain ip filter PREROUTING +table ip filter { + chain PREROUTING { # handle 30 + type filter hook prerouting priority raw; policy accept; + ip saddr 10.0.2.10 tcp dport 30435 accept # handle 34 + ip saddr 10.0.2.2 tcp dport 30435 accept # handle 33 + tcp dport 30435 reject # handle 31 + } +} + +delete rule ip filter PREROUTING handle 34 +delete rule ip filter PREROUTING handle 33 +delete rule ip filter PREROUTING handle 31 + + +# ============================= + +sudo nft add table ip filter +sudo nft add chain ip filter input {type filter hook input priority filter ; policy accept; } +sudo nft add chain ip filter output {type filter hook output priority filter; policy accept; } + +# Example options +#sudo nft add rule ip filter input +# iifname lo +# oifname lo +# ip saddr 0.0.0.0/0 +# ip daddr 192.168.0.10/32 +# tcp sport 12345 +# tcp dport 80 +# accept/drop/reject +# comment "my-rule-name" + +sudo nft add rule ip filter input iifname enp0s3 ip saddr 0.0.0.0/0 ip daddr 192.168.0.10/32 tcp sport 12345 tcp dport 80 accept comment "my-rule-in-test" +sudo nft add rule ip filter output oifname enp0s3 ip daddr 0.0.0.0/0 ip saddr 192.168.0.10/32 tcp dport 80 tcp sport 12345 drop comment "my-rule-out-test" +``` + + +## Running code: + +```python +import json +import nftables + +nft = nftables.Nftables() +nft.set_json_output(True) +rc, output, error = nft.cmd("list ruleset") +print(json.loads(output)) +``` + +Retrieves in `output`: + +```json +{ + "nftables": [ + { + "metainfo": { + "version": "1.1.3", + "release_name": "Commodore Bullmoose #4", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "ip", + "name": "nat", + "handle": 1 + } + }, + { + "chain": { + "family": "ip", + "table": "nat", + "name": "DOCKER", + "handle": 1 + } + }, + { + "chain": { + "family": "ip", + "table": "nat", + "name": "PREROUTING", + "handle": 6, + "type": "nat", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "nat", + "name": "OUTPUT", + "handle": 8, + "type": "nat", + "hook": "output", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "nat", + "name": "POSTROUTING", + "handle": 10, + "type": "nat", + "hook": "postrouting", + "prio": 100, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip", + "table": "nat", + "chain": "DOCKER", + "handle": 14, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "return": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "nat", + "chain": "PREROUTING", + "handle": 7, + "expr": [ + { + "xt": { + "type": "match", + "name": "addrtype" + } + }, + { + "counter": { + "packets": 2, + "bytes": 88 + } + }, + { + "jump": { + "target": "DOCKER" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "nat", + "chain": "OUTPUT", + "handle": 9, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + "right": { + "prefix": { + "addr": "127.0.0.0", + "len": 8 + } + } + } + }, + { + "xt": { + "type": "match", + "name": "addrtype" + } + }, + { + "counter": { + "packets": 12, + "bytes": 720 + } + }, + { + "jump": { + "target": "DOCKER" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "nat", + "chain": "POSTROUTING", + "handle": 13, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": { + "prefix": { + "addr": "172.17.0.0", + "len": 16 + } + } + } + }, + { + "counter": { + "packets": 74, + "bytes": 4651 + } + }, + { + "xt": { + "type": "target", + "name": "MASQUERADE" + } + } + ] + } + }, + { + "table": { + "family": "ip", + "name": "filter", + "handle": 2 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER", + "handle": 1 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-FORWARD", + "handle": 2 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-BRIDGE", + "handle": 3 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-CT", + "handle": 4 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-ISOLATION-STAGE-1", + "handle": 5 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-ISOLATION-STAGE-2", + "handle": 6 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "FORWARD", + "handle": 7, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "DOCKER-USER", + "handle": 18 + } + }, + { + "chain": { + "family": "ip", + "table": "filter", + "name": "INPUT", + "handle": 26, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER", + "handle": 21, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "docker0" + } + }, + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 11, + "expr": [ + { + "counter": { + "packets": 188597, + "bytes": 246896440 + } + }, + { + "jump": { + "target": "DOCKER-CT" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 10, + "expr": [ + { + "counter": { + "packets": 68171, + "bytes": 3005971 + } + }, + { + "jump": { + "target": "DOCKER-ISOLATION-STAGE-1" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 9, + "expr": [ + { + "counter": { + "packets": 68171, + "bytes": 3005971 + } + }, + { + "jump": { + "target": "DOCKER-BRIDGE" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 20, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 68171, + "bytes": 3005971 + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-BRIDGE", + "handle": 23, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-CT", + "handle": 22, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "xt": { + "type": "match", + "name": "conntrack" + } + }, + { + "counter": { + "packets": 120426, + "bytes": 243890469 + } + }, + { + "accept": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-ISOLATION-STAGE-1", + "handle": 24, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "iifname" + } + }, + "right": "docker0" + } + }, + { + "match": { + "op": "!=", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 68171, + "bytes": 3005971 + } + }, + { + "jump": { + "target": "DOCKER-ISOLATION-STAGE-2" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "DOCKER-ISOLATION-STAGE-2", + "handle": 25, + "expr": [ + { + "match": { + "op": "==", + "left": { + "meta": { + "key": "oifname" + } + }, + "right": "docker0" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "FORWARD", + "handle": 19, + "expr": [ + { + "counter": { + "packets": 188597, + "bytes": 246896440 + } + }, + { + "jump": { + "target": "DOCKER-USER" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "FORWARD", + "handle": 8, + "expr": [ + { + "counter": { + "packets": 188597, + "bytes": 246896440 + } + }, + { + "jump": { + "target": "DOCKER-FORWARD" + } + } + ] + } + }, + { + "rule": { + "family": "ip", + "table": "filter", + "chain": "INPUT", + "handle": 27, + "expr": [ + { + "match": { + "op": "==", + "left": { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + "right": "9.9.9.9" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "drop": null + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "nat", + "handle": 3 + } + }, + { + "chain": { + "family": "ip6", + "table": "nat", + "name": "DOCKER", + "handle": 1 + } + }, + { + "chain": { + "family": "ip6", + "table": "nat", + "name": "PREROUTING", + "handle": 2, + "type": "nat", + "hook": "prerouting", + "prio": -100, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "nat", + "name": "OUTPUT", + "handle": 4, + "type": "nat", + "hook": "output", + "prio": -100, + "policy": "accept" + } + }, + { + "rule": { + "family": "ip6", + "table": "nat", + "chain": "PREROUTING", + "handle": 3, + "expr": [ + { + "xt": { + "type": "match", + "name": "addrtype" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "nat", + "chain": "OUTPUT", + "handle": 5, + "expr": [ + { + "match": { + "op": "!=", + "left": { + "payload": { + "protocol": "ip6", + "field": "daddr" + } + }, + "right": "::1" + } + }, + { + "xt": { + "type": "match", + "name": "addrtype" + } + }, + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER" + } + } + ] + } + }, + { + "table": { + "family": "ip6", + "name": "filter", + "handle": 4 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER", + "handle": 1 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-FORWARD", + "handle": 2 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-BRIDGE", + "handle": 3 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-CT", + "handle": 4 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-ISOLATION-STAGE-1", + "handle": 5 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-ISOLATION-STAGE-2", + "handle": 6 + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "FORWARD", + "handle": 7, + "type": "filter", + "hook": "forward", + "prio": 0, + "policy": "accept" + } + }, + { + "chain": { + "family": "ip6", + "table": "filter", + "name": "DOCKER-USER", + "handle": 12 + } + }, + { + "rule": { + "family": "ip6", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 11, + "expr": [ + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER-CT" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 10, + "expr": [ + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER-ISOLATION-STAGE-1" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "filter", + "chain": "DOCKER-FORWARD", + "handle": 9, + "expr": [ + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER-BRIDGE" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "filter", + "chain": "FORWARD", + "handle": 13, + "expr": [ + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER-USER" + } + } + ] + } + }, + { + "rule": { + "family": "ip6", + "table": "filter", + "chain": "FORWARD", + "handle": 8, + "expr": [ + { + "counter": { + "packets": 0, + "bytes": 0 + } + }, + { + "jump": { + "target": "DOCKER-FORWARD" + } + } + ] + } + } + ] +} +``` diff --git a/src/tests/tools/firewall_agent/docs/yang/generate-trees.sh b/src/tests/tools/firewall_agent/docs/yang/generate-trees.sh new file mode 100755 index 0000000000000000000000000000000000000000..30f02e67edd7c0ae617149ec1fa5aeee2636ab80 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/generate-trees.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +cd openconfig + +pyang -f tree -o ../openconfig-components.tree \ + platform/openconfig-platform-common.yang \ + platform/openconfig-platform-types.yang \ + platform/openconfig-platform.yang \ + system/openconfig-alarm-types.yang \ + types/openconfig-types.yang \ + types/openconfig-yang-types.yang + +pyang -f tree -o ../openconfig-interfaces.tree \ + interfaces/openconfig-if-aggregate.yang \ + interfaces/openconfig-if-ethernet.yang \ + interfaces/openconfig-if-ip.yang \ + interfaces/openconfig-interfaces.yang \ + openconfig-extensions.yang \ + openconfig-transport/openconfig-transport-types.yang \ + platform/openconfig-platform-types.yang \ + types/openconfig-inet-types.yang \ + types/openconfig-types.yang \ + types/openconfig-yang-types.yang \ + vlan/openconfig-vlan-types.yang \ + vlan/openconfig-vlan.yang + +pyang -f tree -o ../openconfig-acl.tree \ + acl/openconfig-acl.yang \ + acl/openconfig-icmpv4-types.yang \ + acl/openconfig-icmpv6-types.yang \ + acl/openconfig-packet-match-types.yang \ + acl/openconfig-packet-match.yang \ + defined-sets/openconfig-defined-sets.yang \ + interfaces/openconfig-interfaces.yang \ + mpls/openconfig-mpls-types.yang \ + openconfig-transport/openconfig-transport-types.yang \ + platform/openconfig-platform-types.yang \ + types/openconfig-inet-types.yang \ + types/openconfig-types.yang \ + types/openconfig-yang-types.yang diff --git a/src/tests/tools/firewall_agent/docs/yang/ietf/iana-if-type.yang b/src/tests/tools/firewall_agent/docs/yang/ietf/iana-if-type.yang new file mode 100644 index 0000000000000000000000000000000000000000..7bfee36478edc7c65677cfe48b2630bffff791cb --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/ietf/iana-if-type.yang @@ -0,0 +1,1619 @@ +module iana-if-type { + namespace "urn:ietf:params:xml:ns:yang:iana-if-type"; + prefix ianaift; + + import ietf-interfaces { + prefix if; + } + + organization "IANA"; + contact + " Internet Assigned Numbers Authority + + Postal: ICANN + 12025 Waterfront Drive, Suite 300 + Los Angeles, CA 90094-2536 + United States + + Tel: +1 310 301 5800 + "; + description + "This YANG module defines YANG identities for IANA-registered + interface types. + + This YANG module is maintained by IANA and reflects the + 'ifType definitions' registry. + + The latest revision of this YANG module can be obtained from + the IANA web site. + + Requests for new values should be made to IANA via + email (iana&iana.org). + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 7224; + see the RFC itself for full legal notices."; + reference + "IANA 'ifType definitions' registry. + "; + + revision 2017-01-19 { + description + "Registered ifType 289."; + } + + revision 2016-11-23 { + description + "Registered ifTypes 283-288."; + } + + revision 2016-06-09 { + description + "Registered ifType 282."; + } + revision 2016-05-03 { + description + "Registered ifType 281."; + } + revision 2015-06-12 { + description + "Corrected formatting issue."; + } + revision 2014-09-24 { + description + "Registered ifType 280."; + } + revision 2014-09-19 { + description + "Registered ifType 279."; + } + revision 2014-07-03 { + description + "Registered ifTypes 277-278."; + } + revision 2014-05-19 { + description + "Updated the contact address."; + } + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7224: IANA Interface Type YANG Module"; + } + + identity iana-interface-type { + base if:interface-type; + description + "This identity is used as a base for all interface types + defined in the 'ifType definitions' registry."; + } + + identity other { + base iana-interface-type; + } + identity regular1822 { + base iana-interface-type; + } + identity hdh1822 { + base iana-interface-type; + } + identity ddnX25 { + base iana-interface-type; + } + identity rfc877x25 { + base iana-interface-type; + reference + "RFC 1382 - SNMP MIB Extension for the X.25 Packet Layer"; + } + identity ethernetCsmacd { + base iana-interface-type; + description + "For all Ethernet-like interfaces, regardless of speed, + as per RFC 3635."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88023Csmacd { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88024TokenBus { + base iana-interface-type; + } + identity iso88025TokenRing { + base iana-interface-type; + } + identity iso88026Man { + base iana-interface-type; + } + identity starLan { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity proteon10Mbit { + base iana-interface-type; + } + identity proteon80Mbit { + base iana-interface-type; + } + identity hyperchannel { + base iana-interface-type; + } + identity fddi { + base iana-interface-type; + reference + "RFC 1512 - FDDI Management Information Base"; + } + identity lapb { + base iana-interface-type; + reference + "RFC 1381 - SNMP MIB Extension for X.25 LAPB"; + } + identity sdlc { + base iana-interface-type; + } + identity ds1 { + base iana-interface-type; + description + "DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + identity e1 { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + identity basicISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity primaryISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity propPointToPointSerial { + base iana-interface-type; + description + "Proprietary serial."; + } + identity ppp { + base iana-interface-type; + } + identity softwareLoopback { + base iana-interface-type; + } + identity eon { + base iana-interface-type; + description + "CLNP over IP."; + } + identity ethernet3Mbit { + base iana-interface-type; + } + identity nsip { + base iana-interface-type; + description + "XNS over IP."; + } + identity slip { + base iana-interface-type; + description + "Generic SLIP."; + } + identity ultra { + base iana-interface-type; + description + "Ultra Technologies."; + } + identity ds3 { + base iana-interface-type; + description + "DS3-MIB."; + reference + "RFC 3896 - Definitions of Managed Objects for the + DS3/E3 Interface Type"; + } + identity sip { + base iana-interface-type; + description + "SMDS, coffee."; + reference + "RFC 1694 - Definitions of Managed Objects for SMDS + Interfaces using SMIv2"; + } + identity frameRelay { + base iana-interface-type; + description + "DTE only."; + reference + "RFC 2115 - Management Information Base for Frame Relay + DTEs Using SMIv2"; + } + identity rs232 { + base iana-interface-type; + reference + "RFC 1659 - Definitions of Managed Objects for RS-232-like + Hardware Devices using SMIv2"; + } + identity para { + base iana-interface-type; + description + "Parallel-port."; + reference + "RFC 1660 - Definitions of Managed Objects for + Parallel-printer-like Hardware Devices using + SMIv2"; + } + identity arcnet { + base iana-interface-type; + description + "ARCnet."; + } + identity arcnetPlus { + base iana-interface-type; + description + "ARCnet Plus."; + } + identity atm { + base iana-interface-type; + description + "ATM cells."; + } + identity miox25 { + base iana-interface-type; + reference + "RFC 1461 - SNMP MIB extension for Multiprotocol + Interconnect over X.25"; + } + identity sonet { + base iana-interface-type; + description + "SONET or SDH."; + } + identity x25ple { + base iana-interface-type; + reference + "RFC 2127 - ISDN Management Information Base using SMIv2"; + } + identity iso88022llc { + base iana-interface-type; + } + identity localTalk { + base iana-interface-type; + } + identity smdsDxi { + base iana-interface-type; + } + identity frameRelayService { + base iana-interface-type; + description + "FRNETSERV-MIB."; + reference + "RFC 2954 - Definitions of Managed Objects for Frame + Relay Service"; + } + identity v35 { + base iana-interface-type; + } + identity hssi { + base iana-interface-type; + } + identity hippi { + base iana-interface-type; + } + identity modem { + base iana-interface-type; + description + "Generic modem."; + } + identity aal5 { + base iana-interface-type; + description + "AAL5 over ATM."; + } + identity sonetPath { + base iana-interface-type; + } + identity sonetVT { + base iana-interface-type; + } + identity smdsIcip { + base iana-interface-type; + description + "SMDS InterCarrier Interface."; + } + identity propVirtual { + base iana-interface-type; + description + "Proprietary virtual/internal."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity propMultiplexor { + base iana-interface-type; + description + "Proprietary multiplexing."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity ieee80212 { + base iana-interface-type; + description + "100BaseVG."; + } + identity fibreChannel { + base iana-interface-type; + description + "Fibre Channel."; + } + identity hippiInterface { + base iana-interface-type; + description + "HIPPI interfaces."; + } + identity frameRelayInterconnect { + base iana-interface-type; + status obsolete; + description + "Obsolete; use either + frameRelay(32) or frameRelayService(44)."; + } + identity aflane8023 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.3."; + } + identity aflane8025 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.5."; + } + identity cctEmul { + base iana-interface-type; + description + "ATM Emulated circuit."; + } + identity fastEther { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity isdn { + base iana-interface-type; + description + "ISDN and X.25."; + reference + "RFC 1356 - Multiprotocol Interconnect on X.25 and ISDN + in the Packet Mode"; + } + identity v11 { + base iana-interface-type; + description + "CCITT V.11/X.21."; + } + identity v36 { + base iana-interface-type; + description + "CCITT V.36."; + } + identity g703at64k { + base iana-interface-type; + description + "CCITT G703 at 64Kbps."; + } + identity g703at2mb { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + } + identity qllc { + base iana-interface-type; + description + "SNA QLLC."; + } + identity fastEtherFX { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity channel { + base iana-interface-type; + description + "Channel."; + } + identity ieee80211 { + base iana-interface-type; + description + "Radio spread spectrum."; + } + identity ibm370parChan { + base iana-interface-type; + description + "IBM System 360/370 OEMI Channel."; + } + identity escon { + base iana-interface-type; + description + "IBM Enterprise Systems Connection."; + } + identity dlsw { + base iana-interface-type; + description + "Data Link Switching."; + } + identity isdns { + base iana-interface-type; + description + "ISDN S/T interface."; + } + identity isdnu { + base iana-interface-type; + description + "ISDN U interface."; + } + identity lapd { + base iana-interface-type; + description + "Link Access Protocol D."; + } + identity ipSwitch { + base iana-interface-type; + description + "IP Switching Objects."; + } + identity rsrb { + base iana-interface-type; + description + "Remote Source Route Bridging."; + } + identity atmLogical { + base iana-interface-type; + description + "ATM Logical Port."; + reference + "RFC 3606 - Definitions of Supplemental Managed Objects + for ATM Interface"; + } + identity ds0 { + base iana-interface-type; + description + "Digital Signal Level 0."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity ds0Bundle { + base iana-interface-type; + description + "Group of ds0s on the same ds1."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity bsc { + base iana-interface-type; + description + "Bisynchronous Protocol."; + } + identity async { + base iana-interface-type; + description + "Asynchronous Protocol."; + } + identity cnr { + base iana-interface-type; + description + "Combat Net Radio."; + } + identity iso88025Dtr { + base iana-interface-type; + description + "ISO 802.5r DTR."; + } + identity eplrs { + base iana-interface-type; + description + "Ext Pos Loc Report Sys."; + } + identity arap { + base iana-interface-type; + description + "Appletalk Remote Access Protocol."; + } + identity propCnls { + base iana-interface-type; + description + "Proprietary Connectionless Protocol."; + } + identity hostPad { + base iana-interface-type; + description + "CCITT-ITU X.29 PAD Protocol."; + } + identity termPad { + base iana-interface-type; + description + "CCITT-ITU X.3 PAD Facility."; + } + identity frameRelayMPI { + base iana-interface-type; + description + "Multiproto Interconnect over FR."; + } + identity x213 { + base iana-interface-type; + description + "CCITT-ITU X213."; + } + identity adsl { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop."; + } + identity radsl { + base iana-interface-type; + description + "Rate-Adapt. Digital Subscriber Loop."; + } + identity sdsl { + base iana-interface-type; + description + "Symmetric Digital Subscriber Loop."; + } + identity vdsl { + base iana-interface-type; + description + "Very H-Speed Digital Subscrib. Loop."; + } + identity iso88025CRFPInt { + base iana-interface-type; + description + "ISO 802.5 CRFP."; + } + identity myrinet { + base iana-interface-type; + description + "Myricom Myrinet."; + } + identity voiceEM { + base iana-interface-type; + description + "Voice recEive and transMit."; + } + identity voiceFXO { + base iana-interface-type; + description + "Voice Foreign Exchange Office."; + } + identity voiceFXS { + base iana-interface-type; + description + "Voice Foreign Exchange Station."; + } + identity voiceEncap { + base iana-interface-type; + description + "Voice encapsulation."; + } + identity voiceOverIp { + base iana-interface-type; + description + "Voice over IP encapsulation."; + } + identity atmDxi { + base iana-interface-type; + description + "ATM DXI."; + } + identity atmFuni { + base iana-interface-type; + description + "ATM FUNI."; + } + identity atmIma { + base iana-interface-type; + description + "ATM IMA."; + } + identity pppMultilinkBundle { + base iana-interface-type; + description + "PPP Multilink Bundle."; + } + identity ipOverCdlc { + base iana-interface-type; + description + "IBM ipOverCdlc."; + } + identity ipOverClaw { + base iana-interface-type; + description + "IBM Common Link Access to Workstn."; + } + identity stackToStack { + base iana-interface-type; + description + "IBM stackToStack."; + } + identity virtualIpAddress { + base iana-interface-type; + description + "IBM VIPA."; + } + identity mpc { + base iana-interface-type; + description + "IBM multi-protocol channel support."; + } + identity ipOverAtm { + base iana-interface-type; + description + "IBM ipOverAtm."; + reference + "RFC 2320 - Definitions of Managed Objects for Classical IP + and ARP Over ATM Using SMIv2 (IPOA-MIB)"; + } + identity iso88025Fiber { + base iana-interface-type; + description + "ISO 802.5j Fiber Token Ring."; + } + identity tdlc { + base iana-interface-type; + description + "IBM twinaxial data link control."; + } + identity gigabitEthernet { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity hdlc { + base iana-interface-type; + description + "HDLC."; + } + identity lapf { + base iana-interface-type; + description + "LAP F."; + } + identity v37 { + base iana-interface-type; + description + "V.37."; + } + identity x25mlp { + base iana-interface-type; + description + "Multi-Link Protocol."; + } + identity x25huntGroup { + base iana-interface-type; + description + "X25 Hunt Group."; + } + identity transpHdlc { + base iana-interface-type; + description + "Transp HDLC."; + } + identity interleave { + base iana-interface-type; + description + "Interleave channel."; + } + identity fast { + base iana-interface-type; + description + "Fast channel."; + } + identity ip { + base iana-interface-type; + description + "IP (for APPN HPR in IP networks)."; + } + identity docsCableMaclayer { + base iana-interface-type; + description + "CATV Mac Layer."; + } + identity docsCableDownstream { + base iana-interface-type; + description + "CATV Downstream interface."; + } + identity docsCableUpstream { + base iana-interface-type; + description + "CATV Upstream interface."; + } + identity a12MppSwitch { + base iana-interface-type; + description + "Avalon Parallel Processor."; + } + identity tunnel { + base iana-interface-type; + description + "Encapsulation interface."; + } + identity coffee { + base iana-interface-type; + description + "Coffee pot."; + reference + "RFC 2325 - Coffee MIB"; + } + identity ces { + base iana-interface-type; + description + "Circuit Emulation Service."; + } + identity atmSubInterface { + base iana-interface-type; + description + "ATM Sub Interface."; + } + identity l2vlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using 802.1Q."; + } + identity l3ipvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IP."; + } + identity l3ipxvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IPX."; + } + identity digitalPowerline { + base iana-interface-type; + description + "IP over Power Lines."; + } + identity mediaMailOverIp { + base iana-interface-type; + description + "Multimedia Mail over IP."; + } + identity dtm { + base iana-interface-type; + description + "Dynamic synchronous Transfer Mode."; + } + identity dcn { + base iana-interface-type; + description + "Data Communications Network."; + } + identity ipForward { + base iana-interface-type; + description + "IP Forwarding Interface."; + } + identity msdsl { + base iana-interface-type; + description + "Multi-rate Symmetric DSL."; + } + identity ieee1394 { + base iana-interface-type; + + description + "IEEE1394 High Performance Serial Bus."; + } + identity if-gsn { + base iana-interface-type; + description + "HIPPI-6400."; + } + identity dvbRccMacLayer { + base iana-interface-type; + description + "DVB-RCC MAC Layer."; + } + identity dvbRccDownstream { + base iana-interface-type; + description + "DVB-RCC Downstream Channel."; + } + identity dvbRccUpstream { + base iana-interface-type; + description + "DVB-RCC Upstream Channel."; + } + identity atmVirtual { + base iana-interface-type; + description + "ATM Virtual Interface."; + } + identity mplsTunnel { + base iana-interface-type; + description + "MPLS Tunnel Virtual Interface."; + } + identity srp { + base iana-interface-type; + description + "Spatial Reuse Protocol."; + } + identity voiceOverAtm { + base iana-interface-type; + description + "Voice over ATM."; + } + identity voiceOverFrameRelay { + base iana-interface-type; + description + "Voice Over Frame Relay."; + } + identity idsl { + base iana-interface-type; + description + "Digital Subscriber Loop over ISDN."; + } + identity compositeLink { + base iana-interface-type; + description + "Avici Composite Link Interface."; + } + identity ss7SigLink { + base iana-interface-type; + description + "SS7 Signaling Link."; + } + identity propWirelessP2P { + base iana-interface-type; + description + "Prop. P2P wireless interface."; + } + identity frForward { + base iana-interface-type; + description + "Frame Forward Interface."; + } + identity rfc1483 { + base iana-interface-type; + description + "Multiprotocol over ATM AAL5."; + reference + "RFC 1483 - Multiprotocol Encapsulation over ATM + Adaptation Layer 5"; + } + identity usb { + base iana-interface-type; + description + "USB Interface."; + } + identity ieee8023adLag { + base iana-interface-type; + description + "IEEE 802.3ad Link Aggregate."; + } + identity bgppolicyaccounting { + base iana-interface-type; + description + "BGP Policy Accounting."; + } + identity frf16MfrBundle { + base iana-interface-type; + description + "FRF.16 Multilink Frame Relay."; + } + identity h323Gatekeeper { + base iana-interface-type; + description + "H323 Gatekeeper."; + } + identity h323Proxy { + base iana-interface-type; + description + "H323 Voice and Video Proxy."; + } + identity mpls { + base iana-interface-type; + description + "MPLS."; + } + identity mfSigLink { + base iana-interface-type; + description + "Multi-frequency signaling link."; + } + identity hdsl2 { + base iana-interface-type; + description + "High Bit-Rate DSL - 2nd generation."; + } + identity shdsl { + base iana-interface-type; + description + "Multirate HDSL2."; + } + identity ds1FDL { + base iana-interface-type; + description + "Facility Data Link (4Kbps) on a DS1."; + } + identity pos { + base iana-interface-type; + description + "Packet over SONET/SDH Interface."; + } + identity dvbAsiIn { + base iana-interface-type; + description + "DVB-ASI Input."; + } + identity dvbAsiOut { + base iana-interface-type; + description + "DVB-ASI Output."; + } + identity plc { + base iana-interface-type; + description + "Power Line Communications."; + } + identity nfas { + base iana-interface-type; + description + "Non-Facility Associated Signaling."; + } + identity tr008 { + base iana-interface-type; + description + "TR008."; + } + identity gr303RDT { + base iana-interface-type; + description + "Remote Digital Terminal."; + } + identity gr303IDT { + base iana-interface-type; + description + "Integrated Digital Terminal."; + } + identity isup { + base iana-interface-type; + description + "ISUP."; + } + identity propDocsWirelessMaclayer { + base iana-interface-type; + description + "Cisco proprietary Maclayer."; + } + identity propDocsWirelessDownstream { + base iana-interface-type; + description + "Cisco proprietary Downstream."; + } + identity propDocsWirelessUpstream { + base iana-interface-type; + description + "Cisco proprietary Upstream."; + } + identity hiperlan2 { + base iana-interface-type; + description + "HIPERLAN Type 2 Radio Interface."; + } + identity propBWAp2Mp { + base iana-interface-type; + description + "PropBroadbandWirelessAccesspt2Multipt (use of this value + for IEEE 802.16 WMAN interfaces as per IEEE Std 802.16f + is deprecated, and ieee80216WMAN(237) should be used + instead)."; + } + identity sonetOverheadChannel { + base iana-interface-type; + description + "SONET Overhead Channel."; + } + identity digitalWrapperOverheadChannel { + base iana-interface-type; + description + "Digital Wrapper."; + } + identity aal2 { + base iana-interface-type; + description + "ATM adaptation layer 2."; + } + identity radioMAC { + base iana-interface-type; + description + "MAC layer over radio links."; + } + identity atmRadio { + base iana-interface-type; + description + "ATM over radio links."; + } + identity imt { + base iana-interface-type; + description + "Inter-Machine Trunks."; + } + identity mvl { + base iana-interface-type; + description + "Multiple Virtual Lines DSL."; + } + identity reachDSL { + base iana-interface-type; + description + "Long Reach DSL."; + } + identity frDlciEndPt { + base iana-interface-type; + description + "Frame Relay DLCI End Point."; + } + identity atmVciEndPt { + base iana-interface-type; + description + "ATM VCI End Point."; + } + identity opticalChannel { + base iana-interface-type; + description + "Optical Channel."; + } + identity opticalTransport { + base iana-interface-type; + description + "Optical Transport."; + } + identity propAtm { + base iana-interface-type; + description + "Proprietary ATM."; + } + identity voiceOverCable { + base iana-interface-type; + description + "Voice Over Cable Interface."; + } + identity infiniband { + base iana-interface-type; + description + "Infiniband."; + } + identity teLink { + base iana-interface-type; + description + "TE Link."; + } + identity q2931 { + base iana-interface-type; + description + "Q.2931."; + } + identity virtualTg { + base iana-interface-type; + description + "Virtual Trunk Group."; + } + identity sipTg { + base iana-interface-type; + description + "SIP Trunk Group."; + } + identity sipSig { + base iana-interface-type; + description + "SIP Signaling."; + } + identity docsCableUpstreamChannel { + base iana-interface-type; + description + "CATV Upstream Channel."; + } + identity econet { + base iana-interface-type; + description + "Acorn Econet."; + } + identity pon155 { + base iana-interface-type; + description + "FSAN 155Mb Symetrical PON interface."; + } + identity pon622 { + base iana-interface-type; + description + "FSAN 622Mb Symetrical PON interface."; + } + identity bridge { + base iana-interface-type; + description + "Transparent bridge interface."; + } + identity linegroup { + base iana-interface-type; + description + "Interface common to multiple lines."; + } + identity voiceEMFGD { + base iana-interface-type; + description + "Voice E&M Feature Group D."; + } + identity voiceFGDEANA { + base iana-interface-type; + description + "Voice FGD Exchange Access North American."; + } + identity voiceDID { + base iana-interface-type; + description + "Voice Direct Inward Dialing."; + } + identity mpegTransport { + base iana-interface-type; + description + "MPEG transport interface."; + } + identity sixToFour { + base iana-interface-type; + status deprecated; + description + "6to4 interface (DEPRECATED)."; + reference + "RFC 4087 - IP Tunnel MIB"; + } + identity gtp { + base iana-interface-type; + description + "GTP (GPRS Tunneling Protocol)."; + } + identity pdnEtherLoop1 { + base iana-interface-type; + description + "Paradyne EtherLoop 1."; + } + identity pdnEtherLoop2 { + base iana-interface-type; + description + "Paradyne EtherLoop 2."; + } + identity opticalChannelGroup { + base iana-interface-type; + description + "Optical Channel Group."; + } + identity homepna { + base iana-interface-type; + description + "HomePNA ITU-T G.989."; + } + identity gfp { + base iana-interface-type; + description + "Generic Framing Procedure (GFP)."; + } + identity ciscoISLvlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using Cisco ISL."; + } + identity actelisMetaLOOP { + base iana-interface-type; + description + "Acteleis proprietary MetaLOOP High Speed Link."; + } + identity fcipLink { + base iana-interface-type; + description + "FCIP Link."; + } + identity rpr { + base iana-interface-type; + description + "Resilient Packet Ring Interface Type."; + } + identity qam { + base iana-interface-type; + description + "RF Qam Interface."; + } + identity lmp { + base iana-interface-type; + description + "Link Management Protocol."; + reference + "RFC 4327 - Link Management Protocol (LMP) Management + Information Base (MIB)"; + } + identity cblVectaStar { + base iana-interface-type; + description + "Cambridge Broadband Networks Limited VectaStar."; + } + identity docsCableMCmtsDownstream { + base iana-interface-type; + description + "CATV Modular CMTS Downstream Interface."; + } + identity adsl2 { + base iana-interface-type; + status deprecated; + description + "Asymmetric Digital Subscriber Loop Version 2 + (DEPRECATED/OBSOLETED - please use adsl2plus(238) + instead)."; + reference + "RFC 4706 - Definitions of Managed Objects for Asymmetric + Digital Subscriber Line 2 (ADSL2)"; + } + identity macSecControlledIF { + base iana-interface-type; + description + "MACSecControlled."; + } + identity macSecUncontrolledIF { + base iana-interface-type; + description + "MACSecUncontrolled."; + } + identity aviciOpticalEther { + base iana-interface-type; + description + "Avici Optical Ethernet Aggregate."; + } + identity atmbond { + base iana-interface-type; + description + "atmbond."; + } + identity voiceFGDOS { + base iana-interface-type; + description + "Voice FGD Operator Services."; + } + identity mocaVersion1 { + base iana-interface-type; + description + "MultiMedia over Coax Alliance (MoCA) Interface + as documented in information provided privately to IANA."; + } + identity ieee80216WMAN { + base iana-interface-type; + description + "IEEE 802.16 WMAN interface."; + } + identity adsl2plus { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop Version 2 - + Version 2 Plus and all variants."; + } + identity dvbRcsMacLayer { + base iana-interface-type; + description + "DVB-RCS MAC Layer."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbTdm { + base iana-interface-type; + description + "DVB Satellite TDM."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbRcsTdma { + base iana-interface-type; + description + "DVB-RCS TDMA."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity x86Laps { + base iana-interface-type; + description + "LAPS based on ITU-T X.86/Y.1323."; + } + identity wwanPP { + base iana-interface-type; + description + "3GPP WWAN."; + } + identity wwanPP2 { + base iana-interface-type; + description + "3GPP2 WWAN."; + } + identity voiceEBS { + base iana-interface-type; + description + "Voice P-phone EBS physical interface."; + } + identity ifPwType { + base iana-interface-type; + description + "Pseudowire interface type."; + reference + "RFC 5601 - Pseudowire (PW) Management Information Base (MIB)"; + } + identity ilan { + base iana-interface-type; + description + "Internal LAN on a bridge per IEEE 802.1ap."; + } + identity pip { + base iana-interface-type; + description + "Provider Instance Port on a bridge per IEEE 802.1ah PBB."; + } + identity aluELP { + base iana-interface-type; + description + "Alcatel-Lucent Ethernet Link Protection."; + } + identity gpon { + base iana-interface-type; + description + "Gigabit-capable passive optical networks (G-PON) as per + ITU-T G.948."; + } + identity vdsl2 { + base iana-interface-type; + description + "Very high speed digital subscriber line Version 2 + (as per ITU-T Recommendation G.993.2)."; + reference + "RFC 5650 - Definitions of Managed Objects for Very High + Speed Digital Subscriber Line 2 (VDSL2)"; + } + identity capwapDot11Profile { + base iana-interface-type; + description + "WLAN Profile Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapDot11Bss { + base iana-interface-type; + description + "WLAN BSS Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapWtpVirtualRadio { + base iana-interface-type; + description + "WTP Virtual Radio Interface."; + reference + "RFC 5833 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Base MIB"; + } + identity bits { + base iana-interface-type; + description + "bitsport."; + } + identity docsCableUpstreamRfPort { + base iana-interface-type; + description + "DOCSIS CATV Upstream RF Port."; + } + identity cableDownstreamRfPort { + base iana-interface-type; + description + "CATV downstream RF Port."; + } + identity vmwareVirtualNic { + base iana-interface-type; + description + "VMware Virtual Network Interface."; + } + identity ieee802154 { + base iana-interface-type; + description + "IEEE 802.15.4 WPAN interface."; + reference + "IEEE 802.15.4-2006"; + } + identity otnOdu { + base iana-interface-type; + description + "OTN Optical Data Unit."; + } + identity otnOtu { + base iana-interface-type; + description + "OTN Optical channel Transport Unit."; + } + identity ifVfiType { + base iana-interface-type; + description + "VPLS Forwarding Instance Interface Type."; + } + identity g9981 { + base iana-interface-type; + description + "G.998.1 bonded interface."; + } + identity g9982 { + base iana-interface-type; + description + "G.998.2 bonded interface."; + } + identity g9983 { + base iana-interface-type; + description + "G.998.3 bonded interface."; + } + + identity aluEpon { + base iana-interface-type; + description + "Ethernet Passive Optical Networks (E-PON)."; + } + identity aluEponOnu { + base iana-interface-type; + description + "EPON Optical Network Unit."; + } + identity aluEponPhysicalUni { + base iana-interface-type; + description + "EPON physical User to Network interface."; + } + identity aluEponLogicalLink { + base iana-interface-type; + description + "The emulation of a point-to-point link over the EPON + layer."; + } + identity aluGponOnu { + base iana-interface-type; + description + "GPON Optical Network Unit."; + reference + "ITU-T G.984.2"; + } + identity aluGponPhysicalUni { + base iana-interface-type; + description + "GPON physical User to Network interface."; + reference + "ITU-T G.984.2"; + } + identity vmwareNicTeam { + base iana-interface-type; + description + "VMware NIC Team."; + } + identity docsOfdmDownstream { + base iana-interface-type; + description + "CATV Downstream OFDM interface."; + } + identity docsOfdmaUpstream { + base iana-interface-type; + description + "CATV Upstream OFDMA interface."; + } + identity gfast { + base iana-interface-type; + description + "G.fast port."; + reference + "ITU-T G.9701"; + } + identity sdci { + base iana-interface-type; + description + "SDCI (IO-Link)."; + reference + "IEC 61131-9 Edition 1.0 2013-09"; + } + identity xboxWireless { + base iana-interface-type; + description + "Xbox wireless."; + } + identity fastdsl { + base iana-interface-type; + description + "FastDSL."; + reference + "BBF TR-355"; + } + identity docsCableScte55d1FwdOob { + base iana-interface-type; + description + "Cable SCTE 55-1 OOB Forward Channel."; + } + identity docsCableScte55d1RetOob { + base iana-interface-type; + description + "Cable SCTE 55-1 OOB Return Channel."; + } + identity docsCableScte55d2DsOob { + base iana-interface-type; + description + "Cable SCTE 55-2 OOB Downstream Channel."; + } + identity docsCableScte55d2UsOob { + base iana-interface-type; + description + "Cable SCTE 55-2 OOB Upstream Channel."; + } + identity docsCableNdf { + base iana-interface-type; + description + "Cable Narrowband Digital Forward."; + } + identity docsCableNdr { + base iana-interface-type; + description + "Cable Narrowband Digital Return."; + } + identity ptm { + base iana-interface-type; + description + "Packet Transfer Mode."; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-interfaces.yang b/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-interfaces.yang new file mode 100644 index 0000000000000000000000000000000000000000..f66c205ce076e65b2ded1d388c944a91829a48b5 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-interfaces.yang @@ -0,0 +1,1123 @@ +module ietf-interfaces { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces"; + prefix if; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (Network Modeling) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + "; + + description + "This module contains a collection of YANG definitions for + managing network interfaces. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8343; see + the RFC itself for full legal notices."; + + revision 2018-02-20 { + description + "Updated to support NMDA."; + reference + "RFC 8343: A YANG Data Model for Interface Management"; + } + + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7223: A YANG Data Model for Interface Management"; + } + + /* + * Typedefs + */ + + typedef interface-ref { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + description + "This type is used by data models that need to reference + interfaces."; + } + + /* + * Identities + */ + + identity interface-type { + description + "Base identity from which specific interface types are + derived."; + } + + /* + * Features + */ + + feature arbitrary-names { + description + "This feature indicates that the device allows user-controlled + interfaces to be named arbitrarily."; + } + feature pre-provisioning { + description + "This feature indicates that the device supports + pre-provisioning of interface configuration, i.e., it is + possible to configure an interface whose physical interface + hardware is not present on the device."; + } + feature if-mib { + description + "This feature indicates that the device implements + the IF-MIB."; + reference + "RFC 2863: The Interfaces Group MIB"; + } + + /* + * Data nodes + */ + + container interfaces { + description + "Interface parameters."; + + list interface { + key "name"; + + description + "The list of interfaces on the device. + + The status of an interface is available in this list in the + operational state. If the configuration of a + system-controlled interface cannot be used by the system + (e.g., the interface hardware present does not match the + interface type), then the configuration is not applied to + the system-controlled interface shown in the operational + state. If the configuration of a user-controlled interface + cannot be used by the system, the configured interface is + not instantiated in the operational state. + + System-controlled interfaces created by the system are + always present in this list in the operational state, + whether or not they are configured."; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + operational state, the server MAY reject the request if + the implementation does not support pre-provisioning of + interfaces or if the name refers to an interface that can + never exist in the system. A Network Configuration + Protocol (NETCONF) server MUST reply with an rpc-error + with the error-tag 'invalid-value' in this case. + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + operational state. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + configuration."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the intended configuration to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + Changes in this leaf in the intended configuration are + reflected in ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf link-up-down-trap-enable { + if-feature if-mib; + type enumeration { + enum enabled { + value 1; + description + "The device will generate linkUp/linkDown SNMP + notifications for this interface."; + } + enum disabled { + value 2; + description + "The device will not generate linkUp/linkDown SNMP + notifications for this interface."; + } + } + description + "Controls whether linkUp/linkDown SNMP notifications + should be generated for this interface. + + If this node is not configured, the value 'enabled' is + operationally used by the server for interfaces that do + not operate on top of any other interface (i.e., there are + no 'lower-layer-if' entries), and 'disabled' otherwise."; + reference + "RFC 2863: The Interfaces Group MIB - + ifLinkUpDownTrapEnable"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + config false; + mandatory true; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + config false; + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + config false; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + config false; + mandatory true; + description + "The ifIndex value for the ifEntry represented by this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + config false; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-ref; + config false; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-ref; + config false; + + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + config false; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + config false; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + + } + } + + /* + * Legacy typedefs + */ + + typedef interface-state-ref { + type leafref { + path "/if:interfaces-state/if:interface/if:name"; + } + status deprecated; + description + "This type is used by data models that need to reference + the operationally present interfaces."; + } + + /* + * Legacy operational state data nodes + */ + + container interfaces-state { + config false; + status deprecated; + description + "Data nodes for the operational state of interfaces."; + + list interface { + key "name"; + status deprecated; + + description + "The list of interfaces on the device. + + System-controlled interfaces created by the system are + always present in this list, whether or not they are + configured."; + + leaf name { + type string; + status deprecated; + description + "The name of the interface. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + status deprecated; + description + "The type of the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + mandatory true; + status deprecated; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + mandatory true; + status deprecated; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + status deprecated; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + mandatory true; + status deprecated; + description + "The ifIndex value for the ifEntry represented by this + interface."; + + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + status deprecated; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + status deprecated; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + status deprecated; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + status deprecated; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + status deprecated; + + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + status deprecated; + + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + status deprecated; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + } + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-yang-types.yang b/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-yang-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..ee58fa3ab0042120d5607b8713d21fa0ba845895 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/ietf/ietf-yang-types.yang @@ -0,0 +1,474 @@ +module ietf-yang-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types"; + prefix "yang"; + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: + WG List: + + WG Chair: David Kessens + + + WG Chair: Juergen Schoenwaelder + + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types. + + Copyright (c) 2013 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6991; see + the RFC itself for full legal notices."; + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - yang-identifier + - hex-string + - uuid + - dotted-quad"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of counter and gauge types ***/ + + typedef counter32 { + type uint32; + description + "The counter32 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter32 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter32 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter32. + + In the value set and its semantics, this type is equivalent + to the Counter32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter32 { + type yang:counter32; + default "0"; + description + "The zero-based-counter32 type represents a counter32 + that has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter32 textual convention of the SMIv2."; + reference + "RFC 4502: Remote Network Monitoring Management Information + Base Version 2"; + } + + typedef counter64 { + type uint64; + description + "The counter64 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter64 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter64 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter64. + + In the value set and its semantics, this type is equivalent + to the Counter64 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter64 { + type yang:counter64; + default "0"; + description + "The zero-based-counter64 type represents a counter64 that + has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter64 textual convention of the SMIv2."; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + typedef gauge32 { + type uint32; + description + "The gauge32 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^32-1 (4294967295 decimal), and + the minimum value cannot be smaller than 0. The value of + a gauge32 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge32 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the Gauge32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef gauge64 { + type uint64; + description + "The gauge64 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^64-1 (18446744073709551615), and + the minimum value cannot be smaller than 0. The value of + a gauge64 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge64 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the CounterBasedGauge64 SMIv2 textual convention defined + in RFC 2856"; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + /*** collection of identifier-related types ***/ + + typedef object-identifier { + type string { + pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))' + + '(\.(0|([1-9]\d*)))*'; + } + description + "The object-identifier type represents administratively + assigned names in a registration-hierarchical-name tree. + + Values of this type are denoted as a sequence of numerical + non-negative sub-identifier values. Each sub-identifier + value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers + are separated by single dots and without any intermediate + whitespace. + + The ASN.1 standard restricts the value space of the first + sub-identifier to 0, 1, or 2. Furthermore, the value space + of the second sub-identifier is restricted to the range + 0 to 39 if the first sub-identifier is 0 or 1. Finally, + the ASN.1 standard requires that an object identifier + has always at least two sub-identifiers. The pattern + captures these restrictions. + + Although the number of sub-identifiers is not limited, + module designers should realize that there may be + implementations that stick with the SMIv2 limit of 128 + sub-identifiers. + + This type is a superset of the SMIv2 OBJECT IDENTIFIER type + since it is not restricted to 128 sub-identifiers. Hence, + this type SHOULD NOT be used to represent the SMIv2 OBJECT + IDENTIFIER type; the object-identifier-128 type SHOULD be + used instead."; + reference + "ISO9834-1: Information technology -- Open Systems + Interconnection -- Procedures for the operation of OSI + Registration Authorities: General procedures and top + arcs of the ASN.1 Object Identifier tree"; + } + + typedef object-identifier-128 { + type object-identifier { + pattern '\d*(\.\d*){1,127}'; + } + description + "This type represents object-identifiers restricted to 128 + sub-identifiers. + + In the value set and its semantics, this type is equivalent + to the OBJECT IDENTIFIER type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef yang-identifier { + type string { + length "1..max"; + pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*'; + pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*'; + } + description + "A YANG identifier string as defined by the 'identifier' + rule in Section 12 of RFC 6020. An identifier must + start with an alphabetic character or an underscore + followed by an arbitrary sequence of alphabetic or + numeric characters, underscores, hyphens, or dots. + + A YANG identifier MUST NOT start with any possible + combination of the lowercase or uppercase character + sequence 'xml'."; + reference + "RFC 6020: YANG - A Data Modeling Language for the Network + Configuration Protocol (NETCONF)"; + } + + /*** collection of types related to date and time***/ + + typedef date-and-time { + type string { + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date-and-time type is a profile of the ISO 8601 + standard for representation of dates and times using the + Gregorian calendar. The profile is defined by the + date-time production in Section 5.6 of RFC 3339. + + The date-and-time type is compatible with the dateTime XML + schema type with the following notable exceptions: + + (a) The date-and-time type does not allow negative years. + + (b) The date-and-time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in dateTime. + + (c) The canonical format (see below) of data-and-time values + differs from the canonical format used by the dateTime XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + This type is not equivalent to the DateAndTime textual + convention of the SMIv2 since RFC 3339 uses a different + separator between full-date and full-time and provides + higher resolution of time-secfrac. + + The canonical format for date-and-time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date-and-time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date-and-time values with an unknown time zone (usually + referring to the notion of local time) uses the time-offset + -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + RFC 2579: Textual Conventions for SMIv2 + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef timeticks { + type uint32; + description + "The timeticks type represents a non-negative integer that + represents the time, modulo 2^32 (4294967296 decimal), in + hundredths of a second between two epochs. When a schema + node is defined that uses this type, the description of + the schema node identifies both of the reference epochs. + + In the value set and its semantics, this type is equivalent + to the TimeTicks type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef timestamp { + type yang:timeticks; + description + "The timestamp type represents the value of an associated + timeticks schema node at which a specific occurrence + happened. The specific occurrence must be defined in the + description of any schema node defined using this type. When + the specific occurrence occurred prior to the last time the + associated timeticks attribute was zero, then the timestamp + value is zero. Note that this requires all timestamp values + to be reset to zero when the value of the associated timeticks + attribute reaches 497+ days and wraps around to zero. + + The associated timeticks schema node must be specified + in the description of any schema node using this type. + + In the value set and its semantics, this type is equivalent + to the TimeStamp textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of generic address types ***/ + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + + description + "Represents media- or physical-level addresses represented + as a sequence octets, each octet represented by two hexadecimal + numbers. Octets are separated by colons. The canonical + representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the PhysAddress textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + } + description + "The mac-address type represents an IEEE 802 MAC address. + The canonical representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the MacAddress textual convention of the SMIv2."; + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture + RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of XML-specific types ***/ + + typedef xpath1.0 { + type string; + description + "This type represents an XPATH 1.0 expression. + + When a schema node is defined that uses this type, the + description of the schema node MUST specify the XPath + context in which the XPath expression is evaluated."; + reference + "XPATH: XML Path Language (XPath) Version 1.0"; + } + + /*** collection of string types ***/ + + typedef hex-string { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "A hexadecimal string with octets represented as hex digits + separated by colons. The canonical representation uses + lowercase characters."; + } + + typedef uuid { + type string { + pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' + + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'; + } + description + "A Universally Unique IDentifier in the string representation + defined in RFC 4122. The canonical representation uses + lowercase characters. + + The following is an example of a UUID in string representation: + f81d4fae-7dec-11d0-a765-00a0c91e6bf6 + "; + reference + "RFC 4122: A Universally Unique IDentifier (UUID) URN + Namespace"; + } + + typedef dotted-quad { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'; + } + description + "An unsigned 32-bit number expressed in the dotted-quad + notation, i.e., four octets written as decimal numbers + and separated with the '.' (full stop) character."; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig-acl.tree b/src/tests/tools/firewall_agent/docs/yang/openconfig-acl.tree new file mode 100644 index 0000000000000000000000000000000000000000..74ce02934ae9a8443d13780849ea04b9774f2313 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig-acl.tree @@ -0,0 +1,337 @@ +module: openconfig-acl + +--rw acl + +--rw config + +--ro state + | +--ro counter-capability? identityref + +--rw acl-sets + | +--rw acl-set* [name type] + | +--rw name -> ../config/name + | +--rw type -> ../config/type + | +--rw config + | | +--rw name? string + | | +--rw type? identityref + | | +--rw description? string + | +--ro state + | | +--ro name? string + | | +--ro type? identityref + | | +--ro description? string + | +--rw acl-entries + | +--rw acl-entry* [sequence-id] + | +--rw sequence-id -> ../config/sequence-id + | +--rw config + | | +--rw sequence-id? uint32 + | | +--rw description? string + | +--ro state + | | +--ro sequence-id? uint32 + | | +--ro description? string + | | +--ro matched-packets? oc-yang:counter64 + | | +--ro matched-octets? oc-yang:counter64 + | +--rw l2 + | | +--rw config + | | | +--rw source-mac? oc-yang:mac-address + | | | +--rw source-mac-mask? oc-yang:mac-address + | | | +--rw destination-mac? oc-yang:mac-address + | | | +--rw destination-mac-mask? oc-yang:mac-address + | | | +--rw ethertype? oc-pkt-match-types:ethertype-type + | | +--ro state + | | +--ro source-mac? oc-yang:mac-address + | | +--ro source-mac-mask? oc-yang:mac-address + | | +--ro destination-mac? oc-yang:mac-address + | | +--ro destination-mac-mask? oc-yang:mac-address + | | +--ro ethertype? oc-pkt-match-types:ethertype-type + | +--rw ipv4 + | | +--rw config + | | | +--rw source-address? oc-inet:ipv4-prefix + | | | +--rw source-address-prefix-set? -> /oc-sets:defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name + | | | +--rw destination-address? oc-inet:ipv4-prefix + | | | +--rw destination-address-prefix-set? -> /oc-sets:defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name + | | | +--rw dscp? oc-inet:dscp + | | | +--rw dscp-set* oc-inet:dscp + | | | +--rw length? uint16 + | | | +--rw protocol? oc-pkt-match-types:ip-protocol-type + | | | +--rw hop-limit? uint8 + | | +--ro state + | | | +--ro source-address? oc-inet:ipv4-prefix + | | | +--ro source-address-prefix-set? -> /oc-sets:defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name + | | | +--ro destination-address? oc-inet:ipv4-prefix + | | | +--ro destination-address-prefix-set? -> /oc-sets:defined-sets/ipv4-prefix-sets/ipv4-prefix-set/name + | | | +--ro dscp? oc-inet:dscp + | | | +--ro dscp-set* oc-inet:dscp + | | | +--ro length? uint16 + | | | +--ro protocol? oc-pkt-match-types:ip-protocol-type + | | | +--ro hop-limit? uint8 + | | +--rw icmpv4 + | | +--rw config + | | | +--rw type? identityref + | | | +--rw code? identityref + | | +--ro state + | | +--ro type? identityref + | | +--ro code? identityref + | +--rw mpls + | | +--rw config + | | | +--rw traffic-class? oc-mpls:mpls-tc + | | | +--rw start-label-value? oc-mpls:mpls-label + | | | +--rw end-label-value? oc-mpls:mpls-label + | | | +--rw ttl-value? uint8 + | | +--ro state + | | +--ro traffic-class? oc-mpls:mpls-tc + | | +--ro start-label-value? oc-mpls:mpls-label + | | +--ro end-label-value? oc-mpls:mpls-label + | | +--ro ttl-value? uint8 + | +--rw ipv6 + | | +--rw config + | | | +--rw source-address? oc-inet:ipv6-prefix + | | | +--rw source-address-prefix-set? -> /oc-sets:defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name + | | | +--rw source-flow-label? oc-inet:ipv6-flow-label + | | | +--rw destination-address? oc-inet:ipv6-prefix + | | | +--rw destination-address-prefix-set? -> /oc-sets:defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name + | | | +--rw destination-flow-label? oc-inet:ipv6-flow-label + | | | +--rw dscp? oc-inet:dscp + | | | +--rw dscp-set* oc-inet:dscp + | | | +--rw length? uint16 + | | | +--rw protocol? oc-pkt-match-types:ip-protocol-type + | | | +--rw hop-limit? uint8 + | | +--ro state + | | | +--ro source-address? oc-inet:ipv6-prefix + | | | +--ro source-address-prefix-set? -> /oc-sets:defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name + | | | +--ro source-flow-label? oc-inet:ipv6-flow-label + | | | +--ro destination-address? oc-inet:ipv6-prefix + | | | +--ro destination-address-prefix-set? -> /oc-sets:defined-sets/ipv6-prefix-sets/ipv6-prefix-set/name + | | | +--ro destination-flow-label? oc-inet:ipv6-flow-label + | | | +--ro dscp? oc-inet:dscp + | | | +--ro dscp-set* oc-inet:dscp + | | | +--ro length? uint16 + | | | +--ro protocol? oc-pkt-match-types:ip-protocol-type + | | | +--ro hop-limit? uint8 + | | +--rw icmpv6 + | | +--rw config + | | | +--rw type? identityref + | | | +--rw code? identityref + | | +--ro state + | | +--ro type? identityref + | | +--ro code? identityref + | +--rw transport + | | +--rw config + | | | +--rw source-port? oc-pkt-match-types:port-num-range + | | | +--rw source-port-set? -> /oc-sets:defined-sets/port-sets/port-set/name + | | | +--rw destination-port? oc-pkt-match-types:port-num-range + | | | +--rw destination-port-set? -> /oc-sets:defined-sets/port-sets/port-set/name + | | | +--rw detail-mode? enumeration + | | | +--rw explicit-detail-match-mode? enumeration + | | | +--rw explicit-tcp-flags* identityref + | | | +--rw builtin-detail? enumeration + | | +--ro state + | | +--ro source-port? oc-pkt-match-types:port-num-range + | | +--ro source-port-set? -> /oc-sets:defined-sets/port-sets/port-set/name + | | +--ro destination-port? oc-pkt-match-types:port-num-range + | | +--ro destination-port-set? -> /oc-sets:defined-sets/port-sets/port-set/name + | | +--ro detail-mode? enumeration + | | +--ro explicit-detail-match-mode? enumeration + | | +--ro explicit-tcp-flags* identityref + | | +--ro builtin-detail? enumeration + | +--rw input-interface + | | +--rw config + | | +--ro state + | | +--rw interface-ref + | | +--rw config + | | | +--rw interface? -> /oc-if:interfaces/interface/name + | | | +--rw subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | | +--ro state + | | +--ro interface? -> /oc-if:interfaces/interface/name + | | +--ro subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | +--rw actions + | +--rw config + | | +--rw forwarding-action identityref + | | +--rw log-action? identityref + | +--ro state + | +--ro forwarding-action identityref + | +--ro log-action? identityref + +--rw interfaces + +--rw interface* [id] + +--rw id -> ../config/id + +--rw config + | +--rw id? oc-if:interface-id + +--ro state + | +--ro id? oc-if:interface-id + +--rw interface-ref + | +--rw config + | | +--rw interface? -> /oc-if:interfaces/interface/name + | | +--rw subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | +--ro state + | +--ro interface? -> /oc-if:interfaces/interface/name + | +--ro subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + +--rw ingress-acl-sets + | +--rw ingress-acl-set* [set-name type] + | +--rw set-name -> ../config/set-name + | +--rw type -> ../config/type + | +--rw config + | | +--rw set-name? -> ../../../../../../acl-sets/acl-set/config/name + | | +--rw type? -> ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type + | +--ro state + | | +--ro set-name? -> ../../../../../../acl-sets/acl-set/config/name + | | +--ro type? -> ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type + | +--ro acl-entries + | +--ro acl-entry* [sequence-id] + | +--ro sequence-id -> ../state/sequence-id + | +--ro state + | +--ro sequence-id? -> /acl/acl-sets/acl-set[oc-acl:name=current()/../../../../set-name][oc-acl:type=current()/../../../../type]/oc-acl:acl-entries/acl-entry/sequence-id + | +--ro matched-packets? oc-yang:counter64 + | +--ro matched-octets? oc-yang:counter64 + +--rw egress-acl-sets + +--rw egress-acl-set* [set-name type] + +--rw set-name -> ../config/set-name + +--rw type -> ../config/type + +--rw config + | +--rw set-name? -> ../../../../../../acl-sets/acl-set/config/name + | +--rw type? -> ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type + +--ro state + | +--ro set-name? -> ../../../../../../acl-sets/acl-set/config/name + | +--ro type? -> ../../../../../../acl-sets/acl-set[name=current()/../set-name]/config/type + +--ro acl-entries + +--ro acl-entry* [sequence-id] + +--ro sequence-id -> ../state/sequence-id + +--ro state + +--ro sequence-id? -> /acl/acl-sets/acl-set[oc-acl:name=current()/../../../../set-name][oc-acl:type=current()/../../../../type]/oc-acl:acl-entries/acl-entry/sequence-id + +--ro matched-packets? oc-yang:counter64 + +--ro matched-octets? oc-yang:counter64 + +module: openconfig-defined-sets + +--rw defined-sets + +--rw ipv4-prefix-sets + | +--rw ipv4-prefix-set* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? string + | | +--rw description? string + | | +--rw prefix* oc-inet:ipv4-prefix + | +--ro state + | +--ro name? string + | +--ro description? string + | +--ro prefix* oc-inet:ipv4-prefix + +--rw ipv6-prefix-sets + | +--rw ipv6-prefix-set* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? string + | | +--rw description? string + | | +--rw prefix* oc-inet:ipv6-prefix + | +--ro state + | +--ro name? string + | +--ro description? string + | +--ro prefix* oc-inet:ipv6-prefix + +--rw port-sets + +--rw port-set* [name] + +--rw name -> ../config/name + +--rw config + | +--rw name? string + | +--rw description? string + | +--rw port* oc-pkt-match-types:port-num-range + +--ro state + +--ro name? string + +--ro description? string + +--ro port* oc-pkt-match-types:port-num-range + +module: openconfig-interfaces + +--rw interfaces + +--rw interface* [name] + +--rw name -> ../config/name + +--rw config + | +--rw name? string + | +--rw type identityref + | +--rw mtu? uint16 + | +--rw loopback-mode? oc-opt-types:loopback-mode-type + | +--rw description? string + | +--rw enabled? boolean + +--ro state + | +--ro name? string + | +--ro type identityref + | +--ro mtu? uint16 + | +--ro loopback-mode? oc-opt-types:loopback-mode-type + | +--ro description? string + | +--ro enabled? boolean + | +--ro ifindex? uint32 + | +--ro admin-status enumeration + | +--ro oper-status enumeration + | +--ro last-change? oc-types:timeticks64 + | +--ro logical? boolean + | +--ro management? boolean + | +--ro cpu? boolean + | +--ro counters + | +--ro in-octets? oc-yang:counter64 + | +--ro in-pkts? oc-yang:counter64 + | +--ro in-unicast-pkts? oc-yang:counter64 + | +--ro in-broadcast-pkts? oc-yang:counter64 + | +--ro in-multicast-pkts? oc-yang:counter64 + | +--ro in-errors? oc-yang:counter64 + | +--ro in-discards? oc-yang:counter64 + | +--ro out-octets? oc-yang:counter64 + | +--ro out-pkts? oc-yang:counter64 + | +--ro out-unicast-pkts? oc-yang:counter64 + | +--ro out-broadcast-pkts? oc-yang:counter64 + | +--ro out-multicast-pkts? oc-yang:counter64 + | +--ro out-discards? oc-yang:counter64 + | +--ro out-errors? oc-yang:counter64 + | +--ro last-clear? oc-types:timeticks64 + | +--ro in-unknown-protos? oc-yang:counter64 + | +--ro in-fcs-errors? oc-yang:counter64 + | +--ro carrier-transitions? oc-yang:counter64 + | +--ro resets? oc-yang:counter64 + +--rw hold-time + | +--rw config + | | +--rw up? uint32 + | | +--rw down? uint32 + | +--ro state + | +--ro up? uint32 + | +--ro down? uint32 + +--rw penalty-based-aied + | +--rw config + | | +--rw max-suppress-time? uint32 + | | +--rw decay-half-life? uint32 + | | +--rw suppress-threshold? uint32 + | | +--rw reuse-threshold? uint32 + | | +--rw flap-penalty? uint32 + | +--ro state + | +--ro max-suppress-time? uint32 + | +--ro decay-half-life? uint32 + | +--ro suppress-threshold? uint32 + | +--ro reuse-threshold? uint32 + | +--ro flap-penalty? uint32 + +--rw subinterfaces + +--rw subinterface* [index] + +--rw index -> ../config/index + +--rw config + | +--rw index? uint32 + | +--rw description? string + | +--rw enabled? boolean + +--ro state + +--ro index? uint32 + +--ro description? string + +--ro enabled? boolean + +--ro name? string + +--ro ifindex? uint32 + +--ro admin-status enumeration + +--ro oper-status enumeration + +--ro last-change? oc-types:timeticks64 + +--ro logical? boolean + +--ro management? boolean + +--ro cpu? boolean + +--ro counters + +--ro in-octets? oc-yang:counter64 + +--ro in-pkts? oc-yang:counter64 + +--ro in-unicast-pkts? oc-yang:counter64 + +--ro in-broadcast-pkts? oc-yang:counter64 + +--ro in-multicast-pkts? oc-yang:counter64 + +--ro in-errors? oc-yang:counter64 + +--ro in-discards? oc-yang:counter64 + +--ro out-octets? oc-yang:counter64 + +--ro out-pkts? oc-yang:counter64 + +--ro out-unicast-pkts? oc-yang:counter64 + +--ro out-broadcast-pkts? oc-yang:counter64 + +--ro out-multicast-pkts? oc-yang:counter64 + +--ro out-discards? oc-yang:counter64 + +--ro out-errors? oc-yang:counter64 + +--ro last-clear? oc-types:timeticks64 + x--ro in-unknown-protos? oc-yang:counter64 + x--ro in-fcs-errors? oc-yang:counter64 + x--ro carrier-transitions? oc-yang:counter64 + diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig-components.tree b/src/tests/tools/firewall_agent/docs/yang/openconfig-components.tree new file mode 100644 index 0000000000000000000000000000000000000000..885a0947ebdf00744e603cff61451c18b76315b6 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig-components.tree @@ -0,0 +1,188 @@ +module: openconfig-platform + +--rw components + +--rw component* [name] + +--rw name -> ../config/name + +--rw config + | +--rw name? string + +--ro state + | +--ro name? string + | +--ro type? union + | +--ro id? string + | +--ro location? string + | +--ro description? string + | +--ro mfg-name? string + | +--ro mfg-date? oc-yang:date + | +--ro hardware-version? string + | +--ro firmware-version? string + | +--ro software-version? string + | +--ro serial-no? string + | +--ro part-no? string + | +--ro model-name? string + | +--ro clei-code? string + | +--ro removable? boolean + | +--ro oper-status? identityref + | +--ro empty? boolean + | +--ro parent? -> ../../../component/config/name + | +--ro redundant-role? oc-platform-types:component-redundant-role + | +--ro last-switchover-reason + | | +--ro trigger? component-redundant-role-switchover-reason-trigger + | | +--ro details? string + | +--ro last-switchover-time? oc-types:timeticks64 + | +--ro last-reboot-reason? identityref + | +--ro last-reboot-time? oc-types:timeticks64 + | +--ro switchover-ready? boolean + | +--ro base-mac-address? oc-yang:mac-address + | +--ro temperature + | | +--ro instant? decimal64 + | | +--ro avg? decimal64 + | | +--ro min? decimal64 + | | +--ro max? decimal64 + | | +--ro interval? oc-types:stat-interval + | | +--ro min-time? oc-types:timeticks64 + | | +--ro max-time? oc-types:timeticks64 + | | +--ro alarm-status? boolean + | | +--ro alarm-threshold? uint32 + | | +--ro alarm-severity? identityref + | +--ro memory + | | +--ro available? uint64 + | | +--ro utilized? uint64 + | +--ro allocated-power? uint32 + | +--ro used-power? uint32 + | +--ro pcie + | +--ro fatal-errors + | | +--ro total-errors? oc-yang:counter64 + | | +--ro undefined-errors? oc-yang:counter64 + | | +--ro data-link-errors? oc-yang:counter64 + | | +--ro surprise-down-errors? oc-yang:counter64 + | | +--ro poisoned-tlp-errors? oc-yang:counter64 + | | +--ro flow-control-protocol-errors? oc-yang:counter64 + | | +--ro completion-timeout-errors? oc-yang:counter64 + | | +--ro completion-abort-errors? oc-yang:counter64 + | | +--ro unexpected-completion-errors? oc-yang:counter64 + | | +--ro receiver-overflow-errors? oc-yang:counter64 + | | +--ro malformed-tlp-errors? oc-yang:counter64 + | | +--ro ecrc-errors? oc-yang:counter64 + | | +--ro unsupported-request-errors? oc-yang:counter64 + | | +--ro acs-violation-errors? oc-yang:counter64 + | | +--ro internal-errors? oc-yang:counter64 + | | +--ro blocked-tlp-errors? oc-yang:counter64 + | | +--ro atomic-op-blocked-errors? oc-yang:counter64 + | | +--ro tlp-prefix-blocked-errors? oc-yang:counter64 + | +--ro non-fatal-errors + | | +--ro total-errors? oc-yang:counter64 + | | +--ro undefined-errors? oc-yang:counter64 + | | +--ro data-link-errors? oc-yang:counter64 + | | +--ro surprise-down-errors? oc-yang:counter64 + | | +--ro poisoned-tlp-errors? oc-yang:counter64 + | | +--ro flow-control-protocol-errors? oc-yang:counter64 + | | +--ro completion-timeout-errors? oc-yang:counter64 + | | +--ro completion-abort-errors? oc-yang:counter64 + | | +--ro unexpected-completion-errors? oc-yang:counter64 + | | +--ro receiver-overflow-errors? oc-yang:counter64 + | | +--ro malformed-tlp-errors? oc-yang:counter64 + | | +--ro ecrc-errors? oc-yang:counter64 + | | +--ro unsupported-request-errors? oc-yang:counter64 + | | +--ro acs-violation-errors? oc-yang:counter64 + | | +--ro internal-errors? oc-yang:counter64 + | | +--ro blocked-tlp-errors? oc-yang:counter64 + | | +--ro atomic-op-blocked-errors? oc-yang:counter64 + | | +--ro tlp-prefix-blocked-errors? oc-yang:counter64 + | +--ro correctable-errors + | +--ro total-errors? oc-yang:counter64 + | +--ro receiver-errors? oc-yang:counter64 + | +--ro bad-tlp-errors? oc-yang:counter64 + | +--ro bad-dllp-errors? oc-yang:counter64 + | +--ro relay-rollover-errors? oc-yang:counter64 + | +--ro replay-timeout-errors? oc-yang:counter64 + | +--ro advisory-non-fatal-errors? oc-yang:counter64 + | +--ro internal-errors? oc-yang:counter64 + | +--ro hdr-log-overflow-errors? oc-yang:counter64 + +--rw properties + | +--rw property* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? string + | | +--rw value? union + | +--ro state + | +--ro name? string + | +--ro value? union + | +--ro configurable? boolean + +--rw subcomponents + | +--rw subcomponent* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? -> ../../../../../component/config/name + | +--ro state + | +--ro name? -> ../../../../../component/config/name + +--rw chassis + | +--rw config + | +--ro state + | +--rw utilization + | +--rw resources + | +--rw resource* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? string + | | +--rw used-threshold-upper? oc-types:percentage + | | +--rw used-threshold-upper-clear? oc-types:percentage + | +--ro state + | +--ro name? string + | +--ro used-threshold-upper? oc-types:percentage + | +--ro used-threshold-upper-clear? oc-types:percentage + | +--ro used? uint64 + | +--ro committed? uint64 + | +--ro free? uint64 + | +--ro max-limit? uint64 + | +--ro high-watermark? uint64 + | +--ro last-high-watermark? oc-types:timeticks64 + | +--ro used-threshold-upper-exceeded? boolean + +--rw port + | +--rw config + | +--ro state + +--rw power-supply + | +--rw config + | +--ro state + +--rw fan + | +--rw config + | +--ro state + +--rw fabric + | +--rw config + | +--ro state + +--rw storage + | +--rw config + | +--ro state + +--rw cpu + | +--rw config + | +--ro state + +--rw integrated-circuit + | +--rw config + | +--ro state + | +--rw utilization + | +--rw resources + | +--rw resource* [name] + | +--rw name -> ../config/name + | +--rw config + | | +--rw name? string + | | +--rw used-threshold-upper? oc-types:percentage + | | +--rw used-threshold-upper-clear? oc-types:percentage + | +--ro state + | +--ro name? string + | +--ro used-threshold-upper? oc-types:percentage + | +--ro used-threshold-upper-clear? oc-types:percentage + | +--ro used? uint64 + | +--ro committed? uint64 + | +--ro free? uint64 + | +--ro max-limit? uint64 + | +--ro high-watermark? uint64 + | +--ro last-high-watermark? oc-types:timeticks64 + | +--ro used-threshold-upper-exceeded? boolean + +--rw backplane + | +--rw config + | +--ro state + +--rw software-module + | +--rw config + | +--ro state + +--rw controller-card + +--rw config + +--ro state + diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig-interfaces.tree b/src/tests/tools/firewall_agent/docs/yang/openconfig-interfaces.tree new file mode 100644 index 0000000000000000000000000000000000000000..0d780d63c23a47b09c0f83104ced748edbb81a72 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig-interfaces.tree @@ -0,0 +1,716 @@ +module: openconfig-interfaces + +--rw interfaces + +--rw interface* [name] + +--rw name -> ../config/name + +--rw config + | +--rw name? string + | +--rw type identityref + | +--rw mtu? uint16 + | +--rw loopback-mode? oc-opt-types:loopback-mode-type + | +--rw description? string + | +--rw enabled? boolean + | +--rw oc-vlan:tpid? identityref + +--ro state + | +--ro name? string + | +--ro type identityref + | +--ro mtu? uint16 + | +--ro loopback-mode? oc-opt-types:loopback-mode-type + | +--ro description? string + | +--ro enabled? boolean + | +--ro ifindex? uint32 + | +--ro admin-status enumeration + | +--ro oper-status enumeration + | +--ro last-change? oc-types:timeticks64 + | +--ro logical? boolean + | +--ro management? boolean + | +--ro cpu? boolean + | +--ro counters + | | +--ro in-octets? oc-yang:counter64 + | | +--ro in-pkts? oc-yang:counter64 + | | +--ro in-unicast-pkts? oc-yang:counter64 + | | +--ro in-broadcast-pkts? oc-yang:counter64 + | | +--ro in-multicast-pkts? oc-yang:counter64 + | | +--ro in-errors? oc-yang:counter64 + | | +--ro in-discards? oc-yang:counter64 + | | +--ro out-octets? oc-yang:counter64 + | | +--ro out-pkts? oc-yang:counter64 + | | +--ro out-unicast-pkts? oc-yang:counter64 + | | +--ro out-broadcast-pkts? oc-yang:counter64 + | | +--ro out-multicast-pkts? oc-yang:counter64 + | | +--ro out-discards? oc-yang:counter64 + | | +--ro out-errors? oc-yang:counter64 + | | +--ro last-clear? oc-types:timeticks64 + | | +--ro in-unknown-protos? oc-yang:counter64 + | | +--ro in-fcs-errors? oc-yang:counter64 + | | +--ro carrier-transitions? oc-yang:counter64 + | | +--ro resets? oc-yang:counter64 + | +--ro oc-vlan:tpid? identityref + +--rw hold-time + | +--rw config + | | +--rw up? uint32 + | | +--rw down? uint32 + | +--ro state + | +--ro up? uint32 + | +--ro down? uint32 + +--rw penalty-based-aied + | +--rw config + | | +--rw max-suppress-time? uint32 + | | +--rw decay-half-life? uint32 + | | +--rw suppress-threshold? uint32 + | | +--rw reuse-threshold? uint32 + | | +--rw flap-penalty? uint32 + | +--ro state + | +--ro max-suppress-time? uint32 + | +--ro decay-half-life? uint32 + | +--ro suppress-threshold? uint32 + | +--ro reuse-threshold? uint32 + | +--ro flap-penalty? uint32 + +--rw subinterfaces + | +--rw subinterface* [index] + | +--rw index -> ../config/index + | +--rw config + | | +--rw index? uint32 + | | +--rw description? string + | | +--rw enabled? boolean + | +--ro state + | | +--ro index? uint32 + | | +--ro description? string + | | +--ro enabled? boolean + | | +--ro name? string + | | +--ro ifindex? uint32 + | | +--ro admin-status enumeration + | | +--ro oper-status enumeration + | | +--ro last-change? oc-types:timeticks64 + | | +--ro logical? boolean + | | +--ro management? boolean + | | +--ro cpu? boolean + | | +--ro counters + | | +--ro in-octets? oc-yang:counter64 + | | +--ro in-pkts? oc-yang:counter64 + | | +--ro in-unicast-pkts? oc-yang:counter64 + | | +--ro in-broadcast-pkts? oc-yang:counter64 + | | +--ro in-multicast-pkts? oc-yang:counter64 + | | +--ro in-errors? oc-yang:counter64 + | | +--ro in-discards? oc-yang:counter64 + | | +--ro out-octets? oc-yang:counter64 + | | +--ro out-pkts? oc-yang:counter64 + | | +--ro out-unicast-pkts? oc-yang:counter64 + | | +--ro out-broadcast-pkts? oc-yang:counter64 + | | +--ro out-multicast-pkts? oc-yang:counter64 + | | +--ro out-discards? oc-yang:counter64 + | | +--ro out-errors? oc-yang:counter64 + | | +--ro last-clear? oc-types:timeticks64 + | | x--ro in-unknown-protos? oc-yang:counter64 + | | x--ro in-fcs-errors? oc-yang:counter64 + | | x--ro carrier-transitions? oc-yang:counter64 + | +--rw oc-vlan:vlan + | | +--rw oc-vlan:config + | | | x--rw oc-vlan:vlan-id? union + | | +--ro oc-vlan:state + | | | x--ro oc-vlan:vlan-id? union + | | +--rw oc-vlan:match + | | | +--rw oc-vlan:single-tagged + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:single-tagged-list + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:vlan-ids* oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:vlan-ids* oc-vlan-types:vlan-id + | | | +--rw oc-vlan:single-tagged-range + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:low-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:high-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:low-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:high-vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged-inner-list + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:inner-vlan-ids* oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:inner-vlan-ids* oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged-outer-list + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-vlan-ids* oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-vlan-ids* oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged-inner-range + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:inner-low-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:inner-high-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-vlan-id* oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:inner-low-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:inner-high-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-vlan-id* oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged-outer-range + | | | | +--rw oc-vlan:config + | | | | | +--rw oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-low-vlan-id? oc-vlan-types:vlan-id + | | | | | +--rw oc-vlan:outer-high-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:state + | | | | +--ro oc-vlan:inner-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-low-vlan-id? oc-vlan-types:vlan-id + | | | | +--ro oc-vlan:outer-high-vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:double-tagged-inner-outer-range + | | | +--rw oc-vlan:config + | | | | +--rw oc-vlan:inner-low-vlan-id? oc-vlan-types:vlan-id + | | | | +--rw oc-vlan:inner-high-vlan-id? oc-vlan-types:vlan-id + | | | | +--rw oc-vlan:outer-low-vlan-id? oc-vlan-types:vlan-id + | | | | +--rw oc-vlan:outer-high-vlan-id? oc-vlan-types:vlan-id + | | | +--ro oc-vlan:state + | | | +--ro oc-vlan:inner-low-vlan-id? oc-vlan-types:vlan-id + | | | +--ro oc-vlan:inner-high-vlan-id? oc-vlan-types:vlan-id + | | | +--ro oc-vlan:outer-low-vlan-id? oc-vlan-types:vlan-id + | | | +--ro oc-vlan:outer-high-vlan-id? oc-vlan-types:vlan-id + | | +--rw oc-vlan:ingress-mapping + | | | +--rw oc-vlan:config + | | | | +--rw oc-vlan:vlan-stack-action? oc-vlan-types:vlan-stack-action + | | | | +--rw oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | | | +--rw oc-vlan:tpid? identityref + | | | +--ro oc-vlan:state + | | | +--ro oc-vlan:vlan-stack-action? oc-vlan-types:vlan-stack-action + | | | +--ro oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | | +--ro oc-vlan:tpid? identityref + | | +--rw oc-vlan:egress-mapping + | | +--rw oc-vlan:config + | | | +--rw oc-vlan:vlan-stack-action? oc-vlan-types:vlan-stack-action + | | | +--rw oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | | +--rw oc-vlan:tpid? identityref + | | +--ro oc-vlan:state + | | +--ro oc-vlan:vlan-stack-action? oc-vlan-types:vlan-stack-action + | | +--ro oc-vlan:vlan-id? oc-vlan-types:vlan-id + | | +--ro oc-vlan:tpid? identityref + | +--rw oc-ip:ipv4 + | | +--rw oc-ip:addresses + | | | +--rw oc-ip:address* [ip] + | | | +--rw oc-ip:ip -> ../config/ip + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:ip? oc-inet:ipv4-address + | | | | +--rw oc-ip:prefix-length? uint8 + | | | | +--rw oc-ip:type? ipv4-address-type + | | | +--ro oc-ip:state + | | | | +--ro oc-ip:ip? oc-inet:ipv4-address + | | | | +--ro oc-ip:prefix-length? uint8 + | | | | +--ro oc-ip:type? ipv4-address-type + | | | | +--ro oc-ip:origin? ip-address-origin + | | | +--rw oc-ip:vrrp + | | | +--rw oc-ip:vrrp-group* [virtual-router-id] + | | | +--rw oc-ip:virtual-router-id -> ../config/virtual-router-id + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:virtual-router-id? uint8 + | | | | +--rw oc-ip:virtual-address* oc-inet:ip-address + | | | | +--rw oc-ip:priority? uint8 + | | | | +--rw oc-ip:preempt? boolean + | | | | +--rw oc-ip:preempt-delay? uint16 + | | | | +--rw oc-ip:accept-mode? boolean + | | | | +--rw oc-ip:advertisement-interval? uint16 + | | | +--ro oc-ip:state + | | | | +--ro oc-ip:virtual-router-id? uint8 + | | | | +--ro oc-ip:virtual-address* oc-inet:ip-address + | | | | +--ro oc-ip:priority? uint8 + | | | | +--ro oc-ip:preempt? boolean + | | | | +--ro oc-ip:preempt-delay? uint16 + | | | | +--ro oc-ip:accept-mode? boolean + | | | | +--ro oc-ip:advertisement-interval? uint16 + | | | | +--ro oc-ip:current-priority? uint8 + | | | +--rw oc-ip:interface-tracking + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | | | +--rw oc-ip:priority-decrement? uint8 + | | | +--ro oc-ip:state + | | | +--ro oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | | +--ro oc-ip:priority-decrement? uint8 + | | +--rw oc-ip:proxy-arp + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:mode? enumeration + | | | +--ro oc-ip:state + | | | +--ro oc-ip:mode? enumeration + | | +--rw oc-ip:neighbors + | | | +--rw oc-ip:neighbor* [ip] + | | | +--rw oc-ip:ip -> ../config/ip + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:ip? oc-inet:ipv4-address + | | | | +--rw oc-ip:link-layer-address oc-yang:phys-address + | | | +--ro oc-ip:state + | | | +--ro oc-ip:ip? oc-inet:ipv4-address + | | | +--ro oc-ip:link-layer-address oc-yang:phys-address + | | | +--ro oc-ip:origin? neighbor-origin + | | +--rw oc-ip:unnumbered + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:enabled? boolean + | | | +--ro oc-ip:state + | | | | +--ro oc-ip:enabled? boolean + | | | +--rw oc-ip:interface-ref + | | | +--rw oc-ip:config + | | | | +--rw oc-ip:interface? -> /oc-if:interfaces/interface/name + | | | | +--rw oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | | | +--ro oc-ip:state + | | | +--ro oc-ip:interface? -> /oc-if:interfaces/interface/name + | | | +--ro oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | | +--rw oc-ip:config + | | | +--rw oc-ip:enabled? boolean + | | | +--rw oc-ip:mtu? uint16 + | | | +--rw oc-ip:dhcp-client? boolean + | | +--ro oc-ip:state + | | +--ro oc-ip:enabled? boolean + | | +--ro oc-ip:mtu? uint16 + | | +--ro oc-ip:dhcp-client? boolean + | | +--ro oc-ip:counters + | | +--ro oc-ip:in-pkts? oc-yang:counter64 + | | +--ro oc-ip:in-octets? oc-yang:counter64 + | | +--ro oc-ip:in-multicast-pkts? oc-yang:counter64 + | | +--ro oc-ip:in-multicast-octets? oc-yang:counter64 + | | +--ro oc-ip:in-error-pkts? oc-yang:counter64 + | | +--ro oc-ip:in-forwarded-pkts? oc-yang:counter64 + | | +--ro oc-ip:in-forwarded-octets? oc-yang:counter64 + | | +--ro oc-ip:in-discarded-pkts? oc-yang:counter64 + | | +--ro oc-ip:out-pkts? oc-yang:counter64 + | | +--ro oc-ip:out-octets? oc-yang:counter64 + | | +--ro oc-ip:out-multicast-pkts? oc-yang:counter64 + | | +--ro oc-ip:out-multicast-octets? oc-yang:counter64 + | | +--ro oc-ip:out-error-pkts? oc-yang:counter64 + | | +--ro oc-ip:out-forwarded-pkts? oc-yang:counter64 + | | +--ro oc-ip:out-forwarded-octets? oc-yang:counter64 + | | +--ro oc-ip:out-discarded-pkts? oc-yang:counter64 + | +--rw oc-ip:ipv6 + | +--rw oc-ip:addresses + | | +--rw oc-ip:address* [ip] + | | +--rw oc-ip:ip -> ../config/ip + | | +--rw oc-ip:config + | | | +--rw oc-ip:ip? oc-inet:ipv6-address + | | | +--rw oc-ip:prefix-length uint8 + | | | +--rw oc-ip:type? oc-inet:ipv6-address-type + | | +--ro oc-ip:state + | | | +--ro oc-ip:ip? oc-inet:ipv6-address + | | | +--ro oc-ip:prefix-length uint8 + | | | +--ro oc-ip:type? oc-inet:ipv6-address-type + | | | +--ro oc-ip:origin? ip-address-origin + | | | +--ro oc-ip:status? enumeration + | | +--rw oc-ip:vrrp + | | +--rw oc-ip:vrrp-group* [virtual-router-id] + | | +--rw oc-ip:virtual-router-id -> ../config/virtual-router-id + | | +--rw oc-ip:config + | | | +--rw oc-ip:virtual-router-id? uint8 + | | | +--rw oc-ip:virtual-address* oc-inet:ip-address + | | | +--rw oc-ip:priority? uint8 + | | | +--rw oc-ip:preempt? boolean + | | | +--rw oc-ip:preempt-delay? uint16 + | | | +--rw oc-ip:accept-mode? boolean + | | | +--rw oc-ip:advertisement-interval? uint16 + | | | +--rw oc-ip:virtual-link-local? oc-inet:ip-address + | | +--ro oc-ip:state + | | | +--ro oc-ip:virtual-router-id? uint8 + | | | +--ro oc-ip:virtual-address* oc-inet:ip-address + | | | +--ro oc-ip:priority? uint8 + | | | +--ro oc-ip:preempt? boolean + | | | +--ro oc-ip:preempt-delay? uint16 + | | | +--ro oc-ip:accept-mode? boolean + | | | +--ro oc-ip:advertisement-interval? uint16 + | | | +--ro oc-ip:current-priority? uint8 + | | | +--ro oc-ip:virtual-link-local? oc-inet:ip-address + | | +--rw oc-ip:interface-tracking + | | +--rw oc-ip:config + | | | +--rw oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | | +--rw oc-ip:priority-decrement? uint8 + | | +--ro oc-ip:state + | | +--ro oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | +--ro oc-ip:priority-decrement? uint8 + | +--rw oc-ip:router-advertisement + | | +--rw oc-ip:config + | | | +--rw oc-ip:enable? boolean + | | | +--rw oc-ip:interval? uint32 + | | | +--rw oc-ip:lifetime? uint32 + | | | x--rw oc-ip:suppress? boolean + | | | +--rw oc-ip:mode? enumeration + | | | +--rw oc-ip:managed? boolean + | | | +--rw oc-ip:other-config? boolean + | | +--ro oc-ip:state + | | | +--ro oc-ip:enable? boolean + | | | +--ro oc-ip:interval? uint32 + | | | +--ro oc-ip:lifetime? uint32 + | | | x--ro oc-ip:suppress? boolean + | | | +--ro oc-ip:mode? enumeration + | | | +--ro oc-ip:managed? boolean + | | | +--ro oc-ip:other-config? boolean + | | +--rw oc-ip:prefixes + | | +--rw oc-ip:prefix* [prefix] + | | +--rw oc-ip:prefix -> ../config/prefix + | | +--rw oc-ip:config + | | | +--rw oc-ip:prefix? oc-inet:ipv6-prefix + | | | +--rw oc-ip:valid-lifetime? uint32 + | | | +--rw oc-ip:preferred-lifetime? uint32 + | | | +--rw oc-ip:disable-advertisement? boolean + | | | +--rw oc-ip:disable-autoconfiguration? boolean + | | | +--rw oc-ip:enable-onlink? boolean + | | +--ro oc-ip:state + | | +--ro oc-ip:prefix? oc-inet:ipv6-prefix + | | +--ro oc-ip:valid-lifetime? uint32 + | | +--ro oc-ip:preferred-lifetime? uint32 + | | +--ro oc-ip:disable-advertisement? boolean + | | +--ro oc-ip:disable-autoconfiguration? boolean + | | +--ro oc-ip:enable-onlink? boolean + | +--rw oc-ip:neighbors + | | +--rw oc-ip:neighbor* [ip] + | | +--rw oc-ip:ip -> ../config/ip + | | +--rw oc-ip:config + | | | +--rw oc-ip:ip? oc-inet:ipv6-address + | | | +--rw oc-ip:link-layer-address oc-yang:phys-address + | | +--ro oc-ip:state + | | +--ro oc-ip:ip? oc-inet:ipv6-address + | | +--ro oc-ip:link-layer-address oc-yang:phys-address + | | +--ro oc-ip:origin? neighbor-origin + | | +--ro oc-ip:is-router? boolean + | | +--ro oc-ip:neighbor-state? enumeration + | +--rw oc-ip:unnumbered + | | +--rw oc-ip:config + | | | +--rw oc-ip:enabled? boolean + | | +--ro oc-ip:state + | | | +--ro oc-ip:enabled? boolean + | | +--rw oc-ip:interface-ref + | | +--rw oc-ip:config + | | | +--rw oc-ip:interface? -> /oc-if:interfaces/interface/name + | | | +--rw oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | | +--ro oc-ip:state + | | +--ro oc-ip:interface? -> /oc-if:interfaces/interface/name + | | +--ro oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | +--rw oc-ip:config + | | +--rw oc-ip:enabled? boolean + | | +--rw oc-ip:mtu? uint32 + | | +--rw oc-ip:dup-addr-detect-transmits? uint32 + | | +--rw oc-ip:dhcp-client? boolean + | +--ro oc-ip:state + | +--ro oc-ip:enabled? boolean + | +--ro oc-ip:mtu? uint32 + | +--ro oc-ip:dup-addr-detect-transmits? uint32 + | +--ro oc-ip:dhcp-client? boolean + | +--ro oc-ip:counters + | +--ro oc-ip:in-pkts? oc-yang:counter64 + | +--ro oc-ip:in-octets? oc-yang:counter64 + | +--ro oc-ip:in-multicast-pkts? oc-yang:counter64 + | +--ro oc-ip:in-multicast-octets? oc-yang:counter64 + | +--ro oc-ip:in-error-pkts? oc-yang:counter64 + | +--ro oc-ip:in-forwarded-pkts? oc-yang:counter64 + | +--ro oc-ip:in-forwarded-octets? oc-yang:counter64 + | +--ro oc-ip:in-discarded-pkts? oc-yang:counter64 + | +--ro oc-ip:out-pkts? oc-yang:counter64 + | +--ro oc-ip:out-octets? oc-yang:counter64 + | +--ro oc-ip:out-multicast-pkts? oc-yang:counter64 + | +--ro oc-ip:out-multicast-octets? oc-yang:counter64 + | +--ro oc-ip:out-error-pkts? oc-yang:counter64 + | +--ro oc-ip:out-forwarded-pkts? oc-yang:counter64 + | +--ro oc-ip:out-forwarded-octets? oc-yang:counter64 + | +--ro oc-ip:out-discarded-pkts? oc-yang:counter64 + +--rw oc-eth:ethernet + | +--rw oc-eth:config + | | +--rw oc-eth:mac-address? oc-yang:mac-address + | | +--rw oc-eth:auto-negotiate? boolean + | | +--rw oc-eth:standalone-link-training? boolean + | | +--rw oc-eth:duplex-mode? enumeration + | | +--rw oc-eth:port-speed? identityref + | | +--rw oc-eth:enable-flow-control? boolean + | | +--rw oc-eth:fec-mode? identityref + | | +--rw oc-lag:aggregate-id? -> /oc-if:interfaces/interface/name + | +--ro oc-eth:state + | | +--ro oc-eth:mac-address? oc-yang:mac-address + | | +--ro oc-eth:auto-negotiate? boolean + | | +--ro oc-eth:standalone-link-training? boolean + | | +--ro oc-eth:duplex-mode? enumeration + | | +--ro oc-eth:port-speed? identityref + | | +--ro oc-eth:enable-flow-control? boolean + | | +--ro oc-eth:fec-mode? identityref + | | +--ro oc-eth:hw-mac-address? oc-yang:mac-address + | | +--ro oc-eth:negotiated-duplex-mode? enumeration + | | +--ro oc-eth:negotiated-port-speed? identityref + | | +--ro oc-eth:counters + | | | +--ro oc-eth:in-mac-control-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-mac-pause-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-oversize-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-undersize-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-jabber-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-fragment-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-8021q-frames? oc-yang:counter64 + | | | +--ro oc-eth:in-crc-errors? oc-yang:counter64 + | | | +--ro oc-eth:in-block-errors? oc-yang:counter64 + | | | +--ro oc-eth:in-carrier-errors? oc-yang:counter64 + | | | +--ro oc-eth:in-interrupted-tx? oc-yang:counter64 + | | | +--ro oc-eth:in-late-collision? oc-yang:counter64 + | | | +--ro oc-eth:in-mac-errors-rx? oc-yang:counter64 + | | | +--ro oc-eth:in-single-collision? oc-yang:counter64 + | | | +--ro oc-eth:in-symbol-error? oc-yang:counter64 + | | | +--ro oc-eth:in-maxsize-exceeded? oc-yang:counter64 + | | | +--ro oc-eth:out-mac-control-frames? oc-yang:counter64 + | | | +--ro oc-eth:out-mac-pause-frames? oc-yang:counter64 + | | | +--ro oc-eth:out-8021q-frames? oc-yang:counter64 + | | | +--ro oc-eth:out-mac-errors-tx? oc-yang:counter64 + | | +--ro oc-lag:aggregate-id? -> /oc-if:interfaces/interface/name + | +--rw oc-vlan:switched-vlan + | +--rw oc-vlan:config + | | +--rw oc-vlan:interface-mode? oc-vlan-types:vlan-mode-type + | | +--rw oc-vlan:native-vlan? oc-vlan-types:vlan-id + | | +--rw oc-vlan:access-vlan? oc-vlan-types:vlan-id + | | +--rw oc-vlan:trunk-vlans* union + | +--ro oc-vlan:state + | +--ro oc-vlan:interface-mode? oc-vlan-types:vlan-mode-type + | +--ro oc-vlan:native-vlan? oc-vlan-types:vlan-id + | +--ro oc-vlan:access-vlan? oc-vlan-types:vlan-id + | +--ro oc-vlan:trunk-vlans* union + +--rw oc-lag:aggregation + | +--rw oc-lag:config + | | +--rw oc-lag:lag-type? aggregation-type + | | +--rw oc-lag:min-links? uint16 + | +--ro oc-lag:state + | | +--ro oc-lag:lag-type? aggregation-type + | | +--ro oc-lag:min-links? uint16 + | | +--ro oc-lag:lag-speed? uint32 + | | +--ro oc-lag:member* oc-if:base-interface-ref + | +--rw oc-vlan:switched-vlan + | +--rw oc-vlan:config + | | +--rw oc-vlan:interface-mode? oc-vlan-types:vlan-mode-type + | | +--rw oc-vlan:native-vlan? oc-vlan-types:vlan-id + | | +--rw oc-vlan:access-vlan? oc-vlan-types:vlan-id + | | +--rw oc-vlan:trunk-vlans* union + | +--ro oc-vlan:state + | +--ro oc-vlan:interface-mode? oc-vlan-types:vlan-mode-type + | +--ro oc-vlan:native-vlan? oc-vlan-types:vlan-id + | +--ro oc-vlan:access-vlan? oc-vlan-types:vlan-id + | +--ro oc-vlan:trunk-vlans* union + +--rw oc-vlan:routed-vlan + +--rw oc-vlan:config + | +--rw oc-vlan:vlan? union + +--ro oc-vlan:state + | +--ro oc-vlan:vlan? union + +--rw oc-ip:ipv4 + | +--rw oc-ip:addresses + | | +--rw oc-ip:address* [ip] + | | +--rw oc-ip:ip -> ../config/ip + | | +--rw oc-ip:config + | | | +--rw oc-ip:ip? oc-inet:ipv4-address + | | | +--rw oc-ip:prefix-length? uint8 + | | | +--rw oc-ip:type? ipv4-address-type + | | +--ro oc-ip:state + | | | +--ro oc-ip:ip? oc-inet:ipv4-address + | | | +--ro oc-ip:prefix-length? uint8 + | | | +--ro oc-ip:type? ipv4-address-type + | | | +--ro oc-ip:origin? ip-address-origin + | | +--rw oc-ip:vrrp + | | +--rw oc-ip:vrrp-group* [virtual-router-id] + | | +--rw oc-ip:virtual-router-id -> ../config/virtual-router-id + | | +--rw oc-ip:config + | | | +--rw oc-ip:virtual-router-id? uint8 + | | | +--rw oc-ip:virtual-address* oc-inet:ip-address + | | | +--rw oc-ip:priority? uint8 + | | | +--rw oc-ip:preempt? boolean + | | | +--rw oc-ip:preempt-delay? uint16 + | | | +--rw oc-ip:accept-mode? boolean + | | | +--rw oc-ip:advertisement-interval? uint16 + | | +--ro oc-ip:state + | | | +--ro oc-ip:virtual-router-id? uint8 + | | | +--ro oc-ip:virtual-address* oc-inet:ip-address + | | | +--ro oc-ip:priority? uint8 + | | | +--ro oc-ip:preempt? boolean + | | | +--ro oc-ip:preempt-delay? uint16 + | | | +--ro oc-ip:accept-mode? boolean + | | | +--ro oc-ip:advertisement-interval? uint16 + | | | +--ro oc-ip:current-priority? uint8 + | | +--rw oc-ip:interface-tracking + | | +--rw oc-ip:config + | | | +--rw oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | | +--rw oc-ip:priority-decrement? uint8 + | | +--ro oc-ip:state + | | +--ro oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | +--ro oc-ip:priority-decrement? uint8 + | +--rw oc-ip:proxy-arp + | | +--rw oc-ip:config + | | | +--rw oc-ip:mode? enumeration + | | +--ro oc-ip:state + | | +--ro oc-ip:mode? enumeration + | +--rw oc-ip:neighbors + | | +--rw oc-ip:neighbor* [ip] + | | +--rw oc-ip:ip -> ../config/ip + | | +--rw oc-ip:config + | | | +--rw oc-ip:ip? oc-inet:ipv4-address + | | | +--rw oc-ip:link-layer-address oc-yang:phys-address + | | +--ro oc-ip:state + | | +--ro oc-ip:ip? oc-inet:ipv4-address + | | +--ro oc-ip:link-layer-address oc-yang:phys-address + | | +--ro oc-ip:origin? neighbor-origin + | +--rw oc-ip:unnumbered + | | +--rw oc-ip:config + | | | +--rw oc-ip:enabled? boolean + | | +--ro oc-ip:state + | | | +--ro oc-ip:enabled? boolean + | | +--rw oc-ip:interface-ref + | | +--rw oc-ip:config + | | | +--rw oc-ip:interface? -> /oc-if:interfaces/interface/name + | | | +--rw oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | | +--ro oc-ip:state + | | +--ro oc-ip:interface? -> /oc-if:interfaces/interface/name + | | +--ro oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | +--rw oc-ip:config + | | +--rw oc-ip:enabled? boolean + | | +--rw oc-ip:mtu? uint16 + | | +--rw oc-ip:dhcp-client? boolean + | +--ro oc-ip:state + | +--ro oc-ip:enabled? boolean + | +--ro oc-ip:mtu? uint16 + | +--ro oc-ip:dhcp-client? boolean + | +--ro oc-ip:counters + | +--ro oc-ip:in-pkts? oc-yang:counter64 + | +--ro oc-ip:in-octets? oc-yang:counter64 + | +--ro oc-ip:in-multicast-pkts? oc-yang:counter64 + | +--ro oc-ip:in-multicast-octets? oc-yang:counter64 + | +--ro oc-ip:in-error-pkts? oc-yang:counter64 + | +--ro oc-ip:in-forwarded-pkts? oc-yang:counter64 + | +--ro oc-ip:in-forwarded-octets? oc-yang:counter64 + | +--ro oc-ip:in-discarded-pkts? oc-yang:counter64 + | +--ro oc-ip:out-pkts? oc-yang:counter64 + | +--ro oc-ip:out-octets? oc-yang:counter64 + | +--ro oc-ip:out-multicast-pkts? oc-yang:counter64 + | +--ro oc-ip:out-multicast-octets? oc-yang:counter64 + | +--ro oc-ip:out-error-pkts? oc-yang:counter64 + | +--ro oc-ip:out-forwarded-pkts? oc-yang:counter64 + | +--ro oc-ip:out-forwarded-octets? oc-yang:counter64 + | +--ro oc-ip:out-discarded-pkts? oc-yang:counter64 + +--rw oc-ip:ipv6 + +--rw oc-ip:addresses + | +--rw oc-ip:address* [ip] + | +--rw oc-ip:ip -> ../config/ip + | +--rw oc-ip:config + | | +--rw oc-ip:ip? oc-inet:ipv6-address + | | +--rw oc-ip:prefix-length uint8 + | | +--rw oc-ip:type? oc-inet:ipv6-address-type + | +--ro oc-ip:state + | | +--ro oc-ip:ip? oc-inet:ipv6-address + | | +--ro oc-ip:prefix-length uint8 + | | +--ro oc-ip:type? oc-inet:ipv6-address-type + | | +--ro oc-ip:origin? ip-address-origin + | | +--ro oc-ip:status? enumeration + | +--rw oc-ip:vrrp + | +--rw oc-ip:vrrp-group* [virtual-router-id] + | +--rw oc-ip:virtual-router-id -> ../config/virtual-router-id + | +--rw oc-ip:config + | | +--rw oc-ip:virtual-router-id? uint8 + | | +--rw oc-ip:virtual-address* oc-inet:ip-address + | | +--rw oc-ip:priority? uint8 + | | +--rw oc-ip:preempt? boolean + | | +--rw oc-ip:preempt-delay? uint16 + | | +--rw oc-ip:accept-mode? boolean + | | +--rw oc-ip:advertisement-interval? uint16 + | | +--rw oc-ip:virtual-link-local? oc-inet:ip-address + | +--ro oc-ip:state + | | +--ro oc-ip:virtual-router-id? uint8 + | | +--ro oc-ip:virtual-address* oc-inet:ip-address + | | +--ro oc-ip:priority? uint8 + | | +--ro oc-ip:preempt? boolean + | | +--ro oc-ip:preempt-delay? uint16 + | | +--ro oc-ip:accept-mode? boolean + | | +--ro oc-ip:advertisement-interval? uint16 + | | +--ro oc-ip:current-priority? uint8 + | | +--ro oc-ip:virtual-link-local? oc-inet:ip-address + | +--rw oc-ip:interface-tracking + | +--rw oc-ip:config + | | +--rw oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | | +--rw oc-ip:priority-decrement? uint8 + | +--ro oc-ip:state + | +--ro oc-ip:track-interface* -> /oc-if:interfaces/interface/name + | +--ro oc-ip:priority-decrement? uint8 + +--rw oc-ip:router-advertisement + | +--rw oc-ip:config + | | +--rw oc-ip:enable? boolean + | | +--rw oc-ip:interval? uint32 + | | +--rw oc-ip:lifetime? uint32 + | | x--rw oc-ip:suppress? boolean + | | +--rw oc-ip:mode? enumeration + | | +--rw oc-ip:managed? boolean + | | +--rw oc-ip:other-config? boolean + | +--ro oc-ip:state + | | +--ro oc-ip:enable? boolean + | | +--ro oc-ip:interval? uint32 + | | +--ro oc-ip:lifetime? uint32 + | | x--ro oc-ip:suppress? boolean + | | +--ro oc-ip:mode? enumeration + | | +--ro oc-ip:managed? boolean + | | +--ro oc-ip:other-config? boolean + | +--rw oc-ip:prefixes + | +--rw oc-ip:prefix* [prefix] + | +--rw oc-ip:prefix -> ../config/prefix + | +--rw oc-ip:config + | | +--rw oc-ip:prefix? oc-inet:ipv6-prefix + | | +--rw oc-ip:valid-lifetime? uint32 + | | +--rw oc-ip:preferred-lifetime? uint32 + | | +--rw oc-ip:disable-advertisement? boolean + | | +--rw oc-ip:disable-autoconfiguration? boolean + | | +--rw oc-ip:enable-onlink? boolean + | +--ro oc-ip:state + | +--ro oc-ip:prefix? oc-inet:ipv6-prefix + | +--ro oc-ip:valid-lifetime? uint32 + | +--ro oc-ip:preferred-lifetime? uint32 + | +--ro oc-ip:disable-advertisement? boolean + | +--ro oc-ip:disable-autoconfiguration? boolean + | +--ro oc-ip:enable-onlink? boolean + +--rw oc-ip:neighbors + | +--rw oc-ip:neighbor* [ip] + | +--rw oc-ip:ip -> ../config/ip + | +--rw oc-ip:config + | | +--rw oc-ip:ip? oc-inet:ipv6-address + | | +--rw oc-ip:link-layer-address oc-yang:phys-address + | +--ro oc-ip:state + | +--ro oc-ip:ip? oc-inet:ipv6-address + | +--ro oc-ip:link-layer-address oc-yang:phys-address + | +--ro oc-ip:origin? neighbor-origin + | +--ro oc-ip:is-router? boolean + | +--ro oc-ip:neighbor-state? enumeration + +--rw oc-ip:unnumbered + | +--rw oc-ip:config + | | +--rw oc-ip:enabled? boolean + | +--ro oc-ip:state + | | +--ro oc-ip:enabled? boolean + | +--rw oc-ip:interface-ref + | +--rw oc-ip:config + | | +--rw oc-ip:interface? -> /oc-if:interfaces/interface/name + | | +--rw oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + | +--ro oc-ip:state + | +--ro oc-ip:interface? -> /oc-if:interfaces/interface/name + | +--ro oc-ip:subinterface? -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index + +--rw oc-ip:config + | +--rw oc-ip:enabled? boolean + | +--rw oc-ip:mtu? uint32 + | +--rw oc-ip:dup-addr-detect-transmits? uint32 + | +--rw oc-ip:dhcp-client? boolean + +--ro oc-ip:state + +--ro oc-ip:enabled? boolean + +--ro oc-ip:mtu? uint32 + +--ro oc-ip:dup-addr-detect-transmits? uint32 + +--ro oc-ip:dhcp-client? boolean + +--ro oc-ip:counters + +--ro oc-ip:in-pkts? oc-yang:counter64 + +--ro oc-ip:in-octets? oc-yang:counter64 + +--ro oc-ip:in-multicast-pkts? oc-yang:counter64 + +--ro oc-ip:in-multicast-octets? oc-yang:counter64 + +--ro oc-ip:in-error-pkts? oc-yang:counter64 + +--ro oc-ip:in-forwarded-pkts? oc-yang:counter64 + +--ro oc-ip:in-forwarded-octets? oc-yang:counter64 + +--ro oc-ip:in-discarded-pkts? oc-yang:counter64 + +--ro oc-ip:out-pkts? oc-yang:counter64 + +--ro oc-ip:out-octets? oc-yang:counter64 + +--ro oc-ip:out-multicast-pkts? oc-yang:counter64 + +--ro oc-ip:out-multicast-octets? oc-yang:counter64 + +--ro oc-ip:out-error-pkts? oc-yang:counter64 + +--ro oc-ip:out-forwarded-pkts? oc-yang:counter64 + +--ro oc-ip:out-forwarded-octets? oc-yang:counter64 + +--ro oc-ip:out-discarded-pkts? oc-yang:counter64 + diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-acl.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-acl.yang new file mode 100644 index 0000000000000000000000000000000000000000..6b3977907d1a0ec3c64f704b23b5da2b101cbfc2 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-acl.yang @@ -0,0 +1,935 @@ +module openconfig-acl { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/acl"; + + prefix "oc-acl"; + + import openconfig-packet-match { prefix oc-match; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state + data for network access control lists (i.e., filters, rules, + etc.). ACLs are organized into ACL sets, with each set + containing one or more ACL entries. ACL sets are identified + by a unique name, while each entry within a set is assigned + a sequence-id that determines the order in which the ACL + rules are applied to a packet. Note that ACLs are evaluated + in ascending order based on the sequence-id (low to high). + + Individual ACL rules specify match criteria based on fields in + the packet, along with an action that defines how matching + packets should be handled. Entries have a type that indicates + the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc."; + + oc-ext:openconfig-version "1.3.3"; + + revision "2023-02-06" { + description + "Add clarifying comments on use of interface-ref."; + reference "1.3.3"; + } + + revision "2023-01-29" { + description + "Update sequence-id reference to allow model to be re-used + outside of ACL context."; + reference "1.3.2"; + } + + revision "2022-12-20" { + description + "Remove unused openconfig-inet-types import"; + reference "1.3.1"; + } + + revision "2022-06-01" { + description + "Add the management of prefix lists + that can be used in matches"; + reference "1.3.0"; + } + + revision "2022-01-14" { + description + "Fix when statements for MIXED mode ACLs"; + reference "1.2.2"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace"; + reference "1.2.1"; + } + + revision "2021-03-17" { + description + "Add MPLS filter Support."; + reference "1.2.0"; + } + + revision "2019-11-27" { + description + "Fix xpaths in when statements."; + reference "1.1.1"; + } + + revision "2019-10-25" { + description + "Update when statements."; + reference "1.1.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-24" { + description + "Clarified order of ACL evaluation"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated ACL entries by type"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-01-22" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + identity ACL_TYPE { + description + "Base identity for types of ACL sets"; + } + + identity ACL_IPV4 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv4 addresses"; + } + + identity ACL_IPV6 { + base ACL_TYPE; + description + "IP-layer ACLs with IPv6 addresses"; + } + + identity ACL_L2 { + base ACL_TYPE; + description + "MAC-layer ACLs"; + } + + identity ACL_MIXED { + base ACL_TYPE; + description + "Mixed-mode ACL that specifies L2 and L3 protocol + fields. This ACL type is not implemented by many + routing/switching devices."; + } + + identity ACL_MPLS { + base ACL_TYPE; + description + "An ACL that matches on fields from the MPLS header."; + } + + // ACL action type + + identity FORWARDING_ACTION { + description + "Base identity for actions in the forwarding category"; + } + + identity ACCEPT { + base FORWARDING_ACTION; + description + "Accept the packet"; + } + + identity DROP { + base FORWARDING_ACTION; + description + "Drop packet without sending any ICMP error message"; + } + + identity REJECT { + base FORWARDING_ACTION; + description + "Drop the packet and send an ICMP error message to the source"; + } + + identity LOG_ACTION { + description + "Base identity for defining the destination for logging + actions"; + } + + identity LOG_SYSLOG { + base LOG_ACTION; + description + "Log the packet in Syslog"; + } + + identity LOG_NONE { + base LOG_ACTION; + description + "No logging"; + } + + identity ACL_COUNTER_CAPABILITY { + description + "Base identity for system to indicate how it is able to report + counters"; + } + + identity INTERFACE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are available and reported only per interface"; + } + + identity AGGREGATE_ONLY { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are aggregated over all interfaces, and reported + only per ACL entry"; + } + + identity INTERFACE_AGGREGATE { + base ACL_COUNTER_CAPABILITY; + description + "ACL counters are reported per interface, and also aggregated + and reported per ACL entry."; + } + + // grouping statements + + // input interface + grouping input-interface-config { + description + "Config of interface"; + + } + + grouping input-interface-state { + description + "State information of interface"; + } + + grouping input-interface-top { + description + "Input interface top level container"; + + container input-interface { + description + "Input interface container. The interface is resolved based + on the interface and subinterface leaves of the interface-ref + container, which are references to entries in the /interfaces + list."; + + container config { + description + "Config data"; + uses input-interface-config; + } + + container state { + config false; + description + "State information"; + uses input-interface-config; + uses input-interface-state; + } + + uses oc-if:interface-ref; + + } + } + + // Action Type + grouping action-config { + description + "Config of action type"; + + + leaf forwarding-action { + type identityref { + base FORWARDING_ACTION; + } + mandatory true; + description + "Specifies the forwarding action. One forwarding action + must be specified for each ACL entry"; + } + + leaf log-action { + type identityref { + base LOG_ACTION; + } + default LOG_NONE; + description + "Specifies the log action and destination for + matched packets. The default is not to log the + packet."; + } + + + } + + grouping action-state { + description + "State information of action type"; + + } + + grouping action-top { + description + "ACL action type top level container"; + + container actions { + description + "Enclosing container for list of ACL actions associated + with an entry"; + + container config { + description + "Config data for ACL actions"; + uses action-config; + } + + container state { + config false; + description + "State information for ACL actions"; + uses action-config; + uses action-state; + } + } + } + + grouping acl-counters-state { + description + "Common grouping for ACL counters"; + + leaf matched-packets { + type oc-yang:counter64; + description + "Count of the number of packets matching the current ACL + entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + leaf matched-octets { + type oc-yang:counter64; + description + "Count of the number of octets (bytes) matching the current + ACL entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + + } + + // Access List Entries + + grouping access-list-entries-config { + description + "Access List Entries (ACE) config."; + + leaf sequence-id { + type uint32; + description + "The sequence id determines the order in which ACL entries + are applied. The sequence id must be unique for each entry + in an ACL set. Target devices should apply the ACL entry + rules in ascending order determined by sequence id (low to + high), rather than the relying only on order in the list."; + } + + leaf description { + type string; + description + "A user-defined description, or comment, for this Access List + Entry."; + } + + } + + grouping access-list-entries-state { + description + "Access List Entries state."; + + uses acl-counters-state; + + } + + grouping access-list-entries-top { + description + "Access list entries to level container"; + + container acl-entries { + description + "Access list entries container"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries comprising an ACL set"; + + leaf sequence-id { + type leafref { + path "../config/sequence-id"; + } + description + "references the list key"; + } + + container config { + description + "Access list entries config"; + uses access-list-entries-config; + } + + container state { + config false; + description + "State information for ACL entries"; + uses access-list-entries-config; + uses access-list-entries-state; + } + + uses oc-match:ethernet-header-top { + when "../../config/type='ACL_L2' or " + + "../../config/type='ACL_MIXED'" { + description + "MAC-layer fields are valid when the ACL type is L2 or + MIXED"; + } + } + + uses oc-match:ipv4-protocol-fields-top { + when "../../config/type='ACL_IPV4' or " + + "../../config/type='ACL_MIXED'" { + description + "IPv4-layer fields are valid when the ACL type is + IPv4 or MIXED"; + } + } + + uses oc-match:mpls-header-top { + when "../../config/type='ACL_MPLS' or " + + "../../config/type='ACL_MIXED'" { + description + "MPLS-layer fields are valid when the ACL type is + MPLS or MIXED"; + } + } + + uses oc-match:ipv6-protocol-fields-top { + when "../../config/type='ACL_IPV6' or " + + "../../config/type='ACL_MIXED'" { + description + "IPv6-layer fields are valid when the ACL type is + IPv6 or MIXED"; + } + } + + uses oc-match:transport-fields-top { + when "../../config/type='ACL_IPV6' or " + + "../../config/type='ACL_IPV4' or " + + "../../config/type='ACL_MIXED'" { + description + "Transport-layer fields are valid when specifying + L3 or MIXED ACL types"; + } + } + + uses input-interface-top; + uses action-top; + } + } + } + + grouping acl-set-config { + description + "Access Control List config"; + + leaf name { + type string; + description + "The name of the access-list set"; + } + + leaf type { + type identityref { + base ACL_TYPE; + } + description + "The type determines the fields allowed in the ACL entries + belonging to the ACL set (e.g., IPv4, IPv6, etc.)"; + } + + leaf description { + type string; + description + "Description, or comment, for the ACL set"; + } + + } + + grouping acl-set-state { + description + "Access Control List state"; + } + + grouping acl-set-top { + description + "Access list entries variables top level container"; + + container acl-sets { + description + "Access list entries variables enclosing container"; + + list acl-set { + key "name type"; + description + "List of ACL sets, each comprising of a list of ACL + entries"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to the type list key"; + } + + container config { + description + "Access list config"; + uses acl-set-config; + } + + container state { + config false; + description + "Access list state information"; + uses acl-set-config; + uses acl-set-state; + } + uses access-list-entries-top; + } + } + } + + grouping interface-acl-entries-config { + description + "Configuration data for per-interface ACLs"; + + } + + grouping interface-acl-entries-state { + description + "Operational state data for per-interface ACL entries"; + + leaf sequence-id { + type leafref { + path "/oc-acl:acl/oc-acl:acl-sets/" + + "oc-acl:acl-set[oc-acl:name=current()/../../../../set-name]" + + "[oc-acl:type=current()/../../../../type]/" + + "oc-acl:acl-entries/oc-acl:acl-entry/oc-acl:sequence-id"; + } + description + "Reference to an entry in the ACL set applied to an + interface"; + } + + uses acl-counters-state; + + } + + grouping interface-acl-entries-top { + description + "Top-level grouping for per-interface ACL entries"; + + container acl-entries { + config false; + description + "Enclosing container for list of references to ACLs"; + + list acl-entry { + key "sequence-id"; + description + "List of ACL entries assigned to an interface"; + + leaf sequence-id { + type leafref { + path "../state/sequence-id"; + } + description + "Reference to per-interface acl entry key"; + } + + // no config container since the enclosing container is + // read-only + + container state { + + config false; + + description + "Operational state data for per-interface ACL entries"; + + uses interface-acl-entries-config; + uses interface-acl-entries-state; + } + } + } + } + + grouping interface-ingress-acl-config { + description + "Configuration data for per-interface ingress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on ingress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on ingress"; + } + } + + grouping interface-ingress-acl-state { + description + "Operational state data for the per-interface ingress ACL"; + } + + grouping interface-ingress-acl-top { + description + "Top-level grouping for per-interface ingress ACL data"; + + container ingress-acl-sets { + description + "Enclosing container the list of ingress ACLs on the + interface"; + + list ingress-acl-set { + key "set-name type"; + description + "List of ingress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-ingress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface ingress ACLs"; + + uses interface-ingress-acl-config; + uses interface-ingress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping interface-egress-acl-config { + description + "Configuration data for per-interface egress ACLs"; + + leaf set-name { + type leafref { + path "../../../../../../acl-sets/acl-set/config/name"; + } + description + "Reference to the ACL set name applied on egress"; + } + + leaf type { + type leafref { + path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" + + "/config/type"; + } + description + "Reference to the ACL set type applied on egress."; + } + } + + grouping interface-egress-acl-state { + description + "Operational state data for the per-interface egress ACL"; + } + + grouping interface-egress-acl-top { + description + "Top-level grouping for per-interface egress ACL data"; + + container egress-acl-sets { + description + "Enclosing container the list of egress ACLs on the + interface"; + + list egress-acl-set { + key "set-name type"; + description + "List of egress ACLs on the interface"; + + leaf set-name { + type leafref { + path "../config/set-name"; + } + description + "Reference to set name list key"; + } + + leaf type { + type leafref { + path "../config/type"; + } + description + "Reference to type list key"; + } + + container config { + description + "Configuration data "; + + uses interface-egress-acl-config; + } + + container state { + + config false; + + description + "Operational state data for interface egress ACLs"; + + uses interface-egress-acl-config; + uses interface-egress-acl-state; + } + + uses interface-acl-entries-top; + } + } + } + + grouping acl-interfaces-config { + description + "Configuration data for interface references"; + + leaf id { + type oc-if:interface-id; + description + "User-defined identifier for the interface -- a common + convention could be '.'"; + } + } + + grouping acl-interfaces-state { + description + "Operational state data for interface references"; + } + + grouping acl-interfaces-top { + description + "Top-level grouping for interface-specific ACL data"; + + container interfaces { + description + "Enclosing container for the list of interfaces on which + ACLs are set"; + + list interface { + key "id"; + description + "List of interfaces on which ACLs are set. The interface is resolved + based on the interface and subinterface leaves of the interface-ref + container, which are references to entries in the /interfaces + list. The key of the list is an arbitrary value that the + implementation should not use to resolve an interface name."; + + leaf id { + type leafref { + path "../config/id"; + } + description + "Reference to the interface id list key"; + } + + container config { + description + "Configuration for ACL per-interface data"; + + uses acl-interfaces-config; + } + + container state { + + config false; + + description + "Operational state for ACL per-interface data"; + + uses acl-interfaces-config; + uses acl-interfaces-state; + } + + uses oc-if:interface-ref; + uses interface-ingress-acl-top; + uses interface-egress-acl-top; + } + } + } + + + grouping acl-config { + description + "Global configuration data for ACLs"; + } + + grouping acl-state { + description + "Global operational state data for ACLs"; + + leaf counter-capability { + type identityref { + base ACL_COUNTER_CAPABILITY; + } + description + "System reported indication of how ACL counters are reported + by the target"; + } + } + grouping acl-top { + description + "Top level grouping for ACL data and structure"; + + container acl { + description + "Top level enclosing container for ACL model config + and operational state data"; + + container config { + description + "Global config data for ACLs"; + + uses acl-config; + } + + container state { + + config false; + + description + "Global operational state data for ACLs"; + + uses acl-config; + uses acl-state; + } + + uses acl-set-top; + uses acl-interfaces-top; + } + } + + // data definition statements + uses acl-top; + + // augment statements + + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv4-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv4-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..486f3e157f6073da30dddafd369c96df8eac99d3 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv4-types.yang @@ -0,0 +1,540 @@ +module openconfig-icmpv4-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/openconfig-icmpv4-types"; + + prefix "oc-icmpv4-types"; + + import openconfig-extensions { prefix oc-ext; } + + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "OpenConfig module defining the types and coresponding codes for + ICMPv4."; + + oc-ext:openconfig-version "0.1.0"; + + revision "2023-01-26" { + description + "Initial revision of ICMPv4 types module."; + reference "0.1.0"; + } + + identity TYPE { + description + "Base identity for ICMPv4 codes"; + } + + identity CODE { + description + "Base identity for ICMPv4 codes."; + } + + identity ECHO_REPLY { + description + "ICMP echo reply, value 0."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE { + description + "ICMP destination unreachable, value 3."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity REDIRECT { + description + "ICMP redirect, value 5."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity ECHO { + description + "ICMP echo, value 8."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity ROUTER_ADVERTISEMENT { + description + "ICMP router advertisement, value 9."; + base TYPE; + reference "RFC1256: ICMP Router Discovery Messages"; + } + + identity ROUTER_SOLICITATION { + description + "ICMP Router Solicitation, value 10."; + base TYPE; + reference "RFC1256: ICMP Router Discovery Messages"; + } + + identity TIME_EXCEEDED { + description + "ICMP TTL exceede, value 11."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity PARAM_PROBLEM { + description + "ICMP parameter problem, value 12."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity TIMESTAMP { + description + "ICMP timestamp, value 13."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity TIMESTAMP_REPLY { + description + "ICMP timestamp reply, value 14."; + base TYPE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + identity TRACEROUTE{ + description + "Traceroute (deprecated), value 30."; + base TYPE; + reference "RFC1393: Traceroute Using an IP Option"; + } + identity PHOTURIS { + description + "ICMP Photuris, value 40."; + base TYPE; + reference "RFC2521: CMP Security Failures Messages"; + } + + identity EXT_ECHO_REQUEST { + description + "ICMP extended echo request, value 42."; + base TYPE; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY { + description + "ICMP extended echo reply, value 43."; + base TYPE; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity ECHO_REPLY_CODE { + description + "CODE for ICMPv4 Echo Reply."; + base CODE; + } + + identity ECHO_REPLY_NONE { + description + "No code, type 0 for Echo Reply."; + base ECHO_REPLY_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_CODE { + description + "Codes for ICMPv4 Destination Unreachable."; + base CODE; + } + + identity DST_UNREACHABLE_NET { + description + "ICMPv4 destination network unreachable, code 0."; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_HOST { + description + "ICMPv4 destination host unreachable, code 1"; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_PROTOCOL { + description + "ICMPv4 destination protocol unreachable, code 2."; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_PORT { + description + "ICMPv4 Port unreachable, code 3."; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_CANNOT_FRAGMENT { + description + "ICMPv4 destination unreachable due to inability to fragment. The df-bit + is set but the packet requires fragmentation, code 4."; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_SRC_ROUTE_FAILED { + description + "ICMPv4 destination is unreachable as source routing failed, code 5."; + base DST_UNREACHABLE_CODE; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity DST_UNREACHABLE_DST_NET_UNKNOWN { + description + "ICMPv4 destination is unreachable as the destination network is + unknown, code 6."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_DST_HOST_UNKNOWN { + description + "ICMPv4 destination is unreachable as the destination host is unknown, code 7."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_SRC_HOST_ISOLATED { + description + "ICMPv4 destination unreachable as the source host is isolated, code 8."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_DST_NET_ADMIN_PROHIBITED { + description + "ICMPv4 destination is unreachable as communication with the destination + network is administratively prohibited, code 9."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_DST_HOST_ADMIN_PROHIBITED { + description + "ICMPv4 destination is unreachable as communication with the destination + host is adminstratively prohibited, code 10."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_NET_UNREACHABLE_FOR_TOS { + description + "ICMPv4 destination network is unreachable for the specified type of + service, code 11."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_HOST_UNREACHABLE_FOR_TOS { + description + "ICMPv4 destination host is unreachable for the specified type of + service, code 12."; + base DST_UNREACHABLE_CODE; + reference "RFC1122: Requirements for Internet Hosts -- + Communication Layers"; + } + + identity DST_UNREACHABLE_ADMIN_PROHIBITED { + description + "ICMPv4 destination is unreacable as packets were adminstratively + filtered."; + base DST_UNREACHABLE_CODE; + reference "RFC1812: Requirements for IP Version 4 Routers"; + } + + identity DST_UNREACHABLE_HOST_PRECEDENCE_VIOLATION { + description + "ICMPv4 destination is unreachable as the first-hop router has determined + that the destination cannot be reached for the specified source/ + destination host, network, upper-layer protocol and source/destination + port. Code 14"; + base DST_UNREACHABLE_CODE; + } + + identity DST_UNREACHABLE_PRECEDENCE_CUTOFF { + description + "ICMPv4 Precedence cutoff in effect. The network operators have imposed + a minimum level of precedence required for operation, the + datagram was sent with a precedence below this level. + Code 15."; + base DST_UNREACHABLE_CODE; + reference "RFC1812: Requirements for IP Version 4 Routers"; + } + + identity REDIRECT_CODE { + base CODE; + description + "Codes for the ICMPv4 Redirect type."; + } + + identity REDIRECT_NETWORK { + base REDIRECT_CODE; + description + "ICMP redirect is being issued for the network or subnet, + code 0"; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity REDIRECT_HOST { + base REDIRECT_CODE; + description + "ICMP redirect is being issued for the host, code 1."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity REDIRECT_TOS_NETWORK { + base REDIRECT_CODE; + description + "ICMP redirect is being issued for the network and type of service. code 2."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity REDIRECT_TOS_HOST { + base REDIRECT_CODE; + description + "ICMP redirect is being issued for the host and type of service, + code 3"; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity ECHO_CODE { + base CODE; + description + "Codes for ICMPv4 echo messages."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity ECHO_NO_CODE { + base ECHO_CODE; + description + "No code."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity ROUTER_ADVERTISEMENT_CODE { + base CODE; + description + "Code for the ICMPv4 router advertisement message."; + } + identity ROUTER_ADVERTISEMENT_NORMAL { + base ROUTER_ADVERTISEMENT_CODE; + description + "Code 0: Normal router advertisement."; + reference "RFC3344: IP Mobility Support for IPv4"; + } + + identity ROUTER_ADVERTISEMENT_DOES_NOT_ROUTE_COMMON { + base ROUTER_ADVERTISEMENT_CODE; + description + "Code 16: Does not route common traffic."; + reference "RFC3344: IP Mobility Support for IPv4"; + } + + identity ROUTER_SELECTION_CODE { + base CODE; + description + "Codes for the ICMPv4 router selection message."; + } + + identity ROUTER_SELECTION_NO_CODE { + base ROUTER_SELECTION_CODE; + description + "No code."; + reference "RFC1256: ICMP Router Discovery Messages"; + } + + identity TIME_EXCEEDED_CODE { + base CODE; + description + "Codes for the ICMPv4 time exceeded code."; + } + + identity TIME_EXCEEDED_IN_TRANSIT { + base TIME_EXCEEDED_CODE; + description + "Code 0: Time to Live exceeded in Transit."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity TIME_EXCEEDED_FRAGMENT_REASSEMBLY_IN_TRANSIT { + base TIME_EXCEEDED_CODE; + description + "Code 1: Fragment reassembly time exceeded."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity PARAM_PROBLEM_CODE { + base CODE; + description + "Codes for the ICMPv4 parameter problem message (Type 12)."; + } + + identity PARAM_PROBLEM_POINTER_INDICATES_ERR { + base PARAM_PROBLEM_CODE; + description + "Code 0: Pointer indicates the error."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity PARAM_PROBLEM_MISSING_REQ_OPTION { + base PARAM_PROBLEM_CODE; + description + "Code 1: Missing a required option."; + reference "RFC1108: U.S. Department of Defense + Security Options for the Internet Protocol"; + } + + identity PARAM_PROBLEM_BAD_LENGTH { + base PARAM_PROBLEM_CODE; + description + "Code 2: Bad Length."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity TIMESTAMP_CODE { + base CODE; + description + "Codes of the ICMPv4 timestamp message (Type 13)."; + } + identity TIMESTAMP_NO_CODE { + base TIMESTAMP_CODE; + description + "No code."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity TIMESTAMP_REPLY_CODE { + base CODE; + description + "Codes of the ICMPv4 timestamp reply message (Type 14)."; + } + + identity TIMESTAMP_REPLY_NO_CODE { + base TIMESTAMP_REPLY_CODE; + description + "No code."; + reference "RFC792: INTERNET CONTROL MESSAGE PROTOCOL"; + } + + identity PHOTURIS_CODE { + base CODE; + description + "Codes of the ICMPv4 Photuris message (type 40)."; + } + + identity PHOTURIS_BAD_SPI { + base PHOTURIS_CODE; + description + "Code 0: Bad SPI."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity PHOTURIS_AUTH_FAILED { + base PHOTURIS_CODE; + description + "Code 1: Authentication failed."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity PHOTURIS_DECOMPRESS_FAILED { + base PHOTURIS_CODE; + description + "Code 2: Decompression failed."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity PHOTURIS_DECRYPTION_FAILED { + base PHOTURIS_CODE; + description + "Code 3: Decryption failed."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity PHOTURIS_NEED_AUTHENTICATION { + base PHOTURIS_CODE; + description + "Code 4: Need authentication."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity PHOTURIS_NEED_AUTHORIZATION { + base PHOTURIS_CODE; + description + "Code 5: Need authorization."; + reference "RFC2521: ICMP Security Failures Messages"; + } + + identity EXT_ECHO_REQUEST_CODE { + description + "Codes of the extended echo request ICMP message."; + base CODE; + } + + identity EXT_ECHO_REQUEST_NO_ERROR { + base EXT_ECHO_REQUEST_CODE; + description + "Code 0: No error."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_CODE { + description + "Codes of the extended echo reply ICMP message (Type 43)."; + base CODE; + } + + identity EXT_ECHO_REPLY_NO_ERROR { + base EXT_ECHO_REPLY_CODE; + description + "Code 0: No error."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_MALFORMED_QUERY { + base EXT_ECHO_REPLY_CODE; + description + "Code 1: Malformed query."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_NO_SUCH_INTF { + base EXT_ECHO_REPLY_CODE; + description + "Code 2: No such interface."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_NO_SUB_TABLE_ENTRY { + base EXT_ECHO_REPLY_CODE; + description + "Code 3: No such table entry."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_MULTIPLE_INTF_SATISFY_QUERY { + base EXT_ECHO_REPLY_CODE; + description + "Code 4: Multiple interfaces satisfy query."; + reference "RFC8335: PROBE: A Utility for Probing Interfaces"; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv6-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv6-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..ecd77cabf64b25071ccba6a76c0e1bc88d783fde --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-icmpv6-types.yang @@ -0,0 +1,1010 @@ +module openconfig-icmpv6-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/openconfig-icmpv6-types"; + + prefix "oc-icmpv6-types"; + + import openconfig-extensions { prefix oc-ext; } + + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "OpenConfig module defining the types and coresponding subcodes for + ICMPv6."; + + oc-ext:openconfig-version "0.1.1"; + + revision "2023-05-02" { + description + "Fix module prefix."; + reference "0.1.1"; + } + + revision "2023-01-26" { + description + "Initial revision of ICMPv6 types module."; + reference "0.1.0"; + } + + identity TYPE { + description + "Base identity for ICMPv6 codes"; + } + + identity CODE { + description + "Base identity for ICMPv6 subcodes."; + } + + identity DESTINATION_UNREACHABLE { + base TYPE; + description + "Type 1: Destination unreachable."; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PACKET_TOO_BIG { + base TYPE; + description + "Type 2: Packet too big."; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity TIME_EXCEEDED { + base TYPE; + description + "Type 3: Time exceeded."; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PARAMETER_PROBLEM { + base TYPE; + description + "Type 4: Parameter problem."; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity ECHO_REQUEST { + base TYPE; + description + "Type 128: Echo request."; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity ECHO_REPLY { + base TYPE; + description + "Type 129: Echo reply"; + reference + "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity MULTICAST_LISTENER_QUERY { + base TYPE; + description + "Type 130: Multicast listener query"; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity MULTICAST_LISTENER_REPORT { + base TYPE; + description + "Type 131: Multicast listener report"; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity MULTICAST_LISTENER_DONE { + base TYPE; + description + "Type 132: Multicast listener done"; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity ROUTER_SOLICITATION { + base TYPE; + description + "Type 133: IPv6 router soliciation."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity ROUTER_ADVERTISEMENT { + base TYPE; + description + "Type 134: IPv6 router advertisement."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity NEIGHBOR_SOLICITATION { + base TYPE; + description + "Type 135: IPv6 neighbor solicitation."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity NEIGHBOR_ADVERTISEMENT { + base TYPE; + description + "Type 136: IPv6 neighbor advertisement."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity REDIRECT { + base TYPE; + description + "Type 137: IPv6 ICMP redirect message."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity RENUNBERING { + base TYPE; + description + "Type 138: Router renumbering."; + reference + "RFC2894: Router Renumbering for IPv6"; + } + + identity NODE_INFORMATION_QUERY { + base TYPE; + description + "Type 139: ICMP Node Information Query."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + identity NODE_INFORMATION_RESPONSE { + base TYPE; + description + "Type 140: ICMP Node Information Response."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity INVERSE_NEIGHBOR_SOLICITATION { + base TYPE; + description + "Type 141: Inverse Neighbor Discovery Solicitation Message."; + reference "RFC3122: Extensions to IPv6 Neighbor Discovery for + Inverse Discovery Specification"; + } + + identity INVERSE_NEIGHBOR_ADVERTISEMENT { + base TYPE; + description + "Type 142: Inverse Neighbor Discovery Advertisement Message."; + reference "RFC3122: Extensions to IPv6 Neighbor Discovery for + Inverse Discovery Specification"; + } + + identity VERSION2_MULTICAST_LISTENER { + base TYPE; + description + "Type 143: Version 2 Multicast Listener Report"; + reference + "RFC3810: Multicast Listener Discovery Version 2 (MLDv2) for IPv6"; + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REQUEST { + base TYPE; + description + "Type 144: Home Agent Address Discovery Request Message."; + reference "RFC6275: Mobility Support in IPv6"; + + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REPLY { + base TYPE; + description + "Type 145: Home Agent Address Discovery Reply Message."; + reference "RFC6275: Mobility Support in IPv6"; + + } + + identity MOBILE_PREFIX_SOLICITATION { + base TYPE; + description + "Type 147: Mobile Prefix Solicitation."; + reference "RFC6275: Mobility Support in IPv6"; + } + + identity MOBILE_PREFIX_ADVERTISEMENT { + base TYPE; + description + "Type 147: Mobile Prefix Advertisement."; + reference "RFC6275: Mobility Support in IPv6"; + } + + identity CERTIFICATION_PATH_SOLICITATION { + base TYPE; + description + "Type 148: Certification Path Soliciation Message."; + reference "RFC3971: SEcure Neighbor Discovery (SEND)"; + } + + identity CERTIFICATION_PATH_ADVERTISEMENT { + base TYPE; + description + "Type 149: Certification Path Advertisement Message."; + reference "RFC3971: SEcure Neighbor Discovery (SEND)"; + } + + identity MULTICAST_ROUTER_ADVERTISEMENT { + base TYPE; + description + "Type 151: Multicast Router Advertisement."; + reference "RFC4286: Multicast Router Discovery"; + } + + identity MULTICAST_ROUTER_SOLICITATION { + base TYPE; + description + "Type 152: Multicast Router Solicitation."; + reference "RFC4286: Multicast Router Discovery"; + } + + identity MULTICAST_ROUTER_TERMINATION { + base TYPE; + description + "Type 153: Multicast Router Termination."; + reference "RFC4286: Multicast Router Discovery"; + } + + identity FMIPV6 { + base TYPE; + description + "Type 154: Fast handover mode for IPv6."; + reference + "RFC5568: Mobile IPv6 Fast Handovers"; + } + + identity RPL_CONTROL { + base TYPE; + description + "Type 155: RPL Control Message."; + reference + "RFC6550: RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks"; + } + + identity ILNPV6_LOCATOR_UPDATE { + base TYPE; + description + "Type 156: ILNPv6 Locator Update Message."; + reference + "RFC6743: ICMP Locator Update Message for + the Identifier-Locator Network Protocol for IPv6 (ILNPv6)"; + } + + identity DUPLICATE_ADDRESS_REQUEST { + base TYPE; + description + "Type 157: Duplicate address request."; + reference + "RFC6775: Neighbor Discovery Optimization for IPv6 over Low-Power Wireless + Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_CONFIRMATION { + base TYPE; + description + "Type 158: Duplicate address confirmation."; + reference + "RFC6775: Neighbor Discovery Optimization for IPv6 over Low-Power Wireless + Personal Area Networks (6LoWPANs)"; + } + + identity MPL_CONTROL { + base TYPE; + description + "Type 159: MPL Control Message."; + reference + "RFC7731: Multicast Protocol for Low-Power and Lossy Networks (MPL)"; + } + + identity EXT_ECHO_REQUEST { + base TYPE; + description + "Type 160: Extended echo request."; + reference + "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY { + base TYPE; + description + "Type 161: Extended echo reply."; + reference + "RFC8335: PROBE: A Utility for Probing Interfaces"; + } + + identity DST_UNREACHABLE_CODE { + base CODE; + description + "ICMPv6 destination unreachable subcodes."; + } + identity DST_UNREACHABLE_NO_ROUTE_TO_DST { + base DST_UNREACHABLE_CODE; + description + "Code 0: No route to destination."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + identity DST_UNREACHABLE_DST_ADMIN_PROHIBITED { + base DST_UNREACHABLE_CODE; + description + "Code 1: Communication with destination adminstratively prohibited."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_BEYOND_SCOPE_OF_SRC { + base DST_UNREACHABLE_CODE; + description + "Code 2: Beyond scope of source address."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_ADDR { + base DST_UNREACHABLE_CODE; + description + "Code 3: Address unreachable."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_PORT { + base DST_UNREACHABLE_CODE; + description + "Code 4: Port unreachable."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_SRC_ADDR_FAILED_POLICY { + base DST_UNREACHABLE_CODE; + description + "Code 5: Source address failed ingress/egress policy."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_REJECT_ROUTE_TO_DST { + base DST_UNREACHABLE_CODE; + description + "Code 6: Reject route to destination."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity DST_UNREACHABLE_ERR_IN_SRC_ROUTING_HDR { + base DST_UNREACHABLE_CODE; + description + "Code 7: Error in Source Routing Header."; + reference "RFC8554: An IPv6 Routing Header for Source Routes with + the Routing Protocol for Low-Power and Lossy Networks (RPL)"; + } + + identity DST_UNREACHABLE_HDRS_TOO_LONG { + base DST_UNREACHABLE_CODE; + description + "Type 8: Headers too long"; + reference "RFC8883: ICMPv6 Errors for Discarding Packets Due to + Processing Limits"; + } + + identity PACKET_TOO_BIG_CODE { + base CODE; + description + "Subcodes for the ICMPv6 Packet Too Big type."; + } + + identity PACKET_TOO_BIG_NO_CODE { + base PACKET_TOO_BIG_CODE; + description + "No code, value 0."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity TIME_EXCEEDED_CODE { + base CODE; + description + "Subcodes for the Time Exceeded ICMPv6 type."; + } + + identity TIME_EXCEEDED_HOP_LIMIT { + base TIME_EXCEEDED_CODE; + description + "Code 0: Hop limit exceeded in transit."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + identity TIME_EXCEEDED_FRAGMENT_REASSEMBLY { + base TIME_EXCEEDED_CODE; + description + "Code 1: Fragment reassembly time exceeded."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PARAM_PROBLEM_CODE { + base CODE; + description + "Subcodes for the Parameter Problem ICMPv6 type."; + } + + identity PARAM_PROBLEM_ERR_HDR_FIELD { + base PARAM_PROBLEM_CODE; + description + "Erroneous header field encountered."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PARAM_PROBLEM_UNRECOGNIZED_NET_HDR_TYPE { + base PARAM_PROBLEM_CODE; + description + "Unrecognized Next Header type encountered."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PARAM_PROBLEM_UNRECOGNIZED_IPV6_OPT { + base PARAM_PROBLEM_CODE; + description + "Unrecognized IPv6 option encountered."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity PARAM_PROBLEM_INCOMPLETE_HDR_CHAIN { + base PARAM_PROBLEM_CODE; + description + "IPv6 First Fragment has incomplete IPv6 Header Chain."; + reference + "RFC7112: Implications of Oversized IPv6 Header Chains"; + } + + identity PARAM_PROBLEM_SR_UPPER_HDR_ERR { + base PARAM_PROBLEM_CODE; + description + "SR Upper-layer Header Error"; + reference + "RFC8754: IPv6 Segment Routing Header (SRH)"; + } + + identity PARAM_PROBLEM_UNRECOGNIZED_NEXT_HDR_TYPE { + base PARAM_PROBLEM_CODE; + description + "Unrecognized Next Header type encountered by intermediate node"; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity PARAM_PROBLEM_EXT_HDR_TOO_BIG { + base PARAM_PROBLEM_CODE; + description + "Extension header too big."; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity PARAM_PROBLEM_EXT_HDR_CHAIN_TOO_LONG { + base PARAM_PROBLEM_CODE; + description + "Extension header chain too long."; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity PARAM_PROBLEM_TOO_MANY_EXT_HDRS { + base PARAM_PROBLEM_CODE; + description + "Too many extension headers."; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity PARAM_PROBLEM_TOO_MANY_OPTS { + base PARAM_PROBLEM_CODE; + description + "Too many options in extension header."; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity PARAM_PROBLEM_OPT_TOO_BIG { + base PARAM_PROBLEM_CODE; + description + "Option too big."; + reference + "RFC8883: ICMPv6 Errors for Discarding Packets Due to Processing Limits"; + } + + identity ECHO_REQUEST_CODE { + base CODE; + description + "Subcodes for the ICMPv6 echo request type."; + } + + identity ECHO_REQUEST_NO_CODE { + base ECHO_REQUEST_CODE; + description + "No code."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity ECHO_REPLY_CODE { + base CODE; + description + "Subcodes for the ICMPv6 echo reply subcode."; + } + + identity ECHO_REPLY_NO_CODE { + base ECHO_REPLY_CODE; + description + "No code."; + reference "RFC4443: Internet Control Message Protocol (ICMPv6) + for the Internet Protocol Version 6 (IPv6) Specification"; + } + + identity MULTICAST_LISTENER_QUERY_CODE { + base CODE; + description + "Subcodes for the multicast listener query ICMPv6 type."; + } + + identity MULTICAST_LISTENER_QUERY_NO_CODE { + base MULTICAST_LISTENER_QUERY_CODE; + description + "No code."; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity MULTICAST_LISTENER_REPORT_CODE { + base CODE; + description + "Subcodes for the multicast listener report ICMPv6 type."; + } + + identity MULTICAST_LISTENER_REPORT_NO_CODE { + base MULTICAST_LISTENER_REPORT_CODE; + description + "No code."; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity MULTICAST_LISTENER_DONE_CODE { + base CODE; + description + "Subcodes for the multicast listener done ICMPv6 type."; + } + + identity MULTICAST_LISTENER_DONE_NO_CODE { + base MULTICAST_LISTENER_DONE_CODE; + description + "No code."; + reference + "RFC2710: Multicast Listener Discovery (MLD) for IPv6"; + } + + identity ROUTER_SOLICITATION_CODE { + base CODE; + description + "Subcodes for the router solicitation ICMPv6 type."; + } + identity ROUTER_SOLICITATION_NO_CODE { + base ROUTER_SOLICITATION_CODE; + description + "No code."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity ROUTER_ADVERTISEMENT_CODE { + base CODE; + description + "Subcodes for the router advertisement ICMPv6 type."; + } + + identity ROUTER_ADVERTISEMENT_NO_CODE { + base ROUTER_ADVERTISEMENT_CODE; + description + "No code."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity NEIGHBOR_SOLICITATION_CODE { + base CODE; + description + "Subcodes for the router solicitation ICMPv6 type."; + } + + identity NEIGHBOR_SOLICITATION_NO_CODE { + base NEIGHBOR_SOLICITATION_CODE; + description + "No code."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity NEIGHBOR_ADVERTISEMENT_CODE { + base CODE; + description + "Subcodes for the neighbor advertisement ICMPv6 type."; + } + + identity NEIGHBOR_ADVERTISEMENT_NO_CODE { + base NEIGHBOR_ADVERTISEMENT_CODE; + description + "No code."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity REDIRECT_CODE { + base CODE; + description + "Subcodes for the redirect ICMPv6 type."; + } + + identity REDIRECT_NO_CODE { + base REDIRECT_CODE; + description + "No code."; + reference + "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + identity RENUMBERING_CODE { + base CODE; + description + "Subcodes for the redirect ICMPv6 type for renumbering."; + } + + identity RENUMBERING_COMMAND { + base RENUMBERING_CODE; + description + "Router renumbering command."; + reference + "RFC2894: Router Renumbering for IPv6"; + } + + identity RENUNBERING_RESULT { + base RENUMBERING_CODE; + description + "Router renumbering result."; + reference + "RFC2894: Router Renumbering for IPv6"; + } + + identity RENUNBERING_SEQ_NUM_RESET { + base RENUMBERING_CODE; + description + "Router renumbering sequence number reset."; + reference + "RFC2894: Router Renumbering for IPv6"; + } + + identity NODE_INFORMATION_QUERY_CODE { + base CODE; + description + "Subcodes for the node information query ICMPv6 type."; + } + + identity NODE_INFORMATION_QUERY_IPV6_ADDR { + base NODE_INFORMATION_QUERY_CODE; + description + "The data field contains an IPv6 address which is the subject of the + query."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity NODE_INFORMATION_QUERY_NAME { + base NODE_INFORMATION_QUERY_CODE; + description + "The data field contains a name which is the subject of the + query."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity NODE_INFORMATION_QUERY_IPV4_ADDR { + base NODE_INFORMATION_QUERY_CODE; + description + "The data field contains an IPv4 address which is the subject of the + query."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity NDDE_INFORMATION_RESPONSE_CODE { + base CODE; + description + "Subcodes for the node information response ICMPv6 type."; + } + + identity NODE_INFORMATION_RESPONSE_SUCCESS { + base NDDE_INFORMATION_RESPONSE_CODE; + description + "A successful reply."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity NODE_INFORMATION_RESPONSE_REFUSED { + base NDDE_INFORMATION_RESPONSE_CODE; + description + "The responder refuses to supply the answer."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity NODE_INFORMATION_RESPONSE_UNKNOWN { + base NDDE_INFORMATION_RESPONSE_CODE; + description + "The query type is unknown to the responder."; + reference + "RFC4620: IPv6 Node Information Queries"; + } + + identity INVERSE_NEIGHBOR_ADVERTISEMENT_CODE { + base CODE; + description + "Subcodes for the Inverse Neighbor Discovery ICMPv6 type."; + } + + identity INVERSE_NEIGHBOR_ADVERTISEMENT_NO_CODE { + base INVERSE_NEIGHBOR_ADVERTISEMENT_CODE; + description + "No code."; + reference + "RFC3122: Extensions to IPv6 Neighbor Discovery for Inverse Discovery + Specification"; + } + + identity INVERSE_NEIGHBOR_SOLICITATION_CODE { + base CODE; + description + "Subcode for the inverse neighbor solicitation ICMP6 type."; + } + + identity INVERSE_NEIGHBOR_SOLICITATION_NO_CODE { + base INVERSE_NEIGHBOR_SOLICITATION_CODE; + description + "No code."; + reference + "RFC3122: Extensions to IPv6 Neighbor Discovery for Inverse Discovery + Specification"; + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REQUEST_CODE { + base CODE; + description + "Subcodes for the Home Agent Address Discovery Request ICMPv6 type."; + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REQUEST_NO_CODE { + base HOME_AGENT_ADDRESS_DISCOVERY_REQUEST_CODE; + description + "No code."; + reference "RFC3775: Mobility Support in IPv6"; + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REPLY_CODE { + base CODE; + description + "Subcodes for the Home Agent Address Discovery Reply ICMPv6 type."; + } + + identity HOME_AGENT_ADDRESS_DISCOVERY_REPLY_NO_CODE { + base HOME_AGENT_ADDRESS_DISCOVERY_REPLY_CODE; + description + "No code."; + reference "RFC3775: Mobility Support in IPv6"; + } + + identity MOBILE_PREFIX_SOLICITATION_CODE { + base CODE; + description + "Subcodes for the Mobile Prefix Solicitation ICMPv6 type."; + } + + identity MOBILE_PREFIX_SOLICITATION_NO_CODE { + base MOBILE_PREFIX_SOLICITATION_CODE; + description + "No code."; + reference "RFC3775: Mobility Support in IPv6"; + } + + identity MOBILE_PREFIX_ADVERTISEMENT_CODE { + base CODE; + description + "Subcodes for the Mobile Prefix Advertisement ICMPv6 type."; + } + + identity MOBILE_PREFIX_ADVERTISEMENT_NO_CODE { + base MOBILE_PREFIX_ADVERTISEMENT_CODE; + description + "No code."; + reference "RFC3775: Mobility Support in IPv6"; + } + + identity DUPLICATE_ADDRESS_REQUEST_CODE { + base CODE; + description + "Subcodes for the Duplicate Address Request ICMPv6 type."; + } + + identity DUPLICATE_ADDRESS_REQUEST_DAR { + base DUPLICATE_ADDRESS_REQUEST_CODE; + description + "DAR message"; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REQUEST_EDAR_ROVR64 { + base DUPLICATE_ADDRESS_REQUEST_CODE; + description + "EDAR message with 64-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REQUEST_EDAR_ROVR128 { + base DUPLICATE_ADDRESS_REQUEST_CODE; + description + "EDAR message with 128-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REQUEST_EDAR_ROVR192 { + base DUPLICATE_ADDRESS_REQUEST_CODE; + description + "EDAR message with 192-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REQUEST_EDAR_ROVR256 { + base DUPLICATE_ADDRESS_REQUEST_CODE; + description + "EDAR message with 256-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REPLY_CODE { + base CODE; + description + "Subcodes for the Duplicate Address Confirmation Code ICMPv6 type."; + } + + identity DUPLICATE_ADDRESS_REPLY_DAC { + base DUPLICATE_ADDRESS_REPLY_CODE; + description + "DAC message"; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + identity DUPLICATE_ADDRESS_REPLY_EDAC_ROVR64 { + base DUPLICATE_ADDRESS_REPLY_CODE; + description + "EDAC message with 64-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REPLY_EDAC_ROVR128 { + base DUPLICATE_ADDRESS_REPLY_CODE; + description + "EDAC message with 128-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REPLY_EDAC_ROVR192 { + base DUPLICATE_ADDRESS_REPLY_CODE; + description + "EDAC message with 192-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity DUPLICATE_ADDRESS_REPLY_EDAC_ROVR256 { + base DUPLICATE_ADDRESS_REPLY_CODE; + description + "EDAC message with 256-bit ROVR field."; + reference "RFC6775: Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)"; + } + + identity EXT_ECHO_REQUEST_CODE { + base CODE; + description + "Subcodes for the extended echo request ICMPv6 type."; + } + + identity EXT_ECHO_REQUEST_NO_ERROR { + base EXT_ECHO_REQUEST_CODE; + description + "No error."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_CODE { + base CODE; + description + "Subcodes for the extended echo reply ICMPv6 type."; + } + + identity EXT_ECHO_REPLY_NO_ERROR { + base EXT_ECHO_REPLY_CODE; + description + "No error."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_MALFORMED_QUERY { + base EXT_ECHO_REPLY_CODE; + description + "Malformed query."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_NO_SUCH_INTERFACE { + base EXT_ECHO_REPLY_CODE; + description + "No such interface."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_NO_SUCH_TABLE_ENTRY { + base EXT_ECHO_REPLY_CODE; + description + "No such table entry."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } + + identity EXT_ECHO_REPLY_MULTIPLE_INTF_SATISFY_QUERY { + base EXT_ECHO_REPLY_CODE; + description + "Multiple interfaces satisfy query."; + reference + "RFC8355: PROBE: A Utility for Probing Interfaces"; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..b5f467a74278c5179aab0ede32b05e4280309081 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match-types.yang @@ -0,0 +1,374 @@ +module openconfig-packet-match-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/packet-match-types"; + + prefix "oc-pkt-match-types"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines common types for use in models requiring + data definitions related to packet matches."; + + oc-ext:openconfig-version "1.3.3"; + + revision "2023-01-29" { + description + "Whitespace cleanup."; + reference "1.3.3"; + } + + revision "2021-07-14" { + description + "Use auto-generated regex for port-num-range pattern statements"; + reference "1.3.2"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace."; + reference "1.3.1"; + } + + revision "2021-05-19" { + description + "Add IP-in-IP protocol."; + reference "1.3.0"; + } + + revision "2021-03-17" { + description + "Add MPLS filter Support."; + reference "1.2.0"; + } + + revision "2021-01-07" { + description + "Remove module extension oc-ext:regexp-posix by making pattern regexes + conform to RFC7950. + + Types impacted: + - port-num-range"; + reference "1.1.0"; + } + + revision "2020-10-20" { + description + "Fix pattern regex for port-num-range."; + reference "1.0.4"; + } + + revision "2020-06-30" { + description + "Add OpenConfig POSIX pattern extensions."; + reference "1.0.3"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.0.2"; + } + + revision "2018-04-15" { + description + "Corrected description and range for ethertype typedef"; + reference "1.0.1"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // extension statements + + // feature statements + + // identity statements + + + //TODO: should replace this with an official IEEE module + // when available. Only a select number of types are + // defined in this identity. + identity ETHERTYPE { + description + "Base identity for commonly used Ethertype values used + in packet header matches on Ethernet frames. The Ethertype + indicates which protocol is encapsulated in the Ethernet + payload."; + reference + "IEEE 802.3"; + } + + identity ETHERTYPE_IPV4 { + base ETHERTYPE; + description + "IPv4 protocol (0x0800)"; + } + + identity ETHERTYPE_ARP { + base ETHERTYPE; + description + "Address resolution protocol (0x0806)"; + } + + identity ETHERTYPE_VLAN { + base ETHERTYPE; + description + "VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note + that this value is also used to represent Shortest Path + Bridging (IEEE 801.1aq) frames."; + } + + identity ETHERTYPE_IPV6 { + base ETHERTYPE; + description + "IPv6 protocol (0x86DD)"; + } + + identity ETHERTYPE_MPLS { + base ETHERTYPE; + description + "MPLS unicast (0x8847)"; + } + + identity ETHERTYPE_LLDP { + base ETHERTYPE; + description + "Link Layer Discovery Protocol (0x88CC)"; + } + + identity ETHERTYPE_ROCE { + base ETHERTYPE; + description + "RDMA over Converged Ethernet (0x8915)"; + } + + + //TODO: should replace this with an official IANA module when + //available. Only a select set of protocols are defined with + //this identity. + identity IP_PROTOCOL { + description + "Base identity for commonly used IP protocols used in + packet header matches"; + reference + "IANA Assigned Internet Protocol Numbers"; + } + + identity IP_TCP { + base IP_PROTOCOL; + description + "Transmission Control Protocol (6)"; + } + + identity IP_UDP { + base IP_PROTOCOL; + description + "User Datagram Protocol (17)"; + } + + identity IP_ICMP { + base IP_PROTOCOL; + description + "Internet Control Message Protocol (1)"; + } + + identity IP_IGMP { + base IP_PROTOCOL; + description + "Internet Group Membership Protocol (2)"; + } + + identity IP_PIM { + base IP_PROTOCOL; + description + "Protocol Independent Multicast (103)"; + } + + identity IP_RSVP { + base IP_PROTOCOL; + description + "Resource Reservation Protocol (46)"; + } + + identity IP_GRE { + base IP_PROTOCOL; + description + "Generic Routing Encapsulation (47)"; + } + + identity IP_AUTH { + base IP_PROTOCOL; + description + "Authentication header, e.g., for IPSEC (51)"; + } + + identity IP_L2TP { + base IP_PROTOCOL; + description + "Layer Two Tunneling Protocol v.3 (115)"; + } + + identity IP_IN_IP { + base IP_PROTOCOL; + description + "IP-in-IP tunneling (4)"; + reference + "RFC2003: IP Encapsulation within IP"; + } + + identity TCP_FLAGS { + description + "Common TCP flags used in packet header matches"; + reference + "IETF RFC 793 - Transmission Control Protocol + IETF RFC 3168 - The Addition of Explicit Congestion + Notification (ECN) to IP"; + } + + identity TCP_SYN { + base TCP_FLAGS; + description + "TCP SYN flag"; + } + + identity TCP_FIN { + base TCP_FLAGS; + description + "TCP FIN flag"; + } + + identity TCP_RST { + base TCP_FLAGS; + description + "TCP RST flag"; + } + + identity TCP_PSH { + base TCP_FLAGS; + description + "TCP push flag"; + } + + identity TCP_ACK { + base TCP_FLAGS; + description + "TCP ACK flag"; + } + + identity TCP_URG { + base TCP_FLAGS; + description + "TCP urgent flag"; + } + + identity TCP_ECE { + base TCP_FLAGS; + description + "TCP ECN-Echo flag. If the SYN flag is set, indicates that + the TCP peer is ECN-capable, otherwise indicates that a + packet with Congestion Experienced flag in the IP header + is set"; + } + + identity TCP_CWR { + base TCP_FLAGS; + description + "TCP Congestion Window Reduced flag"; + } + + // typedef statements + + typedef port-num-range { + type union { + type string { + pattern + '(0{0,4}[0-9]|0{0,3}[1-9][0-9]|0{0,2}[1-9][0-9]{2}|' + + '0?[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|' + + '655[0-2][0-9]|6553[0-5])\.\.(0{0,4}[0-9]|0{0,3}[1-9][0-9]|' + + '0{0,2}[1-9][0-9]{2}|0?[1-9][0-9]{3}|[1-5][0-9]{4}|' + + '6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])'; + oc-ext:posix-pattern + '^((0{0,4}[0-9]|0{0,3}[1-9][0-9]|0{0,2}[1-9][0-9]{2}|' + + '0?[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|' + + '655[0-2][0-9]|6553[0-5])\.\.(0{0,4}[0-9]|0{0,3}[1-9][0-9]|' + + '0{0,2}[1-9][0-9]{2}|0?[1-9][0-9]{3}|[1-5][0-9]{4}|' + + '6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$'; + } + type oc-inet:port-number; + type enumeration { + enum ANY { + description + "Indicates any valid port number (e.g., wildcard)"; + } + } + } + description + "Port numbers may be represented as a single value, + an inclusive range as .., or as ANY to + indicate a wildcard."; + } + + typedef ip-protocol-type { + type union { + type uint8 { + range 0..254; + } + type identityref { + base IP_PROTOCOL; + } + } + description + "The IP protocol number may be expressed as a valid protocol + number (integer) or using a protocol type defined by the + IP_PROTOCOL identity"; + } + + typedef ethertype-type { + type union { + type uint16 { + range 1536..65535; + } + type identityref { + base ETHERTYPE; + } + } + description + "The Ethertype value may be expressed as a 16-bit number in + decimal notation, or using a type defined by the + ETHERTYPE identity"; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match.yang new file mode 100644 index 0000000000000000000000000000000000000000..c287986642cc5bccfd1273570a84f77f1a4b0fcd --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/acl/openconfig-packet-match.yang @@ -0,0 +1,727 @@ +module openconfig-packet-match { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/header-fields"; + + prefix "oc-pkt-match"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-packet-match-types { prefix oc-pkt-match-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-mpls-types { prefix oc-mpls; } + import openconfig-defined-sets { prefix oc-sets; } + import openconfig-icmpv4-types { prefix oc-icmpv4-types; } + import openconfig-icmpv6-types { prefix oc-icmpv6-types; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data related to packet header fields + used in matching operations, for example in ACLs. When a + field is omitted from a match expression, the effect is a + wildcard ('any') for that field."; + + + oc-ext:openconfig-version "2.1.0"; + + revision "2023-03-01" { + description + "Add ICMP Fields for filtering."; + reference "2.1.0"; + } + + revision "2023-01-27" { + description + "Update the mechanism to match detailed transport flags, + adding means for AND/OR in the explicitly specified flags + and commonly supported match aliases."; + reference "2.0.0"; + } + + revision "2022-06-01" { + description + "Add the ability to match source/destination ipv4 and + ipv6 prefix list and source/destination port list "; + reference "1.4.0"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace."; + reference "1.3.1"; + } + + revision "2021-05-19" { + description + "Add the ability to match multiple DSCPs in a rule."; + reference "1.3.0"; + } + + revision "2021-03-17" { + description + "Add MPLS filter Support."; + reference "1.2.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "1.1.1"; + } + + revision "2017-12-15" { + description + "Add MPLS packet field matches"; + reference "1.1.0"; + } + + revision "2017-05-26" { + description + "Separated IP matches into AFs"; + reference "1.0.0"; + } + + revision "2016-08-08" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + revision "2016-04-27" { + description + "Initial revision"; + reference "TBD"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + + // Physical Layer fields + // ethernet-header + grouping ethernet-header-config { + description + "Configuration data of fields in Ethernet header."; + + leaf source-mac { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address."; + } + + leaf source-mac-mask { + type oc-yang:mac-address; + description + "Source IEEE 802 MAC address mask."; + } + + leaf destination-mac { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address."; + } + + leaf destination-mac-mask { + type oc-yang:mac-address; + description + "Destination IEEE 802 MAC address mask."; + } + + leaf ethertype { + type oc-pkt-match-types:ethertype-type; + description + "Ethertype field to match in Ethernet packets"; + } + } + + grouping ethernet-header-state { + description + "State information of fields in Ethernet header."; + } + + grouping ethernet-header-top { + description + "Top level container for fields in Ethernet header."; + + container l2 { + description + "Ethernet header fields"; + + container config { + description + "Configuration data"; + uses ethernet-header-config; + } + + container state { + config false; + description + "State Information."; + uses ethernet-header-config; + uses ethernet-header-state; + } + } + } + + grouping mpls-header-top { + description + "Top-level container for fields in an MPLS header."; + + container mpls { + description + "MPLS header fields"; + + container config { + description + "Configuration parameters relating to fields within + the MPLS header."; + uses mpls-header-config; + } + + container state { + config false; + description + "Operational state parameters relating to fields + within the MPLS header"; + uses mpls-header-config; + } + } + } + + grouping mpls-header-config { + description + "Configuration parameters relating to matches within + MPLS header fields."; + + leaf traffic-class { + type oc-mpls:mpls-tc; + description + "The value of the MPLS traffic class (TC) bits, + formerly known as the EXP bits."; + } + + leaf start-label-value { + type oc-mpls:mpls-label; + description + "Match MPLS label value on the MPLS header. + The usage of this field indicated the upper + range value in the top of the stack. + The range that is used is inclusive. The match that + is done for a particular received pkt_label is: + start-label-value <= pkt_label <= end-label-value. + The 20-bit label value in an MPLS label + stack as specified in RFC 3032. + This label value does not include the + encodings of Traffic Class and TTL."; + } + + leaf end-label-value { + type oc-mpls:mpls-label; + description + "Match MPLS label value on the MPLS header. + The usage of this field indicated the upper + range value in the top of the stack. + The range that is used is inclusive. The match that + is done for a particular received pkt_label is: + start-label-value <= pkt_label <= end-label-value. + The 20-bit label value in an MPLS label + stack as specified in RFC 3032. + This label value does not include the + encodings of Traffic Class and TTL."; + } + + leaf ttl-value { + type uint8; + description + "Time-to-live MPLS packet value match."; + reference + "RFC 3032: MPLS Label Stack Encoding."; + } + } + + grouping ip-protocol-fields-common-config { + description + "IP protocol fields common to IPv4 and IPv6"; + + leaf dscp { + type oc-inet:dscp; + description + "Value of diffserv codepoint."; + } + + leaf-list dscp-set { + type oc-inet:dscp; + description + "A list of DSCP values to be matched for incoming packets. AN OR match should + be performed, such that a packet must match one of the values defined in this + list. If the field is left empty then any DSCP value matches unless the 'dscp' + leaf is specified. It is not valid to specify both 'dscp' and 'dscp-set together.'"; + } + + leaf length { + type uint16; + description + "In the IPv4 header field, this field is known as the Total + Length. Total Length is the length of the datagram, measured + in octets, including internet header and data. + In the IPv6 header field, this field is known as the Payload + Length, which is the length of the IPv6 payload, i.e., the rest + of the packet following the IPv6 header, in octets."; + reference + "RFC 791: Internet Protocol + RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; + } + + leaf protocol { + type oc-pkt-match-types:ip-protocol-type; + description + "The protocol carried in the IP packet, expressed either + as its IP protocol number, or by a defined identity."; + } + + leaf hop-limit { + type uint8 { + range 0..255; + } + description + "The IP packet's hop limit -- known as TTL (in hops) in + IPv4 packets, and hop limit in IPv6"; + } + } + + // IP Layer + // ip-protocol-fields + grouping ipv4-protocol-fields-config { + description + "Configuration data of IP protocol fields + for IPv4"; + + leaf source-address { + type oc-inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + + leaf source-address-prefix-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:ipv4-prefix-sets" + + "/oc-sets:ipv4-prefix-set/oc-sets:name"; + } + description + "Reference to a IPv4 address prefix Set + to match the source address"; + } + + leaf destination-address { + type oc-inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + + leaf destination-address-prefix-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:ipv4-prefix-sets" + + "/oc-sets:ipv4-prefix-set/oc-sets:name"; + } + description + "Reference to a IPv4 address prefix set + to match the destination address"; + } + + uses ip-protocol-fields-common-config; + + } + + grouping ipv4-protocol-fields-state { + description + "State information of IP header fields for IPv4"; + } + + grouping ipv4-protocol-fields-top { + description + "IP header fields for IPv4"; + + container ipv4 { + description + "Top level container for IPv4 match field data"; + + container config { + description + "Configuration data for IPv4 match fields"; + uses ipv4-protocol-fields-config; + } + + container state { + config false; + description + "State information for IPv4 match fields"; + uses ipv4-protocol-fields-config; + uses ipv4-protocol-fields-state; + } + uses ip-icmpv4-header-fields-top; + } + } + + grouping ipv6-protocol-fields-config { + description + "Configuration data for IPv6 match fields"; + + leaf source-address { + type oc-inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + + leaf source-address-prefix-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:ipv6-prefix-sets" + + "/oc-sets:ipv6-prefix-set/oc-sets:name"; + } + description + "Reference to a IPv6 address prefix set + to match the source address"; + } + + leaf source-flow-label { + type oc-inet:ipv6-flow-label; + description + "Source IPv6 Flow label."; + } + + leaf destination-address { + type oc-inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + + leaf destination-address-prefix-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:ipv6-prefix-sets" + + "/oc-sets:ipv6-prefix-set/oc-sets:name"; + } + description + "Reference to a IPv6 address prefix set + to match the destination address"; + } + + leaf destination-flow-label { + type oc-inet:ipv6-flow-label; + description + "Destination IPv6 Flow label."; + } + + uses ip-protocol-fields-common-config; + } + + grouping ipv6-protocol-fields-state { + description + "Operational state data for IPv6 match fields"; + } + + grouping ipv6-protocol-fields-top { + description + "Top-level grouping for IPv6 match fields"; + + container ipv6 { + description + "Top-level container for IPv6 match field data"; + + container config { + description + "Configuration data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + } + + container state { + + config false; + + description + "Operational state data for IPv6 match fields"; + + uses ipv6-protocol-fields-config; + uses ipv6-protocol-fields-state; + } + uses ip-icmpv6-header-fields-top; + } + } + + // Transport fields + grouping transport-fields-config { + description + "Configuration data of transport-layer packet fields"; + + leaf source-port { + type oc-pkt-match-types:port-num-range; + description + "Source port or range"; + } + + leaf source-port-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:port-sets" + + "/oc-sets:port-set/oc-sets:name"; + } + description + "Reference to a port set + to match the source port"; + } + + leaf destination-port { + type oc-pkt-match-types:port-num-range; + description + "Destination port or range"; + } + + leaf destination-port-set { + type leafref { + path "/oc-sets:defined-sets/oc-sets:port-sets" + + "/oc-sets:port-set/oc-sets:name"; + } + description + "Reference to a port set + to match the destination port"; + } + + leaf detail-mode { + type enumeration { + enum EXPLICIT { + description + "Specifies that the mode for matching details at the transport + layer is to explicitly match transport flags."; + } + enum BUILTIN { + description + "Specifies that the mode for matching details at the transport + layer is to using implementation built-ins which may map to + multiple flags."; + } + } + description + "Mode that is used for matching detailed fields at the transport + layer. When EXPLICIT is specified, the implementation should + match based on the explicit flags that are specified in the + corresponding leaf. When BUILTIN is specified, the implementation + must expand the contents of the corresponding leaf to the flags + and/or fields that match the pre-defined built-in values."; + } + + leaf explicit-detail-match-mode { + type enumeration { + enum ANY { + description + "Matches of the explicit-detail-flags field are treated as + an OR between the values in the list."; + } + enum ALL { + description + "Matches of the explicit-details-flags field are treated + as an AND of the values in the list."; + } + } + description + "Specifies how the contents of the explicit-details-flags list + are to be treated. ANY implies that any of the flags may match, + where ALL indicates that all the flags must be matched."; + when "../detail-mode = 'EXPLICIT'" { + description + "This leaf is only valid when the mode for matches is specified to + be explicit."; + } + } + + leaf-list explicit-tcp-flags { + type identityref { + base oc-pkt-match-types:TCP_FLAGS; + } + description + "An explicit list of the TCP flags that are to be matched. The + mechanism for the match is specified by the explicit-detail-match-mode + leaf."; + when "../detail-mode = 'EXPLICIT'" { + description + "This leaf is only valid when the mode for matches is specified to + be explicit."; + } + } + + leaf builtin-detail { + type enumeration { + enum TCP_INITIAL { + description + "Matches the first packet of a TCP session based on a packet + not having the ACK flag set, and having the SYN flag set."; + } + enum TCP_ESTABLISHED { + description + "Matches an established TCP session based on a packet having + the ACK or RST flags set. This does not match the first + packet."; + } + enum FRAGMENT { + description + "Matches non-zero values of the fragment-offset field, indicating + this packet is a follow up to a fragmented datagram."; + } + } + description + "Specifies a built-in (alias) for a match condition that matches + multiple flags, or specifies particular logic as to the flag matches + to be implemented. This leaf is only valid when the detail-match-mode + leaf is BUILTIN."; + when "../detail-mode = 'BUILTIN'" { + description + "This leaf is only valid when the mode for matches is specified to + be builtin."; + } + } + } + + grouping transport-fields-state { + description + "State data of transport-fields"; + } + + grouping transport-fields-top { + description + "Destination transport-fields top level grouping"; + + container transport { + description + "Transport fields container"; + + container config { + description + "Configuration data"; + uses transport-fields-config; + } + + container state { + config false; + description + "State data"; + uses transport-fields-config; + uses transport-fields-state; + } + } + } + + grouping ip-icmpv4-header-fields-top { + description + "Top grouping for ICMPv4 filtering"; + + container icmpv4 { + description + "Top container for ICMPv4 filtering"; + + container config { + description + "Configuration attributes for ICMPv4 filtering"; + + uses ip-icmpv4-header-fields-config; + } + + container state { + description + "State attributes for ICMPv4 filtering"; + config false; + + uses ip-icmpv4-header-fields-config; + } + } + } + + grouping ip-icmpv6-header-fields-top { + description + "Top grouping for ICMPv6 filtering"; + + container icmpv6 { + description + "Top container for ICMPv6 filtering"; + + container config { + description + "Configuration attributes for ICMPv6 filtering"; + + uses ip-icmpv6-header-fields-config; + } + + container state { + description + "State attributes for ICMPv6 filtering"; + config false; + + uses ip-icmpv6-header-fields-config; + } + } + } + + grouping ip-icmpv4-header-fields-config { + description + "Collection of ICMPv4 header fields that can be + used to set up a match filter."; + + leaf type { + type identityref { + base oc-icmpv4-types:TYPE; + } + description + "ICMPv4 type to be matched."; + reference + "RFC 792: Internet Control Message Protocol"; + } + + leaf code { + type identityref { + base oc-icmpv4-types:CODE; + } + description + "ICMPv4 code to be matched."; + reference + "RFC 792: Internet Control Message Protocol"; + } + } + + grouping ip-icmpv6-header-fields-config { + description + "Collection of ICMPv6 header fields that can be + used to set up a match filter."; + + leaf type { + type identityref { + base oc-icmpv6-types:TYPE; + } + description + "ICMPv6 type to be matched."; + reference + "RFC 4443: Internet Control Message Protocol (ICMPv6) + for Internet Protocol Version 6 (IPv6) + Specification."; + } + + leaf code { + type identityref { + base oc-icmpv6-types:CODE; + } + description + "ICMP code to be matched."; + reference + "RFC 4443: Internet Control Message Protocol (ICMPv6) + for Internet Protocol Version 6 (IPv6) + Specification."; + } + } + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/defined-sets/openconfig-defined-sets.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/defined-sets/openconfig-defined-sets.yang new file mode 100644 index 0000000000000000000000000000000000000000..0c2a92bece702ae8208d70176b66f0a1342d15e6 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/defined-sets/openconfig-defined-sets.yang @@ -0,0 +1,227 @@ +module openconfig-defined-sets { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/defined-sets"; + + prefix "oc-sets"; + + import openconfig-extensions { prefix oc-ext; } + import openconfig-inet-types { prefix oc-inet; } + import openconfig-packet-match-types { prefix oc-pkt-match-types; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state + data for defined sets (sets of IPv4 prefixes, sets of + IPv6 prefixes, sets of ports, etc). These sets are used, + for example, in network access control lists (i.e., filters, + rules, etc.) in the matching fields."; + + oc-ext:openconfig-version "1.0.0"; + + revision "2022-12-14" { + description + "Initial version of the defined set model"; + reference "1.0.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + grouping ipv4-prefix-sets-config { + description "Configuration parameters of IPv4 prefix sets."; + + leaf name { + type string; + description + "A user defined name of the IPv4 prefix set."; + } + + leaf description { + type string; + description "A user defined IPv4 prefix set description."; + } + + leaf-list prefix { + type oc-inet:ipv4-prefix; + description + "A user defined list of IPv4 prefixes to be used in match + conditions. Each entry is a IPv4 + mask combination."; + } + } + + grouping ipv6-prefix-sets-config { + description "Configuration parameters of IPv6 prefix sets."; + + leaf name { + type string; + description + "Name of the IPv6 prefix set."; + } + + leaf description { + type string; + description + "A user defined IPv6 prefix set description."; + } + + leaf-list prefix { + type oc-inet:ipv6-prefix; + description + "A user defined list of IPv6 prefixes to be used in match + conditions. Each entry is a IPv6 + mask combination."; + } + } + + grouping port-sets-config { + description + "Configuration parameters of port sets."; + + leaf name { + type string; + description + "A user defined name of the port set."; + } + + leaf description { + type string; + description + "A user defined description for the port set"; + } + + leaf-list port { + type oc-pkt-match-types:port-num-range; + description + "A user defined set of ports to be + used in the match conditions."; + } + } + + grouping defined-sets { + description "Configuration of Defined Sets."; + + container ipv4-prefix-sets { + description + "Container to hold the list of IPv4 prefix sets."; + + list ipv4-prefix-set { + key "name"; + description + "List of IPv4 prefix sets."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name of the IPv4 prefix set."; + } + + container config { + description + "Configuration data for IPv4 prefix sets."; + uses ipv4-prefix-sets-config; + } + + container state { + config false; + description + "State data for IPv4 prefix sets."; + uses ipv4-prefix-sets-config; + } + } + } + + container ipv6-prefix-sets { + description + "Container to hold the list of IPv4 prefix sets."; + + list ipv6-prefix-set { + key "name"; + description "List of IPv6 prefix sets. Each defined set + is uniquely identified by a name"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name of the IPv6 prefix set."; + } + + container config { + description + "Configuration data for IPv6 prefix sets."; + uses ipv6-prefix-sets-config; + } + + container state { + config false; + description + "State data for prefix lists."; + uses ipv6-prefix-sets-config; + } + } + } + + container port-sets { + description + "Container to hold the list of port sets."; + + list port-set { + key "name"; + description + "List of port sets. Each por set is uniquely + identified by its name"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Name of the port set. The name is used to + reference the set in match conditions."; + } + + container config { + description + "Configuration data for port lists."; + uses port-sets-config; + } + + container state { + config false; + description + "State data for port lists."; + uses port-sets-config; + } + } + } + } + + + + grouping defined-sets-top { + description + "Top level grouping for defined-sets"; + + container defined-sets { + description + "Top level enclosing container for defined-set model + config and operational state data."; + uses defined-sets; + } + } + + uses defined-sets-top; + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-aggregate.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-aggregate.yang new file mode 100644 index 0000000000000000000000000000000000000000..f6a577bb0e8625572a3d32da8ee2ac6780bba7ed --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-aggregate.yang @@ -0,0 +1,249 @@ +module openconfig-if-aggregate { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/interfaces/aggregate"; + + prefix "oc-lag"; + + // import some basic types + import openconfig-interfaces { prefix oc-if; } + import openconfig-if-ethernet { prefix oc-eth; } + import iana-if-type { prefix ianaift; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "Model for managing aggregated (aka bundle, LAG) interfaces."; + + oc-ext:openconfig-version "2.4.4"; + + revision "2022-06-28" { + description + "Remove reference to invalid oc-ift type check"; + reference "2.4.4"; + } + + revision "2020-05-01" { + description + "Update when statements to reference config nodes + from config true elements."; + reference "2.4.3"; + } + + revision "2019-04-16" { + description + "Update import prefix for iana-if-type module"; + reference "2.4.2"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "2.3.2"; + } + + revision "2018-03-23" { + description + "Fix/cleanup when statements in aggregates model."; + reference "2.3.1"; + } + + revision "2018-01-05" { + description + "Add logical loopback to interface."; + reference "2.3.0"; + } + + revision "2017-12-22" { + description + "Add IPv4 proxy ARP configuration."; + reference "2.2.0"; + } + + revision "2017-12-21" { + description + "Added IPv6 router advertisement configuration."; + reference "2.1.0"; + } + + revision "2017-07-14" { + description + "Added Ethernet/IP state data; Add dhcp-client; + migrate to OpenConfig types modules; Removed or + renamed opstate values"; + reference "2.0.0"; + } + + revision "2016-12-22" { + description + "Fixes to Ethernet interfaces model"; + reference "1.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // extension statements + + // feature statements + + // identity statements + + // typedef statements + + typedef aggregation-type { + type enumeration { + enum LACP { + description "LAG managed by LACP"; + } + enum STATIC { + description "Statically configured bundle / LAG"; + } + } + description + "Type to define the lag-type, i.e., how the LAG is + defined and managed"; + } + + // grouping statements + + + grouping aggregation-logical-config { + description + "Configuration data for aggregate interfaces"; + + + leaf lag-type { + type aggregation-type; + description + "Sets the type of LAG, i.e., how it is + configured / maintained"; + } + + leaf min-links { + type uint16; + description + "Specifies the mininum number of member + interfaces that must be active for the aggregate interface + to be available"; + } + } + + grouping aggregation-logical-state { + description + "Operational state data for aggregate interfaces"; + + leaf lag-speed { + type uint32; + units Mbps; + description + "Reports effective speed of the aggregate interface, + based on speed of active member interfaces"; + } + + leaf-list member { + when "../../config/lag-type = 'STATIC'" { + description + "The simple list of member interfaces is active + when the aggregate is statically configured"; + } + type oc-if:base-interface-ref; + description + "List of current member interfaces for the aggregate, + expressed as references to existing interfaces"; + } + } + + grouping aggregation-logical-top { + description "Top-level data definitions for LAGs"; + + container aggregation { + + description + "Options for logical interfaces representing + aggregates"; + + container config { + description + "Configuration variables for logical aggregate / + LAG interfaces"; + + uses aggregation-logical-config; + } + + container state { + + config false; + description + "Operational state variables for logical + aggregate / LAG interfaces"; + + uses aggregation-logical-config; + uses aggregation-logical-state; + + } + } + } + + grouping ethernet-if-aggregation-config { + description + "Adds configuration items for Ethernet interfaces + belonging to a logical aggregate / LAG"; + + leaf aggregate-id { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + description + "Specify the logical aggregate interface to which + this interface belongs"; + } + } + + // data definition statements + + // augment statements + + augment "/oc-if:interfaces/oc-if:interface" { + + description "Adds LAG configuration to the interface module"; + + uses aggregation-logical-top { + when "oc-if:config/oc-if:type = 'ianaift:ieee8023adLag'" { + description + "active when the interface is set to type LAG"; + } + } + } + + augment "/oc-if:interfaces/oc-if:interface/oc-eth:ethernet/" + + "oc-eth:config" { + description + "Adds LAG settings to individual Ethernet interfaces"; + + uses ethernet-if-aggregation-config; + } + + augment "/oc-if:interfaces/oc-if:interface/oc-eth:ethernet/" + + "oc-eth:state" { + description + "Adds LAG settings to individual Ethernet interfaces"; + + uses ethernet-if-aggregation-config; + } + + // rpc statements + + // notification statements + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ethernet.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ethernet.yang new file mode 100644 index 0000000000000000000000000000000000000000..3991923f620eeb45326951e971312814f87f08c3 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ethernet.yang @@ -0,0 +1,693 @@ +module openconfig-if-ethernet { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/interfaces/ethernet"; + + prefix "oc-eth"; + + // import some basic types + import openconfig-interfaces { prefix oc-if; } + import iana-if-type { prefix ianaift; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "Model for managing Ethernet interfaces -- augments the OpenConfig + model for interface configuration and state."; + + oc-ext:openconfig-version "2.13.0"; + + revision "2023-03-10" { + description + "Allow Ethernet configuration parameters to be + used for aggregate (LAG) interfaces."; + reference "2.13.0"; + } + + revision "2022-04-20" { + description + "Remove unused import"; + reference "2.12.2"; + } + + revision "2021-07-20" { + description + "Fix typo in hardware MAC address description."; + reference "2.12.1"; + } + + revision "2021-07-07" { + description + "Add support for configuring fec-mode per interface."; + reference "2.12.0"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace."; + reference "2.11.1"; + } + + revision "2021-06-09" { + description + "Add support for standalone link training."; + reference "2.11.0"; + } + + revision "2021-05-17" { + description + "Add ethernet counters: in-carrier-errors, + in-interrupted-tx, in-late-collision, in-mac-errors-rx, + in-single-collision, in-symbol-error and out-mac-errors-tx"; + reference "2.10.0"; + } + + revision "2021-03-30" { + description + "Add counter for drops due to oversized frames."; + reference "2.9.0"; + } + + revision "2020-05-06" { + description + "Minor formatting fix."; + reference "2.8.1"; + } + + revision "2020-05-06" { + description + "Add 200G, 400G, 600G and 800G Ethernet speeds."; + reference "2.8.0"; + } + + revision "2020-05-05" { + description + "Fix when statement checks to use rw paths when + from a rw context."; + reference "2.7.3"; + } + + revision "2019-04-16" { + description + "Update import prefix for iana-if-type module"; + reference "2.7.2"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "2.6.2"; + } + + revision "2018-09-04" { + description + "Remove in-crc-align-errors as it is a duplicate of + in-crc-errors"; + reference "2.6.1"; + } + + revision "2018-08-28" { + description + "Add Ethernet counter in-block-errors"; + reference "2.6.0"; + } + + revision "2018-07-02" { + description + "Add new ethernet counters of in-undersize-frames, + in-crc-align-errors and the distribution container"; + reference "2.5.0"; + } + + revision "2018-04-10" { + description + "Add identities for 2.5 and 5 Gbps."; + reference "2.4.0"; + } + + revision "2018-01-05" { + description + "Add logical loopback to interface."; + reference "2.3.0"; + } + + revision "2017-12-21" { + description + "Added IPv6 router advertisement configuration."; + reference "2.1.0"; + } + + revision "2017-07-14" { + description + "Added Ethernet/IP state data; Add dhcp-client; + migrate to OpenConfig types modules; Removed or + renamed opstate values"; + reference "2.0.0"; + } + + revision "2016-12-22" { + description + "Fixes to Ethernet interfaces model"; + reference "1.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // identity statements + identity INTERFACE_FEC { + description + "Base type to specify FEC modes that can be configured on the interface. + These are FEC modes defined for applying to logical interfaces and their + underlying electrical channels."; + } + + identity FEC_FC { + base INTERFACE_FEC; + description + "Firecode is used for channels with NRZ modulation and speeds less than 100G. + This FEC is designed to comply with the IEEE 802.3, Clause 74."; + } + + identity FEC_RS528 { + base INTERFACE_FEC; + description + "RS528 is used for channels with NRZ modulation. This FEC is designed to + comply with IEEE 802.3, Clause 91."; + } + + identity FEC_RS544 { + base INTERFACE_FEC; + description + "RS544 is used for channels with PAM4 modulation."; + } + + identity FEC_RS544_2X_INTERLEAVE { + base INTERFACE_FEC; + description + "RS544-2x-interleave is used for channels with PAM4 modulation."; + } + + identity FEC_DISABLED { + base INTERFACE_FEC; + description + "FEC is administratively disabled."; + } + + identity ETHERNET_SPEED { + description "base type to specify available Ethernet link + speeds"; + } + + identity SPEED_10MB { + base ETHERNET_SPEED; + description "10 Mbps Ethernet"; + } + + identity SPEED_100MB { + base ETHERNET_SPEED; + description "100 Mbps Ethernet"; + } + + identity SPEED_1GB { + base ETHERNET_SPEED; + description "1 Gbps Ethernet"; + } + + identity SPEED_2500MB { + base ETHERNET_SPEED; + description "2.5 Gbps Ethernet"; + } + + identity SPEED_5GB { + base ETHERNET_SPEED; + description "5 Gbps Ethernet"; + } + + identity SPEED_10GB { + base ETHERNET_SPEED; + description "10 Gbps Ethernet"; + } + + identity SPEED_25GB { + base ETHERNET_SPEED; + description "25 Gbps Ethernet"; + } + + identity SPEED_40GB { + base ETHERNET_SPEED; + description "40 Gbps Ethernet"; + } + + identity SPEED_50GB { + base ETHERNET_SPEED; + description "50 Gbps Ethernet"; + } + + identity SPEED_100GB { + base ETHERNET_SPEED; + description "100 Gbps Ethernet"; + } + + identity SPEED_200GB { + base ETHERNET_SPEED; + description "200 Gbps Ethernet"; + } + + identity SPEED_400GB { + base ETHERNET_SPEED; + description "400 Gbps Ethernet"; + } + + identity SPEED_600GB { + base ETHERNET_SPEED; + description "600 Gbps Ethernet"; + } + + identity SPEED_800GB { + base ETHERNET_SPEED; + description "800 Gbps Ethernet"; + } + + identity SPEED_UNKNOWN { + base ETHERNET_SPEED; + description + "Interface speed is unknown. Systems may report + speed UNKNOWN when an interface is down or unpopuplated (e.g., + pluggable not present)."; + } + + // typedef statements + + + // grouping statements + + grouping ethernet-interface-config { + description "Configuration items for Ethernet interfaces"; + + leaf mac-address { + type oc-yang:mac-address; + description + "Assigns a MAC address to the Ethernet interface. If not + specified, the corresponding operational state leaf is + expected to show the system-assigned MAC address."; + } + + leaf auto-negotiate { + type boolean; + default true; + description + "Set to TRUE to request the interface to auto-negotiate + transmission parameters with its peer interface. When + set to FALSE, the transmission parameters are specified + manually."; + reference + "IEEE 802.3-2012 auto-negotiation transmission parameters"; + } + + leaf standalone-link-training { + type boolean; + default false; + description + "Link training is automatic tuning of the SerDes transmit and + receive parameters to ensure an optimal connection over copper + links. It is normally run as part of the auto negotiation + sequence as specified in IEEE 802.3 Clause 73. + + Standalone link training is used when full auto negotiation is + not desired on an Ethernet link but link training is needed. + It is configured by setting the standalone-link-training leaf + to TRUE and augo-negotiate leaf to FALSE. + + Note: If auto-negotiate is true, then the value of standalone + link training leaf will be ignored."; + } + + leaf duplex-mode { + type enumeration { + enum FULL { + description "Full duplex mode"; + } + enum HALF { + description "Half duplex mode"; + } + } + description + "When auto-negotiate is TRUE, this optionally sets the + duplex mode that will be advertised to the peer. If + unspecified, the interface should negotiate the duplex mode + directly (typically full-duplex). When auto-negotiate is + FALSE, this sets the duplex mode on the interface directly."; + } + + leaf port-speed { + type identityref { + base ETHERNET_SPEED; + } + description + "When auto-negotiate is TRUE, this optionally sets the + port-speed mode that will be advertised to the peer for + negotiation. If unspecified, it is expected that the + interface will select the highest speed available based on + negotiation. When auto-negotiate is set to FALSE, sets the + link speed to a fixed value -- supported values are defined + by ETHERNET_SPEED identities"; + } + + leaf enable-flow-control { + type boolean; + default false; + description + "Enable or disable flow control for this interface. + Ethernet flow control is a mechanism by which a receiver + may send PAUSE frames to a sender to stop transmission for + a specified time. + + This setting should override auto-negotiated flow control + settings. If left unspecified, and auto-negotiate is TRUE, + flow control mode is negotiated with the peer interface."; + reference + "IEEE 802.3x"; + } + + leaf fec-mode { + type identityref { + base INTERFACE_FEC; + } + description + "The FEC mode applied to the physical channels associated with + the interface."; + } + } + + grouping ethernet-interface-state-counters { + description + "Ethernet-specific counters and statistics"; + + // ingress counters + + leaf in-mac-control-frames { + type oc-yang:counter64; + description + "MAC layer control frames received on the interface"; + } + + leaf in-mac-pause-frames { + type oc-yang:counter64; + description + "MAC layer PAUSE frames received on the interface"; + } + + leaf in-oversize-frames { + type oc-yang:counter64; + description + "The total number of frames received that were + longer than 1518 octets (excluding framing bits, + but including FCS octets) and were otherwise + well formed."; + } + + leaf in-undersize-frames { + type oc-yang:counter64; + description + "The total number of frames received that were + less than 64 octets long (excluding framing bits, + but including FCS octets) and were otherwise well + formed."; + reference + "RFC 2819: Remote Network Monitoring MIB - + etherStatsUndersizePkts"; + } + + leaf in-jabber-frames { + type oc-yang:counter64; + description + "Number of jabber frames received on the + interface. Jabber frames are typically defined as oversize + frames which also have a bad CRC. Implementations may use + slightly different definitions of what constitutes a jabber + frame. Often indicative of a NIC hardware problem."; + } + + leaf in-fragment-frames { + type oc-yang:counter64; + description + "The total number of frames received that were less than + 64 octets in length (excluding framing bits but including + FCS octets) and had either a bad Frame Check Sequence + (FCS) with an integral number of octets (FCS Error) or a + bad FCS with a non-integral number of octets (Alignment + Error)."; + } + + leaf in-8021q-frames { + type oc-yang:counter64; + description + "Number of 802.1q tagged frames received on the interface"; + } + + leaf in-crc-errors { + type oc-yang:counter64; + description + "The total number of frames received that + had a length (excluding framing bits, but + including FCS octets) of between 64 and 1518 + octets, inclusive, but had either a bad + Frame Check Sequence (FCS) with an integral + number of octets (FCS Error) or a bad FCS with + a non-integral number of octets (Alignment Error)"; + reference + "RFC 2819: Remote Network Monitoring MIB - + etherStatsCRCAlignErrors"; + } + + leaf in-block-errors { + type oc-yang:counter64; + description + "The number of received errored blocks. Error detection codes + are capable of detecting whether one or more errors have + occurred in a given sequence of bits – the block. It is + normally not possible to determine the exact number of errored + bits within the block"; + } + + leaf in-carrier-errors { + type oc-yang:counter64; + description + "The number of received errored frames due to a carrier issue. + The value refers to MIB counter for + dot3StatsCarrierSenseErrors + oid=1.3.6.1.2.1.10.7.2.1.11"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-interrupted-tx { + type oc-yang:counter64; + description + "The number of received errored frames due to interrupted + transmission issue. The value refers to MIB counter for + dot3StatsDeferredTransmissions + oid=1.3.6.1.2.1.10.7.2.1.7"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-late-collision { + type oc-yang:counter64; + description + "The number of received errored frames due to late collision + issue. The value refers to MIB counter for + dot3StatsLateCollisions + oid=1.3.6.1.2.1.10.7.2.1.8"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-mac-errors-rx { + type oc-yang:counter64; + description + "The number of received errored frames due to MAC errors + received. The value refers to MIB counter for + dot3StatsInternalMacReceiveErrors + oid=1.3.6.1.2.1.10.7.2.1.16"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-single-collision { + type oc-yang:counter64; + description + "The number of received errored frames due to single collision + issue. The value refers to MIB counter for + dot3StatsSingleCollisionFrames + oid=1.3.6.1.2.1.10.7.2.1.4"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-symbol-error { + type oc-yang:counter64; + description + "The number of received errored frames due to symbol error. + The value refers to MIB counter for + in-symbol-error + oid=1.3.6.1.2.1.10.7.2.1.18"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + leaf in-maxsize-exceeded { + type oc-yang:counter64; + description + "The total number frames received that are well-formed but + dropped due to exceeding the maximum frame size on the interface + (e.g., MTU or MRU)"; + } + + // egress counters + + leaf out-mac-control-frames { + type oc-yang:counter64; + description + "MAC layer control frames sent on the interface"; + } + + leaf out-mac-pause-frames { + type oc-yang:counter64; + description + "MAC layer PAUSE frames sent on the interface"; + } + + leaf out-8021q-frames { + type oc-yang:counter64; + description + "Number of 802.1q tagged frames sent on the interface"; + } + + leaf out-mac-errors-tx { + type oc-yang:counter64; + description + "The number of sent errored frames due to MAC errors + transmitted. The value refers to MIB counter for + dot3StatsInternalMacTransmitErrors + oid=1.3.6.1.2.1.10.7.2.1.10"; + reference + "RFC 1643 Definitions of Managed + Objects for the Ethernet-like Interface Types."; + } + + } + + grouping ethernet-interface-state { + description + "Grouping for defining Ethernet-specific operational state"; + + leaf hw-mac-address { + type oc-yang:mac-address; + description + "Represents the 'burned-in', or system-assigned, MAC + address for the Ethernet interface."; + } + + leaf negotiated-duplex-mode { + type enumeration { + enum FULL { + description "Full duplex mode"; + } + enum HALF { + description "Half duplex mode"; + } + } + description + "When auto-negotiate is set to TRUE, and the interface has + completed auto-negotiation with the remote peer, this value + shows the duplex mode that has been negotiated."; + } + + leaf negotiated-port-speed { + type identityref { + base ETHERNET_SPEED; + } + description + "When auto-negotiate is set to TRUE, and the interface has + completed auto-negotiation with the remote peer, this value + shows the interface speed that has been negotiated."; + } + + container counters { + description "Ethernet interface counters"; + + uses ethernet-interface-state-counters; + } + } + + // data definition statements + + grouping ethernet-top { + description "top-level Ethernet config and state containers"; + + container ethernet { + description + "Top-level container for ethernet configuration + and state"; + + container config { + description "Configuration data for ethernet interfaces"; + + uses ethernet-interface-config; + + } + + container state { + + config false; + description "State variables for Ethernet interfaces"; + + uses ethernet-interface-config; + uses ethernet-interface-state; + + } + + } + } + + // augment statements + + augment "/oc-if:interfaces/oc-if:interface" { + description "Adds addtional Ethernet-specific configuration to + interfaces model"; + + uses ethernet-top { + when "oc-if:config/oc-if:type = 'ianaift:ethernetCsmacd' or " + + "oc-if:config/oc-if:type = 'ianaift:ieee8023adLag'" { + description + "Additional interface configuration parameters when + the interface type is Ethernet, or the interface is an aggregate + interface."; + } + } + } + + // rpc statements + + // notification statements + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ip.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ip.yang new file mode 100644 index 0000000000000000000000000000000000000000..8aebaaa068ae3ef2605c09af280d6d61399b16aa --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-if-ip.yang @@ -0,0 +1,1611 @@ +module openconfig-if-ip { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/interfaces/ip"; + + prefix "oc-ip"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-vlan { prefix oc-vlan; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "This model defines data for managing configuration and + operational state on IP (IPv4 and IPv6) interfaces. + + This model reuses data items defined in the IETF YANG model for + interfaces described by RFC 7277 with an alternate structure + (particularly for operational state data) and with + additional configuration items. + + Portions of this code were derived from IETF RFC 7277. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "3.5.1"; + + revision "2024-03-13" { + description + "Update in-pkts and out-pkts descriptions."; + reference "3.5.1"; + } + + revision "2023-08-14" { + description + "Add multicast counters for IPv4, IPv6."; + reference "3.5.0"; + } + +revision "2023-06-30" { + description + "Deprecate IPv6 router advertisment config suppress leaf and add config + mode leaf."; + reference "3.4.0"; + } + + revision "2023-04-12" { + description + "Add ipv4 address type configuration."; + reference "3.3.0"; + } + + revision "2023-02-06" { + description + "Add IPv6 link-local configuration."; + reference "3.2.0"; + } + + revision "2022-11-09" { + description + "Add additional IPv6 router-advertisement features."; + reference "3.1.0"; + } + + revision "2019-01-08" { + description + "Eliminate use of the 'empty' type."; + reference "3.0.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "2.3.1"; + } + + revision "2018-01-05" { + description + "Add logical loopback to interface."; + reference "2.3.0"; + } + + revision "2017-12-21" { + description + "Added IPv6 router advertisement configuration."; + reference "2.1.0"; + } + + revision "2017-07-14" { + description + "Added Ethernet/IP state data; Add dhcp-client; + migrate to OpenConfig types modules; Removed or + renamed opstate values"; + reference "2.0.0"; + } + + revision "2017-04-03"{ + description + "Update copyright notice."; + reference "1.1.1"; + } + + revision "2016-12-22" { + description + "Fixes to Ethernet interfaces model"; + reference "1.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // typedef statements + + typedef ip-address-origin { + type enumeration { + enum OTHER { + description + "None of the following."; + } + enum STATIC { + description + "Indicates that the address has been statically + configured - for example, using NETCONF or a Command Line + Interface."; + } + enum DHCP { + description + "Indicates an address that has been assigned to this + system by a DHCP server."; + } + enum LINK_LAYER { + description + "Indicates an address created by IPv6 stateless + autoconfiguration that embeds a link-layer address in its + interface identifier."; + } + enum RANDOM { + description + "Indicates an address chosen by the system at + random, e.g., an IPv4 address within 169.254/16, an + RFC 4941 temporary address, or an RFC 7217 semantically + opaque address."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + RFC 7217: A Method for Generating Semantically Opaque + Interface Identifiers with IPv6 Stateless + Address Autoconfiguration (SLAAC)"; + } + } + description + "The origin of an address."; + } + + typedef neighbor-origin { + type enumeration { + enum OTHER { + description + "None of the following."; + } + enum STATIC { + description + "Indicates that the mapping has been statically + configured - for example, using NETCONF or a Command Line + Interface."; + } + enum DYNAMIC { + description + "Indicates that the mapping has been dynamically resolved + using, e.g., IPv4 ARP or the IPv6 Neighbor Discovery + protocol."; + } + } + description + "The origin of a neighbor entry."; + } + + typedef ipv4-address-type { + type enumeration { + enum PRIMARY { + description + "The primary address on the interface. There can only be one primary + address associated on an interface."; + } + enum SECONDARY { + description + "Secondary address on an interface. There can be multiple secondary + addresses associated on an interface."; + } + } + + description + "The type of an IPv4 address."; + } + + // grouping statements + + grouping ip-common-global-config { + description + "Shared configuration data for IPv4 or IPv6 assigned + globally on an interface."; + + leaf dhcp-client { + type boolean; + default false; + description + "Enables a DHCP client on the interface in order to request + an address"; + } + } + + grouping ip-common-counters-state { + description + "Operational state for IP traffic statistics for IPv4 and + IPv6"; + + container counters { + description + "Packet and byte counters for IP transmission and + reception for the address family."; + + + leaf in-pkts { + type oc-yang:counter64; + description + "The total number of IP packets received for the specified + address family, including all IP unicast, multicast, + broadcast and error packets."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf in-octets { + type oc-yang:counter64; + description + "The total number of octets received in input IP packets + for the specified address family, including those received + in error."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf in-multicast-pkts { + type oc-yang:counter64; + description + "The number of IP packets received for the specified + address family that are multicast packets. + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 4293: Management Information Base for the Internet + Protocol (IP) - ipSystemStatsHCInMcastPkts"; + } + + leaf in-multicast-octets { + type oc-yang:counter64; + description + "The total number of octets received in input IP + multicast packets for the specified address + family, including those received in error."; + reference + "RFC 4293: Management Information Base for the Internet + Protocol (IP) - ipSystemStatsHCInMcastOctets"; + } + + leaf in-error-pkts { + // TODO: this counter combines several error conditions -- + // could consider breaking them out to separate leaf nodes + type oc-yang:counter64; + description + "Number of IP packets discarded due to errors for the + specified address family, including errors in the IP + header, no route found to the IP destination, invalid + address, unknown protocol, etc."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf in-forwarded-pkts { + type oc-yang:counter64; + description + "The number of input packets for which the device was not + their final IP destination and for which the device + attempted to find a route to forward them to that final + destination."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf in-forwarded-octets { + type oc-yang:counter64; + description + "The number of octets received in input IP packets + for the specified address family for which the device was + not their final IP destination and for which the + device attempted to find a route to forward them to that + final destination."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf in-discarded-pkts { + type oc-yang:counter64; + description + "The number of input IP packets for the + specified address family, for which no problems were + encountered to prevent their continued processing, but + were discarded (e.g., for lack of buffer space)."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-pkts { + type oc-yang:counter64; + description + "The total number of IP packets for the + specified address family that the device supplied + to the lower layers for transmission. This includes + packets generated locally and those forwarded by the + device as well as unicast, multicast and broadcast + packets."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-octets { + type oc-yang:counter64; + description + "The total number of octets in IP packets for the + specified address family that the device + supplied to the lower layers for transmission. This + includes packets generated locally and those forwarded by + the device."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-multicast-pkts { + type oc-yang:counter64; + description + "The total number of IP multicast packets transmitted. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP) + - ipSystemStatsHCOutMcastPkts"; + } + + leaf out-multicast-octets { + type oc-yang:counter64; + description + "The total number of IP multicast octets transmitted. This + includes packets generated locally and those forwarded by + the device."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-error-pkts { + // TODO: this counter combines several error conditions -- + // could consider breaking them out to separate leaf nodes + type oc-yang:counter64; + description + "Number of IP packets for the specified address family + locally generated and discarded due to errors, including + no route found to the IP destination."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-forwarded-pkts { + type oc-yang:counter64; + description + "The number of packets for which this entity was not their + final IP destination and for which it was successful in + finding a path to their final destination."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-forwarded-octets { + type oc-yang:counter64; + description + "The number of octets in packets for which this entity was + not their final IP destination and for which it was + successful in finding a path to their final destination."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + + leaf out-discarded-pkts { + type oc-yang:counter64; + description + "The number of output IP packets for the + specified address family for which no problem was + encountered to prevent their transmission to their + destination, but were discarded (e.g., for lack of + buffer space)."; + reference + "RFC 4293 - Management Information Base for the + Internet Protocol (IP)"; + } + } + + } + + + + grouping ipv4-global-config { + description + "Configuration data for IPv4 interfaces across + all addresses assigned to the interface"; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv4 is enabled or disabled on this + interface. When IPv4 is enabled, this interface is + connected to an IPv4 stack, and the interface can send + and receive IPv4 packets."; + } + + leaf mtu { + type uint16 { + range "68..max"; + } + units octets; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 791: Internet Protocol"; + } + + uses ip-common-global-config; + + + } + + grouping ipv4-address-config { + description + "Per IPv4 adresss configuration data for the + interface."; + + leaf ip { + type oc-inet:ipv4-address; + description + "The IPv4 address on the interface."; + } + + leaf prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the subnet prefix."; + } + + leaf type { + type ipv4-address-type; + default PRIMARY; + description + "Specifies the explicit type of the IPv4 address being assigned + to the interface. By default, addresses are assumed to be a primary address. + Where secondary addresses is to be configured, this leaf should be set + to SECONDARY."; + } + } + + grouping ipv4-neighbor-config { + description + "Per IPv4 neighbor configuration data. Neighbor + entries are analagous to static ARP entries, i.e., they + create a correspondence between IP and link-layer addresses"; + + leaf ip { + type oc-inet:ipv4-address; + description + "The IPv4 address of the neighbor node."; + } + leaf link-layer-address { + type oc-yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + } + + grouping ipv4-address-state { + description + "State variables for IPv4 addresses on the interface"; + + leaf origin { + type ip-address-origin; + description + "The origin of this address, e.g., statically configured, + assigned by DHCP, etc.."; + } + } + + grouping ipv4-neighbor-state { + description + "State variables for IPv4 neighbor entries on the interface."; + + leaf origin { + type neighbor-origin; + description + "The origin of this neighbor entry, static or dynamic."; + } + } + + grouping ipv6-global-config { + description + "Configuration data at the global level for each + IPv6 interface"; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv6 is enabled or disabled on this + interface. When IPv6 is enabled, this interface is + connected to an IPv6 stack, and the interface can send + and receive IPv6 packets."; + } + + leaf mtu { + type uint32 { + range "1280..max"; + } + units octets; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + Section 5"; + } + + leaf dup-addr-detect-transmits { + type uint32; + default 1; + description + "The number of consecutive Neighbor Solicitation messages + sent while performing Duplicate Address Detection on a + tentative address. A value of zero indicates that + Duplicate Address Detection is not performed on + tentative addresses. A value of one indicates a single + transmission with no follow-up retransmissions."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + + uses ip-common-global-config; + } + + grouping ipv6-address-config { + description "Per-address configuration data for IPv6 interfaces"; + + leaf ip { + type oc-inet:ipv6-address; + description + "The IPv6 address on the interface."; + } + + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + description + "The length of the subnet prefix."; + } + + leaf type { + type oc-inet:ipv6-address-type; + default GLOBAL_UNICAST; + description + "Specifies the explicit type of the IPv6 address being assigned + to the interface. By default, addresses are assumed to be + global unicast. Where a link-local address is to be explicitly + configured, this leaf should be set to LINK_LOCAL."; + } + + } + + grouping ipv6-address-state { + description + "Per-address operational state data for IPv6 interfaces"; + + leaf origin { + type ip-address-origin; + description + "The origin of this address, e.g., static, dhcp, etc."; + } + + leaf status { + type enumeration { + enum PREFERRED { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum DEPRECATED { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum INVALID { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + enum INACCESSIBLE { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum UNKNOWN { + description + "The status cannot be determined for some reason."; + } + enum TENTATIVE { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum DUPLICATE { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + enum OPTIMISTIC { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + + grouping ipv6-neighbor-config { + description + "Per-neighbor configuration data for IPv6 interfaces"; + + leaf ip { + type oc-inet:ipv6-address; + description + "The IPv6 address of the neighbor node."; + } + + leaf link-layer-address { + type oc-yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + } + + grouping ipv6-neighbor-state { + description "Per-neighbor state variables for IPv6 interfaces"; + + leaf origin { + type neighbor-origin; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type boolean; + description + "Indicates that the neighbor node acts as a router."; + } + leaf neighbor-state { + type enumeration { + enum INCOMPLETE { + description + "Address resolution is in progress, and the link-layer + address of the neighbor has not yet been + determined."; + } + enum REACHABLE { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum STALE { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum DELAY { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum PROBE { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + + grouping ip-vrrp-ipv6-config { + description + "IPv6-specific configuration data for VRRP on IPv6 + interfaces"; + + leaf virtual-link-local { + type oc-inet:ip-address; + description + "For VRRP on IPv6 interfaces, sets the virtual link local + address"; + } + } + + grouping ip-vrrp-ipv6-state { + description + "IPv6-specific operational state for VRRP on IPv6 interfaces"; + + uses ip-vrrp-ipv6-config; + } + + grouping ip-vrrp-tracking-config { + description + "Configuration data for tracking interfaces + in a VRRP group"; + + leaf-list track-interface { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + // TODO: we may need to add some restriction to ethernet + // or IP interfaces. + description + "Sets a list of one or more interfaces that should + be tracked for up/down events to dynamically change the + priority state of the VRRP group, and potentially + change the mastership if the tracked interface going + down lowers the priority sufficiently. Any of the tracked + interfaces going down will cause the priority to be lowered. + Some implementations may only support a single + tracked interface."; + } + + leaf priority-decrement { + type uint8 { + range 0..254; + } + default 0; + description "Set the value to subtract from priority when + the tracked interface goes down"; + } + } + + grouping ip-vrrp-tracking-state { + description + "Operational state data for tracking interfaces in a VRRP + group"; + } + + grouping ip-vrrp-tracking-top { + description + "Top-level grouping for VRRP interface tracking"; + + container interface-tracking { + description + "Top-level container for VRRP interface tracking"; + + container config { + description + "Configuration data for VRRP interface tracking"; + + uses ip-vrrp-tracking-config; + } + + container state { + + config false; + + description + "Operational state data for VRRP interface tracking"; + + uses ip-vrrp-tracking-config; + uses ip-vrrp-tracking-state; + } + } + } + + grouping ip-vrrp-config { + description + "Configuration data for VRRP on IP interfaces"; + + leaf virtual-router-id { + type uint8 { + range 1..255; + } + description + "Set the virtual router id for use by the VRRP group. This + usually also determines the virtual MAC address that is + generated for the VRRP group"; + } + + leaf-list virtual-address { + type oc-inet:ip-address; + description + "Configure one or more virtual addresses for the + VRRP group"; + } + + leaf priority { + type uint8 { + range 1..254; + } + default 100; + description + "Specifies the sending VRRP interface's priority + for the virtual router. Higher values equal higher + priority"; + } + + leaf preempt { + type boolean; + default true; + description + "When set to true, enables preemption by a higher + priority backup router of a lower priority master router"; + } + + leaf preempt-delay { + type uint16 { + range 0..3600; + } + default 0; + description + "Set the delay the higher priority router waits + before preempting"; + } + + leaf accept-mode { + type boolean; + // TODO: should we adopt the RFC default given the common + // operational practice of setting to true? + default false; + description + "Configure whether packets destined for + virtual addresses are accepted even when the virtual + address is not owned by the router interface"; + } + + leaf advertisement-interval { + type uint16 { + range 1..4095; + } + // TODO this range is theoretical -- needs to be validated + // against major implementations. + units "centiseconds"; + default 100; + description + "Sets the interval between successive VRRP + advertisements -- RFC 5798 defines this as a 12-bit + value expressed as 0.1 seconds, with default 100, i.e., + 1 second. Several implementation express this in units of + seconds"; + } + } + + grouping ip-vrrp-state { + description + "Operational state data for VRRP on IP interfaces"; + + leaf current-priority { + type uint8; + description "Operational value of the priority for the + interface in the VRRP group"; + } + } + + grouping ip-vrrp-top { + description + "Top-level grouping for Virtual Router Redundancy Protocol"; + + container vrrp { + description + "Enclosing container for VRRP groups handled by this + IP interface"; + + reference "RFC 5798 - Virtual Router Redundancy Protocol + (VRRP) Version 3 for IPv4 and IPv6"; + + list vrrp-group { + key "virtual-router-id"; + description + "List of VRRP groups, keyed by virtual router id"; + + leaf virtual-router-id { + type leafref { + path "../config/virtual-router-id"; + } + description + "References the configured virtual router id for this + VRRP group"; + } + + container config { + description + "Configuration data for the VRRP group"; + + uses ip-vrrp-config; + } + + container state { + + config false; + + description + "Operational state data for the VRRP group"; + + uses ip-vrrp-config; + uses ip-vrrp-state; + } + + uses ip-vrrp-tracking-top; + } + } + } + + grouping ipv6-ra-config { + description + "Configuration parameters for IPv6 router advertisements."; + + leaf enable { + type boolean; + default true; + description + "If set to false, all IPv6 router advertisement functions are + disabled. The local system will not transmit router advertisement + messages and will not respond to router solicitation messages."; + } + + leaf interval { + type uint32; + units seconds; + description + "The interval between periodic router advertisement neighbor + discovery messages sent on this interface expressed in + seconds."; + } + + leaf lifetime { + type uint32; + units seconds; + description + "The lifetime advertised in the router advertisement neighbor + discovery message on this interface."; + } + + leaf suppress { + status deprecated; + type boolean; + default false; + description + "When set to true, router advertisement neighbor discovery + messages are not transmitted on this interface."; + } + + leaf mode { + type enumeration { + enum ALL { + description + "The system will transmit unsolicited router advertisement + messages and respond to router solicitation requests."; + } + enum DISABLE_UNSOLICITED_RA { + description + "Unsolicted router advertisement messages are not transmitted on + this interface. Responses to router solicitation messages will + be transmitted."; + } + } + default "ALL"; + description + "Mode controls which set of behaviors the local system should perform + to support IPv6 router advertisements."; + reference "RFC4861: Neighbor Discovery for IP version 6 (IPv6)"; + } + + leaf managed { + type boolean; + default false; + description + "When set to true, the managed address configuration (M) flag is set in + the advertised router advertisement. The M flag indicates that there are + addresses available via DHCPv6."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.2"; + } + + leaf other-config { + type boolean; + default false; + description + "When set to true, the other configuration (O) flag is set in the + advertised router advertisement. The O flag indicates that there is + other configuration available via DHCPv6 (e.g., DNS servers)."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.2"; + } + } + + grouping ipv6-ra-prefix-config { + description + "Configuration parameters for an individual prefix within an IPv6 + router advertisement."; + + leaf prefix { + type oc-inet:ipv6-prefix; + description + "IPv6 prefix to be advertised within the router advertisement + message."; + } + + leaf valid-lifetime { + type uint32; + units seconds; + description + "The length of time that the prefix is valid relative to the time + the packet was sent."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.6.2"; + } + + leaf preferred-lifetime { + type uint32; + units seconds; + description + "The length of time that the address within the prefix remains + in the preferred state, i.e., unrestricted use is allowed by + upper-layer protocols. See RFC4862 for a complete definition + of preferred behaviours."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.6.2"; + } + + leaf disable-advertisement { + type boolean; + description + "When set to true, the prefix is not advertised within + router advertisement messages that are sent as a result of + router soliciation messages."; + } + + leaf disable-autoconfiguration { + type boolean; + description + "When set to true, the prefix is marked as not to be used for stateless + address configuration. This is achieved by setting the autonomous address + configuration bit for the prefix."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.6.1"; + } + + leaf enable-onlink { + type boolean; + description + "When set to true, the prefix is marked as being on link by setting the + L-bit for the prefix within a router advertisement."; + reference "RFC4861: Neighbor Discovery for IPv6, section 4.6.1"; + } + } + + grouping ipv4-proxy-arp-config { + description + "Configuration parameters for IPv4 proxy ARP"; + + leaf mode { + type enumeration { + enum DISABLE { + description + "The system should not respond to ARP requests that + do not specify an IP address configured on the local + subinterface as the target address."; + } + enum REMOTE_ONLY { + description + "The system responds to ARP requests only when the + sender and target IP addresses are in different + subnets."; + } + enum ALL { + description + "The system responds to ARP requests where the sender + and target IP addresses are in different subnets, as well + as those where they are in the same subnet."; + } + } + default "DISABLE"; + description + "When set to a value other than DISABLE, the local system should + respond to ARP requests that are for target addresses other than + those that are configured on the local subinterface using its own + MAC address as the target hardware address. If the REMOTE_ONLY + value is specified, replies are only sent when the target address + falls outside the locally configured subnets on the interface, + whereas with the ALL value, all requests, regardless of their + target address are replied to."; + reference "RFC1027: Using ARP to Implement Transparent Subnet Gateways"; + } + } + + grouping ipv4-top { + description "Top-level configuration and state for IPv4 + interfaces"; + + container ipv4 { + description + "Parameters for the IPv4 address family."; + + container addresses { + description + "Enclosing container for address list"; + + list address { + key "ip"; + description + "The list of configured IPv4 addresses on the interface."; + + leaf ip { + type leafref { + path "../config/ip"; + } + description "References the configured IP address"; + } + + container config { + description "Configuration data for each configured IPv4 + address on the interface"; + + uses ipv4-address-config; + + } + + container state { + + config false; + description "Operational state data for each IPv4 address + configured on the interface"; + + uses ipv4-address-config; + uses ipv4-address-state; + } + + } + } + + container proxy-arp { + description + "Configuration and operational state parameters + relating to proxy ARP. This functionality allows a + system to respond to ARP requests that are not + explicitly destined to the local system."; + + container config { + description + "Configuration parameters for proxy ARP"; + uses ipv4-proxy-arp-config; + } + + container state { + config false; + description + "Operational state parameters for proxy ARP"; + uses ipv4-proxy-arp-config; + } + } + + container neighbors { + description + "Enclosing container for neighbor list"; + + list neighbor { + key "ip"; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + Entries in this list are used as static entries in the + ARP Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type leafref { + path "../config/ip"; + } + description "References the configured IP address"; + } + + container config { + description "Configuration data for each configured IPv4 + address on the interface"; + + uses ipv4-neighbor-config; + + } + + container state { + + config false; + description "Operational state data for each IPv4 address + configured on the interface"; + + uses ipv4-neighbor-config; + uses ipv4-neighbor-state; + } + } + } + + uses oc-if:sub-unnumbered-top; + + container config { + description + "Top-level IPv4 configuration data for the interface"; + + uses ipv4-global-config; + } + + container state { + + config false; + description + "Top level IPv4 operational state data"; + + uses ipv4-global-config; + uses ip-common-counters-state; + } + } + } + + grouping ipv6-top { + description + "Top-level configuration and state for IPv6 interfaces"; + + container ipv6 { + description + "Parameters for the IPv6 address family."; + + container addresses { + description + "Enclosing container for address list"; + + list address { + key "ip"; + description + "The list of configured IPv6 addresses on the interface."; + + leaf ip { + type leafref { + path "../config/ip"; + } + description "References the configured IP address"; + } + + container config { + description + "Configuration data for each IPv6 address on + the interface"; + + uses ipv6-address-config; + + } + + container state { + + config false; + description + "State data for each IPv6 address on the + interface"; + + uses ipv6-address-config; + uses ipv6-address-state; + } + } + } + + container router-advertisement { + description + "Configuration and operational state parameters relating to + router advertisements."; + + container config { + description + "Configuration parameters relating to router advertisements + for IPv6."; + uses ipv6-ra-config; + } + + container state { + config false; + description + "Operational state parameters relating to router + advertisements for IPv6."; + uses ipv6-ra-config; + } + + container prefixes { + description + "Container for a list of prefixes that are included in the + router advertisement message."; + + list prefix { + key "prefix"; + + description + "List of prefixes that are to be included in the IPv6 + router-advertisement messages for the interface. The list + is keyed by the IPv6 prefix in CIDR representation. + + Prefixes that are listed are those that are to be + advertised in router advertisement messages. Where there + are IPv6 global addresses configured on an interface and + the prefix is not listed in the prefix list, it MUST NOT + be advertised in the router advertisement message."; + + leaf prefix { + type leafref { + path "../config/prefix"; + } + description + "Reference to the IPv6 prefix key for the prefix list."; + } + + container config { + description + "Configuration parameters corresponding to an IPv6 prefix + within the router advertisement."; + + uses ipv6-ra-prefix-config; + } + + container state { + config false; + description + "Operational state parameters corresponding to an IPv6 prefix + within the router advertisement."; + + uses ipv6-ra-prefix-config; + } + } + } + } + + container neighbors { + description + "Enclosing container for list of IPv6 neighbors"; + + list neighbor { + key "ip"; + description + "List of IPv6 neighbors"; + + leaf ip { + type leafref { + path "../config/ip"; + } + description + "References the configured IP neighbor address"; + } + + container config { + description "Configuration data for each IPv6 address on + the interface"; + + uses ipv6-neighbor-config; + + } + + container state { + + config false; + description "State data for each IPv6 address on the + interface"; + + uses ipv6-neighbor-config; + uses ipv6-neighbor-state; + } + } + } + uses oc-if:sub-unnumbered-top; + + container config { + description "Top-level config data for the IPv6 interface"; + + uses ipv6-global-config; + } + + container state { + config false; + description + "Top-level operational state data for the IPv6 interface"; + + uses ipv6-global-config; + uses ip-common-counters-state; + + } + } + } + + // augment statements + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface" { + description + "IPv4 address family configuration for + interfaces"; + + uses ipv4-top; + + } + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface" { + description + "IPv6 address family configuration for + interfaces"; + + uses ipv6-top; + + } + + // VRRP for IPv4 interfaces + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface/oc-ip:ipv4/oc-ip:addresses/oc-ip:address" { + + description + "Additional IP addr family configuration for + interfaces"; + + uses ip-vrrp-top; + + } + + // VRRP for IPv6 interfaces + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface/oc-ip:ipv6/oc-ip:addresses/oc-ip:address" { + description + "Additional IP addr family configuration for + interfaces"; + + uses ip-vrrp-top; + + } + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface/oc-ip:ipv6/oc-ip:addresses/oc-ip:address/" + + "vrrp/vrrp-group/config" { + description + "Additional VRRP data for IPv6 interfaces"; + + uses ip-vrrp-ipv6-config; + } + + augment "/oc-if:interfaces/oc-if:interface/oc-if:subinterfaces/" + + "oc-if:subinterface/oc-ip:ipv6/oc-ip:addresses/oc-ip:address/vrrp/" + + "vrrp-group/state" { + description + "Additional VRRP data for IPv6 interfaces"; + + uses ip-vrrp-ipv6-state; + } + + // Augments for for routed VLANs + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan" { + description + "IPv4 address family configuration for + interfaces"; + + uses ipv4-top; + } + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan" { + description + "IPv6 address family configuration for + interfaces"; + + uses ipv6-top; + } + + // VRRP for routed VLAN interfaces + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan/" + + "oc-ip:ipv4/oc-ip:addresses/oc-ip:address" { + description + "Additional IP addr family configuration for + interfaces"; + + uses ip-vrrp-top; + + } + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan/" + + "oc-ip:ipv6/oc-ip:addresses/oc-ip:address" { + description + "Additional IP addr family configuration for + interfaces"; + + uses ip-vrrp-top; + + } + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan/" + + "oc-ip:ipv6/oc-ip:addresses/oc-ip:address/vrrp/vrrp-group/config" { + description + "Additional VRRP data for IPv6 interfaces"; + + uses ip-vrrp-ipv6-config; + } + + + augment "/oc-if:interfaces/oc-if:interface/oc-vlan:routed-vlan/" + + "oc-ip:ipv6/oc-ip:addresses/oc-ip:address/vrrp/vrrp-group/state" { + description + "Additional VRRP data for IPv6 interfaces"; + + uses ip-vrrp-ipv6-state; + } + + // rpc statements + + // notification statements +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-interfaces.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-interfaces.yang new file mode 100644 index 0000000000000000000000000000000000000000..2cf2bdc84f11d0688eb56574620cd787f2d5c56f --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/interfaces/openconfig-interfaces.yang @@ -0,0 +1,1336 @@ +module openconfig-interfaces { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/interfaces"; + + prefix "oc-if"; + + // import some basic types + import ietf-interfaces { prefix ietf-if; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-types { prefix oc-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-transport-types { prefix oc-opt-types; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "Model for managing network interfaces and subinterfaces. This + module also defines convenience types / groupings for other + models to create references to interfaces: + + base-interface-ref (type) - reference to a base interface + interface-ref (grouping) - container for reference to a + interface + subinterface + interface-ref-state (grouping) - container for read-only + (opstate) reference to interface + subinterface + + This model reuses data items defined in the IETF YANG model for + interfaces described by RFC 7223 with an alternate structure + (particularly for operational state data) and with + additional configuration items. + + Portions of this code were derived from IETF RFC 7223. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "3.7.1"; + + revision "2024-04-04" { + description + "Use single quotes in descriptions."; + reference + "3.7.1"; + } + + revision "2023-11-06" { + description + "Clarify description for admin-status TESTING."; + reference + "3.7.0"; + } + + revision "2023-08-29" { + description + "Add augment for penalty-based additive-increase, exponential-decrease link damping algorithm."; + reference + "3.6.0"; + } + + revision "2023-07-14" { + description + "Move counters which apply to both interfaces and subinterfaces to + a common grouping. Deprecate physical counters from subinterface"; + reference "3.5.0"; + } + + revision "2023-02-06" { + description + "Add further specification to interface-ref type to + clarify that the interface and subinterface leaves + are how an interface is referenced, regardless of + context."; + reference "3.0.2"; + } + + revision "2022-10-25" { + description + "change loopback-mode to align with available modes"; + reference "3.0.1"; + } + + revision "2021-04-06" { + description + "Add leaves for management and cpu interfaces"; + reference "2.5.0"; + } + + revision "2019-11-19" { + description + "Update description of interface name."; + reference "2.4.3"; + } + + revision "2019-07-10" { + description + "Remove redundant nanosecond units statements to reflect + universal definition of timeticks64 type."; + reference "2.4.2"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "2.4.1"; + } + + revision "2018-08-07" { + description + "Add leaf to indicate whether an interface is physical or + logical."; + reference "2.4.0"; + } + + revision "2018-07-02" { + description + "Add in-pkts and out-pkts in counters"; + reference "2.3.2"; + } + + revision "2018-04-24" { + description + "Clarified behavior of last-change state leaf"; + reference "2.3.1"; + } + + revision "2018-01-05" { + description + "Add logical loopback to interface."; + reference "2.3.0"; + } + + revision "2017-12-22" { + description + "Add IPv4 proxy ARP configuration."; + reference "2.2.0"; + } + + revision "2017-12-21" { + description + "Added IPv6 router advertisement configuration."; + reference "2.1.0"; + } + + revision "2017-07-14" { + description + "Added Ethernet/IP state data; Add dhcp-client; + migrate to OpenConfig types modules; Removed or + renamed opstate values"; + reference "2.0.0"; + } + + revision "2017-04-03" { + description + "Update copyright notice."; + reference "1.1.1"; + } + + revision "2016-12-22" { + description + "Fixes to Ethernet interfaces model"; + reference "1.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // typedef statements + + typedef base-interface-ref { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + description + "Reusable type for by-name reference to a base interface. + This type may be used in cases where ability to reference + a subinterface is not required."; + } + + typedef interface-id { + type string; + description + "User-defined identifier for an interface, generally used to + name a interface reference. The id can be arbitrary but a + useful convention is to use a combination of base interface + name and subinterface index."; + } + + // grouping statements + + grouping interface-ref-common { + description + "Reference leafrefs to interface / subinterface"; + + leaf interface { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + description + "Reference to a base interface. If a reference to a + subinterface is required, this leaf must be specified + to indicate the base interface."; + } + + leaf subinterface { + type leafref { + path "/oc-if:interfaces/" + + "oc-if:interface[oc-if:name=current()/../interface]/" + + "oc-if:subinterfaces/oc-if:subinterface/oc-if:index"; + } + description + "Reference to a subinterface -- this requires the base + interface to be specified using the interface leaf in + this container. If only a reference to a base interface + is requuired, this leaf should not be set."; + } + } + + grouping interface-ref-state-container { + description + "Reusable opstate w/container for a reference to an + interface or subinterface"; + + container state { + config false; + description + "Operational state for interface-ref"; + + uses interface-ref-common; + } + } + + grouping interface-ref { + description + "Reusable definition for a reference to an interface or + subinterface"; + + container interface-ref { + description + "Reference to an interface or subinterface. The interface + that is being referenced is uniquely referenced based on + the specified interface and subinterface leaves. In contexts + where a Layer 3 interface is to be referenced, both the + interface and subinterface leaves must be populated, as + Layer 3 configuration within the OpenConfig models is + associated with a subinterface. In the case where a + Layer 2 interface is to be referenced, only the + interface is specified. + + The interface/subinterface leaf tuple must be used as + the means by which the interface is specified, regardless + of any other context information (e.g., key in a list)."; + + container config { + description + "Configured reference to interface / subinterface"; + oc-ext:telemetry-on-change; + + uses interface-ref-common; + } + + uses interface-ref-state-container; + } + } + + grouping interface-ref-state { + description + "Reusable opstate w/container for a reference to an + interface or subinterface"; + + container interface-ref { + description + "Reference to an interface or subinterface"; + + uses interface-ref-state-container; + } + } + + grouping base-interface-ref-state { + description + "Reusable opstate w/container for a reference to a + base interface (no subinterface)."; + + container state { + config false; + description + "Operational state for base interface reference"; + + leaf interface { + type base-interface-ref; + description + "Reference to a base interface."; + } + } + } + + + grouping interface-common-config { + description + "Configuration data data nodes common to physical interfaces + and subinterfaces"; + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + datastore. + + Specifically, if the device supports ':startup', when + ifAlias is read the device MUST return the value of + 'description' in the 'startup' datastore, and when it is + written, it MUST be written to the 'running' and 'startup' + datastores. Note that it is up to the implementation to + + decide whether to modify this single leaf in 'startup' or + perform an implicit copy-config from 'running' to + 'startup'. + + If the device does not support ':startup', ifAlias MUST + be mapped to the 'description' leaf in the 'running' + datastore."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the 'running' datastore to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + Changes in this leaf in the 'running' datastore are + reflected in ifAdminStatus, but if ifAdminStatus is + changed over SNMP, this leaf is not affected."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + } + + grouping interface-phys-config { + description + "Configuration data for physical interfaces"; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. The 'config false' + list interfaces/interface[name]/state contains the currently + existing interfaces on the device. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + corresponding state list, the server MAY reject + the request if the implementation does not support + pre-provisioning of interfaces or if the name refers to + an interface that can never exist in the system. A + NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case. + + The IETF model in RFC 7223 provides YANG features for the + following (i.e., pre-provisioning and arbitrary-names), + however they are omitted here: + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + /interfaces/interface[name]/state list."; + } + + leaf type { + type identityref { + base ietf-if:interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf mtu { + type uint16; + description + "Set the max transmission unit size in octets + for the physical interface. If this is not set, the mtu is + set to the operational default -- e.g., 1514 bytes on an + Ethernet interface."; + } + + leaf loopback-mode { + type oc-opt-types:loopback-mode-type; + description + "Sets the loopback type on the interface. Setting the + mode to something besides NONE activates the loopback in + the specified mode."; + } + + uses interface-common-config; + } + + grouping interface-phys-holdtime-config { + description + "Configuration data for interface hold-time settings -- + applies to physical interfaces."; + + leaf up { + type uint32; + units milliseconds; + default 0; + description + "Dampens advertisement when the interface + transitions from down to up. A zero value means dampening + is turned off, i.e., immediate notification."; + } + + leaf down { + type uint32; + units milliseconds; + default 0; + description + "Dampens advertisement when the interface transitions from + up to down. A zero value means dampening is turned off, + i.e., immediate notification."; + } + } + + grouping interface-phys-holdtime-state { + description + "Operational state data for interface hold-time."; + } + + grouping interface-phys-holdtime-top { + description + "Top-level grouping for setting link transition + dampening on physical and other types of interfaces."; + + container hold-time { + description + "Top-level container for hold-time settings to enable + dampening advertisements of interface transitions."; + + container config { + description + "Configuration data for interface hold-time settings."; + oc-ext:telemetry-on-change; + + uses interface-phys-holdtime-config; + } + + container state { + + config false; + + description + "Operational state data for interface hold-time."; + + uses interface-phys-holdtime-config; + uses interface-phys-holdtime-state; + } + } + } + + grouping interface-link-damping-config { + description + "Configuration data for interface link damping settings."; + + leaf max-suppress-time { + type uint32; + units milliseconds; + default 0; + description + "Maximum time an interface can remain damped since the last link down event no matter how unstable it has been prior to this period of stability. In a damped state, the interface's state change will not be advertised."; + } + + leaf decay-half-life { + type uint32; + units milliseconds; + default 0; + description + "The amount of time after which an interface's penalty is decreased by half. Decay-half-time should not be more than max-suppress-time."; + } + + leaf suppress-threshold { + type uint32; + default 0; + description + "The accumulated penalty that triggers the damping of an interface. A value of 0 indicates config is disabled."; + } + + leaf reuse-threshold { + type uint32; + default 0; + description + "When the accumulated penalty decreases to this reuse threshold, the interface is not damped anymore. Interface state changes are advertised to applications. A value of 0 indicates config is disabled."; + } + + leaf flap-penalty { + type uint32; + default 0; + description + "A penalty that each down event costs. A value of 0 indicates the config is disabled."; + } + } + grouping interface-link-damping-state { + description + "Operational state data for interface link damping settings."; + } + grouping link-damping-top { + description + "Top level grouping for link damping parameters."; + + container penalty-based-aied { + description + "Top level container to suppress UP->DOWN link events using a penalty based additive-increase, exponential-decrease algorithm."; + + container config { + description + "Configuration data for link damping settings."; + uses interface-link-damping-config; + } + + container state { + config false; + description + "Operational state data for link damping settings."; + uses interface-link-damping-config; + uses interface-link-damping-state; + } + } + } + + grouping interface-common-state { + description + "Operational state data (in addition to intended configuration) + at the global level for this interface"; + + oc-ext:operational; + + leaf ifindex { + type uint32; + description + "System assigned number for each interface. Corresponds to + ifIndex object in SNMP Interface MIB"; + reference + "RFC 2863 - The Interfaces Group MIB"; + oc-ext:telemetry-on-change; + } + + leaf admin-status { + type enumeration { + enum UP { + description + "Ready to pass packets."; + } + enum DOWN { + description + "Not ready to pass packets and not in some test mode."; + } + enum TESTING { + description + "The interface should be treated as if in admin-down state for + control plane protocols. In addition, while in TESTING state the + device should remove the interface from aggregate interfaces. + An interface transition to the TESTING state based on a qualification + workflow, or internal device triggered action - such as the gNOI Link + Qualification service"; + reference + "gNOI Link Qualification Service + https://github.com/openconfig/gnoi/blob/main/packet_link_qualification/index.md"; + } + } + //TODO:consider converting to an identity to have the + //flexibility to remove some values defined by RFC 7223 that + //are not used or not implemented consistently. + mandatory true; + description + "The desired state of the interface. In RFC 7223 this leaf + has the same read semantics as ifAdminStatus. Here, it + reflects the administrative state as set by enabling or + disabling the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + oc-ext:telemetry-on-change; + } + + leaf oper-status { + type enumeration { + enum UP { + value 1; + description + "Ready to pass packets."; + } + enum DOWN { + value 2; + description + "The interface does not pass any packets."; + } + enum TESTING { + value 3; + description + "In test mode. No operational packets can + be passed."; + } + enum UNKNOWN { + value 4; + description + "Status cannot be determined for some reason."; + } + enum DORMANT { + value 5; + description + "Waiting for some external event."; + } + enum NOT_PRESENT { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum LOWER_LAYER_DOWN { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + //TODO:consider converting to an identity to have the + //flexibility to remove some values defined by RFC 7223 that + //are not used or not implemented consistently. + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + oc-ext:telemetry-on-change; + } + + leaf last-change { + type oc-types:timeticks64; + description + "This timestamp indicates the absolute time of the last + state change of the interface (e.g., up-to-down transition). + This is different than the SNMP ifLastChange object in the + standard interface MIB in that it is not relative to the + system boot time (i.e,. sysUpTime). + + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + oc-ext:telemetry-on-change; + } + + leaf logical { + type boolean; + description + "When set to true, the interface is a logical interface + which does not have an associated physical port or + channel on the system."; + oc-ext:telemetry-on-change; + } + + leaf management { + type boolean; + description + "When set to true, the interface is a dedicated + management interface that is not connected to dataplane + interfaces. It may be used to connect the system to an + out-of-band management network, for example."; + oc-ext:telemetry-on-change; + } + + leaf cpu { + type boolean; + description + "When set to true, the interface is for traffic + that is handled by the system CPU, sometimes also called the + control plane interface. On systems that represent the CPU + interface as an Ethernet interface, for example, this leaf + should be used to distinguish the CPU interface from dataplane + interfaces."; + oc-ext:telemetry-on-change; + } + } + + grouping interface-common-counters-state { + description + "Operational state representing interface counters and statistics + applicable to (physical) interfaces and (logical) subinterfaces."; + + leaf in-octets { + type oc-yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-pkts { + type oc-yang:counter64; + description + "The total number of packets received on the interface, + including all unicast, multicast, broadcast and bad packets + etc."; + reference + "RFC 2819: Remote Network Monitoring Management Information Base. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-unicast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-broadcast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInBroadcastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-multicast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInMulticastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-errors { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf in-discards { + type oc-yang:counter64; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + + + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-octets { + type oc-yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-pkts { + type oc-yang:counter64; + description + "The total number of packets transmitted out of the + interface, including all unicast, multicast, broadcast, + and bad packets etc."; + reference + "RFC 2819: Remote Network Monitoring Management Information Base. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-unicast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-broadcast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutBroadcastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-multicast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutMulticastPkts. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-discards { + type oc-yang:counter64; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf out-errors { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors. + RFC 4293: Management Information Base for the + Internet Protocol (IP)."; + } + + leaf last-clear { + type oc-types:timeticks64; + description + "Timestamp of the last time the interface counters were + cleared. + + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + oc-ext:telemetry-on-change; + } + } + + grouping interface-counters-state { + description + "Operational state representing interface counters + and statistics."; + + oc-ext:operational; + + leaf in-unknown-protos { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf in-fcs-errors { + type oc-yang:counter64; + description + "Number of received packets which had errors in the + frame check sequence (FCS), i.e., framing errors. + + Discontinuities in the value of this counter can occur + when the device is re-initialization as indicated by the + value of 'last-clear'."; + } + + leaf carrier-transitions { + type oc-yang:counter64; + description + "Number of times the interface state has transitioned + between up and down since the time the device restarted + or the last-clear time, whichever is most recent."; + oc-ext:telemetry-on-change; + } + + leaf resets { + type oc-yang:counter64; + description + "Number of times the interface hardware has been reset. The + triggers and effects of this event are hardware-specifc."; + oc-ext:telemetry-on-change; + + } + } + + grouping subinterfaces-counters-state { + description + "Operational state representing counters unique to subinterfaces"; + + oc-ext:operational; + leaf in-unknown-protos { + type oc-yang:counter64; + status deprecated; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf in-fcs-errors { + type oc-yang:counter64; + status deprecated; + description + "Number of received packets which had errors in the + frame check sequence (FCS), i.e., framing errors. + + Discontinuities in the value of this counter can occur + when the device is re-initialization as indicated by the + value of 'last-clear'."; + } + + leaf carrier-transitions { + type oc-yang:counter64; + status deprecated; + description + "Number of times the interface state has transitioned + between up and down since the time the device restarted + or the last-clear time, whichever is most recent."; + oc-ext:telemetry-on-change; + } + + } + + // data definition statements + + grouping sub-unnumbered-config { + description + "Configuration data for unnumbered subinterfaces"; + + leaf enabled { + type boolean; + default false; + description + "Indicates that the subinterface is unnumbered. By default + the subinterface is numbered, i.e., expected to have an + IP address configuration."; + } + } + + grouping sub-unnumbered-state { + description + "Operational state data unnumbered subinterfaces"; + } + + grouping sub-unnumbered-top { + description + "Top-level grouping unnumbered subinterfaces"; + + container unnumbered { + description + "Top-level container for setting unnumbered interfaces. + Includes reference the interface that provides the + address information"; + + container config { + description + "Configuration data for unnumbered interface"; + oc-ext:telemetry-on-change; + + uses sub-unnumbered-config; + } + + container state { + + config false; + + description + "Operational state data for unnumbered interfaces"; + + uses sub-unnumbered-config; + uses sub-unnumbered-state; + } + + uses oc-if:interface-ref; + } + } + + grouping subinterfaces-config { + description + "Configuration data for subinterfaces"; + + leaf index { + type uint32; + default 0; + description + "The index of the subinterface, or logical interface number. + On systems with no support for subinterfaces, or not using + subinterfaces, this value should default to 0, i.e., the + default subinterface."; + } + + uses interface-common-config; + + } + + grouping subinterfaces-state { + description + "Operational state data for subinterfaces"; + + oc-ext:operational; + + leaf name { + type string; + description + "The system-assigned name for the sub-interface. This MAY + be a combination of the base interface name and the + subinterface index, or some other convention used by the + system."; + oc-ext:telemetry-on-change; + } + + uses interface-common-state; + + container counters { + description + "A collection of interface specific statistics entitites which are + not common to subinterfaces."; + + uses interface-common-counters-state; + uses subinterfaces-counters-state; + } + } + + grouping subinterfaces-top { + description + "Subinterface data for logical interfaces associated with a + given interface"; + + container subinterfaces { + description + "Enclosing container for the list of subinterfaces associated + with a physical interface"; + + list subinterface { + key "index"; + + description + "The list of subinterfaces (logical interfaces) associated + with a physical interface"; + + leaf index { + type leafref { + path "../config/index"; + } + description + "The index number of the subinterface -- used to address + the logical interface"; + } + + container config { + description + "Configurable items at the subinterface level"; + oc-ext:telemetry-on-change; + + uses subinterfaces-config; + } + + container state { + + config false; + description + "Operational state data for logical interfaces"; + + uses subinterfaces-config; + uses subinterfaces-state; + } + } + } + } + + grouping interfaces-top { + description + "Top-level grouping for interface configuration and + operational state data"; + + container interfaces { + description + "Top level container for interfaces, including configuration + and state data."; + + + list interface { + key "name"; + + description + "The list of named interfaces on the device."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "References the name of the interface"; + //TODO: need to consider whether this should actually + //reference the name in the state subtree, which + //presumably would be the system-assigned name, or the + //configured name. Points to the config/name now + //because of YANG 1.0 limitation that the list + //key must have the same "config" as the list, and + //also can't point to a non-config node. + } + + container config { + description + "Configurable items at the global, physical interface + level"; + oc-ext:telemetry-on-change; + + uses interface-phys-config; + } + + container state { + + config false; + description + "Operational state data at the global interface level"; + + uses interface-phys-config; + uses interface-common-state; + + container counters { + description + "A collection of interface specific statistics entitites which are + not common to subinterfaces."; + + uses interface-common-counters-state; + uses interface-counters-state; + } + } + + uses interface-phys-holdtime-top { + when "./penalty-based-aied/config/suppress-threshold = 0 + or ./penalty-based-aied/config/reuse-threshold = 0 + or ./penalty-based-aied/config/flap-penalty = 0" { + description + "Hold time and penalty-based-aied are two algorithms to suppress + link transitions and must be mutually exclusive."; + } + } + uses link-damping-top; + uses subinterfaces-top; + } + } + } + + uses interfaces-top; + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/mpls/openconfig-mpls-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/mpls/openconfig-mpls-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..765e467cf8cc7d10950753160a90fee321016a94 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/mpls/openconfig-mpls-types.yang @@ -0,0 +1,548 @@ +module openconfig-mpls-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/mpls-types"; + + prefix "oc-mplst"; + + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "General types for MPLS / TE data model"; + + oc-ext:openconfig-version "3.5.0"; + + revision "2023-12-14" { + description + "Added additional attributes oc-if:interface-ref + and metric attributes to static lsp"; + reference "3.5.0"; + } + + revision "2021-12-01" { + description + "Add new identity for RSVP authentication types"; + reference "3.4.0"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace"; + reference "3.3.1"; + } + + revision "2021-03-23" { + description + "Add new identity for path metric types."; + reference "3.3.0"; + } + + revision "2020-02-04" { + description + "Consistent prefix for openconfig-mpls-types."; + reference "3.2.0"; + } + + revision "2019-03-26" { + description + "Add Pseudowire encapsulation."; + reference "3.1.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "3.0.1"; + } + + revision "2018-07-02" { + description + "Add new RSVP-TE statistics, remove associated-rsvp-session + leaf. Remove use of date-and-time."; + reference "3.0.0"; + } + + revision "2018-06-16" { + description + "Included attributes for base LDP configuration."; + reference "2.6.0"; + } + + revision "2018-06-13" { + description + "Add ttl-propagation to global MPLS config"; + reference "2.5.0"; + } + + revision "2018-06-05" { + description + "Fixed bugs in when statements on RSVP-TE attributes"; + reference "2.4.2"; + } + + revision "2017-08-24" { + description + "Minor formatting fixes."; + reference "2.4.1"; + } + + revision "2017-06-21" { + description + "Add TC bits typedef."; + reference "2.4.0"; + } + + revision "2017-03-22" { + description + "Add RSVP calculated-absolute-subscription-bw"; + reference "2.3.0"; + } + + revision "2017-01-26" { + description + "Add RSVP Tspec, clarify units for RSVP, remove unused LDP"; + reference "2.2.0"; + } + + revision "2016-12-15" { + description + "Add additional MPLS parameters"; + reference "2.1.0"; + } + + revision "2016-09-01" { + description + "Revisions based on implementation feedback"; + reference "2.0.0"; + } + + revision "2016-08-08" { + description + "Public release of MPLS models"; + reference "1.0.1"; + } + + // identity statements + + identity PATH_COMPUTATION_METHOD { + description + "base identity for supported path computation + mechanisms"; + } + + identity LOCALLY_COMPUTED { + base PATH_COMPUTATION_METHOD; + description + "indicates a constrained-path LSP in which the + path is computed by the local LER"; + } + + identity EXTERNALLY_QUERIED { + base PATH_COMPUTATION_METHOD; + description + "Constrained-path LSP in which the path is + obtained by querying an external source, such as a PCE server. + In the case that an LSP is defined to be externally queried, it may + also have associated explicit definitions (which are provided to the + external source to aid computation); and the path that is returned by + the external source is not required to provide a wholly resolved + path back to the originating system - that is to say, some local + computation may also be required"; + } + + identity EXPLICITLY_DEFINED { + base PATH_COMPUTATION_METHOD; + description + "constrained-path LSP in which the path is + explicitly specified as a collection of strict or/and loose + hops"; + } + + + // using identities rather than enum types to simplify adding new + // signaling protocols as they are introduced and supported + identity PATH_SETUP_PROTOCOL { + description + "base identity for supported MPLS signaling + protocols"; + } + + identity PATH_SETUP_RSVP { + base PATH_SETUP_PROTOCOL; + description + "RSVP-TE signaling protocol"; + } + + identity PATH_SETUP_SR { + base PATH_SETUP_PROTOCOL; + description + "Segment routing"; + } + + identity PATH_SETUP_LDP { + base PATH_SETUP_PROTOCOL; + description + "LDP - RFC 5036"; + } + + + identity PROTECTION_TYPE { + description + "base identity for protection type"; + } + + identity UNPROTECTED { + base PROTECTION_TYPE; + description + "no protection is desired"; + } + + identity LINK_PROTECTION_REQUIRED { + base PROTECTION_TYPE; + description + "link protection is desired"; + } + + identity LINK_NODE_PROTECTION_REQUESTED { + base PROTECTION_TYPE; + description + "node and link protection are both desired"; + } + + identity LSP_ROLE { + description + "Base identity for describing the role of + label switched path at the current node"; + } + + identity INGRESS { + base LSP_ROLE; + description + "Label switched path is an ingress (headend) + LSP"; + } + + identity EGRESS { + base LSP_ROLE; + description + "Label switched path is an egress (tailend) + LSP"; + } + + identity TRANSIT { + base LSP_ROLE; + description + "Label switched path is a transit LSP"; + } + + + identity TUNNEL_TYPE { + description + "Base identity from which specific tunnel types are + derived."; + } + + identity P2P { + base TUNNEL_TYPE; + description + "TE point-to-point tunnel type."; + } + + identity P2MP { + base TUNNEL_TYPE; + description + "TE point-to-multipoint tunnel type."; + } + + + identity LSP_OPER_STATUS { + description + "Base identity for LSP operational status"; + } + + identity DOWN { + base LSP_OPER_STATUS; + description + "LSP is operationally down or out of service"; + } + + identity UP { + base LSP_OPER_STATUS; + description + "LSP is operationally active and available + for traffic."; + } + + identity TUNNEL_ADMIN_STATUS { + description + "Base identity for tunnel administrative status"; + } + + identity ADMIN_DOWN { + base TUNNEL_ADMIN_STATUS; + description + "LSP is administratively down"; + } + + identity ADMIN_UP { + base TUNNEL_ADMIN_STATUS; + description + "LSP is administratively up"; + } + + identity NULL_LABEL_TYPE { + description + "Base identity from which specific null-label types are + derived."; + } + + identity EXPLICIT { + base NULL_LABEL_TYPE; + description + "Explicit null label is used."; + } + + identity IMPLICIT { + base NULL_LABEL_TYPE; + description + "Implicit null label is used."; + } + + identity LSP_METRIC_TYPE { + description + "Base identity for types of LSP metric specification"; + } + + identity LSP_METRIC_RELATIVE { + base LSP_METRIC_TYPE; + description + "The metric specified for the LSPs to which this identity refers + is specified as a relative value to the IGP metric cost to the + LSP's tail-end."; + } + + identity LSP_METRIC_ABSOLUTE { + base LSP_METRIC_TYPE; + description + "The metric specified for the LSPs to which this identity refers + is specified as an absolute value"; + } + + identity LSP_METRIC_INHERITED { + base LSP_METRIC_TYPE; + description + "The metric for for the LSPs to which this identity refers is + not specified explicitly - but rather inherited from the IGP + cost directly"; + } + + // Note: The IANA PWE3 Types Registry has several more values than these + identity PSEUDOWIRE_ENCAPSULATION { + description + "Sets the PDU type of the PSEUDOWIRE Example in RFC4448. This value + should be enumerated from the IANA Pseudowire types registry"; + } + + identity PWE_ETHERNET_TAGGED_MODE { + base PSEUDOWIRE_ENCAPSULATION; + description + "Ethernet Tagged Mode RFC4448"; + reference "IANA PWE3 0x0004"; + } + + identity PWE_ETHERNET_RAW_MODE { + base PSEUDOWIRE_ENCAPSULATION; + description + "Ethernet Raw Mode RFC4448"; + reference "IANA PWE3 0x0005"; + } + + identity PATH_METRIC_TYPE { + description + "Base identity for path metric type."; + } + + identity TE_METRIC { + base PATH_METRIC_TYPE; + description + "TE path metric."; + reference + "RFC3785: Use of Interior Gateway Protocol (IGP) Metric as a + second MPLS Traffic Engineering (TE) Metric. + RFC5440: Path Computation Element (PCE) Communication Protocol (PCEP)."; + } + + identity IGP_METRIC { + base PATH_METRIC_TYPE; + description + "IGP path metric."; + reference + "RFC5440: Path Computation Element (PCE) Communication Protocol (PCEP)."; + } + + identity HOP_COUNT { + base PATH_METRIC_TYPE; + description + "Hop count path metric."; + reference + "RFC5440: Path Computation Element (PCE) Communication Protocol (PCEP)."; + } + + identity PATH_DELAY { + base PATH_METRIC_TYPE; + description + "Unidirectional average link delay. + It represents the sum of the Link Delay metric + of all links along a P2P path."; + reference + "RFC8570 IS-IS Traffic Engineering (TE) Metric Extensions. + RFC7471 OSPF Traffic Engineering (TE) Metric Extensions. + RFC 8233: Extensions to the Path Computation Element Communication Protocol (PCEP) + to Compute Service-Aware Label Switched Paths (LSPs) Path Computation Element (PCE) + Communication Protocol (PCEP)."; + } + + identity RSVP_AUTH_TYPE { + description + "Base identity for RSVP message authentication types"; + reference + "RFC2747: RSVP Cryptographic Authentication"; + } + + identity RSVP_AUTH_MD5 { + base RSVP_AUTH_TYPE; + description + "HMAC-MD5 message authentication"; + } + + // typedef statements + typedef mpls-label { + type union { + type uint32 { + range 16..1048575; + } + type enumeration { + enum IPV4_EXPLICIT_NULL { + value 0; + description + "valid at the bottom of the label stack, + indicates that stack must be popped and packet forwarded + based on IPv4 header"; + } + enum ROUTER_ALERT { + value 1; + description + "allowed anywhere in the label stack except + the bottom, local router delivers packet to the local CPU + when this label is at the top of the stack"; + } + enum IPV6_EXPLICIT_NULL { + value 2; + description + "valid at the bottom of the label stack, + indicates that stack must be popped and packet forwarded + based on IPv6 header"; + } + enum IMPLICIT_NULL { + value 3; + description + "assigned by local LSR but not carried in + packets"; + } + enum ENTROPY_LABEL_INDICATOR { + value 7; + description + "Entropy label indicator, to allow an LSR + to distinguish between entropy label and applicaiton + labels RFC 6790"; + } + enum NO_LABEL { + description + "This value is utilised to indicate that the packet that + is forwarded by the local system does not have an MPLS + header applied to it. Typically, this is used at the + egress of an LSP"; + } + } + } + description + "type for MPLS label value encoding"; + reference "RFC 3032 - MPLS Label Stack Encoding"; + } + + typedef tunnel-type { + type enumeration { + enum P2P { + description + "point-to-point label-switched-path"; + } + enum P2MP { + description + "point-to-multipoint label-switched-path"; + } + enum MP2MP { + description + "multipoint-to-multipoint label-switched-path"; + } + } + description + "defines the tunnel type for the LSP"; + reference + "RFC 6388 - Label Distribution Protocol Extensions for + Point-to-Multipoint and Multipoint-to-Multipoint Label Switched + Paths + RFC 4875 - Extensions to Resource Reservation Protocol + - Traffic Engineering (RSVP-TE) for Point-to-Multipoint TE + Label Switched Paths (LSPs)"; + } + + typedef bandwidth-kbps { + type uint64; + units "Kbps"; + description + "Bandwidth values expressed in kilobits per second"; + } + + typedef bandwidth-mbps { + type uint64; + units "Mbps"; + description + "Bandwidth values expressed in megabits per second"; + } + + typedef bandwidth-gbps { + type uint64; + units "Gbps"; + description + "Bandwidth values expressed in gigabits per second"; + } + + typedef mpls-tc { + type uint8 { + range "0..7"; + } + description + "Values of the MPLS Traffic Class (formerly known as + Experimental, EXP) bits"; + } + + // grouping statements + + // data definition statements + + // augment statements + + // rpc statements + + // notification statements + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-extensions.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-extensions.yang new file mode 100644 index 0000000000000000000000000000000000000000..2e0fd9f075b235e90ebc58a5f56072cbaceccb56 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-extensions.yang @@ -0,0 +1,206 @@ +module openconfig-extensions { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/openconfig-ext"; + + prefix "oc-ext"; + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module provides extensions to the YANG language to allow + OpenConfig specific functionality and meta-data to be defined."; + + oc-ext:openconfig-version "0.5.1"; + + revision "2022-10-05" { + description + "Add missing version statement."; + reference "0.5.1"; + } + + revision "2020-06-16" { + description + "Add extension for POSIX pattern statements."; + reference "0.5.0"; + } + + revision "2018-10-17" { + description + "Add extension for regular expression type."; + reference "0.4.0"; + } + + revision "2017-04-11" { + description + "rename password type to 'hashed' and clarify description"; + reference "0.3.0"; + } + + revision "2017-01-29" { + description + "Added extension for annotating encrypted values."; + reference "0.2.0"; + } + + revision "2015-10-09" { + description + "Initial OpenConfig public release"; + reference "0.1.0"; + } + + + // extension statements + extension openconfig-version { + argument "semver" { + yin-element false; + } + description + "The OpenConfig version number for the module. This is + expressed as a semantic version number of the form: + x.y.z + where: + * x corresponds to the major version, + * y corresponds to a minor version, + * z corresponds to a patch version. + This version corresponds to the model file within which it is + defined, and does not cover the whole set of OpenConfig models. + + Individual YANG modules are versioned independently -- the + semantic version is generally incremented only when there is a + change in the corresponding file. Submodules should always + have the same semantic version as their parent modules. + + A major version number of 0 indicates that this model is still + in development (whether within OpenConfig or with industry + partners), and is potentially subject to change. + + Following a release of major version 1, all modules will + increment major revision number where backwards incompatible + changes to the model are made. + + The minor version is changed when features are added to the + model that do not impact current clients use of the model. + + The patch-level version is incremented when non-feature changes + (such as bugfixes or clarifications to human-readable + descriptions that do not impact model functionality) are made + that maintain backwards compatibility. + + The version number is stored in the module meta-data."; + } + + extension openconfig-hashed-value { + description + "This extension provides an annotation on schema nodes to + indicate that the corresponding value should be stored and + reported in hashed form. + + Hash algorithms are by definition not reversible. Clients + reading the configuration or applied configuration for the node + should expect to receive only the hashed value. Values written + in cleartext will be hashed. This annotation may be used on + nodes such as secure passwords in which the device never reports + a cleartext value, even if the input is provided as cleartext."; + } + + extension regexp-posix { + description + "This extension indicates that the regular expressions included + within the YANG module specified are conformant with the POSIX + regular expression format rather than the W3C standard that is + specified by RFC6020 and RFC7950."; + } + + extension posix-pattern { + argument "pattern" { + yin-element false; + } + description + "Provides a POSIX ERE regular expression pattern statement as an + alternative to YANG regular expresssions based on XML Schema Datatypes. + It is used the same way as the standard YANG pattern statement defined in + RFC6020 and RFC7950, but takes an argument that is a POSIX ERE regular + expression string."; + reference + "POSIX Extended Regular Expressions (ERE) Specification: + https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_04"; + } + + extension telemetry-on-change { + description + "The telemetry-on-change annotation is specified in the context + of a particular subtree (container, or list) or leaf within the + YANG schema. Where specified, it indicates that the value stored + by the nodes within the context change their value only in response + to an event occurring. The event may be local to the target, for + example - a configuration change, or external - such as the failure + of a link. + + When a telemetry subscription allows the target to determine whether + to export the value of a leaf in a periodic or event-based fashion + (e.g., TARGET_DEFINED mode in gNMI), leaves marked as + telemetry-on-change should only be exported when they change, + i.e., event-based."; + } + + extension telemetry-atomic { + description + "The telemetry-atomic annotation is specified in the context of + a subtree (containre, or list), and indicates that all nodes + within the subtree are always updated together within the data + model. For example, all elements under the subtree may be updated + as a result of a new alarm being raised, or the arrival of a new + protocol message. + + Transport protocols may use the atomic specification to determine + optimisations for sending or storing the corresponding data."; + } + + extension operational { + description + "The operational annotation is specified in the context of a + grouping, leaf, or leaf-list within a YANG module. It indicates + that the nodes within the context are derived state on the device. + + OpenConfig data models divide nodes into the following three categories: + + - intended configuration - these are leaves within a container named + 'config', and are the writable configuration of a target. + - applied configuration - these are leaves within a container named + 'state' and are the currently running value of the intended configuration. + - derived state - these are the values within the 'state' container which + are not part of the applied configuration of the device. Typically, they + represent state values reflecting underlying operational counters, or + protocol statuses."; + } + + extension catalog-organization { + argument "org" { + yin-element false; + } + description + "This extension specifies the organization name that should be used within + the module catalogue on the device for the specified YANG module. It stores + a pithy string where the YANG organization statement may contain more + details."; + } + + extension origin { + argument "origin" { + yin-element false; + } + description + "This extension specifies the name of the origin that the YANG module + falls within. This allows multiple overlapping schema trees to be used + on a single network element without requiring module based prefixing + of paths."; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-transport/openconfig-transport-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-transport/openconfig-transport-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..dc56998428f8facb7e810249bb8b9ecff51f6005 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/openconfig-transport/openconfig-transport-types.yang @@ -0,0 +1,1883 @@ +module openconfig-transport-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/transport-types"; + + prefix "oc-opt-types"; + + import openconfig-platform-types { prefix oc-platform-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-types { prefix oc-types; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains general type definitions and identities + for optical transport models."; + + oc-ext:openconfig-version "0.24.0"; + + revision "2024-03-20" { + description + "FlexO support, 800G trib protocol, and OSFP + description update for 800G."; + reference "0.24.0"; + } + + revision "2024-03-12" { + description + "Add TRIBUTARY_RATE_CLASS_TYPE's up to 3200G to support + mating of two 1600G line rates."; + reference "0.23.0"; + } + + revision "2024-01-17" { + description + "Update loopback-mode types."; + reference "0.22.0"; + } + + revision "2024-01-16" { + description + "Added form factors QSFP28_DD and CSFP. + Added new PMDs: ETH_100GBASE_ER4L (MSA 100GBASE-ER4 Lite), + ETH_1GBASE_LX10. + Added References for 100GBASE-CR4 and 40GGBASE-CR4 for DACs"; + reference "0.21.0"; + } + + revision "2023-08-03" { + description + "Add QSFP56 and QSFP56_DD form factor identities and + deprecated QSFP56_DD_TYPE1 and QSFP56_DD_TYPE2 form factor identities."; + reference "0.20.0"; + } + + revision "2023-07-24" { + description + "Add SFP_DD and DSFP form factor identities."; + reference "0.19.0"; + } + + revision "2023-02-08" { + description + "Add ETH_100GBASE_DR PMD type"; + reference "0.18.1"; + } + + revision "2022-12-05" { + description + "Fix trailing whitespace"; + reference "0.17.1"; + } + + revision "2022-10-18" { + description + "Add ETH_400GMSA_PSM4 PMD type"; + reference "0.17.0"; + } + + revision "2022-09-26" { + description + "Add SFP28 and SFP56 form factor identities."; + reference "0.16.0"; + } + + revision "2021-07-29" { + description + "Add several avg-min-max-instant-stats groupings"; + reference "0.15.0"; + } + + revision "2021-03-22" { + description + "Add client mapping mode identityref."; + reference "0.14.0"; + } + + revision "2021-02-26" { + description + "Additional PMD types, form factors, and protocol types."; + reference "0.13.0"; + } + + revision "2020-08-12" { + description + "Additional tributary rates."; + reference "0.12.0"; + } + + revision "2020-04-24" { + description + "Add 400G protocol and additional tributary half rates."; + reference "0.11.0"; + } + + revision "2020-04-22" { + description + "Add AOC and DAC connector identities."; + reference "0.10.0"; + } + + revision "2019-06-27" { + description + "Add FIBER_JUMPER_TYPE identityref."; + reference "0.9.0"; + } + + revision "2019-06-21" { + description + "Generalize and rename optical port type identity"; + reference "0.8.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.7.1"; + } + + revision "2018-10-23" { + description + "Added frame mapping protocols for logical channels assignments + and tributary slot granularity for OTN logical channels"; + reference "0.7.0"; + } + + revision "2018-05-16" { + description + "Added interval,min,max time to interval stats."; + reference "0.6.0"; + } + + revision "2017-08-16" { + description + "Added ODU Cn protocol type"; + reference "0.5.0"; + } + + revision "2016-12-22" { + description + "Fixes and additions for terminal optics model"; + reference "0.4.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // typedef statements + + typedef frequency-type { + type uint64; + units "MHz"; + description + "Type for optical spectrum frequency values"; + } + + typedef admin-state-type { + type enumeration { + enum ENABLED { + description + "Sets the channel admin state to enabled"; + } + enum DISABLED { + description + "Sets the channel admin state to disabled"; + } + enum MAINT { + description + "Sets the channel to maintenance / diagnostic mode"; + } + } + description "Administrative state modes for + logical channels in the transponder model."; + } + + typedef loopback-mode-type { + type enumeration { + enum NONE { + description + "No loopback is applied"; + } + enum FACILITY { + description + "A port internal loopback at ASIC level. The loopback directs + traffic normally transmitted on the port back to the device as + if received on the same port from an external source. Note this + mode is used when internal loopback does NOT specify MAC or PHY."; + } + enum TERMINAL { + description + "A port external loopback at ASIC level. The loopback which + directs traffic received from an external source on the port + back out the transmit side of the same port. Note this mode is + used when external loopback does NOT specify MAC or PHY"; + } + enum ASIC_PHY_LOCAL { + description + "A port internal loopback at PHY module. The loopback directs + traffic normally transmitted on the port back to the device as + if received on the same port from an external source."; + } + enum ASIC_PHY_REMOTE { + description + "A port external loopback at PHY module. The loopback which + directs traffic received from an external source on the port + back out the transmit side of the same port."; + } + enum ASIC_MAC_LOCAL { + description + "A port internal loopback at MAC module. The loopback directs + traffic normally transmitted on the port back to the device as + if received on the same port from an external source."; + } + enum ASIC_MAC_REMOTE { + description + "A port external loopback at MAC module. The loopback which + directs traffic received from an external source on the port + back out the transmit side of the same port."; + } + } + default NONE; + description + "Loopback modes for transponder logical channels"; + } + + identity FRAME_MAPPING_PROTOCOL { + description + "Base identity for frame mapping protocols that can be used + when mapping Ethernet, OTN or other client signals to OTN + logical channels."; + } + + identity AMP { + base FRAME_MAPPING_PROTOCOL; + description "Asynchronous Mapping Procedure"; + } + + identity GMP { + base FRAME_MAPPING_PROTOCOL; + description "Generic Mapping Procedure"; + } + + identity BMP { + base FRAME_MAPPING_PROTOCOL; + description "Bit-synchronous Mapping Procedure"; + } + + identity CBR { + base FRAME_MAPPING_PROTOCOL; + description "Constant Bit Rate Mapping Procedure"; + } + + identity GFP_T { + base FRAME_MAPPING_PROTOCOL; + description "Transparent Generic Framing Protocol"; + } + + identity GFP_F { + base FRAME_MAPPING_PROTOCOL; + description "Framed-Mapped Generic Framing Protocol"; + } + + identity TRIBUTARY_SLOT_GRANULARITY { + description + "Base identity for tributary slot granularity for OTN + logical channels."; + } + + identity TRIB_SLOT_1.25G { + base TRIBUTARY_SLOT_GRANULARITY; + description + "The tributary slot with a bandwidth of approximately 1.25 Gb/s + as defined in ITU-T G.709 standard."; + } + + identity TRIB_SLOT_2.5G { + base TRIBUTARY_SLOT_GRANULARITY; + description + "The tributary slot with a bandwidth of approximately 2.5 Gb/s + as defined in ITU-T G.709 standard."; + } + + identity TRIB_SLOT_5G { + base TRIBUTARY_SLOT_GRANULARITY; + description + "The tributary slot with a bandwidth of approximately 5 Gb/s + as defined in ITU-T G.709 standard."; + } + + // grouping statements + + grouping avg-min-max-instant-stats-precision2-ps-nm { + description + "Common grouping for recording picosecond per nanometer + values with 2 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics. + Statistics are computed and reported based on a moving time + interval (e.g., the last 30s). If supported by the device, + the time interval over which the statistics are computed, and + the times at which the minimum and maximum values occurred, + are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units ps-nm; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units ps-nm; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units ps-nm; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units ps-nm; + description + "The maximum value of the statistic over the time interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-ps { + description + "Common grouping for recording picosecond values with + 2 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics. + Statistics are computed and reported based on a moving time + interval (e.g., the last 30s). If supported by the device, + the time interval over which the statistics are computed, and + the times at which the minimum and maximum values occurred, + are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units ps; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units ps; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units ps; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units ps; + description + "The maximum value of the statistic over the time interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-ps2 { + description + "Common grouping for recording picosecond^2 values with + 2 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics. + Statistics are computed and reported based on a moving time + interval (e.g., the last 30s). If supported by the device, + the time interval over which the statistics are computed, and + the times at which the minimum and maximum values occurred, + are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units ps^2; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units ps^2; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units ps^2; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units ps^2; + description + "The maximum value of the statistic over the time + interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision18-ber { + description + "Common grouping for recording bit error rate (BER) values + with 18 decimal precision. Note that decimal64 supports + values as small as i x 10^-18 where i is an integer. Values + smaller than this should be reported as 0 to inidicate error + free or near error free performance. Values include the + instantaneous, average, minimum, and maximum statistics. + Statistics are computed and reported based on a moving time + interval (e.g., the last 30s). If supported by the device, + the time interval over which the statistics are computed, and + the times at which the minimum and maximum values occurred, + are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 18; + } + units bit-errors-per-second; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 18; + } + units bit-errors-per-second; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 18; + } + units bit-errors-per-second; + description + "The minimum value of the statistic over the time + interval."; + } + + leaf max { + type decimal64 { + fraction-digits 18; + } + units bit-errors-per-second; + description + "The maximum value of the statistic over the time + interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision1-mhz { + description + "Common grouping for recording frequency values in MHz with + 1 decimal precision. Values include the instantaneous, average, + minimum, and maximum statistics. Statistics are computed and + reported based on a moving time interval (e.g., the last 30s). + If supported by the device, the time interval over which the + statistics are computed, and the times at which the minimum and + maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + units MHz; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 1; + } + units MHz; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + units MHz; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + units MHz; + description + "The maximum value of the statistic over the time interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision1-krads { + description + "Common grouping for recording kiloradian per second (krad/s) values + with 1 decimal precision. Values include the instantaneous, + average, minimum, and maximum statistics. Statistics are computed + and reported based on a moving time interval (e.g., the last 30s). + If supported by the device, the time interval over which the + statistics are computed, and the times at which the minimum and + maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + units "krad/s"; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 1; + } + units "krad/s"; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + units "krad/s"; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + units "krad/s"; + description + "The maximum value of the statistic over the time interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-pct { + description + "Common grouping for percentage statistics with 2 decimal precision. + Values include the instantaneous, average, minimum, and maximum + statistics. Statistics are computed and reported based on a moving + time interval (e.g., the last 30s). If supported by the device, + the time interval over which the statistics are computed, and the + times at which the minimum and maximum values occurred, are also + reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units percentage; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units percentage; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units percentage; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units percentage; + description + "The maximum value of the statistic over the time interval."; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + + // identity statements + + identity TRIBUTARY_PROTOCOL_TYPE { + description + "Base identity for protocol framing used by tributary + signals."; + } + + identity PROT_1GE { + base TRIBUTARY_PROTOCOL_TYPE; + description "1G Ethernet protocol"; + } + + identity PROT_OC48 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OC48 protocol"; + } + + identity PROT_STM16 { + base TRIBUTARY_PROTOCOL_TYPE; + description "STM 16 protocol"; + } + + identity PROT_10GE_LAN { + base TRIBUTARY_PROTOCOL_TYPE; + description "10G Ethernet LAN protocol"; + } + + identity PROT_10GE_WAN { + base TRIBUTARY_PROTOCOL_TYPE; + description "10G Ethernet WAN protocol"; + } + + identity PROT_OC192 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OC 192 (9.6GB) port protocol"; + } + + identity PROT_STM64 { + base TRIBUTARY_PROTOCOL_TYPE; + description "STM 64 protocol"; + } + + identity PROT_OTU2 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU 2 protocol"; + } + + identity PROT_OTU2E { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU 2e protocol"; + } + + identity PROT_OTU1E { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU 1e protocol"; + } + + identity PROT_ODU2 { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU 2 protocol"; + } + + identity PROT_ODU2E { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU 2e protocol"; + } + + identity PROT_40GE { + base TRIBUTARY_PROTOCOL_TYPE; + description "40G Ethernet port protocol"; + } + + identity PROT_OC768 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OC 768 protocol"; + } + + identity PROT_STM256 { + base TRIBUTARY_PROTOCOL_TYPE; + description "STM 256 protocol"; + } + + identity PROT_OTU3 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU 3 protocol"; + } + + identity PROT_ODU3 { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU 3 protocol"; + } + + identity PROT_100GE { + base TRIBUTARY_PROTOCOL_TYPE; + description "100G Ethernet protocol"; + } + + identity PROT_100G_MLG { + base TRIBUTARY_PROTOCOL_TYPE; + description "100G MLG protocol"; + } + + identity PROT_OTU4 { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU4 signal protocol (112G) for transporting + 100GE signal"; + } + + identity PROT_OTUCN { + base TRIBUTARY_PROTOCOL_TYPE; + description "OTU Cn protocol"; + } + + identity PROT_ODUCN { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU Cn protocol"; + } + + identity PROT_ODU4 { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU 4 protocol"; + } + + identity PROT_400GE { + base TRIBUTARY_PROTOCOL_TYPE; + description "400G Ethernet protocol"; + } + + identity PROT_800GE { + base TRIBUTARY_PROTOCOL_TYPE; + description "800G Ethernet protocol"; + } + + identity PROT_OTSIG { + base TRIBUTARY_PROTOCOL_TYPE; + description "Optical tributary signal group protocol"; + } + + identity PROT_ODUFLEX_CBR { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU Flex with CBR protocol"; + } + + identity PROT_FLEXO { + base TRIBUTARY_PROTOCOL_TYPE; + description + "FlexO protocol as defined in ITU-T G.709.1 and ITU-T G.709.3"; + } + + identity PROT_ODUFLEX_GFP { + base TRIBUTARY_PROTOCOL_TYPE; + description "ODU Flex with GFP protocol"; + } + + identity TRANSCEIVER_FORM_FACTOR_TYPE { + description + "Base identity for identifying the type of pluggable optic + transceiver (i.e,. form factor) used in a port."; + } + + identity CFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "C form-factor pluggable, that can support up to a + 100 Gb/s signal with 10x10G or 4x25G physical channels"; + } + + identity CFP2 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "1/2 C form-factor pluggable, that can support up to a + 200 Gb/s signal with 10x10G, 4x25G, or 8x25G physical + channels"; + } + + identity CFP2_ACO { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "CFP2 analog coherent optics transceiver, supporting + 100 Gb, 200Gb, and 250 Gb/s signal."; + } + + identity CFP4 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "1/4 C form-factor pluggable, that can support up to a + 100 Gb/s signal with 10x10G or 4x25G physical channels"; + } + + identity QSFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "OriginalQuad Small Form-factor Pluggable transceiver that can + support 4x1G physical channels. Not commonly used."; + } + + identity QSFP_PLUS { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Quad Small Form-factor Pluggable transceiver that can support + up to 4x10G physical channels."; + } + + identity QSFP28 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "QSFP pluggable optic with support for up to 4x28G physical + channels"; + } + + identity QSFP28_DD { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "QSFP-DD with electrical interfaces consisting of 8 lanes that operate at up to + 25 Gbps with NRZ modulation"; + reference "http://qsfp-dd.com"; + } + + identity QSFP56 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "QSFP pluggable optic with support for up to 4x56G physical + channels"; + } + + identity QSFP56_DD { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "QSFP-DD electrical interfaces will employ 8 lanes that operate up to + 25 Gbps NRZ modulation or 50 Gbps PAM4 modulation, providing + solutions up to 200 Gbps or 400 Gbps aggregate"; + reference "http://qsfp-dd.com"; + } + + identity QSFP56_DD_TYPE1 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + status deprecated; + description + "QSFP DD pluggable optic with support for up to 8x56G physical + channels. Type 1 uses eight optical and electrical signals."; + } + + identity QSFP56_DD_TYPE2 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + status deprecated; + description + "QSFP DD pluggable optic with support for up to 4x112G physical + channels. Type 2 uses four optical and eight electrical + signals."; + } + + identity CPAK { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Cisco CPAK transceiver supporting 100 Gb/s."; + } + + identity SFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Small form-factor pluggable transceiver supporting up to + 10 Gb/s signal"; + } + + identity SFP_PLUS { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Enhanced small form-factor pluggable transceiver supporting + up to 16 Gb/s signals, including 10 GbE and OTU2"; + } + + identity CSFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Compact Small form-factor pluggable transceiver. It is a version + of SFP with the same mechanical form factor allowing two independent + bidirectional channels per port."; + } + + + + identity SFP28 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Small form-factor pluggable transceiver supporting up to + 25 Gb/s signal"; + } + + identity SFP56 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Small form-factor pluggable transceiver supporting up to + 50 Gb/s signal"; + } + + identity SFP_DD { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "SFP-DD electrical interfaces will employ 2 lanes that operate up to + 25 Gbps NRZ modulation or 56 Gbps PAM4 modulation, providing + solutions up to 50 Gbps or 112 Gbps PAM4 aggregate"; + reference "http://sfp-dd.com"; + } + + identity DSFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "A transceiver implementing the DSFP Transceiver specification"; + reference "https://dsfpmsa.org/"; + } + + identity XFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "10 Gigabit small form factor pluggable transceiver supporting + 10 GbE and OTU2"; + } + + identity X2 { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "10 Gigabit small form factor pluggable transceiver supporting + 10 GbE using a XAUI inerface and 4 data channels."; + } + + identity OSFP { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Octal small form factor pluggable transceiver supporting + 400 Gb/s or 800 Gb/s."; + } + + identity NON_PLUGGABLE { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Represents a port that does not require a pluggable optic, + e.g., with on-board optics like COBO"; + } + + identity OTHER { + base TRANSCEIVER_FORM_FACTOR_TYPE; + description + "Represents a transceiver form factor not otherwise listed"; + } + + identity FIBER_CONNECTOR_TYPE { + description + "Type of optical fiber connector"; + } + + identity SC_CONNECTOR { + base FIBER_CONNECTOR_TYPE; + description + "SC type fiber connector"; + } + + identity LC_CONNECTOR { + base FIBER_CONNECTOR_TYPE; + description + "LC type fiber connector"; + } + + identity MPO_CONNECTOR { + base FIBER_CONNECTOR_TYPE; + description + "MPO (multi-fiber push-on/pull-off) type fiber connector + 1x12 fibers"; + } + + identity AOC_CONNECTOR { + base FIBER_CONNECTOR_TYPE; + description + "AOC (active optical cable) type fiber connector"; + } + + identity DAC_CONNECTOR { + base FIBER_CONNECTOR_TYPE; + description + "DAC (direct attach copper) type fiber connector"; + } + + identity ETHERNET_PMD_TYPE { + description + "Ethernet compliance codes (PMD) supported by transceivers"; + } + + identity ETH_1000BASE_LX10 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: ETH_1000BASE_LX10"; + reference "802.3ah-2004(CL59)"; + } + + identity ETH_10GBASE_LRM { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 10GBASE_LRM"; + } + + identity ETH_10GBASE_LR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 10GBASE_LR"; + } + + identity ETH_10GBASE_ZR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 10GBASE_ZR"; + } + + identity ETH_10GBASE_ER { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 10GBASE_ER"; + } + + identity ETH_10GBASE_SR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 10GBASE_SR"; + } + + identity ETH_40GBASE_CR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 40GBASE_CR4. + This PMD is used in Direct Attach Cables (DAC) + and Active Optical Cables (AOC)"; + reference "IEEE 802.3ba 40GBASE-CR4"; + } + + identity ETH_40GBASE_SR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 40GBASE_SR4"; + } + + identity ETH_40GBASE_LR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 40GBASE_LR4"; + } + + identity ETH_40GBASE_ER4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 40GBASE_ER4"; + } + + identity ETH_40GBASE_PSM4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 40GBASE_PSM4"; + } + + identity ETH_4X10GBASE_LR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 4x10GBASE_LR"; + } + + identity ETH_4X10GBASE_SR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 4x10GBASE_SR"; + } + + identity ETH_100G_AOC { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100G_AOC"; + } + + identity ETH_100G_ACC { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100G_ACC"; + } + + identity ETH_100GBASE_SR10 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_SR10"; + } + + identity ETH_100GBASE_SR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_SR4"; + } + + identity ETH_100GBASE_LR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_LR4"; + } + + identity ETH_100GBASE_ER4L { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_ER4L"; + } + + identity ETH_100GBASE_ER4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_ER4"; + } + + identity ETH_100GBASE_CWDM4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_CWDM4"; + } + + identity ETH_100GBASE_CLR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_CLR4"; + } + + identity ETH_100GBASE_PSM4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_PSM4"; + } + + identity ETH_100GBASE_CR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_CR4. + This PMD is used in Direct Attach Cables (DAC) + and Active Optical Cables (AOC)"; + reference "IEEE 802.3bj 100GBASE-CR4"; + } + + identity ETH_100GBASE_FR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_FR"; + } + + identity ETH_100GBASE_DR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 100GBASE_DR"; + } + + identity ETH_400GBASE_ZR { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GBASE_ZR"; + } + + identity ETH_400GBASE_LR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GBASE_LR4"; + } + + identity ETH_400GBASE_FR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GBASE_FR4"; + } + + identity ETH_400GBASE_LR8 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GBASE_LR8"; + } + + identity ETH_400GBASE_DR4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GBASE_DR4"; + } + + identity ETH_400GMSA_PSM4 { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: 400GMSA_PSM4"; + } + + identity ETH_UNDEFINED { + base ETHERNET_PMD_TYPE; + description "Ethernet compliance code: undefined"; + } + + identity SONET_APPLICATION_CODE { + description + "Supported SONET/SDH application codes"; + } + + identity VSR2000_3R2 { + base SONET_APPLICATION_CODE; + description + "SONET/SDH application code: VSR2000_3R2"; + } + + identity VSR2000_3R3 { + base SONET_APPLICATION_CODE; + description + "SONET/SDH application code: VSR2000_3R3"; + } + + identity VSR2000_3R5 { + base SONET_APPLICATION_CODE; + description + "SONET/SDH application code: VSR2000_3R5"; + } + + identity SONET_UNDEFINED { + base SONET_APPLICATION_CODE; + description + "SONET/SDH application code: undefined"; + } + + identity OTN_APPLICATION_CODE { + description + "Supported OTN application codes"; + } + + identity P1L1_2D1 { + base OTN_APPLICATION_CODE; + description + "OTN application code: P1L1_2D1"; + } + + identity P1S1_2D2 { + base OTN_APPLICATION_CODE; + description + "OTN application code: P1S1_2D2"; + } + + identity P1L1_2D2 { + base OTN_APPLICATION_CODE; + description + "OTN application code: P1L1_2D2"; + } + + identity OTN_UNDEFINED { + base OTN_APPLICATION_CODE; + description + "OTN application code: undefined"; + } + + identity TRIBUTARY_RATE_CLASS_TYPE { + description + "Rate of tributary signal _- identities will typically reflect + rounded bit rate."; + } + + identity TRIB_RATE_1G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1G tributary signal rate"; + } + + identity TRIB_RATE_2.5G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2.5G tributary signal rate"; + } + + identity TRIB_RATE_10G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "10G tributary signal rate"; + } + + identity TRIB_RATE_40G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "40G tributary signal rate"; + } + + identity TRIB_RATE_100G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "100G tributary signal rate"; + } + + identity TRIB_RATE_150G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "150G tributary signal rate"; + } + + identity TRIB_RATE_200G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "200G tributary signal rate"; + } + + identity TRIB_RATE_250G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "250G tributary signal rate"; + } + + identity TRIB_RATE_300G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "300G tributary signal rate"; + } + + identity TRIB_RATE_350G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "350G tributary signal rate"; + } + + identity TRIB_RATE_400G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "400G tributary signal rate"; + } + + identity TRIB_RATE_450G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "450G tributary signal rate"; + } + + identity TRIB_RATE_500G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "500G tributary signal rate"; + } + + identity TRIB_RATE_550G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "550G tributary signal rate"; + } + + identity TRIB_RATE_600G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "600G tributary signal rate"; + } + + identity TRIB_RATE_650G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "650G tributary signal rate"; + } + + identity TRIB_RATE_700G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "700G tributary signal rate"; + } + + identity TRIB_RATE_750G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "750G tributary signal rate"; + } + + identity TRIB_RATE_800G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "800G tributary signal rate"; + } + + identity TRIB_RATE_850G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "850G tributary signal rate"; + } + + identity TRIB_RATE_900G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "900G tributary signal rate"; + } + + identity TRIB_RATE_950G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "950G tributary signal rate"; + } + + identity TRIB_RATE_1000G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1000G tributary signal rate"; + } + + identity TRIB_RATE_1050G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1050G tributary signal rate"; + } + + identity TRIB_RATE_1100G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1100G tributary signal rate"; + } + + identity TRIB_RATE_1150G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1150G tributary signal rate"; + } + + identity TRIB_RATE_1200G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1200G tributary signal rate"; + } + + identity TRIB_RATE_1250G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1250G tributary signal rate"; + } + + identity TRIB_RATE_1300G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1300G tributary signal rate"; + } + + identity TRIB_RATE_1350G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1350G tributary signal rate"; + } + + identity TRIB_RATE_1400G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1400G tributary signal rate"; + } + + identity TRIB_RATE_1450G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1450G tributary signal rate"; + } + + identity TRIB_RATE_1500G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1500G tributary signal rate"; + } + + identity TRIB_RATE_1550G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1550G tributary signal rate"; + } + + identity TRIB_RATE_1600G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1600G tributary signal rate"; + } + + identity TRIB_RATE_1650G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1650G tributary signal rate"; + } + + identity TRIB_RATE_1700G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1700G tributary signal rate"; + } + + identity TRIB_RATE_1750G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1750G tributary signal rate"; + } + + identity TRIB_RATE_1800G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1800G tributary signal rate"; + } + + identity TRIB_RATE_1850G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1850G tributary signal rate"; + } + + identity TRIB_RATE_1900G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1900G tributary signal rate"; + } + + identity TRIB_RATE_1950G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "1950G tributary signal rate"; + } + + identity TRIB_RATE_2000G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2000G tributary signal rate"; + } + + identity TRIB_RATE_2050G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2050G tributary signal rate"; + } + + identity TRIB_RATE_2100G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2100G tributary signal rate"; + } + + identity TRIB_RATE_2150G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2150G tributary signal rate"; + } + + identity TRIB_RATE_2200G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2200G tributary signal rate"; + } + + identity TRIB_RATE_2250G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2250G tributary signal rate"; + } + + identity TRIB_RATE_2300G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2300G tributary signal rate"; + } + + identity TRIB_RATE_2350G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2350G tributary signal rate"; + } + + identity TRIB_RATE_2400G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2400G tributary signal rate"; + } + + identity TRIB_RATE_2450G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2450G tributary signal rate"; + } + + identity TRIB_RATE_2500G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2500G tributary signal rate"; + } + + identity TRIB_RATE_2550G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2550G tributary signal rate"; + } + + identity TRIB_RATE_2600G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2600G tributary signal rate"; + } + + identity TRIB_RATE_2650G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2650G tributary signal rate"; + } + + identity TRIB_RATE_2700G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2700G tributary signal rate"; + } + + identity TRIB_RATE_2750G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2750G tributary signal rate"; + } + + identity TRIB_RATE_2800G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2800G tributary signal rate"; + } + + identity TRIB_RATE_2850G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2850G tributary signal rate"; + } + + identity TRIB_RATE_2900G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2900G tributary signal rate"; + } + + identity TRIB_RATE_2950G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "2950G tributary signal rate"; + } + + identity TRIB_RATE_3000G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "3000G tributary signal rate"; + } + + identity TRIB_RATE_3050G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "3050G tributary signal rate"; + } + + identity TRIB_RATE_3100G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "3100G tributary signal rate"; + } + + identity TRIB_RATE_3150G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "3150G tributary signal rate"; + } + + identity TRIB_RATE_3200G { + base TRIBUTARY_RATE_CLASS_TYPE; + description + "3200G tributary signal rate"; + } + + identity LOGICAL_ELEMENT_PROTOCOL_TYPE { + description + "Type of protocol framing used on the logical channel or + tributary"; + } + + identity PROT_ETHERNET { + base LOGICAL_ELEMENT_PROTOCOL_TYPE; + description + "Ethernet protocol framing"; + } + + identity PROT_OTN { + base LOGICAL_ELEMENT_PROTOCOL_TYPE; + description + "OTN protocol framing"; + } + + identity OPTICAL_CHANNEL { + base oc-platform-types:OPENCONFIG_HARDWARE_COMPONENT; + description + "Optical channels act as carriers for transport traffic + directed over a line system. They are represented as + physical components in the physical inventory model."; + } + + identity FIBER_JUMPER_TYPE { + description + "Types of fiber jumpers used for connecting device ports"; + } + + identity FIBER_JUMPER_SIMPLEX { + base FIBER_JUMPER_TYPE; + description + "Simplex fiber jumper"; + } + + identity FIBER_JUMPER_MULTI_FIBER_STRAND { + base FIBER_JUMPER_TYPE; + description + "One strand of a fiber jumper which contains multiple fibers + within it, such as an MPO based fiber jumper"; + } + + identity OPTICAL_PORT_TYPE { + description + "Type definition for optical transport port types"; + } + + identity INGRESS { + base OPTICAL_PORT_TYPE; + description + "Ingress port, corresponding to a signal entering + a line system device such as an amplifier or wavelength + router."; + } + + identity EGRESS { + base OPTICAL_PORT_TYPE; + description + "Egress port, corresponding to a signal exiting + a line system device such as an amplifier or wavelength + router."; + } + + identity ADD { + base OPTICAL_PORT_TYPE; + description + "Add port, corresponding to a signal injected + at a wavelength router."; + } + + identity DROP { + base OPTICAL_PORT_TYPE; + description + "Drop port, corresponding to a signal dropped + at a wavelength router."; + } + + identity MONITOR { + base OPTICAL_PORT_TYPE; + description + "Monitor port, corresponding to a signal used by an optical + channel monitor. This is used to represent the connection + that a channel monitor port is connected to, typically on a + line system device. This connection may be via physical cable + and faceplate ports or internal to the device"; + } + + identity TERMINAL_CLIENT { + base OPTICAL_PORT_TYPE; + description + "Client-facing port on a terminal optics device (e.g., + transponder or muxponder)."; + } + + identity TERMINAL_LINE { + base OPTICAL_PORT_TYPE; + description + "Line-facing port on a terminal optics device (e.g., + transponder or muxponder)."; + } + + identity CLIENT_MAPPING_MODE { + description + "Type definition for optical transport client mapping modes."; + } + + identity MODE_1X100G { + base CLIENT_MAPPING_MODE; + description + "1 x 100G client mapping mode."; + } + + identity MODE_1X200G { + base CLIENT_MAPPING_MODE; + description + "1 x 200G client mapping mode."; + } + + identity MODE_1X400G { + base CLIENT_MAPPING_MODE; + description + "1 x 400G client mapping mode."; + } + + identity MODE_2X100G { + base CLIENT_MAPPING_MODE; + description + "2 x 100G client mapping mode."; + } + + identity MODE_2X200G { + base CLIENT_MAPPING_MODE; + description + "2 x 200G client mapping mode."; + } + + identity MODE_3X100G { + base CLIENT_MAPPING_MODE; + description + "3 x 100G client mapping mode."; + } + + identity MODE_4X100G { + base CLIENT_MAPPING_MODE; + description + "4 x 100G client mapping mode."; + } + + identity TRANSCEIVER_MODULE_FUNCTIONAL_TYPE { + description + "Type definition for transceiver module functional types."; + } + + identity TYPE_STANDARD_OPTIC { + base TRANSCEIVER_MODULE_FUNCTIONAL_TYPE; + description + "Standard optic using a grey wavelength (i.e. 1310, 1550, etc.) + and on-off-keying (OOK) modulation."; + } + + identity TYPE_DIGITAL_COHERENT_OPTIC { + base TRANSCEIVER_MODULE_FUNCTIONAL_TYPE; + description + "Digital coherent module which transmits a phase / amplitude + modulated signal and uses a digital signal processor to receive + and decode the received signal."; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-common.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-common.yang new file mode 100644 index 0000000000000000000000000000000000000000..afb5330674db317a3cd71bedc911d4913ac59b8e --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-common.yang @@ -0,0 +1,246 @@ +submodule openconfig-platform-common { + + yang-version "1"; + + belongs-to openconfig-platform { + prefix "oc-platform"; + } + + import openconfig-platform-types { prefix oc-platform-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-types { prefix oc-types; } + + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This modules contains common groupings that are used in multiple + components within the platform module."; + + oc-ext:openconfig-version "0.24.0"; + + revision "2023-11-28" { + description + "Add model-name"; + reference "0.24.0"; + } + + revision "2023-02-13" { + description + "Refactor resource utilization threshold config into a separate grouping. + Update 'utilization resource' to 'resource utilization'."; + reference "0.23.0"; + } + + revision "2022-12-20" { + description + "Add threshold and threshold-exceeded for resource usage."; + reference "0.22.0"; + } + + revision "2022-12-19" { + description + "Update last-high-watermark timestamp documentation."; + reference "0.21.1"; + } + + revision "2022-09-26" { + description + "Add state data for base-mac-address."; + reference "0.21.0"; + } + + revision "2022-08-31" { + description + "Add new state data for component CLEI code."; + reference "0.20.0"; + } + + revision "2022-07-28" { + description + "Add grouping for component power management"; + reference "0.19.0"; + } + + revision "2022-07-11" { + description + "Add switchover ready"; + reference "0.18.0"; + } + + revision "2022-06-10" { + description + "Specify units and epoch for switchover and reboot times."; + reference "0.17.0"; + } + + revision "2022-04-21" { + description + "Add platform utilization."; + reference "0.16.0"; + } + + // extension statements + + // feature statements + + // identity statements + + // typedef statements + + // grouping statements + + grouping platform-resource-utilization-top { + description + "Top level grouping of platform resource utilization."; + + container utilization { + description + "Resource utilization of the component."; + + container resources { + description + "Enclosing container for the resources in this component."; + + list resource { + key "name"; + description + "List of resources, keyed by resource name."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "References the resource name."; + } + + container config { + description + "Configuration data for each resource."; + + uses platform-resource-utilization-config; + } + + container state { + config false; + description + "Operational state data for each resource."; + + uses platform-resource-utilization-config; + uses platform-resource-utilization-state; + } + } + } + } + } + + grouping resource-utilization-threshold-common { + description + "Common threshold configuration model for resource utilization."; + leaf used-threshold-upper { + type oc-types:percentage; + description + "The used percentage value (used / (used + free) * 100) that + when crossed will set utilization-threshold-exceeded to 'true'."; + } + + leaf used-threshold-upper-clear { + type oc-types:percentage; + description + "The used percentage value (used / (used + free) * 100) that when + crossed will set utilization-threshold-exceeded to 'false'."; + } + } + + grouping platform-resource-utilization-config { + description + "Configuration data for resource utilization."; + + leaf name { + type string; + description + "Resource name within the component."; + } + + uses resource-utilization-threshold-common; + } + + grouping platform-resource-utilization-state { + description + "Operational state data for resource utilization."; + + leaf used { + type uint64; + description + "Number of entries currently in use for the resource."; + } + + leaf committed { + type uint64; + description + "Number of entries currently reserved for this resource. This is only + relevant to tables which allocate a block of resource for a given + feature."; + } + + leaf free { + type uint64; + description + "Number of entries available to use."; + } + + leaf max-limit { + type uint64; + description + "Maximum number of entries available for the resource. The value + is the theoretical maximum resource utilization possible."; + } + + leaf high-watermark { + type uint64; + description + "A watermark of highest number of entries used for this resource."; + } + + leaf last-high-watermark { + type oc-types:timeticks64; + description + "The timestamp when the high-watermark was last updated. The value + is the timestamp in nanoseconds relative to the Unix Epoch + (Jan 1, 1970 00:00:00 UTC)."; + } + + leaf used-threshold-upper-exceeded { + type boolean; + description + "This value is set to true when the used percentage value + (used / (used + free) * 100) has crossed the used-threshold-upper for this + resource and false when the used percentage value has crossed the configured + used-threshold-upper-clear value for this resource."; + } + } + + grouping component-power-management { + description + "Common grouping for managing component power"; + + leaf power-admin-state { + type oc-platform-types:component-power-type; + default POWER_ENABLED; + description + "Enable or disable power to the component"; + } + } + + // data definition statements + + // augment statements + + // rpc statements + + // notification statements +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-port.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-port.yang new file mode 100644 index 0000000000000000000000000000000000000000..effb85bb761105620bba88c8578d101e57179c30 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-port.yang @@ -0,0 +1,327 @@ +module openconfig-platform-port { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/platform/port"; + + prefix "oc-port"; + + // import some basic types + import openconfig-platform { prefix oc-platform; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-if-ethernet { prefix oc-eth; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data related to PORT components in the + openconfig-platform model"; + + oc-ext:openconfig-version "1.0.1"; + + revision "2023-03-22" { + description + "Clarify use of the interface-ref type."; + reference "1.0.1"; + } + + revision "2023-01-19" { + description + "Add clarification of the definition of a physical channel, and + example configurations."; + reference "1.0.0"; + } + + revision "2021-10-01" { + description + "Fix indentation for 'list group'"; + reference "0.4.2"; + } + + revision "2021-06-16" { + description + "Remove trailing whitespace"; + reference "0.4.1"; + } + + revision "2021-04-22" { + description + "Adding support for flexible port breakout."; + reference "0.4.0"; + } + + revision "2020-05-06" { + description + "Ensure that when statements in read-write contexts + reference only read-write leaves."; + reference "0.3.3"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.3.2"; + } + + revision "2018-11-07" { + description + "Fixed error in when statement path"; + reference "0.3.1"; + } + + revision "2018-01-20" { + description + "Added augmentation for interface-to-port reference"; + reference "0.3.0"; + } + + revision "2017-11-17" { + description + "Corrected augmentation path for port data"; + reference "0.2.0"; + } + + revision "2016-10-24" { + description + "Initial revision"; + reference "0.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // extension statements + + // feature statements + + // identity statements + + // typedef statements + + // grouping statements + + grouping group-config { + description + "Configuration data for the breakout group."; + + leaf index { + type uint8; + description + "Each index specifies breakouts that are identical in + terms of speed and the number of physical channels."; + } + + leaf num-breakouts { + type uint8; + description + "Sets the number of interfaces using this breakout group."; + } + + leaf breakout-speed { + type identityref { + base oc-eth:ETHERNET_SPEED; + } + description + "Speed of interfaces in this breakout group, supported + values are defined by the ETHERNET_SPEED identity."; + } + + leaf num-physical-channels { + type uint8; + description + "Sets the number of lanes or physical channels assigned + to the interfaces in this breakout group. This leaf need + not be set if there is only one breakout group where all + the interfaces are of equal speed and have equal number + of physical channels. + + The physical channels referred to by this leaf are + electrical channels towards the transceiver."; + } + } + + grouping group-state { + description + "Operational state data for the port breakout group."; + } + + grouping port-breakout-top { + description + "Top-level grouping for port breakout data."; + + container breakout-mode { + description + "Top-level container for port breakout-mode data."; + + container groups { + description + "Top level container for breakout groups data. + + When a device has the capability to break a port into + interfaces of different speeds and different number of + physical channels, it can breakout a 400G OSFP port with + 8 physical channels (with support for 25G NRZ, 50G PAM4 + and 100G PAM4) into mixed speed interfaces. Particularly, to + break out into two 100G ports with different modulation, and a 200G + port, a user must configure 1 interface with 2 physical channels + 1 interface with 4 physical channels and 1 interface with + 2 physical channels. With this configuration the interface in + 1st breakout group would use 50G PAM4 modulation, interface + in 2nd breakout group would use 25G NRZ modulation and the + interface in 3rd breakout group would use 100G PAM4 modulation + This configuration would result in 3 entries in the breakout + groups list. The example configuration for this case is shown below: + + { + \"groups\": { + \"group\": [ + { + \"config\": { + \"breakout-speed\": \"SPEED_100GB\", + \"index\": 0, + \"num-breakouts\": 1, + \"num-physical-channels\": 2 + }, + \"index\": 0 + }, + { + \"config\": { + \"breakout-speed\": \"SPEED_100GB\", + \"index\": 1, + \"num-breakouts\": 1, + \"num-physical-channels\": 4 + }, + \"index\": 1 + }, + { + \"config\": { + \"breakout-speed\": \"SPEED_200GB\", + \"index\": 2, + \"num-breakouts\": 1, + \"num-physical-channels\": 2 + }, + \"index\": 2 + } + ] + } + } + + When a device does not have the capability to break a port + into interfaces of different speeds and different number of + physical channels, in order to breakout a 400G OSFP port with + 8 physical channels into 50G breakout ports it would use 8 interfaces + with 1 physical channel each. This would result in 1 entry in the + breakout groups list. The example configuration for this case is + shown below: + + { + \"groups\": { + \"group\": [ + { + \"config\": { + \"breakout-speed\": \"SPEED_50GB\", + \"index\": 0, + \"num-breakouts\": 8, + \"num-physical-channels\": 1 + }, + \"index\": 0 + } + ] + } + } + + Similarly, if a 400G-DR4 interface (8 electrical channels at 50Gbps) + is to be broken out into 4 100Gbps ports, the following configuration + is used: + + { + \"groups\": { + \"group\": [ + { + \"config\": { + \"breakout-speed\": \"SPEED_100GB\", + \"index\": 0, + \"num-breakouts\": 4, + \"num-physical-channels\": 2 + }, + \"index\": 0 + } + ] + } + }"; + + list group { + key "index"; + description + "List of breakout groups."; + + leaf index { + type leafref { + path "../config/index"; + } + description + "Index of the breakout group entry in the breakout groups list."; + } + + container config { + description + "Configuration data for breakout group."; + uses group-config; + } + + container state { + config false; + description + "Operational state data for breakout group."; + + uses group-config; + uses group-state; + } + } + } + } + } + + // data definition statements + + // augment statements + + augment "/oc-platform:components/oc-platform:component/" + + "oc-platform:port" { + description + "Adding port breakout data to physical platform data. This subtree + is only valid when the type of the component is PORT."; + + uses port-breakout-top; + } + + augment "/oc-if:interfaces/oc-if:interface/oc-if:state" { + description + "Adds a reference from the base interface to the corresponding + port component in the device inventory."; + + leaf hardware-port { + type leafref { + path "/oc-platform:components/oc-platform:component/" + + "oc-platform:name"; + } + description + "For non-channelized interfaces, references the hardware port + corresponding to the base interface."; + } + } + + // rpc statements + + // notification statements + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..d28881f9e23327e82d281f3f76d7abe8f376df57 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform-types.yang @@ -0,0 +1,541 @@ +module openconfig-platform-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/platform-types"; + + prefix "oc-platform-types"; + + import openconfig-types { prefix oc-types; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data types (e.g., YANG identities) + to support the OpenConfig component inventory model."; + + oc-ext:openconfig-version "1.6.0"; + + revision "2023-06-27" { + description + "Add WIFI_ACCESS_POINT"; + reference "1.6.0"; + } + + revision "2022-07-28" { + description + "Add grouping for component power management"; + reference "1.5.0"; + } + + revision "2022-03-27" { + description + "Add identity for BIOS"; + reference "1.4.0"; + } + + revision "2022-02-02" { + description + "Add support for component reboot and switchover."; + reference "1.3.0"; + } + + revision "2021-07-29" { + description + "Add several avg-min-max-instant-stats groupings"; + reference "1.2.0"; + } + + revision "2021-01-18" { + description + "Add identity for software modules"; + reference "1.1.0"; + } + + revision "2019-06-03" { + description + "Add OpenConfig component operating system patch type."; + reference "1.0.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.10.1"; + } + + revision "2018-11-16" { + description + "Added FEC_MODE_TYPE and FEC_STATUS_TYPE"; + reference "0.10.0"; + } + + revision "2018-05-05" { + description + "Added min-max-time to + avg-min-max-instant-stats-precision1-celsius, + added new CONTROLLER_CARD identity"; + reference "0.9.0"; + } + + revision "2018-01-16" { + description + "Added new per-component common data; add temp alarm"; + reference "0.8.0"; + } + + revision "2017-12-14" { + description + "Added anchor containers for component data, added new + component types"; + reference "0.7.0"; + } + + revision "2017-08-16" { + description + "Added power state enumerated type"; + reference "0.6.0"; + } + + revision "2016-12-22" { + description + "Added temperature state variable to component"; + reference "0.5.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // grouping statements + grouping avg-min-max-instant-stats-precision1-celsius { + description + "Common grouping for recording temperature values in + Celsius with 1 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics"; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The maximum value of the statistic over the sampling + period"; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-volts { + description + "Common grouping for recording voltage values in + volts with 2 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics. + If supported by the device, the time interval over which + the statistics are computed, and the times at which the + minimum and maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units volts; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units volts; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units volts; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units volts; + description + "The maximum value of the statistic over the sampling + period"; + } + + uses oc-types:stat-interval-state; + uses oc-types:min-max-time; + } + + grouping component-redundant-role-switchover-reason { + description + "Common grouping for recording the reason of a component's + redundant role switchover. For example two supervisors in + a device, one as primary the other as secondary, switchover + can happen in different scenarios, e.g. user requested, + system error, priority contention, etc."; + + leaf trigger { + type component-redundant-role-switchover-reason-trigger; + description + "Records the generic triggers, e.g. user or system + initiated the switchover."; + } + + leaf details { + type string; + description + "Records detailed description of why the switchover happens. + For example, when system initiated the switchover, this leaf + can be used to record the specific reason, e.g. due to critical + errors of the routing daemon in the primary role."; + } + } + + // identity statements + identity OPENCONFIG_HARDWARE_COMPONENT { + description + "Base identity for hardware related components in a managed + device. Derived identities are partially based on contents + of the IANA Entity MIB."; + reference + "IANA Entity MIB and RFC 6933"; + } + + identity OPENCONFIG_SOFTWARE_COMPONENT { + description + "Base identity for software-related components in a managed + device"; + } + + // hardware types + identity CHASSIS { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Chassis component, typically with multiple slots / shelves"; + } + + identity BACKPLANE { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Backplane component for aggregating traffic, typically + contained in a chassis component"; + } + + identity FABRIC { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Interconnect between ingress and egress ports on the + device (e.g., a crossbar switch)."; + } + + identity POWER_SUPPLY { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Component that is supplying power to the device"; + } + + identity FAN { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Cooling fan, or could be some other heat-reduction component"; + } + + identity SENSOR { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Physical sensor, e.g., a temperature sensor in a chassis"; + } + + identity FRU { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Replaceable hardware component that does not have a more + specific defined schema."; + } + + identity LINECARD { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Linecard component, typically inserted into a chassis slot"; + } + + identity CONTROLLER_CARD { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "A type of linecard whose primary role is management or control + rather than data forwarding."; + } + + identity PORT { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Physical port, e.g., for attaching pluggables and networking + cables"; + } + + identity TRANSCEIVER { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Pluggable module present in a port"; + } + + identity CPU { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Processing unit, e.g., a management processor"; + } + + identity STORAGE { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "A storage subsystem on the device (disk, SSD, etc.)"; + } + + identity INTEGRATED_CIRCUIT { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "A special purpose processing unit, typically for traffic + switching/forwarding (e.g., switching ASIC, NPU, forwarding + chip, etc.)"; + } + + identity WIFI_ACCESS_POINT { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "A device that attaches to a an Ethernet network and creates a wireless + local area network"; + } + + identity OPERATING_SYSTEM { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "Operating system running on a component"; + } + + identity OPERATING_SYSTEM_UPDATE { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "An operating system update - which should be a subcomponent + of the `OPERATING_SYSTEM` running on a component. An update is + defined to be a set of software changes that are atomically + installed (and uninstalled) together. Multiple updates may be + present for the Operating System. A system should not list all + installed software packages using this type -- but rather + updates that are bundled together as a single installable + item"; + } + + identity BIOS { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "Legacy BIOS or UEFI firmware interface responsible for + initializing hardware components and first stage boot loader."; + } + + identity BOOT_LOADER { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "Software layer responsible for loading and booting the + device OS or network OS."; + } + + identity SOFTWARE_MODULE { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "A base identity for software modules installed and/or + running on the device. Modules include user-space programs + and kernel modules that provide specific functionality. + A component with type SOFTWARE_MODULE should also have a + module type that indicates the specific type of software module"; + } + + identity COMPONENT_OPER_STATUS { + description + "Current operational status of a platform component"; + } + + identity ACTIVE { + base COMPONENT_OPER_STATUS; + description + "Component is enabled and active (i.e., up)"; + } + + identity INACTIVE { + base COMPONENT_OPER_STATUS; + description + "Component is enabled but inactive (i.e., down)"; + } + + identity DISABLED { + base COMPONENT_OPER_STATUS; + description + "Component is administratively disabled."; + } + + identity FEC_MODE_TYPE { + description + "Base identity for FEC operational modes."; + } + + identity FEC_ENABLED { + base FEC_MODE_TYPE; + description + "FEC is administratively enabled."; + } + + identity FEC_DISABLED { + base FEC_MODE_TYPE; + description + "FEC is administratively disabled."; + } + + identity FEC_AUTO { + base FEC_MODE_TYPE; + description + "System will determine whether to enable or disable + FEC on a transceiver."; + } + + identity FEC_STATUS_TYPE { + description + "Base identity for FEC operational statuses."; + } + + identity FEC_STATUS_LOCKED { + base FEC_STATUS_TYPE; + description + "FEC is operationally locked."; + } + + identity FEC_STATUS_UNLOCKED { + base FEC_STATUS_TYPE; + description + "FEC is operationally unlocked."; + } + + // typedef statements + typedef component-power-type { + type enumeration { + enum POWER_ENABLED { + description + "Enable power on the component"; + } + enum POWER_DISABLED { + description + "Disable power on the component"; + } + } + description + "A generic type reflecting whether a hardware component + is powered on or off"; + } + + identity COMPONENT_REBOOT_REASON { + description + "Base entity for component reboot reasons."; + } + + identity REBOOT_USER_INITIATED { + base COMPONENT_REBOOT_REASON; + description + "User initiated the reboot of the componenent."; + } + + identity REBOOT_POWER_FAILURE { + base COMPONENT_REBOOT_REASON; + description + "The component reboots due to power failure."; + } + + identity REBOOT_CRITICAL_ERROR { + base COMPONENT_REBOOT_REASON; + description + "The component reboots due to critical errors."; + } + + typedef component-redundant-role { + type enumeration { + enum PRIMARY { + description + "Component is acting the primary role."; + } + enum SECONDARY { + description + "Component is acting the secondary role."; + } + } + description + "A generic type reflecting the component's redundanty role. + For example, a device might have dual supervisors components + for redundant purpose, with one being the primary and the + other secondary."; + } + + typedef component-redundant-role-switchover-reason-trigger { + type enumeration { + enum USER_INITIATED { + description + "User initiated the switchover, e.g. via command line."; + } + enum SYSTEM_INITIATED { + description + "The system initiated the switchover, e.g. due to + critical errors in the component of the primar role."; + } + } + description + "Records how the role switchover is triggered."; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform.yang new file mode 100644 index 0000000000000000000000000000000000000000..bbcf931a6deb0beeb891ed8327f40786f565cd7b --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/platform/openconfig-platform.yang @@ -0,0 +1,1221 @@ +module openconfig-platform { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/platform"; + + prefix "oc-platform"; + + import openconfig-platform-types { prefix oc-platform-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-alarm-types { prefix oc-alarm-types; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-types { prefix oc-types; } + + include openconfig-platform-common; + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines a data model for representing a system + component inventory, which can include hardware or software + elements arranged in an arbitrary structure. The primary + relationship supported by the model is containment, e.g., + components containing subcomponents. + + It is expected that this model reflects every field replacable + unit on the device at a minimum (i.e., additional information + may be supplied about non-replacable components). + + Every element in the inventory is termed a 'component' with each + component expected to have a unique name and type, and optionally + a unique system-assigned identifier and FRU number. The + uniqueness is guaranteed by the system within the device. + + Components may have properties defined by the system that are + modeled as a list of key-value pairs. These may or may not be + user-configurable. The model provides a flag for the system + to optionally indicate which properties are user configurable. + + Each component also has a list of 'subcomponents' which are + references to other components. Appearance in a list of + subcomponents indicates a containment relationship as described + above. For example, a linecard component may have a list of + references to port components that reside on the linecard. + + This schema is generic to allow devices to express their own + platform-specific structure. It may be augmented by additional + component type-specific schemas that provide a common structure + for well-known component types. In these cases, the system is + expected to populate the common component schema, and may + optionally also represent the component and its properties in the + generic structure. + + The properties for each component may include dynamic values, + e.g., in the 'state' part of the schema. For example, a CPU + component may report its utilization, temperature, or other + physical properties. The intent is to capture all platform- + specific physical data in one location, including inventory + (presence or absence of a component) and state (physical + attributes or status)."; + + oc-ext:openconfig-version "0.24.0"; + + revision "2023-11-28" { + description + "Add model-name"; + reference "0.24.0"; + } + + revision "2023-02-13" { + description + "Refactor resource utilization threshold config into a separate grouping. + Update 'utilization resource' to 'resource utilization'."; + reference "0.23.0"; + } + + revision "2022-12-20" { + description + "Add threshold and threshold-exceeded for resource usage."; + reference "0.22.0"; + } + + revision "2022-12-19" { + description + "Update last-high-watermark timestamp documentation."; + reference "0.21.1"; + } + + revision "2022-09-26" { + description + "Add state data for base-mac-address."; + reference "0.21.0"; + } + + revision "2022-08-31" { + description + "Add new state data for component CLEI code."; + reference "0.20.0"; + } + + revision "2022-07-28" { + description + "Add container for controller card component"; + reference "0.19.0"; + } + + revision "2022-07-11" { + description + "Add switchover ready"; + reference "0.18.0"; + } + + revision "2022-06-10" { + description + "Specify units and epoch for switchover and reboot times."; + reference "0.17.0"; + } + + revision "2022-04-21" { + description + "Add platform utilization."; + reference "0.16.0"; + } + + revision "2022-02-02" { + description + "Add new state data for component reboot and + switchover."; + reference "0.15.0"; + } + + revision "2021-08-13" { + description + "Add container for PCIe error statistics"; + reference "0.14.0"; + } + + revision "2021-01-18" { + description + "Add container for software module component"; + reference "0.13.0"; + } + + revision "2019-04-16" { + description + "Fix bug in parent path reference"; + reference "0.12.2"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.12.1"; + } + + revision "2018-06-29" { + description + "Added location description for components"; + reference "0.12.0"; + } + + revision "2018-06-03" { + description + "Added parent reference, empty flag and preconfiguration + for components"; + reference "0.11.0"; + } + + revision "2018-04-20" { + description + "Added new per-component state data: mfg-date and removable"; + reference "0.10.0"; + } + + revision "2018-01-30" { + description + "Amended approach for modelling CPU - rather than having + a local CPU utilisation state variable, a component with + a CPU should create a subcomponent of type CPU to report + statistics."; + reference "0.9.0"; + } + + revision "2018-01-16" { + description + "Added new per-component common data; add temp alarm; + moved hardware-port reference to port model"; + reference "0.8.0"; + } + + revision "2017-12-14" { + description + "Added anchor containers for component data, added new + component types"; + reference "0.7.0"; + } + + revision "2017-08-16" { + description + "Added power state enumerated type"; + reference "0.6.0"; + } + + revision "2016-12-22" { + description + "Added temperature state variable to component"; + reference "0.5.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // grouping statements + + + grouping platform-component-properties-config { + description + "System-defined configuration data for component properties"; + + leaf name { + type string; + description + "System-supplied name of the property -- this is typically + non-configurable"; + } + + leaf value { + type union { + type string; + type boolean; + type int64; + type uint64; + type decimal64 { + fraction-digits 2; + } + } + description + "Property values can take on a variety of types. Signed and + unsigned integer types may be provided in smaller sizes, + e.g., int8, uint16, etc."; + } + } + + grouping platform-component-properties-state { + description + "Operational state data for component properties"; + + leaf configurable { + type boolean; + description + "Indication whether the property is user-configurable"; + } + } + + grouping platform-component-properties-top { + description + "Top-level grouping "; + + container properties { + description + "Enclosing container "; + + list property { + key "name"; + description + "List of system properties for the component"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the property name."; + } + + container config { + description + "Configuration data for each property"; + + uses platform-component-properties-config; + } + + container state { + + config false; + + description + "Operational state data for each property"; + + uses platform-component-properties-config; + uses platform-component-properties-state; + } + } + } + } + + grouping platform-subcomponent-ref-config { + description + "Configuration data for subcomponent references"; + + leaf name { + type leafref { + path "../../../../../component/config/name"; + } + description + "Reference to the name of the subcomponent"; + } + } + + grouping platform-subcomponent-ref-state { + description + "Operational state data for subcomponent references"; + + } + + grouping platform-subcomponent-ref-top { + description + "Top-level grouping for list of subcomponent references"; + + container subcomponents { + description + "Enclosing container for subcomponent references"; + + list subcomponent { + key "name"; + description + "List of subcomponent references"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name list key"; + } + + container config { + description + "Configuration data for the subcomponent"; + + uses platform-subcomponent-ref-config; + } + + container state { + + config false; + + description + "Operational state data for the subcomponent"; + + uses platform-subcomponent-ref-config; + uses platform-subcomponent-ref-state; + } + } + } + } + + grouping platform-component-config { + description + "Configuration data for components"; + + leaf name { + type string; + description + "Device name for the component -- this may not be a + configurable parameter on many implementations. Where + component preconfiguration is supported, for example, + the component name may be configurable."; + } + } + + grouping platform-component-state { + description + "Operational state data for device components."; + + leaf type { + type union { + type identityref { + base oc-platform-types:OPENCONFIG_HARDWARE_COMPONENT; + } + type identityref { + base oc-platform-types:OPENCONFIG_SOFTWARE_COMPONENT; + } + } + description + "Type of component as identified by the system"; + } + + leaf id { + type string; + description + "Unique identifier assigned by the system for the + component"; + } + + leaf location { + type string; + description + "System-supplied description of the location of the + component within the system. This could be a bay position, + slot number, socket location, etc. For component types that + have an explicit slot-id attribute, such as linecards, the + system should populate the more specific slot-id."; + } + + leaf description { + type string; + description + "System-supplied description of the component"; + } + + leaf mfg-name { + type string; + description + "System-supplied identifier for the manufacturer of the + component. This data is particularly useful when a + component manufacturer is different than the overall + device vendor."; + } + + leaf mfg-date { + type oc-yang:date; + description + "System-supplied representation of the component's + manufacturing date."; + } + + leaf hardware-version { + type string; + description + "For hardware components, this is the hardware revision of + the component."; + } + + leaf firmware-version { + type string; + description + "For hardware components, this is the version of associated + firmware that is running on the component, if applicable."; + } + + leaf software-version { + type string; + description + "For software components such as operating system or other + software module, this is the version of the currently + running software."; + } + + leaf serial-no { + type string; + description + "System-assigned serial number of the component."; + } + + leaf part-no { + type string; + description + "System-assigned part number for the component. This should + be present in particular if the component is also an FRU + (field replaceable unit)"; + } + + leaf model-name { + type string; + description + "A human readable string describing the model of a component. + This string is optional and should only be populated if part-no + is also populated."; + } + + leaf clei-code { + type string; + description + "Common Language Equipment Identifier (CLEI) code of the + component. This should be present in particular if the + component is also an FRU (field replaceable unit)"; + } + + leaf removable { + type boolean; + description + "If true, this component is removable or is a field + replaceable unit"; + } + + leaf oper-status { + type identityref { + base oc-platform-types:COMPONENT_OPER_STATUS; + } + description + "If applicable, this reports the current operational status + of the component."; + } + + leaf empty { + type boolean; + default false; + description + "The empty leaf may be used by the device to indicate that a + component position exists but is not populated. Using this + flag, it is possible for the management system to learn how + many positions are available (e.g., occupied vs. empty + linecard slots in a chassis)."; + } + + leaf parent { + type leafref { + path "../../../component/config/name"; + } + description + "Reference to the name of the parent component. Note that + this reference must be kept synchronized with the + corresponding subcomponent reference from the parent + component."; + } + + leaf redundant-role { + type oc-platform-types:component-redundant-role; + description + "For components that have redundant roles (e.g. two + supervisors in a device, one as primary the other as secondary), + this reports the role of the component."; + } + + container last-switchover-reason { + description + "For components that have redundant roles (e.g. two + supervisors in a device, one as primary the other as secondary), + this reports the reason of the last change of the + component's role."; + + uses oc-platform-types:component-redundant-role-switchover-reason; + } + + leaf last-switchover-time { + type oc-types:timeticks64; + units "nanoseconds"; + description + "For components that have redundant roles (e.g. two + supervisors in a device, one as primary the other as + secondary), this reports the time of the last change of + the component's role. The value is the timestamp in + nanoseconds relative to the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + + } + + leaf last-reboot-reason { + type identityref { + base oc-platform-types:COMPONENT_REBOOT_REASON; + } + description + "This reports the reason of the last reboot of the component."; + } + + leaf last-reboot-time { + type oc-types:timeticks64; + units "nanoseconds"; + description + "This reports the time of the last reboot of the component. The + value is the timestamp in nanoseconds relative to the Unix Epoch + (Jan 1, 1970 00:00:00 UTC)."; + } + + leaf switchover-ready { + type boolean; + description + "For components that have redundant roles, this reports a value + that indicates if the component is ready to support failover. + + The components with a redundant-role should reflect the overall + system's switchover status. For example, two supervisors in a + device, one as primary and the other as secondary, should both + report the same value."; + } + + leaf base-mac-address { + type oc-yang:mac-address; + description + "This is a MAC address representing the root or primary MAC + address for a component. Components such as CHASSIS and + CONTROLLER_CARD are expected to provide a base-mac-address. The + base mac-address for CHASSIS and a PRIMARY CONTROLLER_CARD may + contain the same value."; + } + + } + + grouping platform-component-temp-alarm-state { + description + "Temperature alarm data for platform components"; + + // TODO(aashaikh): consider if these leaves could be in a + // reusable grouping (not temperature-specific); threshold + // may always need to be units specific. + + leaf alarm-status { + type boolean; + description + "A value of true indicates the alarm has been raised or + asserted. The value should be false when the alarm is + cleared."; + } + + leaf alarm-threshold { + type uint32; + description + "The threshold value that was crossed for this alarm."; + } + + leaf alarm-severity { + type identityref { + base oc-alarm-types:OPENCONFIG_ALARM_SEVERITY; + } + description + "The severity of the current alarm."; + } + } + + grouping platform-component-power-state { + description + "Power-related operational state for device components."; + + leaf allocated-power { + type uint32; + units watts; + description + "Power allocated by the system for the component."; + } + + leaf used-power { + type uint32; + units watts; + description + "Actual power used by the component."; + } + } + + grouping platform-component-temp-state { + description + "Temperature state data for device components"; + + container temperature { + description + "Temperature in degrees Celsius of the component. Values include + the instantaneous, average, minimum, and maximum statistics. If + avg/min/max statistics are not supported, the target is expected + to just supply the instant value"; + + uses oc-platform-types:avg-min-max-instant-stats-precision1-celsius; + uses platform-component-temp-alarm-state; + } + } + + grouping platform-component-memory-state { + description + "Per-component memory statistics"; + + container memory { + description + "For components that have associated memory, these values + report information about available and utilized memory."; + + leaf available { + type uint64; + units bytes; + description + "The available memory physically installed, or logically + allocated to the component."; + } + + // TODO(aashaikh): consider if this needs to be a + // min/max/avg statistic + leaf utilized { + type uint64; + units bytes; + description + "The memory currently in use by processes running on + the component, not considering reserved memory that is + not available for use."; + } + } + } + + grouping pcie-uncorrectable-errors { + description + "PCIe uncorrectable error statistics."; + + leaf total-errors { + type oc-yang:counter64; + description + "Total number of uncorrectable errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf undefined-errors { + type oc-yang:counter64; + description + "Number of undefined errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf data-link-errors { + type oc-yang:counter64; + description + "Number of data-link errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf surprise-down-errors { + type oc-yang:counter64; + description + "Number of unexpected link down errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf poisoned-tlp-errors { + type oc-yang:counter64; + description + "Number of poisoned TLP errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf flow-control-protocol-errors { + type oc-yang:counter64; + description + "Number of flow control protocol errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf completion-timeout-errors { + type oc-yang:counter64; + description + "Number of completion timeout errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf completion-abort-errors { + type oc-yang:counter64; + description + "Number of completion abort errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf unexpected-completion-errors { + type oc-yang:counter64; + description + "Number of unexpected completion errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf receiver-overflow-errors { + type oc-yang:counter64; + description + "Number of receiver overflow errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf malformed-tlp-errors { + type oc-yang:counter64; + description + "Number of malformed TLP errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf ecrc-errors { + type oc-yang:counter64; + description + "Number of ECRC errors detected by PCIe device since the system + booted, according to PCIe AER driver."; + } + + leaf unsupported-request-errors { + type oc-yang:counter64; + description + "Number of unsupported request errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf acs-violation-errors { + type oc-yang:counter64; + description + "Number of access control errors detected by PCIe device since + the system booted, according to PCIe AER driver."; + } + + leaf internal-errors { + type oc-yang:counter64; + description + "Number of internal errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf blocked-tlp-errors { + type oc-yang:counter64; + description + "Number of blocked TLP errors detected by PCIe device since + the system booted, according to PCIe AER driver."; + } + + leaf atomic-op-blocked-errors { + type oc-yang:counter64; + description + "Number of atomic operation blocked errors detected by PCIe + device since the system booted, according to PCIe AER driver."; + } + + leaf tlp-prefix-blocked-errors { + type oc-yang:counter64; + description + "Number of TLP prefix blocked errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + } + + grouping pcie-correctable-errors { + description + "PCIe correctable error statistics."; + + leaf total-errors { + type oc-yang:counter64; + description + "Total number of correctable errors detected by PCIe device + since the system booted, according to PCIe AER driver."; + } + + leaf receiver-errors { + type oc-yang:counter64; + description + "Number of receiver errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf bad-tlp-errors { + type oc-yang:counter64; + description + "Number of TLPs with bad LCRC detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf bad-dllp-errors { + type oc-yang:counter64; + description + "Number of DLLPs with bad LCRC detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf relay-rollover-errors { + type oc-yang:counter64; + description + "Number of relay rollover errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf replay-timeout-errors { + type oc-yang:counter64; + description + "Number of replay timeout errors detected by PCIe device since the + system booted, according to PCIe AER driver."; + } + + leaf advisory-non-fatal-errors { + type oc-yang:counter64; + description + "Number of advisory non fatal errors detected by PCIe device since + the system booted, according to PCIe AER driver."; + } + + leaf internal-errors { + type oc-yang:counter64; + description + "Number of internal errors detected by PCIe device since the system + booted, according to PCIe AER driver."; + } + + leaf hdr-log-overflow-errors { + type oc-yang:counter64; + description + "Number of header log overflow errors detected by PCIe device since + the system booted, according to PCIe AER driver."; + } + } + + grouping platform-component-pcie-state { + description + "Per-component PCIe error statistics"; + + container pcie { + description + "Components that are connected to the system over the Peripheral + Component Interconnect Express (PCIe), report the fatal, non-fatal + and correctable PCIe error counts."; + + container fatal-errors { + description + "The count of the fatal PCIe errors."; + uses pcie-uncorrectable-errors; + } + + container non-fatal-errors { + description + "The count of the non-fatal PCIe errors."; + uses pcie-uncorrectable-errors; + } + + container correctable-errors { + description + "The count of the correctable PCIe errors."; + uses pcie-correctable-errors; + } + } + } + + grouping platform-anchors-top { + description + "This grouping is used to add containers for components that + are common across systems, but do not have a defined schema + within the openconfig-platform module. Containers should be + added to this grouping for components that are expected to + exist in multiple systems, with corresponding modules + augmenting the config/state containers directly."; + + container chassis { + description + "Data for chassis components"; + + container config { + description + "Configuration data for chassis components"; + } + + container state { + config false; + description + "Operational state data for chassis components"; + } + + uses platform-resource-utilization-top; + } + +// TODO(aashaikh): linecard container is already defined in +// openconfig-platform-linecard; will move to this module +// in future. + /* + container linecard { + description + "Data for linecard components"; + + container config { + description + "Configuration data for linecard components"; + } + + container state { + config false; + description + "Operational state data for linecard components"; + } + } + */ + + container port { + description + "Data for physical port components"; + + container config { + description + "Configuration data for physical port components"; + } + + container state { + config false; + description + "Operational state data for physical port components"; + } + } + +// TODO(aashaikh): transceiver container is already defined in +// openconfig-platform-transceiver; will move to this module +// in future. + /* + container transceiver { + description + "Data for transceiver components"; + + container config { + description + "Configuration data for transceiver components"; + } + + container state { + config false; + description + "Operational state data for transceiver components"; + } + } + */ + + container power-supply { + description + "Data for power supply components"; + + container config { + description + "Configuration data for power supply components"; + } + + container state { + config false; + description + "Operational state data for power supply components"; + } + } + + container fan { + description + "Data for fan components"; + + container config { + description + "Configuration data for fan components"; + } + + container state { + config false; + description + "Operational state data for fan components"; + } + } + + container fabric { + description + "Data for fabric components"; + + container config { + description + "Configuration data for fabric components"; + } + + container state { + config false; + description + "Operational state data for fabric components"; + } + } + + container storage { + description + "Data for storage components"; + + container config { + description + "Configuration data for storage components"; + } + + container state { + config false; + description + "Operational state data for storage components"; + } + } + + container cpu { + description + "Data for cpu components"; + + container config { + description + "Configuration data for cpu components"; + } + + container state { + config false; + description + "Operational state data for cpu components"; + } + } + + container integrated-circuit { + description + "Data for chip components, such as ASIC, NPUs, etc."; + + container config { + description + "Configuration data for chip components"; + } + + container state { + config false; + description + "Operational state data for chip components"; + } + + uses platform-resource-utilization-top; + } + + container backplane { + description + "Data for backplane components"; + + container config { + description + "Configuration data for backplane components"; + } + + container state { + config false; + description + "Operational state data for backplane components"; + } + } + + container software-module { + description + "Data for software module components, i.e., for components + with type=SOFTWARE_MODULE"; + + container config { + description + "Configuration data for software module components"; + } + + container state { + config false; + description + "Operational state data for software module components"; + } + } + + container controller-card { + description + "Data for controller card components, i.e., for components + with type=CONTROLLER_CARD"; + + container config { + description + "Configuration data for controller card components. Note that disabling + power to the primary supervisor should be rejected, and the operator is + required to perform a switchover first."; + } + + container state { + config false; + description + "Operational state data for controller card components"; + } + } + } + + grouping platform-component-top { + description + "Top-level grouping for components in the device inventory"; + + container components { + description + "Enclosing container for the components in the system."; + + list component { + key "name"; + description + "List of components, keyed by component name."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "References the component name"; + } + + container config { + description + "Configuration data for each component"; + + uses platform-component-config; + } + + container state { + + config false; + + description + "Operational state data for each component"; + + uses platform-component-config; + uses platform-component-state; + uses platform-component-temp-state; + uses platform-component-memory-state; + uses platform-component-power-state; + uses platform-component-pcie-state { + when "./type = 'oc-platform-types:STORAGE' or " + + "'oc-platform-types:INTEGRATED_CIRCUIT' or " + + "'oc-platform-types:FRU'"; + } + } + + uses platform-component-properties-top; + uses platform-subcomponent-ref-top; + uses platform-anchors-top; + } + } + } + + + // data definition statements + + uses platform-component-top; + + + // augments + + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/system/openconfig-alarm-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/system/openconfig-alarm-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..c4617b5e6b3dbe07df47799086b93475f36a59e2 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/system/openconfig-alarm-types.yang @@ -0,0 +1,150 @@ +module openconfig-alarm-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/alarms/types"; + + prefix "oc-alarm-types"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines operational state data related to alarms + that the device is reporting. + + This model reuses some data items defined in the draft IETF + YANG Alarm Module: + https://tools.ietf.org/html/draft-vallin-netmod-alarm-module-02 + + Portions of this code were derived from the draft IETF YANG Alarm + Module. Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.2.1"; + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.2.1"; + } + + revision "2018-01-16" { + description + "Moved alarm identities into separate types module"; + reference "0.2.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // identity statements + identity OPENCONFIG_ALARM_TYPE_ID { + description + "Base identity for alarm type ID profiles"; + } + + identity AIS { + base OPENCONFIG_ALARM_TYPE_ID; + description + "Defines an alarm indication signal type of alarm"; + } + + identity EQPT { + base OPENCONFIG_ALARM_TYPE_ID; + description + "Defines an equipment related type of alarm that is specific + to the physical hardware"; + } + + identity LOS { + base OPENCONFIG_ALARM_TYPE_ID; + description + "Defines a loss of signal type of alarm"; + } + + identity OTS { + base OPENCONFIG_ALARM_TYPE_ID; + description + "Defines a optical transport signal type of alarm"; + } + + identity OPENCONFIG_ALARM_SEVERITY { + description + "Base identity for alarm severity profiles. Derived + identities are based on contents of the draft + IETF YANG Alarm Module"; + reference + "IETF YANG Alarm Module: Draft - typedef severity + https://tools.ietf.org/html/draft-vallin-netmod-alarm-module-02"; + + } + + identity UNKNOWN { + base OPENCONFIG_ALARM_SEVERITY; + description + "Indicates that the severity level could not be determined. + This level SHOULD be avoided."; + } + + identity MINOR { + base OPENCONFIG_ALARM_SEVERITY; + description + "Indicates the existence of a non-service affecting fault + condition and that corrective action should be taken in + order to prevent a more serious (for example, service + affecting) fault. Such a severity can be reported, for + example, when the detected alarm condition is not currently + degrading the capacity of the resource"; + } + + identity WARNING { + base OPENCONFIG_ALARM_SEVERITY; + description + "Indicates the detection of a potential or impending service + affecting fault, before any significant effects have been felt. + Action should be taken to further diagnose (if necessary) and + correct the problem in order to prevent it from becoming a more + serious service affecting fault."; + } + + identity MAJOR { + base OPENCONFIG_ALARM_SEVERITY; + description + "Indicates that a service affecting condition has developed + and an urgent corrective action is required. Such a severity + can be reported, for example, when there is a severe + degradation in the capability of the resource and its full + capability must be restored."; + } + + identity CRITICAL { + base OPENCONFIG_ALARM_SEVERITY; + description + "Indicates that a service affecting condition has occurred + and an immediate corrective action is required. Such a + severity can be reported, for example, when a resource becomes + totally out of service and its capability must be restored."; + } + +} \ No newline at end of file diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-inet-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-inet-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..ff74c428763ec0ab07ac2866363ba06a03b022f9 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-inet-types.yang @@ -0,0 +1,485 @@ +module openconfig-inet-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/inet"; + prefix "oc-inet"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of Internet address related + types for use in OpenConfig modules. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.7.0"; + + revision "2024-01-05" { + description + "Change ipv6-address-zoned typedef to conform to W3C standard + regex pattern."; + reference "0.7.0"; + } + + revision "2023-02-06" { + description + "Add ipv6-link-local and ipv6-address-type"; + reference "0.6.0"; + } + + revision "2021-08-17" { + description + "Add ip-address-zoned typedef as a union between ipv4-address-zoned + and ipv6-address-zoned types."; + reference "0.5.0"; + } + + revision "2021-07-14" { + description + "Use auto-generated regex for ipv4 pattern statements: + - ipv4-address + - ipv4-address-zoned + - ipv4-prefix"; + reference "0.4.1"; + } + + revision "2021-01-07" { + description + "Remove module extension oc-ext:regexp-posix by making pattern regexes + conform to RFC7950. + + Types impacted: + - ipv4-address + - ipv4-address-zoned + - ipv6-address + - domain-name"; + reference "0.4.0"; + } + + revision "2020-10-12" { + description + "Fix anchors for domain-name pattern."; + reference "0.3.5"; + } + + revision "2020-06-30" { + description + "Add OpenConfig POSIX pattern extensions and add anchors for domain-name + pattern."; + reference "0.3.4"; + } + + revision "2019-04-25" { + description + "Fix regex bug for ipv6-prefix type"; + reference "0.3.3"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.3.2"; + } + + revision 2017-08-24 { + description + "Minor formatting fixes."; + reference "0.3.1"; + } + + revision 2017-07-06 { + description + "Add domain-name and host typedefs"; + reference "0.3.0"; + } + + revision 2017-04-03 { + description + "Add ip-version typedef."; + reference "0.2.0"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // IPv4 and IPv6 types. + + typedef ipv4-address { + type string { + pattern + '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}'; + oc-ext:posix-pattern + '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3})$'; + } + description + "An IPv4 address in dotted quad notation using the default + zone."; + } + + typedef ipv4-address-zoned { + type string { + pattern + '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(%[a-zA-Z0-9_]+)'; + oc-ext:posix-pattern + '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(%[a-zA-Z0-9_]+))$'; + } + description + "An IPv4 address in dotted quad notation. This type allows + specification of a zone index to disambiguate identical + address values. For link-local addresses, the index is + typically the interface index or interface name."; + } + + typedef ipv6-address { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')'; + oc-ext:posix-pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats, using the default zone."; + } + + typedef ipv6-address-zoned { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')(%[a-zA-Z0-9_]+)'; + oc-ext:posix-pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')(%[a-zA-Z0-9_]+)$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats. This type allows specification of + a zone index to disambiguate identical address values. For + link-local addresses, the index is typically the interface + index or interface name."; + } + + typedef ipv4-prefix { + type string { + pattern + '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}/([0-9]|[12][0-9]|' + + '3[0-2])'; + oc-ext:posix-pattern + '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}/([0-9]|[12][0-9]|' + + '3[0-2]))$'; + } + description + "An IPv4 prefix represented in dotted quad notation followed by + a slash and a CIDR mask (0 <= mask <= 32)."; + } + + typedef ipv6-prefix { + type string { + pattern + '(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])'; + oc-ext:posix-pattern + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$'; + } + description + "An IPv6 prefix represented in full, shortened, or mixed + shortened format followed by a slash and CIDR mask + (0 <= mask <= 128)."; + } + + typedef ip-address { + type union { + type ipv4-address; + type ipv6-address; + } + description + "An IPv4 or IPv6 address with no prefix specified."; + } + + typedef ip-address-zoned { + type union { + type ipv4-address-zoned; + type ipv6-address-zoned; + } + description + "An IPv4 or IPv6 address with no prefix specified and an optional + zone index."; + } + + typedef ip-prefix { + type union { + type ipv4-prefix; + type ipv6-prefix; + } + description + "An IPv4 or IPv6 prefix."; + } + + typedef ip-version { + type enumeration { + enum UNKNOWN { + value 0; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum IPV4 { + value 4; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum IPV6 { + value 6; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + Note that integer representation of the enumerated values + are not specified, and are not required to follow the + InetVersion textual convention in SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + typedef ipv6-address-type { + type enumeration { + enum GLOBAL_UNICAST { + description + "The IPv6 address is a global unicast address type and must be in + the format defined in RFC 4291 section 2.4."; + } + enum LINK_LOCAL_UNICAST { + description + "The IPv6 address is a Link-Local unicast address type and must be + in the format defined in RFC 4291 section 2.4."; + } + } + description + "The value represents the type of IPv6 address"; + reference + "RFC 4291: IP Version 6 Addressing Architecture + section 2.5"; + } + + typedef domain-name { + type string { + length "1..253"; + pattern + '(((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.)'; + oc-ext:posix-pattern + '^(((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.)$'; + } + description + "The domain-name type represents a DNS domain name. + Fully quallified left to the models which utilize this type. + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. It is designed to hold various types of + domain names, including names used for A or AAAA records + (host names) and other records, such as SRV records. Note + that Internet host names have a stricter syntax (described + in RFC 952) than the DNS recommendations in RFCs 1034 and + 1123, and that systems that want to store host names in + schema nodes using the domain-name type are recommended to + adhere to this stricter standard to ensure interoperability. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be encoded in punycode as described in RFC + 3492"; + } + + typedef host { + type union { + type ip-address; + type domain-name; + } + description + "The host type represents either an unzoned IP address or a DNS + domain name."; + } + + typedef as-number { + type uint32; + description + "A numeric identifier for an autonomous system (AS). An AS is a + single domain, under common administrative control, which forms + a unit of routing policy. Autonomous systems can be assigned a + 2-byte identifier, or a 4-byte identifier which may have public + or private scope. Private ASNs are assigned from dedicated + ranges. Public ASNs are assigned from ranges allocated by IANA + to the regional internet registries (RIRs)."; + reference + "RFC 1930 Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271 A Border Gateway Protocol 4 (BGP-4)"; + } + + typedef dscp { + type uint8 { + range "0..63"; + } + description + "A differentiated services code point (DSCP) marking within the + IP header."; + reference + "RFC 2474 Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The IPv6 flow-label is a 20-bit value within the IPv6 header + which is optionally used by the source of the IPv6 packet to + label sets of packets for which special handling may be + required."; + reference + "RFC 2460 Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16; + description + "A 16-bit port number used by a transport protocol such as TCP + or UDP."; + reference + "RFC 768 User Datagram Protocol + RFC 793 Transmission Control Protocol"; + } + + typedef uri { + type string; + description + "An ASCII-encoded Uniform Resource Identifier (URI) as defined + in RFC 3986."; + reference + "RFC 3986 Uniform Resource Identifier (URI): Generic Syntax"; + } + + typedef url { + type string; + description + "An ASCII-encoded Uniform Resource Locator (URL) as defined + in RFC 3986, section 1.1.3"; + reference + "RFC 3986, paragraph 1.1.3"; + } + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..a146b9b7682ecd30521506943aa64fdfcbf67689 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-types.yang @@ -0,0 +1,485 @@ +module openconfig-types { + yang-version "1"; + + namespace "http://openconfig.net/yang/openconfig-types"; + + prefix "oc-types"; + + // import statements + import openconfig-extensions { prefix oc-ext; } + + // meta + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "This module contains a set of general type definitions that + are used across OpenConfig models. It can be imported by modules + that make use of these types."; + + oc-ext:openconfig-version "1.0.0"; + + revision "2024-01-31" { + description + "Add posix-eregexp type and promote model to version 1.0.0."; + reference "1.0.0"; + } + + revision "2019-04-16" { + description + "Clarify definition of timeticks64."; + reference "0.6.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.5.1"; + } + + revision "2018-05-05" { + description + "Add grouping of min-max-time and + included them to all stats with min/max/avg"; + reference "0.5.0"; + } + + revision "2018-01-16" { + description + "Add interval to min/max/avg stats; add percentage stat"; + reference "0.4.0"; + } + + revision "2017-08-16" { + description + "Apply fix for ieetfloat32 length parameter"; + reference "0.3.3"; + } + + revision "2017-01-13" { + description + "Add ADDRESS_FAMILY identity"; + reference "0.3.2"; + } + + revision "2016-11-14" { + description + "Correct length of ieeefloat32"; + reference "0.3.1"; + } + + revision "2016-11-11" { + description + "Additional types - ieeefloat32 and routing-password"; + reference "0.3.0"; + } + + revision "2016-05-31" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + typedef percentage { + type uint8 { + range "0..100"; + } + description + "Integer indicating a percentage value"; + } + + typedef std-regexp { + type string; + description + "This type definition is a placeholder for a standard + definition of a regular expression that can be utilised in + OpenConfig models. Further discussion is required to + consider the type of regular expressions that are to be + supported. An initial proposal is POSIX compatible."; + } + + typedef posix-eregexp { + type string; + description + "This is a string which represents an extended POSIX + regular expression."; + reference "IEEE Std 1003.1-2017"; + } + + typedef timeticks64 { + type uint64; + units "nanoseconds"; + description + "The timeticks64 represents the time, modulo 2^64 in + nanoseconds between two epochs. The leaf using this + type must define the epochs that tests are relative to."; + } + + typedef ieeefloat32 { + type binary { + length "4"; + } + description + "An IEEE 32-bit floating point number. The format of this number + is of the form: + 1-bit sign + 8-bit exponent + 23-bit fraction + The floating point value is calculated using: + (-1)**S * 2**(Exponent-127) * (1+Fraction)"; + } + + typedef routing-password { + type string; + description + "This type is indicative of a password that is used within + a routing protocol which can be returned in plain text to the + NMS by the local system. Such passwords are typically stored + as encrypted strings. Since the encryption used is generally + well known, it is possible to extract the original value from + the string - and hence this format is not considered secure. + Leaves specified with this type should not be modified by + the system, and should be returned to the end-user in plain + text. This type exists to differentiate passwords, which + may be sensitive, from other string leaves. It could, for + example, be used by the NMS to censor this data when + viewed by particular users."; + } + + typedef stat-interval { + type uint64; + units nanoseconds; + description + "A time interval over which a set of statistics is computed. + A common usage is to report the interval over which + avg/min/max stats are computed and reported."; + } + + grouping stat-interval-state { + description + "Reusable leaf definition for stats computation interval"; + + leaf interval { + type oc-types:stat-interval; + description + "If supported by the system, this reports the time interval + over which the min/max/average statistics are computed by + the system."; + } + } + + grouping min-max-time { + description + "Common grouping for recording the absolute time at which + the minimum and maximum values occurred in the statistics"; + + leaf min-time { + type oc-types:timeticks64; + description + "The absolute time at which the minimum value occurred. + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + } + + leaf max-time { + type oc-types:timeticks64; + description + "The absolute time at which the maximum value occurred. + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + } + } + + grouping avg-min-max-stats-precision1 { + description + "Common nodes for recording average, minimum, and + maximum values for a statistic. These values all have + fraction-digits set to 1. Statistics are computed + and reported based on a moving time interval (e.g., the last + 30s). If supported by the device, the time interval over which + the statistics are computed is also reported."; + + leaf avg { + type decimal64 { + fraction-digits 1; + } + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + description + "The minimum value of the statistic over the time + interval."; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + description + "The maximum value of the statitic over the time + interval."; + } + + uses stat-interval-state; + uses min-max-time; + } + + grouping avg-min-max-instant-stats-precision1 { + description + "Common grouping for recording an instantaneous statistic value + in addition to avg-min-max stats"; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + description + "The instantaneous value of the statistic."; + } + + uses avg-min-max-stats-precision1; + } + + grouping avg-min-max-instant-stats-precision2-dB { + description + "Common grouping for recording dB values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics. Statistics are computed + and reported based on a moving time interval (e.g., the last + 30s). If supported by the device, the time interval over which + the statistics are computed, and the times at which the minimum + and maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The minimum value of the statistic over the time interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The maximum value of the statistic over the time + interval."; + } + + uses stat-interval-state; + uses min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-dBm { + description + "Common grouping for recording dBm values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics. Statistics are computed + and reported based on a moving time interval (e.g., the last + 30s). If supported by the device, the time interval over which + the statistics are computed, and the times at which the minimum + and maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The minimum value of the statistic over the time + interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The maximum value of the statistic over the time interval."; + } + + uses stat-interval-state; + uses min-max-time; + } + + grouping avg-min-max-instant-stats-precision2-mA { + description + "Common grouping for recording mA values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics. Statistics are computed + and reported based on a moving time interval (e.g., the last + 30s). If supported by the device, the time interval over which + the statistics are computed, and the times at which the minimum + and maximum values occurred, are also reported."; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The arithmetic mean value of the statistic over the + time interval."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The minimum value of the statistic over the time + interval."; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The maximum value of the statistic over the time + interval."; + } + + uses stat-interval-state; + uses min-max-time; + } + + grouping avg-min-max-instant-stats-pct { + description + "Common grouping for percentage statistics. + Values include the instantaneous, average, + minimum, and maximum statistics. Statistics are computed + and reported based on a moving time interval (e.g., the last + 30s). If supported by the device, the time interval over which + the statistics are computed, and the times at which the minimum + and maximum values occurred, are also reported."; + + leaf instant { + type oc-types:percentage; + description + "The instantaneous percentage value."; + } + + leaf avg { + type oc-types:percentage; + description + "The arithmetic mean value of the percentage measure of the + statistic over the time interval."; + } + + leaf min { + type oc-types:percentage; + description + "The minimum value of the percentage measure of the + statistic over the time interval."; + } + + leaf max { + type oc-types:percentage; + description + "The maximum value of the percentage measure of the + statistic over the time interval."; + } + + uses stat-interval-state; + uses min-max-time; + } + + identity ADDRESS_FAMILY { + description + "A base identity for all address families"; + } + + identity IPV4 { + base ADDRESS_FAMILY; + description + "The IPv4 address family"; + } + + identity IPV6 { + base ADDRESS_FAMILY; + description + "The IPv6 address family"; + } + + identity MPLS { + base ADDRESS_FAMILY; + description + "The MPLS address family"; + } + + identity L2_ETHERNET { + base ADDRESS_FAMILY; + description + "The 802.3 Ethernet address family"; + } + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-yang-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-yang-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..c978cd049c3f3043d84d3b0a9944e77c7f50d3a8 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/types/openconfig-yang-types.yang @@ -0,0 +1,230 @@ +module openconfig-yang-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/yang"; + prefix "oc-yang"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of extension types to the + YANG builtin types that are used across multiple + OpenConfig models. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.3.1"; + + revision "2021-07-14" { + description + "Use auto-generated regex for certain pattern statements: + - dotted-quad + - date-and-time + - date + + For date-and-time, allow lowercase z and t in the pattern."; + reference "0.3.1"; + } + + revision "2021-03-02" { + description + "Fix date-and-time and date's pattern statement, and remove the + regexp-posix extension, which makes pattern statements conform to the + YANG standard."; + reference "0.3.0"; + } + + revision "2020-06-30" { + description + "Add OpenConfig POSIX pattern extensions."; + reference "0.2.2"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "0.2.1"; + } + + revision 2018-04-24 { + description + "Add date typedef"; + reference "0.2.0"; + } + + revision 2017-07-30 { + description + "Fixed unprintable character"; + reference "0.1.2"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + typedef dotted-quad { + type string { + pattern + '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}'; + oc-ext:posix-pattern + '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|' + + '[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3})$'; + } + description + "An unsigned 32-bit integer expressed as a dotted quad. The + format is four octets written as decimal numbers separated + with a period character."; + } + + typedef hex-string { + type string { + pattern '[0-9a-fA-F]*'; + oc-ext:posix-pattern '^[0-9a-fA-F]*$'; + } + description + "A string consisting of a hexadecimal characters."; + } + + typedef counter32 { + type uint32; + description + + "A 32-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When the counter + reaches its maximum value, in this case 2^32-1, it wraps to 0. + + Discontinuities in the counter are generally triggered only when + the counter is reset to zero."; + } + + typedef counter64 { + type uint64; + description + "A 64-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When a counter64 + reaches its maximum value, 2^64-1, it loops to zero. + Discontinuities in a counter are generally triggered only when + the counter is reset to zero, through operator or system + intervention."; + } + + typedef date-and-time { + type string { + pattern + '[0-9]{4}\-(0[1-9]|1[0-2])\-(0[1-9]|[12][0-9]|3[01])[Tt](0[0-9]|' + + '1[0-9]|2[0-3]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9]|' + + '60)(\.[0-9]+)?([Zz]|([+-](0[0-9]|1[0-9]|2[0-3]):(0[0-9]|' + + '[1-5][0-9])))'; + oc-ext:posix-pattern + '^([0-9]{4}\-(0[1-9]|1[0-2])\-(0[1-9]|[12][0-9]|3[01])[Tt](0[0-9]|' + + '1[0-9]|2[0-3]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9]|' + + '60)(\.[0-9]+)?([Zz]|([+-](0[0-9]|1[0-9]|2[0-3]):(0[0-9]|' + + '[1-5][0-9]))))$'; + } + description + "A date and time, expressed in the format described in RFC3339. + That is to say: + + YYYY-MM-DDTHH:MM:SSZ+-hh:mm + + where YYYY is the year, MM is the month expressed as a two-digit + month (zero padding if required), DD is the day of the month, + expressed as a two digit value. T is the literal character 'T', + HH is the hour of the day expressed as a two digit number, using + the 24-hour clock, MM is the minute of the hour expressed as a + two digit number. Z is the literal character 'Z', followed by a + timezone offset expressed in hours (hh) and minutes (mm), both + expressed as two digit numbers. The time offset is specified as + a positive or negative offset to UTC using the '+' or '-' + character preceding the offset. + + Optionally, fractional seconds can be expressed after the minute + of the hour as a decimal number of unspecified precision + reflecting fractions of a second."; + reference + "RFC3339 - Date and Time on the Internet: Timestamps"; + } + + typedef date { + type string { + pattern + '[0-9]{4}\-(0[1-9]|1[0-2])\-(0[1-9]|[12][0-9]|3[01])'; + oc-ext:posix-pattern + '^([0-9]{4}\-(0[1-9]|1[0-2])\-(0[1-9]|[12][0-9]|3[01]))$'; + } + description + "A full UTC date, expressed in the format described in RFC3339. + That is to say: + + YYYY-MM-DD + + where YYYY is the year, MM is the month expressed as a two-digit + month (zero padding if required), DD is the day of the month, + expressed as a two digit value."; + + reference + "RFC3339 - Date and Time on the Internet: full-date"; + } + + typedef gauge64 { + type uint64; + description + "A gauge value may increase or decrease - and reflects a value + at a particular point in time. If the value of the variable + being modeled using the gauge exceeds its maximum - 2^64-1 in + this case - the gauge is set to its maximum value."; + } + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + oc-ext:posix-pattern '^([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?$'; + } + description + "A physical layer address, expressed as a series of pairs of + hexadecimal digits."; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + oc-ext:posix-pattern '^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'; + } + description + "An IEEE 802 MAC address"; + } +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan-types.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan-types.yang new file mode 100644 index 0000000000000000000000000000000000000000..09af39887c820af15e92ef237025cb1997b5b537 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan-types.yang @@ -0,0 +1,283 @@ +module openconfig-vlan-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/vlan-types"; + + prefix "oc-vlan-types"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "This module defines configuration and state variables for VLANs, + in addition to VLAN parameters associated with interfaces"; + + oc-ext:openconfig-version "3.2.0"; + + revision "2022-05-24" { + description + "Remove module extension oc-ext:regexp-posix by making pattern regexes + conform to RFC6020/7950. + + Types impacted: + - vlan-range + - qinq-id + - qinq-id-range"; + reference "3.2.0"; + } + + revision "2020-06-30" { + description + "Add OpenConfig POSIX pattern extensions."; + reference "3.1.1"; + } + + revision "2019-01-31" { + description + "Add TPID_ANY wildcard match and a QinQ list type."; + reference "3.1.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "3.0.1"; + } + + revision "2018-02-14" { + description + "Fix bug with name of 802.1ad identity."; + reference "3.0.0"; + } + + revision "2017-07-14" { + description + "Move top-level vlan data to network-instance; Update + identities to comply to style guide; fixed pattern + quoting; corrected trunk vlan types; added TPID config to + base interface."; + reference "2.0.0"; + } + + revision "2016-05-26" { + description + "OpenConfig public release"; + reference "1.0.2"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // extension statements + + // feature statements + + // identity statements + + identity TPID_TYPES { + description + "Base identity for TPID values that can be matched or that override + the VLAN ethertype value"; + } + + identity TPID_0X8100 { + base TPID_TYPES; + description + "Default TPID value for 802.1q single-tagged VLANs."; + } + + identity TPID_0X88A8 { + base TPID_TYPES; + description + "TPID value for 802.1ad provider bridging, QinQ or + stacked VLANs."; + } + + identity TPID_0X9100 { + base TPID_TYPES; + description + "Alternate TPID value."; + } + + identity TPID_0X9200 { + base TPID_TYPES; + description + "Alternate TPID value."; + } + + identity TPID_ANY { + base TPID_TYPES; + description + "A wildcard that matches any of the generally used TPID values + for singly- or multiply-tagged VLANs. Equivalent to matching + any of TPID_0X8100, TPID_0X88A8, TPID_0X9100 and TPID_0x9200. + This value is only applicable where the TPID of a packet is + being matched."; + } + + // typedef statements + + // TODO: typedefs should be defined in a vlan-types.yang file. + typedef vlan-id { + type uint16 { + range 1..4094; + } + description + "Type definition representing a single-tagged VLAN"; + } + + typedef vlan-range { + type string { + // range specified as [lower]..[upper] + pattern '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.(409[0-4]|' + + '40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{1,2}|' + + '[1-9])'; + oc-ext:posix-pattern '^(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.(409[0-4]|' + + '40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{1,2}|' + + '[1-9])$'; + } + description + "Type definition representing a range of single-tagged + VLANs. A range is specified as x..y where x and y are + valid VLAN IDs (1 <= vlan-id <= 4094). The range is + assumed to be inclusive, such that any VLAN-ID matching + x <= VLAN-ID <= y falls within the range."; + } + + typedef qinq-id { + type string { + pattern + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.' + + '((409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])|\*)'; + oc-ext:posix-pattern + '^(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.' + + '((409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])|\*)$'; + } + description + "Type definition representing a single double-tagged/QinQ VLAN + identifier. The format of a QinQ VLAN-ID is x.y where X is the + 'outer' VLAN identifier, and y is the 'inner' VLAN identifier. + Both x and y must be valid VLAN IDs (1 <= vlan-id <= 4094) + with the exception that y may be equal to a wildcard (*). In + cases where y is set to the wildcard, this represents all inner + VLAN identifiers where the outer VLAN identifier is equal to + x."; + } + + typedef qinq-id-range { + type union { + type string { + // match cases where the range is specified as x..y.z + pattern + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.' + + '((409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])|\*)'; + oc-ext:posix-pattern + '^(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.' + + '((409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])|\*)$'; + } + type string { + // match cases where the range is specified as x.y..z + pattern + '(\*|(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9]))\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])'; + oc-ext:posix-pattern + '^(\*|(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9]))\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])\.\.' + + '(409[0-4]|40[0-8][0-9]|[1-3][0-9]{3}|' + + '[1-9][0-9]{1,2}|[1-9])$'; + } + } + description + "A type definition representing a range of double-tagged/QinQ + VLAN identifiers. The format of a QinQ VLAN-ID range can be + specified in two formats. Where the range is outer VLAN IDs + the range is specified as x..y.z. In this case outer VLAN + identifiers meeting the criteria x <= outer-vlan-id <= y are + accepted if and only if the inner VLAN-ID is equal to y - or + any inner-tag if the wildcard is specified. Alternatively the + ange can be specified as x.y..z. In this case only VLANs with an + outer-vlan-id qual to x are accepted (x may again be the + wildcard). Inner VLANs are accepted if they meet the inequality + y <= inner-vlan-id <= z."; + } + + typedef vlan-mode-type { + type enumeration { + enum ACCESS { + description "Access mode VLAN interface (No 802.1q header)"; + } + enum TRUNK { + description "Trunk mode VLAN interface"; + } + } + description + "VLAN interface mode (trunk or access)"; + } + + typedef vlan-ref { + type union { + type vlan-id; + type string; + // TODO: string should be changed to leafref to reference + // an existing VLAN. this is not allowed in YANG 1.0 but + // is expected to be in YANG 1.1. + // type leafref { + // path "vlan:vlans/vlan:vlan/vlan:config/vlan:name"; + // } + } + description + "Reference to a VLAN by name or id"; + } + + typedef vlan-stack-action { + type enumeration { + enum PUSH { + description + "Push a VLAN onto the VLAN stack."; + } + enum POP { + description + "Pop a VLAN from the VLAN stack."; + } + enum SWAP { + description + "Swap the VLAN at the top of the VLAN stack."; + } + // TODO: add push-push, pop-pop, push-swap etc + } + description + "Operations that can be performed on a VLAN stack."; + } + + +} diff --git a/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan.yang b/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan.yang new file mode 100644 index 0000000000000000000000000000000000000000..905d4815026574a2813d14f977c2b328bdd13cc0 --- /dev/null +++ b/src/tests/tools/firewall_agent/docs/yang/openconfig/vlan/openconfig-vlan.yang @@ -0,0 +1,1001 @@ +module openconfig-vlan { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/vlan"; + + prefix "oc-vlan"; + + // import some basic types + import openconfig-vlan-types { prefix oc-vlan-types; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-if-ethernet { prefix oc-eth; } + import openconfig-if-aggregate { prefix oc-lag; } + import iana-if-type { prefix ianaift; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "This module defines configuration and state variables for VLANs, + in addition to VLAN parameters associated with interfaces"; + + oc-ext:openconfig-version "3.2.2"; + + revision "2023-02-07" { + description + "Remove prefix from enums in when statements"; + reference "3.2.2"; + } + + revision "2021-07-28" { + description + "Add prefix to qualify when statements"; + reference "3.2.1"; + } + + revision "2019-04-16" { + description + "Update import prefix for iana-if-type module"; + reference "3.2.0"; + } + + revision "2019-01-31" { + description + "Revise QinQ matching and add input/output VLAN stack operations."; + reference "3.1.0"; + } + + revision "2018-11-21" { + description + "Add OpenConfig module metadata extensions."; + reference "3.0.2"; + } + + revision "2018-06-05" { + description + "Fix bugs in when statements."; + reference "3.0.1"; + } + + revision "2018-02-14" { + description + "Fix bug with name of 802.1ad identity."; + reference "3.0.0"; + } + + revision "2017-07-14" { + description + "Move top-level vlan data to network-instance; Update + identities to comply to style guide; fixed pattern + quoting; corrected trunk vlan types; added TPID config to + base interface."; + reference "2.0.0"; + } + + revision "2016-05-26" { + description + "OpenConfig public release"; + reference "1.0.2"; + } + + // OpenConfig specific extensions for module metadata. + oc-ext:regexp-posix; + oc-ext:catalog-organization "openconfig"; + oc-ext:origin "openconfig"; + + // grouping statements + + grouping vlan-config { + description "VLAN configuration container."; + + leaf vlan-id { + type oc-vlan-types:vlan-id; + description "Interface VLAN id."; + } + + leaf name { + type string; + description "Interface VLAN name."; + } + + leaf status { + type enumeration { + enum ACTIVE { + description "VLAN is active"; + } + enum SUSPENDED { + description "VLAN is inactive / suspended"; + } + } + default ACTIVE; + description "Admin state of the VLAN"; + } + + } + + grouping vlan-state { + description "State variables for VLANs"; + + // placeholder + + } + + grouping vlan-tpid-config { + description + "TPID configuration for dot1q-enabled interfaces"; + + leaf tpid { + type identityref { + base oc-vlan-types:TPID_TYPES; + } + default oc-vlan-types:TPID_0X8100; + description + "Optionally set the tag protocol identifier field (TPID) that + is accepted on the VLAN"; + } + } + + grouping vlan-tpid-state { + description + "TPID opstate for dot1q-enabled interfaces"; + + // placeholder + + } + + grouping vlan-members-state { + description + "List of interfaces / subinterfaces belonging to the VLAN."; + + container members { + description + "Enclosing container for list of member interfaces"; + + list member { + config false; + description + "List of references to interfaces / subinterfaces + associated with the VLAN."; + + uses oc-if:base-interface-ref-state; + } + } + } + + grouping vlan-switched-config { + description + "VLAN related configuration that is part of the physical + Ethernet interface."; + + leaf interface-mode { + type oc-vlan-types:vlan-mode-type; + description + "Set the interface to access or trunk mode for + VLANs"; + } + + leaf native-vlan { + when "../interface-mode = 'TRUNK'" { + description + "Native VLAN is valid for trunk mode interfaces"; + } + type oc-vlan-types:vlan-id; + description + "Set the native VLAN id for untagged frames arriving on + a trunk interface. Tagged frames sent on an interface + configured with a native VLAN should have their tags + stripped prior to transmission. This configuration is only + valid on a trunk interface."; + } + + leaf access-vlan { + when "../interface-mode = 'ACCESS'" { + description + "Access VLAN assigned to the interfaces"; + } + type oc-vlan-types:vlan-id; + description + "Assign the access vlan to the access port."; + } + + leaf-list trunk-vlans { + when "../interface-mode = 'TRUNK'" { + description + "Allowed VLANs may be specified for trunk mode + interfaces."; + } + type union { + type oc-vlan-types:vlan-id; + type oc-vlan-types:vlan-range; + } + description + "Specify VLANs, or ranges thereof, that the interface may + carry when in trunk mode. If not specified, all VLANs are + allowed on the interface. Ranges are specified in the form + x..y, where x NFTables: + nft = NFTables() + nft.load(FamilyEnum.IPV4, TableEnum.FILTER) + + tables_to_remove : Set[Tuple[FamilyEnum, TableEnum]] = set() + for table_key, table in nft.tables.items(): + + chains_to_remove : Set[str] = set() + for chain_name, chain in table.chains.items(): + + for rule in reversed(chain.rules): + if rule.comment == rule_comment: continue + chain.rules.remove(rule) # not a rule of interest + + if len(chain.rules) > 0: continue + chains_to_remove.add(chain_name) + + for chain_name in chains_to_remove: + table.chains.pop(chain_name) + + if len(nft.tables) > 0: continue + tables_to_remove.add(table_key) + + for table_key in tables_to_remove: + nft.tables.pop(table_key) + + return nft + + +class ACL(Resource): + def get(self, name : str): + nft = load_nftables_by_rule_comment(name) + return nft.to_openconfig(), 200 + + def delete(self, name : str): + nft = load_nftables_by_rule_comment(name) + nft.execute(removal=True, verbose=True) + return {}, 204 + + +def register_restconf_openconfig_acls(api : Api): + api.add_resource(ACLs, BASE_URL_ROOT) + api.add_resource(ACL, BASE_URL_ITEM) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/AclRuleToInterfaceDirection.py b/src/tests/tools/firewall_agent/firewall_agent/resources/AclRuleToInterfaceDirection.py new file mode 100644 index 0000000000000000000000000000000000000000..6f2668fd06ed41613775846cc728c89d02abe70d --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/AclRuleToInterfaceDirection.py @@ -0,0 +1,98 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from typing import Dict, List, Tuple +from .nft_model.DirectionEnum import DirectionEnum +from .nft_model.FamilyEnum import FamilyEnum +from .nft_model.NFTables import NFTables +from .nft_model.TableEnum import TableEnum + + +TYPE_ACL_RULE_SEQ_ID = Tuple[str, int] +TYPE_IFACE_DIRECTION = Tuple[str, DirectionEnum] +TYPE_IFACE_DIRECTIONS = List[TYPE_IFACE_DIRECTION] +TYPE_ACL_RULE_TO_IF_DIR = Dict[TYPE_ACL_RULE_SEQ_ID, TYPE_IFACE_DIRECTIONS] + + +CHAIN_NAME_PREROUTING = 'PREROUTING' +CHAIN_NAME_INPUT = 'INPUT' +CHAIN_NAME_FORWARD = 'FORWARD' +CHAIN_NAME_OUTPUT = 'OUTPUT' +CHAIN_NAME_POSTROUTING = 'POSTROUTING' + +CHAINS_INPUT = [ + CHAIN_NAME_PREROUTING, CHAIN_NAME_INPUT, CHAIN_NAME_FORWARD +] +CHAINS_OUTPUT = [ + CHAIN_NAME_FORWARD, CHAIN_NAME_OUTPUT, CHAIN_NAME_POSTROUTING +] +CHAINS_ALL = [ + CHAIN_NAME_PREROUTING, CHAIN_NAME_INPUT, CHAIN_NAME_FORWARD, + CHAIN_NAME_OUTPUT, CHAIN_NAME_POSTROUTING +] + + +def get_family_from_acl_set_type(acl_set_type : str) -> FamilyEnum: + return { + 'ACL_IPV4' : FamilyEnum.IPV4, + 'ACL_IPV6' : FamilyEnum.IPV6, + }[acl_set_type] + + +class AclRuleToInterfaceDirection: + def __init__(self, nft : NFTables): + self._nft = nft + self._acl_rule_to_iface_direction : TYPE_ACL_RULE_TO_IF_DIR = dict() + + def create_nft_chains_in_table(self, acl_set_type : str, chain_names : List[str]) -> None: + family = get_family_from_acl_set_type(acl_set_type) + table = self._nft.get_or_create_table(family, TableEnum.FILTER) + for chain_name in chain_names: + table.get_or_create_chain(chain_name) + + def add_acl_set(self, if_name : str, acl_set : Dict, direction : DirectionEnum) -> None: + acl_set_name = acl_set['config']['set-name'] + acl_set_type = acl_set['config']['type'] + + if direction == DirectionEnum.INGRESS: + self.create_nft_chains_in_table(acl_set_type, CHAINS_INPUT) + elif direction == DirectionEnum.EGRESS: + self.create_nft_chains_in_table(acl_set_type, CHAINS_OUTPUT) + else: + self.create_nft_chains_in_table(acl_set_type, CHAINS_ALL) + + for acl_set_entry in acl_set['acl-entries']['acl-entry']: + sequence_id = int(acl_set_entry['sequence-id']) + key = (acl_set_name, sequence_id) + if_dir_list = self._acl_rule_to_iface_direction.setdefault(key, list()) + if_dir_list.append((if_name, direction)) + + def add_interface(self, interface : Dict) -> None: + if_name = interface['config']['id'] + for direction in [DirectionEnum.INGRESS, DirectionEnum.EGRESS]: + direction_value = direction.value + acl_sets_obj = interface.get(f'{direction_value}-acl-sets', dict()) + acl_sets_lst = acl_sets_obj.get(f'{direction_value}-acl-set', list()) + for acl_set in acl_sets_lst: + self.add_acl_set(if_name, acl_set, DirectionEnum.INGRESS) + + def add_interfaces(self, interfaces : List[Dict]) -> None: + for interface in interfaces: + self.add_interface(interface) + + def get_interfaces_directions( + self, acl_set_name : str, sequence_id : int + ) -> TYPE_IFACE_DIRECTIONS: + return self._acl_rule_to_iface_direction.get((acl_set_name, sequence_id), []) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/Components.py b/src/tests/tools/firewall_agent/firewall_agent/resources/Components.py new file mode 100644 index 0000000000000000000000000000000000000000..a00f6d54e7c59005fbf4a8cdb7b4a07c7553ae1b --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/Components.py @@ -0,0 +1,40 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import netifaces +from flask_restful import Api, Resource + +BASE_URL = '/restconf/data/openconfig-platform:components' + +class Components(Resource): + def get(self): + # Build components list from interface names, reporting only PORT type + comps = list() + if_names = netifaces.interfaces() + for if_name in if_names: + comp = { + 'name': if_name, + 'config': {'name': if_name}, + 'state': { + 'name': if_name, + 'type': 'openconfig-platform-types:PORT', + 'empty': False + }, + } + comps.append(comp) + return {'openconfig-platform:components': {'component': comps}}, 200 + +def register_restconf_openconfig_components(api : Api): + api.add_resource(Components, BASE_URL) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/HostMeta.py b/src/tests/tools/firewall_agent/firewall_agent/resources/HostMeta.py new file mode 100644 index 0000000000000000000000000000000000000000..1ef52084bd97cb7cbe15e9b28b9c4619f5d4a9b0 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/HostMeta.py @@ -0,0 +1,25 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from flask_restful import Api, Resource + +BASE_URL = '/.well-known/host-meta' + +class HostMeta(Resource): + def get(self): + return {'links': [{'rel': 'restconf', 'href': '/restconf/data'}]}, 200 + +def register_host_meta(api : Api): + api.add_resource(HostMeta, BASE_URL) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/Interfaces.py b/src/tests/tools/firewall_agent/firewall_agent/resources/Interfaces.py new file mode 100644 index 0000000000000000000000000000000000000000..4c8d9e307bd1f69d60212fa87af5fdfee7a1fdc8 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/Interfaces.py @@ -0,0 +1,89 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import copy, ipaddress, netifaces +from flask_restful import Api, Resource + +BASE_URL = '/restconf/data/openconfig-interfaces:interfaces' + +class Interfaces(Resource): + def get(self): + if_list = list() + for if_name in netifaces.interfaces(): + if if_name.startswith('lo'): + if_type = 'iana-if-type:softwareLoopback' + else: + if_type = 'iana-if-type:ethernetCsmacd' + + if_config = {'name': if_name, 'type': if_type, 'enabled': True} + if_state = copy.deepcopy(if_config) + if_state.update({'admin-status': 'UP', 'oper-status': 'UP'}) + if_data = {'name': if_name, 'config': if_config, 'state': if_state} + if_list.append(if_data) + + sif_index = 1 + sif_config = {'index': sif_index, 'enabled': True} + sif_state = copy.deepcopy(sif_config) + sif_state.update({'admin-status': 'UP', 'oper-status': 'UP'}) + sif_data = {'index': sif_index, 'config': sif_config, 'state': sif_state} + sifs = {'subinterface': [sif_data]} + if_data['subinterfaces'] = sifs + + if_addresses = netifaces.ifaddresses(if_name) + + # MAC + link_addresses = if_addresses.get(netifaces.AF_LINK, list()) + if not if_name.startswith('lo') and len(link_addresses) > 0: + mac_address = link_addresses[0].get('addr') + eth_config = {'mac-address': mac_address} + eth_state = copy.deepcopy(eth_config) + eth_state.update({'hw-mac-address': mac_address}) + eth_data = {'config': eth_config, 'state': eth_state} + if_data['openconfig-if-ethernet:ethernet'] = eth_data + + # IPv4 + ipv4_addresses = if_addresses.get(netifaces.AF_INET, list()) + oc_addrs = list() + for ipv4_address in ipv4_addresses: + address = ipv4_address['addr'] + netmask = ipv4_address['netmask'] + ipv4n = ipaddress.ip_network(f'{address}/{netmask}', strict=False) + prefix_len = ipv4n.prefixlen + addr_config = {'ip': address, 'prefix-length': prefix_len} + addr_state = copy.deepcopy(addr_config) + ipv4_addr_data = {'ip': address, 'config': addr_config, 'state': addr_state} + oc_addrs.append(ipv4_addr_data) + if len(oc_addrs) > 0: + sif_data['openconfig-if-ip:ipv4'] = {'addresses': {'address': oc_addrs}} + + # IPv6 + ipv6_addresses = if_addresses.get(netifaces.AF_INET6, list()) + oc_addrs = list() + for ipv6_address in ipv6_addresses: + address = ipv6_address['addr'] + netmask = ipv6_address['netmask'] + ipv6n = ipaddress.ip_network(netmask, strict=False) + prefix_len = ipv6n.prefixlen + addr_config = {'ip': address, 'prefix-length': prefix_len} + addr_state = copy.deepcopy(addr_config) + ipv6_addr_data = {'ip': address, 'config': addr_config, 'state': addr_state} + oc_addrs.append(ipv6_addr_data) + if len(oc_addrs) > 0: + sif_data['openconfig-if-ip:ipv6'] = {'addresses': {'address': oc_addrs}} + + return {'openconfig-interfaces:interfaces': {'interface': if_list}}, 200 + +def register_restconf_openconfig_interfaces(api : Api): + api.add_resource(Interfaces, BASE_URL) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/Root.py b/src/tests/tools/firewall_agent/firewall_agent/resources/Root.py new file mode 100644 index 0000000000000000000000000000000000000000..951a3c888547ce622f2b4576880a43b5347cb52c --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/Root.py @@ -0,0 +1,25 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from flask_restful import Api, Resource + +BASE_URL = '/restconf/data' + +class Root(Resource): + def get(self): + return {'restconf': {'data': {}}}, 200 + +def register_restconf_root(api : Api): + api.add_resource(Root, BASE_URL) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/__init__.py b/src/tests/tools/firewall_agent/firewall_agent/resources/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..3ccc21c7db78aac26daa1f8c5ff8e1ffd3f35460 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/__init__.py @@ -0,0 +1,14 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ActionEnum.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ActionEnum.py new file mode 100644 index 0000000000000000000000000000000000000000..6db7d15e01bbe3abc850f0f9eb4b37b10cd130d4 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ActionEnum.py @@ -0,0 +1,24 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum + +class ActionEnum(enum.Enum): + ACCEPT = 'accept' + DROP = 'drop' + REJECT = 'reject' + +def get_action_from_str(action : str) -> ActionEnum: + return ActionEnum._value2member_map_[action] diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Chain.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Chain.py new file mode 100644 index 0000000000000000000000000000000000000000..3cd0ff76947ac6842f876f8d4d96e73424bb4634 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Chain.py @@ -0,0 +1,143 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Set, Tuple +from .ActionEnum import ActionEnum +from .DirectionEnum import DirectionEnum +from .FamilyEnum import FamilyEnum +from .TableEnum import TableEnum +from .Rule import Rule + + +class ChainPriorityEnum(enum.IntEnum): + RAW = -300 + MANGLE = -150 + FILTER = 0 + +@dataclass +class Chain: + family : FamilyEnum + table : TableEnum + chain : str + handle : Optional[int ] = None + type : Optional[str ] = None + hook : Optional[str ] = None + prio : Optional[int ] = None + policy : Optional[ActionEnum] = None + rules : List[Rule] = field(default_factory=list) + + @classmethod + def from_manual( + cls, family : FamilyEnum, table : TableEnum, name : str, + handle : Optional[int] = None, type_ : Optional[str] = None, + hook : Optional[str] = None, prio : int = ChainPriorityEnum.RAW.value, + policy : ActionEnum = ActionEnum.ACCEPT + ) -> 'Chain': + chain : 'Chain' = cls(family, table, name) + chain.handle = handle + if type_ is None: chain.type = str(table.value).lower() + if hook is None: chain.hook = str(name).lower() + chain.prio = prio + chain.policy = policy.value + return chain + + @classmethod + def from_nft_entry( + cls, family : FamilyEnum, table : TableEnum, entry : Dict + ) -> 'Chain': + name : str = entry['name'] + chain : 'Chain' = cls(family, table, name) + chain.handle = entry['handle'] + chain.type = entry.get('type', table.value.lower()) + chain.hook = entry.get('hook', name.lower()) + chain.prio = entry.get('prio', ChainPriorityEnum.FILTER.value) + chain.policy = entry.get('policy', ActionEnum.ACCEPT.value) + return chain + + def add_rule(self, entry : Dict) -> None: + rule = Rule.from_nft_entry(self.family, self.table, self.chain, entry) + if rule is None: return + self.rules.append(rule) + + def to_openconfig(self) -> Tuple[Optional[Dict], Dict]: + acl_set_name = f'{self.family.value}-{self.table.value}-{self.chain}' + acl_set_type = { + FamilyEnum.IPV4 : 'ACL_IPV4', + FamilyEnum.IPV6 : 'ACL_IPV6', + }.get(self.family) + + acl_set_entries : List[Dict] = list() + interfaces : Dict[str, Dict[DirectionEnum, Set[int]]] = dict() + + for sequence_id, rule in enumerate(self.rules, start=1): + acl_entry, rule_interfaces = rule.to_openconfig(sequence_id) + acl_set_entries.append(acl_entry) + + for if_name, direction_sequence_ids in rule_interfaces.items(): + interface : Dict = interfaces.setdefault(if_name, dict()) + for direction, sequence_ids in direction_sequence_ids.items(): + if_dir_sequence_ids : Set = interface.setdefault(direction, set()) + if_dir_sequence_ids.update(sequence_ids) + + + if len(acl_set_entries) > 0: + acl_set = { + 'name': acl_set_name, + 'type': acl_set_type, + 'config': {'name': acl_set_name, 'type': acl_set_type}, + 'state': {'name': acl_set_name, 'type': acl_set_type}, + 'acl-entries': {'acl-entry': acl_set_entries} + } + else: + acl_set = None + return acl_set, interfaces + + def dump(self) -> List[Dict]: + chain = {'family': self.family.value, 'table': self.table.value, 'name': self.chain} + if self.handle is not None: chain['handle'] = self.handle + + entries : List[str] = list() + entries.append({'chain': chain}) + for rule in self.rules: entries.extend(rule.dump()) + return entries + + def get_commands(self, removal : bool = False) -> List[Tuple[int, str]]: + commands : List[Tuple[int, str]] = list() + + if removal: + # NOTE: For now, do not remove chains. We do not process all kinds of + # chains and their removal might cause side effects on NFTables. + pass + elif self.handle is not None: + # NOTE: Chain was already there, do not modify it + pass + else: + parts = [ + 'add', 'chain', self.family.value, self.table.value, self.chain, + '{', + 'type', self.type, 'hook', self.hook, 'priority', str(self.prio), ';', + 'policy', self.policy, ';', + '}' + ] + commands.append((-1, ' '.join(parts))) + + for rule in self.rules: + rule_cmd = rule.get_command(removal=removal) + if rule_cmd is None: continue + commands.append(rule_cmd) + + return commands diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/DirectionEnum.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/DirectionEnum.py new file mode 100644 index 0000000000000000000000000000000000000000..dec3813dc435c39962a14b43216a1e4a3cda5038 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/DirectionEnum.py @@ -0,0 +1,23 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum + +class DirectionEnum(enum.Enum): + INGRESS = 'ingress' + EGRESS = 'egress' + +def get_direction_from_str(direction : str) -> DirectionEnum: + return DirectionEnum._value2member_map_[direction] diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Exceptions.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Exceptions.py new file mode 100644 index 0000000000000000000000000000000000000000..17bb3441e6b49944c1524babad1c42b6c576448c --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Exceptions.py @@ -0,0 +1,91 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from typing import Dict, Optional +from .FamilyEnum import FamilyEnum +from .TableEnum import TableEnum + + +class InvalidArgumentException(Exception): + def __init__( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None + ) -> None: + super().__init__( + f'Invalid combination of parameters: ' + f'family={str(family)} table={str(table)} chain={str(chain)}' + ) + +class RuntimeException(Exception): + def __init__(self, rc : int, output : str, error : str) -> None: + super().__init__( + f'nft command failed: ' + f'rc={str(rc)} output={str(output)} error={str(error)}' + ) + +class MalformedOutputException(Exception): + def __init__(self, reason : str, command : str, output : str) -> None: + super().__init__( + f'nft command malformed output: ' + f'reason={str(reason)} command={str(command)} output={str(output)}' + ) + +class UnsupportedElementException(Exception): + def __init__( + self, element : str, value : str, extra : Optional[str] = None + ) -> None: + msg = f'Unsupported: element={str(element)} value={str(value)}' + if extra is not None: msg += f' {str(extra)}' + super().__init__(msg) + +class MissingFieldException(Exception): + def __init__(self, field_name : str, objekt : Dict) -> None: + super().__init__( + f'Missing Field: name={str(field_name)} object={str(objekt)}' + ) + +class AlreadyExistsTableException(Exception): + def __init__( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None + ) -> None: + super().__init__( + f'Already Exists Table: family={str(family)} table={str(table)}' + ) + +class MissingTableException(Exception): + def __init__( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None + ) -> None: + super().__init__( + f'Missing Table: family={str(family)} table={str(table)}' + ) + +class AlreadyExistsChainException(Exception): + def __init__( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None + ) -> None: + super().__init__( + f'Already Exists Chain: family={str(family)} table={str(table)} chain={str(chain)}' + ) + +class MissingChainException(Exception): + def __init__( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None + ) -> None: + super().__init__( + f'Missing Chain: family={str(family)} table={str(table)} chain={str(chain)}' + ) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/FamilyEnum.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/FamilyEnum.py new file mode 100644 index 0000000000000000000000000000000000000000..f0e2a933ad5846da52d80de18a7f2f1da9d0d9fa --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/FamilyEnum.py @@ -0,0 +1,27 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum + +class FamilyEnum(enum.Enum): + IPV4 = 'ip' # IPv4 address family. + IPV6 = 'ip6' # IPv6 address family. + INET = 'inet' # Internet (IPv4/IPv6) address family. + ARP = 'arp' # ARP address family, handling IPv4 ARP packets. + BRIDGE = 'bridge' # Bridge address family, handling packets which traverse a bridge device. + NETDEV = 'netdev' # Netdev address family, handling packets on ingress and egress. + +def get_family_from_str(family : str) -> FamilyEnum: + return FamilyEnum._value2member_map_[family] diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTables.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTables.py new file mode 100644 index 0000000000000000000000000000000000000000..7c3aea14bc9927ded3067f3501866d6b099c287d --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTables.py @@ -0,0 +1,162 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import logging +from dataclasses import dataclass, field +import operator +from typing import Dict, List, Optional, Set, Tuple +from .DirectionEnum import DirectionEnum +from .Exceptions import UnsupportedElementException +from .FamilyEnum import FamilyEnum, get_family_from_str +from .NFTablesCommand import NFTablesCommand +from .Rule import Rule +from .Table import Table +from .TableEnum import TableEnum, get_table_from_str + + +LOGGER = logging.getLogger(__name__) + + +@dataclass +class NFTables: + tables : Dict[Tuple[FamilyEnum, TableEnum], Table] = field(default_factory=dict) + + def load( + self, family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None, skip_rules : bool = False + ) -> None: + entries = NFTablesCommand.list(family=family, table=table, chain=chain) + for entry in entries: self.parse_entry(entry, skip_rules=skip_rules) + + def get_or_create_table(self, family : FamilyEnum, table : TableEnum) -> Table: + return self.tables.setdefault((family, table), Table(family, table)) + + def parse_entry(self, entry : Dict, skip_rules : bool = False) -> None: + entry_fields = set(entry.keys()) + if len(entry_fields) != 1: raise UnsupportedElementException('entry', entry) + entry_type = entry_fields.pop() + if entry_type in {'metainfo'}: + return # skipping unneeded entry + elif entry_type in {'table'}: + self.parse_entry_table(entry['table']) + elif entry_type in {'chain'}: + self.parse_entry_chain(entry['chain']) + elif entry_type in {'rule'}: + if skip_rules: return + self.parse_entry_rule(entry['rule']) + else: + raise UnsupportedElementException('entry', entry) + + def parse_entry_table(self, entry : Dict) -> None: + family = get_family_from_str(entry['family']) + if family not in {FamilyEnum.IPV4, FamilyEnum.IPV6}: return + table = get_table_from_str(entry['name']) + if table not in {TableEnum.FILTER}: return + table_obj = self.get_or_create_table(family, table) + table_obj.handle = entry['handle'] + + def parse_entry_chain(self, entry : Dict) -> None: + family = get_family_from_str(entry.pop('family')) + if family not in {FamilyEnum.IPV4, FamilyEnum.IPV6}: return + table = get_table_from_str(entry.pop('table')) + if table not in {TableEnum.FILTER}: return + self.get_or_create_table(family, table).add_chain_by_entry(entry) + + def parse_entry_rule(self, entry : Dict) -> None: + family = get_family_from_str(entry.pop('family')) + if family not in {FamilyEnum.IPV4, FamilyEnum.IPV6}: return + table = get_table_from_str(entry.pop('table')) + if table not in {TableEnum.FILTER}: return + self.get_or_create_table(family, table).add_rule_by_entry(entry) + + def add_rule(self, rule : Rule) -> None: + table = self.get_or_create_table(rule.family, rule.table) + chain = table.get_or_create_chain(rule.chain) + chain.rules.append(rule) + + def to_openconfig(self) -> List[Dict]: + acl_sets : List[Dict] = list() + interfaces_struct : Dict[str, Dict[DirectionEnum, Dict[str, Set[int]]]] = dict() + acl_set_name_to_type : Dict[str, str] = dict() + + for table in self.tables.values(): + table_acl_sets, table_interfaces = table.to_openconfig() + acl_sets.extend(table_acl_sets) + + for table_acl_set in table_acl_sets: + acl_set_name = table_acl_set['name'] + acl_set_type = table_acl_set['type'] + acl_set_name_to_type[acl_set_name] = acl_set_type + + for if_name, dir_aclname_seqids in table_interfaces.items(): + interface : Dict = interfaces_struct.setdefault(if_name, dict()) + for direction, aclname_seqids in dir_aclname_seqids.items(): + if_direction : Dict = interface.setdefault(direction, dict()) + for acl_name, sequence_ids in aclname_seqids.items(): + if_dir_aclname : Set[int] = if_direction.setdefault(acl_name, set()) + if_dir_aclname.update(sequence_ids) + + interfaces = list() + for if_name, dir_aclname_seqids in interfaces_struct.items(): + if_data = { + 'id': if_name, + 'config': {'id': if_name}, + 'state': {'id': if_name}, + 'interface-ref': { + 'config': {'interface': if_name, 'subinterface': 1}, + 'state': {'interface': if_name, 'subinterface': 1}, + } + } + + for direction, aclname_seqids in dir_aclname_seqids.items(): + if_dir_obj : Dict = if_data.setdefault(f'{direction.value}-acl-sets', dict()) + if_dir_list : List = if_dir_obj.setdefault(f'{direction.value}-acl-set', list()) + + for acl_set_name, sequence_ids in aclname_seqids.items(): + acl_set_type = acl_set_name_to_type[acl_set_name] + if_dir_acl_set = { + 'set-name': acl_set_name, + 'type': acl_set_type, + 'config': {'set-name': acl_set_name, 'type': acl_set_type}, + 'state': {'set-name': acl_set_name, 'type': acl_set_type}, + } + if_dir_acl_set['acl-entries'] = {'acl-entry': [ + {'sequence-id': sequence_id, 'state': {'sequence-id': sequence_id}} + for sequence_id in sequence_ids + ]} + if_dir_list.append(if_dir_acl_set) + + interfaces.append(if_data) + + acl_data = dict() + if len(acl_sets) > 0: acl_data.update({'acl-sets': {'acl-set': acl_sets}}) + if len(interfaces) > 0: acl_data.update({'interfaces': {'interface': interfaces}}) + return {'openconfig-acl:acl': acl_data} + + def dump(self) -> List[Dict]: + entries : List[Dict] = list() + for table in self.tables.values(): entries.extend(table.dump()) + return entries + + def get_commands(self, removal : bool = False) -> List[Tuple[int, str]]: + commands : List[Tuple[int, str]] = list() + for table in self.tables.values(): + commands.extend(table.get_commands(removal=removal)) + # return a sorted list of commands by their priority (lower first) + return sorted(commands, key=operator.itemgetter(0)) + + def execute(self, removal : bool = False, verbose : bool = True) -> None: + commands = self.get_commands(removal=removal) + NFTablesCommand.execute(commands, verbose=verbose) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesCommand.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesCommand.py new file mode 100644 index 0000000000000000000000000000000000000000..983acf506981aac5ef40ec8950fe3d84b39641b6 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesCommand.py @@ -0,0 +1,79 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import json, logging, nftables +from typing import Dict, List, Optional, Tuple +from .Exceptions import ( + InvalidArgumentException, MalformedOutputException, RuntimeException +) +from .FamilyEnum import FamilyEnum +from .TableEnum import TableEnum + + +LOGGER = logging.getLogger(__name__) + + +class NFTablesCommand: + @staticmethod + def get_command_list( + family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None + ) -> str: + if chain is None: + if table is None: + if family is None: + return 'list ruleset' + else: + return f'list ruleset {family.value}' + else: + if family is not None: + return f'list table {family.value} {table.value}' + else: + if table is not None: + if family is not None: + return f'list chain {family.value} {table.value} {chain}' + + raise InvalidArgumentException(family, table, chain) + + @staticmethod + def list( + family : Optional[FamilyEnum] = None, table : Optional[TableEnum] = None, + chain : Optional[str] = None + ) -> List[Dict]: + nft = nftables.Nftables() + nft.set_json_output(True) + str_cmd = NFTablesCommand.get_command_list( + family=family, table=table, chain=chain + ) + rc, output, error = nft.cmd(str_cmd) + if rc != 0: raise RuntimeException(rc, output, error) + json_nftables = json.loads(output) + if 'nftables' not in json_nftables: + raise MalformedOutputException( + 'Missing field "nftables"', str_cmd, output + ) + return json_nftables['nftables'] + + @staticmethod + def execute(commands : List[Tuple[int, str]], verbose : bool = True) -> None: + nft = nftables.Nftables() + nft.set_json_output(True) + for priority, command in commands: + if verbose: + LOGGER.info(f'Executing [priority={str(priority)}]: {command}') + rc, output, error = nft.cmd(command) + if verbose: + LOGGER.info(f'rc={str(rc)} output={str(output)} error={str(error)}') + if rc != 0: raise RuntimeException(rc, output, error) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesParserTools.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesParserTools.py new file mode 100644 index 0000000000000000000000000000000000000000..0546787d8bf9252c8bd79e21b78c2c13ea5a733a --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/NFTablesParserTools.py @@ -0,0 +1,90 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import ipaddress +from typing import TYPE_CHECKING, Dict, Union +from .Exceptions import MissingFieldException, UnsupportedElementException +from .ProtocolEnum import get_protocol_from_str + +if TYPE_CHECKING: + from .Rule import Rule + + +def parse_nft_ip_addr(right : Union[str, Dict]) -> ipaddress.IPv4Interface: + if isinstance(right, str): + address = right + prefix_len = 32 + elif isinstance(right, Dict): + if 'prefix' not in right: raise MissingFieldException('match[ip].right.prefix', right) + prefix = right['prefix'] + if 'addr' not in prefix: raise MissingFieldException('match[ip].right.prefix.addr', prefix) + if 'len' not in prefix: raise MissingFieldException('match[ip].right.prefix.len', prefix) + address = prefix['addr'] + prefix_len = prefix['len'] + else: + raise UnsupportedElementException('match[ip].right', right) + return ipaddress.IPv4Interface(f'{address}/{str(prefix_len)}') + + +def parse_nft_match(rule : 'Rule', match : Dict) -> int: + if 'op' not in match: raise MissingFieldException('rule.expr.match.op', match) + if 'left' not in match: raise MissingFieldException('rule.expr.match.left', match) + if 'right' not in match: raise MissingFieldException('rule.expr.match.right', match) + if match['op'] != '==': raise UnsupportedElementException('rule.expr.match.op', match) + + num_fields_updated = 0 + + match_left = match['left'] + match_right = match['right'] + if 'meta' in match_left and 'key' in match_left['meta']: + meta_key = match_left['meta']['key'] + if 'iifname' in meta_key: + rule.input_if_name = match_right + num_fields_updated += 1 + elif 'oifname' in meta_key: + rule.output_if_name = match_right + num_fields_updated += 1 + else: + raise UnsupportedElementException('rule.expr.match', match) + elif 'payload' in match_left: + payload = match_left['payload'] + if 'protocol' in payload and 'field' in payload: + protocol = payload['protocol'] + field_name = payload['field'] + if protocol == 'ip' and field_name == 'saddr': + rule.src_ip_addr = parse_nft_ip_addr(match_right) + num_fields_updated += 1 + elif protocol == 'ip' and field_name == 'daddr': + rule.dst_ip_addr = parse_nft_ip_addr(match_right) + num_fields_updated += 1 + elif protocol in {'tcp', 'udp'} and field_name == 'sport': + rule.ip_protocol = get_protocol_from_str(protocol) + rule.src_port = match_right + num_fields_updated += 1 + elif protocol in {'tcp', 'udp'} and field_name == 'dport': + rule.ip_protocol = get_protocol_from_str(protocol) + rule.dst_port = match_right + num_fields_updated += 1 + else: + raise UnsupportedElementException('rule.expr.match', match) + else: + raise UnsupportedElementException('rule.expr.match', match) + elif '&' in match_left: + # matches on masks and marks are skipped + pass + else: + raise UnsupportedElementException('rule.expr.match', match) + + return num_fields_updated \ No newline at end of file diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ProtocolEnum.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ProtocolEnum.py new file mode 100644 index 0000000000000000000000000000000000000000..c54ed6365d801e0cd39ee397accc005539479fdc --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/ProtocolEnum.py @@ -0,0 +1,24 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum + +class ProtocolEnum(enum.Enum): + TCP = 'tcp' + UDP = 'udp' + ICMP = 'icmp' + +def get_protocol_from_str(protocol : str) -> ProtocolEnum: + return ProtocolEnum._value2member_map_[protocol] diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Rule.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Rule.py new file mode 100644 index 0000000000000000000000000000000000000000..040a03ca8dedf8bc72488b690bf4b123c48258de --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Rule.py @@ -0,0 +1,280 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import copy, ipaddress, logging +from dataclasses import asdict, dataclass +from typing import Dict, List, Optional, Set, Tuple +from .ActionEnum import ActionEnum, get_action_from_str +from .DirectionEnum import DirectionEnum +from .Exceptions import MissingFieldException, UnsupportedElementException +from .FamilyEnum import FamilyEnum +from .NFTablesParserTools import parse_nft_match +from .ProtocolEnum import ProtocolEnum +from .TableEnum import TableEnum + + +LOGGER = logging.getLogger(__name__) + + +OPENCONFIG_ACL_ACTION_TO_NFT = { + 'ACCEPT' : ActionEnum.ACCEPT, + 'DROP' : ActionEnum.DROP, + 'REJECT' : ActionEnum.REJECT, +} + +def get_nft_action_from_openconfig(oc_action : str) -> ActionEnum: + nft_action = OPENCONFIG_ACL_ACTION_TO_NFT.get(oc_action) + if nft_action is None: + supported_values = set(OPENCONFIG_ACL_ACTION_TO_NFT.keys()) + raise UnsupportedElementException( + 'acl_entry.actions.config.forwarding-action', str(oc_action), + extra=f'supported_values={str(supported_values)}' + ) + return nft_action + + +OPENCONFIG_IPV4_PROTOCOL_TO_NFT = { + 'IP_TCP' : ProtocolEnum.TCP, + 'IP_UDP' : ProtocolEnum.UDP, + 'IP_ICMP' : ProtocolEnum.ICMP, +} + +def get_nft_ipv4_protocol_from_openconfig(oc_ipv4_protocol : str) -> ProtocolEnum: + nft_protocol = OPENCONFIG_IPV4_PROTOCOL_TO_NFT.get(oc_ipv4_protocol) + if nft_protocol is None: + supported_values = set(OPENCONFIG_IPV4_PROTOCOL_TO_NFT.keys()) + raise UnsupportedElementException( + 'acl_entry.ipv4.config.protocol', str(oc_ipv4_protocol), + extra=f'supported_values={str(supported_values)}' + ) + return nft_protocol + + +@dataclass +class Rule: + family : FamilyEnum + table : TableEnum + chain : str + handle : Optional[int] = None + + sequence_id : int = 0 + + input_if_name : Optional[str] = None + output_if_name : Optional[str] = None + src_ip_addr : Optional[ipaddress.IPv4Interface] = None + dst_ip_addr : Optional[ipaddress.IPv4Interface] = None + ip_protocol : Optional[ProtocolEnum] = None + src_port : Optional[int] = None + dst_port : Optional[int] = None + + action : Optional[ActionEnum] = None + + comment : Optional[str] = None + + @classmethod + def from_nft_entry( + cls, family : FamilyEnum, table : TableEnum, chain : str, entry : Dict + ) -> 'Rule': + rule : 'Rule' = cls(family, table, chain) + + if 'expr' not in entry: raise MissingFieldException('rule.expr', entry) + expr_list : List[Dict] = entry['expr'] + num_fields_updated = 0 + for expr_entry in expr_list: + expr_entry_fields = set(expr_entry.keys()) + expr_entry_type = expr_entry_fields.pop() + if expr_entry_type == 'match': + match = expr_entry['match'] + num_fields_updated += parse_nft_match(rule, match) + elif expr_entry_type in {'accept', 'drop', 'reject'}: + rule.action = get_action_from_str(expr_entry_type) + num_fields_updated += 1 + elif expr_entry_type in {'counter', 'jump', 'xt'}: + pass # ignore these entry types + else: + raise UnsupportedElementException('expr_entry', expr_entry) + + if num_fields_updated == 0: + # Ignoring empty/unsupported rule... + return None + + rule.comment = entry.pop('comment', None) + rule.handle = entry['handle'] + return rule + + @classmethod + def from_openconfig( + cls, family : FamilyEnum, table : TableEnum, chain : str, acl_entry : Dict + ) -> 'Rule': + rule : 'Rule' = cls(family, table, chain) + + rule.sequence_id = int(acl_entry['config']['sequence-id']) + rule.comment = acl_entry['config']['description'] + + ipv4_config = acl_entry.get('ipv4', {}).get('config', {}) + if 'source-address' in ipv4_config: + rule.src_ip_addr = ipaddress.IPv4Interface(ipv4_config['source-address']) + + if 'destination-address' in ipv4_config: + rule.dst_ip_addr = ipaddress.IPv4Interface(ipv4_config['destination-address']) + + if 'protocol' in ipv4_config: + ip_protocol = ipv4_config['protocol'] + rule.ip_protocol = get_nft_ipv4_protocol_from_openconfig(ip_protocol) + + transp_config = acl_entry.get('transport', {}).get('config', {}) + rule.src_port = transp_config.get('source-port') + rule.dst_port = transp_config.get('destination-port') + + action = acl_entry['actions']['config']['forwarding-action'] + rule.action = get_nft_action_from_openconfig(action) + + return rule + + def to_openconfig(self, sequence_id : int) -> Tuple[Dict, Dict]: + acl_entry_config = {'sequence-id': sequence_id} + if self.comment is not None: acl_entry_config['description'] = self.comment + + acl_entry = { + 'sequence-id': sequence_id, + 'config': acl_entry_config, + 'state': copy.deepcopy(acl_entry_config), + } + + ip_version = { + FamilyEnum.IPV4: 'ipv4', + FamilyEnum.IPV6: 'ipv6', + }.get(self.family) + + ip_protocol = { + ProtocolEnum.TCP : 'IP_TCP', + ProtocolEnum.UDP : 'IP_UDP', + ProtocolEnum.ICMP : 'IP_ICMP', + }.get(self.ip_protocol, None) + + if self.src_ip_addr is not None: + acl_entry_ipvx = acl_entry.setdefault(ip_version, dict()) + acl_entry_ipvx_config = acl_entry_ipvx.setdefault('config', dict()) + acl_entry_ipvx_config['source-address'] = str(self.src_ip_addr.network) + acl_entry_ipvx_state = acl_entry_ipvx.setdefault('state', dict()) + acl_entry_ipvx_state['source-address'] = str(self.src_ip_addr.network) + + if self.dst_ip_addr is not None: + acl_entry_ipvx = acl_entry.setdefault(ip_version, dict()) + acl_entry_ipvx_config = acl_entry_ipvx.setdefault('config', dict()) + acl_entry_ipvx_config['destination-address'] = str(self.dst_ip_addr.network) + acl_entry_ipvx_state = acl_entry_ipvx.setdefault('state', dict()) + acl_entry_ipvx_state['destination-address'] = str(self.dst_ip_addr.network) + + if ip_protocol is not None: + acl_entry_ipvx = acl_entry.setdefault(ip_version, dict()) + acl_entry_ipvx_config = acl_entry_ipvx.setdefault('config', dict()) + acl_entry_ipvx_config['protocol'] = ip_protocol + acl_entry_ipvx_state = acl_entry_ipvx.setdefault('state', dict()) + acl_entry_ipvx_state['protocol'] = ip_protocol + + if self.src_port is not None: + acl_entry_trans = acl_entry.setdefault('transport', dict()) + acl_entry_trans_config = acl_entry_trans.setdefault('config', dict()) + acl_entry_trans_config['source-port'] = self.src_port + acl_entry_trans_state = acl_entry_trans.setdefault('state', dict()) + acl_entry_trans_state['source-port'] = self.src_port + + if self.dst_port is not None: + acl_entry_trans = acl_entry.setdefault('transport', dict()) + acl_entry_trans_config = acl_entry_trans.setdefault('config', dict()) + acl_entry_trans_config['destination-port'] = self.dst_port + acl_entry_trans_state = acl_entry_trans.setdefault('state', dict()) + acl_entry_trans_state['destination-port'] = self.dst_port + + if self.action is not None: + acl_forwarding_action = { + ActionEnum.ACCEPT : 'ACCEPT', + ActionEnum.DROP : 'DROP', + ActionEnum.REJECT : 'REJECT', + }.get(self.action) + acl_action = {'forwarding-action': acl_forwarding_action} + acl_entry['actions'] = {'config': acl_action, 'state': acl_action} + + interfaces : Dict[str, Dict[DirectionEnum, Set[int]]] = dict() + + if self.input_if_name is not None: + interface : Dict = interfaces.setdefault(self.input_if_name, dict()) + direction : Set = interface.setdefault(DirectionEnum.INGRESS, set()) + direction.add(sequence_id) + + if self.output_if_name is not None: + interface : Dict = interfaces.setdefault(self.output_if_name, dict()) + direction : Set = interface.setdefault(DirectionEnum.EGRESS, set()) + direction.add(sequence_id) + + return acl_entry, interfaces + + + def dump(self) -> List[Dict]: + rule = {'family': self.family.value, 'table': self.table.value, 'chain': self.chain} + expr = list() + if self.input_if_name is not None: + match_left = {'meta': {'key': 'iifname'}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': self.input_if_name}}) + if self.output_if_name is not None: + match_left = {'meta': {'key': 'oifname'}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': self.output_if_name}}) + if self.src_ip_addr is not None: + match_left = {'payload': {'protocol': 'ip', 'field': 'saddr'}} + match_right = {'prefix': {'addr': str(self.src_ip_addr.ip), 'len': self.src_ip_addr.network.prefixlen}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': match_right}}) + if self.dst_ip_addr is not None: + match_left = {'payload': {'protocol': 'ip', 'field': 'daddr'}} + match_right = {'prefix': {'addr': str(self.dst_ip_addr.ip), 'len': self.dst_ip_addr.network.prefixlen}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': match_right}}) + if self.src_port is not None: + match_left = {'payload': {'protocol': self.ip_protocol.value, 'field': 'sport'}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': self.src_port}}) + if self.dst_port is not None: + match_left = {'payload': {'protocol': self.ip_protocol.value, 'field': 'dport'}} + expr.append({'match': {'op': '==', 'left': match_left, 'right': self.dst_port}}) + if self.action is not None: expr.append({self.action.value : None}) + if len(expr) > 0: rule['expr'] = expr + if self.comment is not None: rule['comment'] = self.comment + if self.handle is not None: rule['handle'] = self.handle + return [{'rule': rule}] + + def get_command(self, removal : bool = False) -> Optional[Tuple[int, str]]: + if removal: + if self.handle is None: raise MissingFieldException('handle', asdict(self)) + parts = [ + 'delete', 'rule', # Ideally destroy (fail silently if not exist), but seems not supported. + self.family.value, self.table.value, self.chain, + 'handle', str(self.handle) + ] + return self.sequence_id, ' '.join(parts) + elif self.handle is not None: + # NOTE: Rule was already there, do not modify it + return None + else: + # NOTE: if sequence_id < 10000: insert the rules to the top; + # otherwise, append to the bottom. Anyways, sort rules by sequence_id. + verb = 'insert' if self.sequence_id < 10000 else 'add' + parts = [verb, 'rule', self.family.value, self.table.value, self.chain] + if self.input_if_name is not None: parts.extend(['iifname', self.input_if_name]) + if self.output_if_name is not None: parts.extend(['oifname', self.output_if_name]) + if self.src_ip_addr is not None: parts.extend(['ip', 'saddr', str(self.src_ip_addr)]) + if self.dst_ip_addr is not None: parts.extend(['ip', 'daddr', str(self.dst_ip_addr)]) + if self.src_port is not None: parts.extend([self.ip_protocol.value, 'sport', str(self.src_port)]) + if self.dst_port is not None: parts.extend([self.ip_protocol.value, 'dport', str(self.dst_port)]) + if self.action is not None: parts.append(self.action.value) + if self.comment is not None: parts.extend(['comment', f'"{self.comment}"']) + return self.sequence_id, ' '.join(parts) diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Table.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Table.py new file mode 100644 index 0000000000000000000000000000000000000000..85512f352489f315e22ac5bb62f87e3d3999020a --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/Table.py @@ -0,0 +1,96 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Set, Tuple +from .Chain import Chain +from .DirectionEnum import DirectionEnum +from .FamilyEnum import FamilyEnum +from .TableEnum import TableEnum + + +@dataclass +class Table: + family : FamilyEnum + table : TableEnum + handle : Optional[int] = None + chains : Dict[str, Chain] = field(default_factory=dict) + + def get_chain(self, name : str) -> Chain: + return self.chains[name] + + def get_or_create_chain(self, name : str) -> Chain: + return self.chains.setdefault(name, Chain.from_manual(self.family, self.table, name)) + + def add_chain_by_entry(self, entry : Dict) -> Chain: + name : str = entry['name'] + if name.lower() not in {'input', 'output', 'forward', 'prerouting'}: return None + if name in self.chains: return self.chains[name] + chain = Chain.from_nft_entry(self.family, self.table, entry) + self.chains[name] = chain + return chain + + def add_rule_by_entry(self, entry : Dict) -> None: + chain : str = entry.pop('chain') + if chain.lower() not in {'input', 'output', 'forward', 'prerouting'}: return + self.get_chain(chain).add_rule(entry) + + def to_openconfig(self) -> Tuple[List[Dict], Dict]: + acl_sets : List[Dict] = list() + interfaces : Dict[str, Dict[DirectionEnum, Dict[str, Set[int]]]] = dict() + + for chain in self.chains.values(): + chain_acl_set, chain_interfaces = chain.to_openconfig() + if chain_acl_set is None: continue + + acl_sets.append(chain_acl_set) + + acl_set_name = chain_acl_set['name'] + for if_name, direction_sequence_ids in chain_interfaces.items(): + interface : Dict = interfaces.setdefault(if_name, dict()) + for direction, sequence_ids in direction_sequence_ids.items(): + if_direction : Dict = interface.setdefault(direction, dict()) + if_dir_aclname : Set[int] = if_direction.setdefault(acl_set_name, set()) + if_dir_aclname.update(sequence_ids) + + return acl_sets, interfaces + + def dump(self) -> List[Dict]: + table = {'family': self.family.value, 'name': self.table.value} + if self.handle is not None: table['handle'] = self.handle + + entries : List[str] = list() + entries.append({'table': table}) + for chain in self.chains.values(): entries.extend(chain.dump()) + return entries + + def get_commands(self, removal : bool = False) -> List[Tuple[int, str]]: + commands : List[Tuple[int, str]] = list() + + if removal: + # NOTE: For now, do not remove tables. We do not process all kinds of + # tables and their removal might cause side effects on NFTables. + pass + elif self.handle is not None: + # NOTE: Table was already there, do not modify it + pass + else: + parts = ['add', 'table', self.family.value, self.table.value] + commands.append((-2, ' '.join(parts))) + + for chain in self.chains.values(): + commands.extend(chain.get_commands(removal=removal)) + + return commands diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/TableEnum.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/TableEnum.py new file mode 100644 index 0000000000000000000000000000000000000000..8388b2abe7486166e7209919c571c2e50a7abe5b --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/TableEnum.py @@ -0,0 +1,26 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import enum + +class TableEnum(enum.Enum): + FILTER = 'filter' + MANGLE = 'mangle' + NAT = 'nat' + RAW = 'raw' + ROUTE = 'route' + +def get_table_from_str(table : str) -> TableEnum: + return TableEnum._value2member_map_[table] diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__init__.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..3ccc21c7db78aac26daa1f8c5ff8e1ffd3f35460 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__init__.py @@ -0,0 +1,14 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__main__.py b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__main__.py new file mode 100644 index 0000000000000000000000000000000000000000..dc838bd264ab69d029993d6838c41e180a88ccc0 --- /dev/null +++ b/src/tests/tools/firewall_agent/firewall_agent/resources/nft_model/__main__.py @@ -0,0 +1,31 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from .FamilyEnum import FamilyEnum +from .NFTables import NFTables +from .TableEnum import TableEnum + +def main(): + nft = NFTables() + nft.load(FamilyEnum.IPV4, TableEnum.FILTER) + + entries = nft.dump() + for entry in entries: + print(entry) + + print(nft.to_openconfig()) + +if __name__ == '__main__': + main() diff --git a/src/tests/tools/firewall_agent/redeploy-docker.sh b/src/tests/tools/firewall_agent/redeploy-docker.sh new file mode 100755 index 0000000000000000000000000000000000000000..62dada77b6a2383cda12990004f886cb7b28f07e --- /dev/null +++ b/src/tests/tools/firewall_agent/redeploy-docker.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -euo pipefail + +docker stop firewall-agent || true +docker rm firewall-agent || true + +docker build --tag "firewall-agent:dev" . +docker run --detach --name firewall-agent --cap-add=NET_ADMIN --network host --publish 8888:8888 firewall-agent:dev + +docker logs --follow firewall-agent diff --git a/src/tests/tools/firewall_agent/redeploy-kubernetes.sh b/src/tests/tools/firewall_agent/redeploy-kubernetes.sh new file mode 100755 index 0000000000000000000000000000000000000000..ad42c14c4a365d83e010bb0d4cb28073729a32b0 --- /dev/null +++ b/src/tests/tools/firewall_agent/redeploy-kubernetes.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -euo pipefail + +docker build --tag "firewall-agent:dev" . +docker tag "firewall-agent:dev" "http://localhost:32000/tfs/firewall-agent:dev" +docker push "http://localhost:32000/tfs/firewall-agent:dev" + +kubectl delete namespace firewall-agent +kubectl create namespace firewall-agent +kubectl apply --namespace firewall-agent --filename=DeploymentSet.yaml +kubectl logs --namespace firewall-agent deployment/firewall-agent --follow diff --git a/src/tests/tools/firewall_agent/requirements.txt b/src/tests/tools/firewall_agent/requirements.txt new file mode 100644 index 0000000000000000000000000000000000000000..4ed5d0f4ee2a1554935e5a5f505b4b069974b9a9 --- /dev/null +++ b/src/tests/tools/firewall_agent/requirements.txt @@ -0,0 +1,19 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +flask-restful>=0.3.9 +Flask>=2.0 +netifaces>=0.11 +pip-nftables==1.0.2.post1 diff --git a/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_10.json b/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_10.json new file mode 100644 index 0000000000000000000000000000000000000000..e46bd1f268c211ebab5cae4ad4da1d2febab6cfe --- /dev/null +++ b/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_10.json @@ -0,0 +1,27 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 1, + "config": {"sequence-id": 1, "description": "accept-30435-from-10-0-2-10"}, + "ipv4": {"config": {"source-address": "10.0.2.10/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 30435}}, + "actions": {"config": {"forwarding-action": "ACCEPT"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "enp0s3", + "config": {"id": "enp0s3"}, + "interface-ref": {"config": {"interface": "enp0s3", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 1}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_2.json b/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_2.json new file mode 100644 index 0000000000000000000000000000000000000000..df18d93c1265ffa9e93a8d70335e6fc4b85f2ea8 --- /dev/null +++ b/src/tests/tools/firewall_agent/scripts/data/accept_30435_from_10_0_2_2.json @@ -0,0 +1,27 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 1, + "config": {"sequence-id": 1, "description": "accept-30435-from-10-0-2-2"}, + "ipv4": {"config": {"source-address": "10.0.2.2/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 30435}}, + "actions": {"config": {"forwarding-action": "ACCEPT"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "enp0s3", + "config": {"id": "enp0s3"}, + "interface-ref": {"config": {"interface": "enp0s3", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 1}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/scripts/data/reject_30435_from_all.json b/src/tests/tools/firewall_agent/scripts/data/reject_30435_from_all.json new file mode 100644 index 0000000000000000000000000000000000000000..99ac22dd0a8c17f5ade2846f2dcff61b8bcd9def --- /dev/null +++ b/src/tests/tools/firewall_agent/scripts/data/reject_30435_from_all.json @@ -0,0 +1,27 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 10000, + "config": {"sequence-id": 10000, "description": "reject-30435-from-all"}, + "ipv4": {"config": {"protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 30435}}, + "actions": {"config": {"forwarding-action": "REJECT"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "enp0s3", + "config": {"id": "enp0s3"}, + "interface-ref": {"config": {"interface": "enp0s3", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 10000}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/scripts/run_nft_model.sh b/src/tests/tools/firewall_agent/scripts/run_nft_model.sh new file mode 100755 index 0000000000000000000000000000000000000000..d57ad29f95d118cbbba0fa8b484d6935864dcad9 --- /dev/null +++ b/src/tests/tools/firewall_agent/scripts/run_nft_model.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +sudo true +sudo -E "$(which python)" -m firewall_agent.nft_model diff --git a/src/tests/tools/firewall_agent/scripts/test_commands.sh b/src/tests/tools/firewall_agent/scripts/test_commands.sh new file mode 100755 index 0000000000000000000000000000000000000000..22da27d928200b93490956bac183cff93978dc56 --- /dev/null +++ b/src/tests/tools/firewall_agent/scripts/test_commands.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +curl http://172.17.0.1:8888/restconf/data/openconfig-platform:components +curl http://172.17.0.1:8888/restconf/data/openconfig-interfaces:interfaces +curl http://172.17.0.1:8888/restconf/data/openconfig-acl:acl + +curl -X POST -d @scripts/data/reject_30435_from_all.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl +curl -X POST -d @scripts/data/accept_30435_from_10_0_2_2.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl +curl -X POST -d @scripts/data/accept_30435_from_10_0_2_10.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl + +curl http://172.17.0.1:8888/restconf/data/openconfig-acl:acl + +curl -X DELETE http://172.17.0.1:8888/restconf/data/openconfig-acl:acl/acl-sets/acl-set=accept-30435-from-10-0-2-2 +curl -X DELETE http://172.17.0.1:8888/restconf/data/openconfig-acl:acl/acl-sets/acl-set=accept-30435-from-10-0-2-10 +curl -X DELETE http://172.17.0.1:8888/restconf/data/openconfig-acl:acl/acl-sets/acl-set=reject-30435-from-all + +curl http://172.17.0.1:8888/restconf/data/openconfig-acl:acl diff --git a/src/tests/tools/firewall_agent/tests/docker-compose-down.sh b/src/tests/tools/firewall_agent/tests/docker-compose-down.sh new file mode 100755 index 0000000000000000000000000000000000000000..edae64d04e60d16a04a09c4c7183b361bb3193e1 --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/docker-compose-down.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -euo pipefail + +echo "Tearing down demo stack..." +docker compose -f docker-compose.yml down -v --remove-orphans diff --git a/src/tests/tools/firewall_agent/tests/docker-compose-up.sh b/src/tests/tools/firewall_agent/tests/docker-compose-up.sh new file mode 100755 index 0000000000000000000000000000000000000000..43687694ba617e54ef396aa36675ab23b37ccd33 --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/docker-compose-up.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -euo pipefail + +echo "Starting demo stack with docker compose..." +docker compose -f docker-compose.yml up -d --build + +echo "Waiting a few seconds for services to become healthy..." +sleep 3 + +echo "You can now run: python3 install_acls.py --ports 8001,8002" +echo "Services started. HTTP servers: http://localhost:8001 and http://localhost:8002." +echo "Firewall agent RESTCONF: http://localhost:8888/restconf/data" diff --git a/src/tests/tools/firewall_agent/tests/docker-compose.yml b/src/tests/tools/firewall_agent/tests/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..596ae4d5111ccbe6a59aff478583766816db01f8 --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/docker-compose.yml @@ -0,0 +1,37 @@ +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +services: + firewall_agent: + build: + context: . + dockerfile: Dockerfile + container_name: firewall-agent + network_mode: host + cap_add: + - NET_ADMIN + - NET_RAW + + public_server: + image: python:3.11-slim + container_name: public-server + network_mode: host + command: ["python", "-u", "-m", "http.server", "8001"] + + corporate_server: + image: python:3.11-slim + container_name: corporate-server + network_mode: host + command: ["python", "-u", "-m", "http.server", "8002"] diff --git a/src/tests/tools/firewall_agent/tests/oc_acl_block_8001.json b/src/tests/tools/firewall_agent/tests/oc_acl_block_8001.json new file mode 100644 index 0000000000000000000000000000000000000000..70efb0d4ba2dbe780a12c26508c5e6d1cc0a8834 --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/oc_acl_block_8001.json @@ -0,0 +1,27 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 1, + "config": {"sequence-id": 1, "description": "drop-8001-host"}, + "ipv4": {"config": {"source-address": "127.0.0.1/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 8001}}, + "actions": {"config": {"forwarding-action": "DROP"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "lo", + "config": {"id": "lo"}, + "interface-ref": {"config": {"interface": "lo", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 1}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/tests/oc_acl_block_8002.json b/src/tests/tools/firewall_agent/tests/oc_acl_block_8002.json new file mode 100644 index 0000000000000000000000000000000000000000..2d20df7b220e394e3ba62f1cd9a15f4c1d506d5a --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/oc_acl_block_8002.json @@ -0,0 +1,27 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 1, + "config": {"sequence-id": 1, "description": "drop-8002-ext"}, + "ipv4": {"config": {"source-address": "10.0.2.1/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 8002}}, + "actions": {"config": {"forwarding-action": "DROP"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "enp0s3", + "config": {"id": "enp0s3"}, + "interface-ref": {"config": {"interface": "enp0s3", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 1}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/tests/oc_acl_multi_rule.json b/src/tests/tools/firewall_agent/tests/oc_acl_multi_rule.json new file mode 100644 index 0000000000000000000000000000000000000000..55f41c03305e539024a9b12644448705455fba62 --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/oc_acl_multi_rule.json @@ -0,0 +1,39 @@ +{"openconfig-acl:acl": { + "acl-sets": {"acl-set": [{ + "name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [ + { + "sequence-id": 1, + "config": {"sequence-id": 1, "description": "drop-8001-host"}, + "ipv4": {"config": {"source-address": "10.0.2.10/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 8001}}, + "actions": {"config": {"forwarding-action": "DROP"}} + }, + { + "sequence-id": 2, + "config": {"sequence-id": 2, "description": "drop-8002-ext"}, + "ipv4": {"config": {"source-address": "10.0.2.1/32", "protocol": "IP_TCP"}}, + "transport": {"config": {"destination-port": 8002}}, + "actions": {"config": {"forwarding-action": "DROP"}} + } + ]} + }]}, + "interfaces": {"interface": [{ + "id": "enp0s3", + "config": {"id": "enp0s3"}, + "interface-ref": {"config": {"interface": "enp0s3", "subinterface": 1}}, + "ingress-acl-sets": {"ingress-acl-set": [ + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 1}]} + }, + { + "set-name": "ip-filter-input", "type": "ACL_IPV4", + "config": {"set-name": "ip-filter-input", "type": "ACL_IPV4"}, + "acl-entries": {"acl-entry": [{"sequence-id": 2}]} + } + ]} + }]} +}} diff --git a/src/tests/tools/firewall_agent/tests/test_commands.sh b/src/tests/tools/firewall_agent/tests/test_commands.sh new file mode 100755 index 0000000000000000000000000000000000000000..5e82b091372b6820f17044ebb019f2c416559aab --- /dev/null +++ b/src/tests/tools/firewall_agent/tests/test_commands.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +wget -q -O- http://localhost:8001 +wget -q -O- http://localhost:8002 + +curl -X POST -d @scripts/data/oc_acl_block_8001.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl +curl -X POST -d @scripts/data/oc_acl_block_8002.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl +curl -X POST -d @scripts/data/oc_acl_multi_rule.json http://127.0.0.1:8888/restconf/data/openconfig-acl:acl + +wget -q -O- http://localhost:8001 +wget -q -O- http://localhost:8002 + +curl -X DELETE http://172.17.0.1:8888/restconf/data/openconfig-acl:acl/acl-sets/acl-set=drop-8001-host +curl -X DELETE http://172.17.0.1:8888/restconf/data/openconfig-acl:acl/acl-sets/acl-set=drop-8002-ext diff --git a/src/tests/tools/mock_nce_fan_ctrl/nce_fan_ctrl/Callbacks.py b/src/tests/tools/mock_nce_fan_ctrl/nce_fan_ctrl/Callbacks.py index 1c6996581b023c7a858a2f9e3020556ec6690194..622e03fbf7cf5942e4bab4b7e5a9ff94e74aed78 100644 --- a/src/tests/tools/mock_nce_fan_ctrl/nce_fan_ctrl/Callbacks.py +++ b/src/tests/tools/mock_nce_fan_ctrl/nce_fan_ctrl/Callbacks.py @@ -28,7 +28,7 @@ class CallbackQosProfile(_Callback): pattern += r'/qos-profile=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -44,7 +44,7 @@ class CallbackApplication(_Callback): pattern += r'/application=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -60,7 +60,7 @@ class CallbackAppFlow(_Callback): pattern += r'/app-flow=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: diff --git a/src/tests/tools/mock_nce_t_ctrl/nce_t_ctrl/Callbacks.py b/src/tests/tools/mock_nce_t_ctrl/nce_t_ctrl/Callbacks.py index ea2e7f748ee154e6cee02a7fee6b127e1333d2ce..d2c2b5c2f37ec115fba9382cd988d73a7c63384f 100644 --- a/src/tests/tools/mock_nce_t_ctrl/nce_t_ctrl/Callbacks.py +++ b/src/tests/tools/mock_nce_t_ctrl/nce_t_ctrl/Callbacks.py @@ -28,7 +28,7 @@ class CallbackOsuTunnel(_Callback): pattern += r'/tunnel=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: @@ -44,7 +44,7 @@ class CallbackEthTService(_Callback): pattern += r'/etht-svc-instances=(?P[^/]+)' super().__init__(pattern) - def execute_data( + def execute_data_update( self, match : re.Match, path : str, old_data : Optional[Dict], new_data : Optional[Dict] ) -> bool: diff --git a/src/webui/service/device/forms.py b/src/webui/service/device/forms.py index be6bda21b4653de02f8856684cc208fe51f3e5a7..33465eeca734c422b5ce9110a124cd1b0bcceb2c 100644 --- a/src/webui/service/device/forms.py +++ b/src/webui/service/device/forms.py @@ -42,6 +42,8 @@ class AddDeviceForm(FlaskForm): device_drivers_morpheus = BooleanField('MORPHEUS') device_drivers_ryu = BooleanField('RYU') device_drivers_gnmi_nokia_srlinux = BooleanField('GNMI NOKIA SR LINUX') + device_drivers_gnmi_nokia_srlinux = BooleanField('OPENROADM') + device_drivers_restconf_openconfig = BooleanField('RESTCONF OPENCONFIG') device_config_address = StringField('connect/address',default='127.0.0.1',validators=[DataRequired(), Length(min=5)]) device_config_port = StringField('connect/port',default='0',validators=[DataRequired(), Length(min=1)]) diff --git a/src/webui/service/device/routes.py b/src/webui/service/device/routes.py index f48d5d30069b4835e221623d1143ea3a5ebe5a5e..d2975a75f0949d69545e82fb9e76dd53d7fe160f 100644 --- a/src/webui/service/device/routes.py +++ b/src/webui/service/device/routes.py @@ -151,6 +151,10 @@ def add(): device_drivers.append(DeviceDriverEnum.DEVICEDRIVER_RYU) if form.device_drivers_gnmi_nokia_srlinux.data: device_drivers.append(DeviceDriverEnum.DEVICEDRIVER_GNMI_NOKIA_SRLINUX) + if form.device_drivers_openroadm.data: + device_drivers.append(DeviceDriverEnum.DEVICEDRIVER_OPENROADM) + if form.device_drivers_restconf_openconfig.data: + device_drivers.append(DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG) device_obj.device_drivers.extend(device_drivers) # pylint: disable=no-member try: diff --git a/src/webui/service/static/topology_icons/emu-firewall.png b/src/webui/service/static/topology_icons/emu-packet-firewall.png similarity index 100% rename from src/webui/service/static/topology_icons/emu-firewall.png rename to src/webui/service/static/topology_icons/emu-packet-firewall.png diff --git a/src/webui/service/static/topology_icons/firewall.png b/src/webui/service/static/topology_icons/packet-firewall.png similarity index 100% rename from src/webui/service/static/topology_icons/firewall.png rename to src/webui/service/static/topology_icons/packet-firewall.png diff --git a/src/ztp/src/main/java/org/etsi/tfs/ztp/Serializer.java b/src/ztp/src/main/java/org/etsi/tfs/ztp/Serializer.java index 250a38680660643e319c5c0f1fdc271f6c836eb0..a1a008eb8348229d1a63331ccd758eef0388a752 100644 --- a/src/ztp/src/main/java/org/etsi/tfs/ztp/Serializer.java +++ b/src/ztp/src/main/java/org/etsi/tfs/ztp/Serializer.java @@ -869,6 +869,28 @@ public class Serializer { return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OPTICAL_TFS; case IETF_ACTN: return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_ACTN; + case OC: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OC; + case QKD: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_QKD; + case IETF_L3VPN: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_L3VPN; + case IETF_SLICE: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_IETF_SLICE; + case NCE: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_NCE; + case SMARTNIC: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_SMARTNIC; + case MORPHEUS: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_MORPHEUS; + case RYU: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_RYU; + case GNMI_NOKIA_SRLINUX: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_GNMI_NOKIA_SRLINUX; + case OPENROADM: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_OPENROADM; + case RESTCONF_OPENCONFIG: + return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_RESTCONF_OPENCONFIG; case UNDEFINED: default: return ContextOuterClass.DeviceDriverEnum.DEVICEDRIVER_UNDEFINED; @@ -898,6 +920,28 @@ public class Serializer { return DeviceDriverEnum.OPTICAL_TFS; case DEVICEDRIVER_IETF_ACTN: return DeviceDriverEnum.IETF_ACTN; + case DEVICEDRIVER_OC: + return DeviceDriverEnum.OC; + case DEVICEDRIVER_QKD: + return DeviceDriverEnum.QKD; + case DEVICEDRIVER_IETF_L3VPN: + return DeviceDriverEnum.IETF_L3VPN; + case DEVICEDRIVER_IETF_SLICE: + return DeviceDriverEnum.IETF_SLICE; + case DEVICEDRIVER_NCE: + return DeviceDriverEnum.NCE; + case DEVICEDRIVER_SMARTNIC: + return DeviceDriverEnum.SMARTNIC; + case DEVICEDRIVER_MORPHEUS: + return DeviceDriverEnum.MORPHEUS; + case DEVICEDRIVER_RYU: + return DeviceDriverEnum.RYU; + case DEVICEDRIVER_GNMI_NOKIA_SRLINUX: + return DeviceDriverEnum.GNMI_NOKIA_SRLINUX; + case DEVICEDRIVER_OPENROADM: + return DeviceDriverEnum.OPENROADM; + case DEVICEDRIVER_RESTCONF_OPENCONFIG: + return DeviceDriverEnum.RESTCONF_OPENCONFIG; case DEVICEDRIVER_UNDEFINED: case UNRECOGNIZED: default: diff --git a/src/ztp/src/main/java/org/etsi/tfs/ztp/context/model/DeviceDriverEnum.java b/src/ztp/src/main/java/org/etsi/tfs/ztp/context/model/DeviceDriverEnum.java index 27187f25469b5294e5eca3b43e657e6e52784952..d67dc62ca5228046e77bd18fe14d7d465e81cd63 100644 --- a/src/ztp/src/main/java/org/etsi/tfs/ztp/context/model/DeviceDriverEnum.java +++ b/src/ztp/src/main/java/org/etsi/tfs/ztp/context/model/DeviceDriverEnum.java @@ -37,5 +37,6 @@ public enum DeviceDriverEnum { MORPHEUS, RYU, GNMI_NOKIA_SRLINUX, - OPENROADM + OPENROADM, + RESTCONF_OPENCONFIG } diff --git a/src/ztp/target/generated-sources/grpc/context/ContextOuterClass.java b/src/ztp/target/generated-sources/grpc/context/ContextOuterClass.java index 558aa9778e38dfa529a0241fc03723e9d8685dcf..27cde66fb4d01c41c0ae39bba4f4da897b2cd0c5 100644 --- a/src/ztp/target/generated-sources/grpc/context/ContextOuterClass.java +++ b/src/ztp/target/generated-sources/grpc/context/ContextOuterClass.java @@ -231,6 +231,10 @@ public final class ContextOuterClass { * DEVICEDRIVER_OPENROADM = 20; */ DEVICEDRIVER_OPENROADM(20), + /** + * DEVICEDRIVER_RESTCONF_OPENCONFIG = 21; + */ + DEVICEDRIVER_RESTCONF_OPENCONFIG(21), UNRECOGNIZED(-1); /** @@ -342,6 +346,11 @@ public final class ContextOuterClass { */ public static final int DEVICEDRIVER_OPENROADM_VALUE = 20; + /** + * DEVICEDRIVER_RESTCONF_OPENCONFIG = 21; + */ + public static final int DEVICEDRIVER_RESTCONF_OPENCONFIG_VALUE = 21; + public final int getNumber() { if (this == UNRECOGNIZED) { throw new java.lang.IllegalArgumentException("Can't get the number of an unknown enum value."); @@ -407,6 +416,8 @@ public final class ContextOuterClass { return DEVICEDRIVER_GNMI_NOKIA_SRLINUX; case 20: return DEVICEDRIVER_OPENROADM; + case 21: + return DEVICEDRIVER_RESTCONF_OPENCONFIG; default: return null; } @@ -90370,7 +90381,7 @@ public final class ContextOuterClass { private static com.google.protobuf.Descriptors.FileDescriptor descriptor; static { - java.lang.String[] descriptorData = { "\n\rcontext.proto\022\007context\032\031google/protobu" + "f/any.proto\032\tacl.proto\032\014ipowdm.proto\032\rip" + "_link.proto\032\026kpi_sample_types.proto\032\016tap" + "i_lsp.proto\"\007\n\005Empty\"\024\n\004Uuid\022\014\n\004uuid\030\001 \001" + "(\t\"\036\n\tTimestamp\022\021\n\ttimestamp\030\001 \001(\001\"Z\n\005Ev" + "ent\022%\n\ttimestamp\030\001 \001(\0132\022.context.Timesta" + "mp\022*\n\nevent_type\030\002 \001(\0162\026.context.EventTy" + "peEnum\"\265\002\n\010AnyEvent\022(\n\007context\030\001 \001(\0132\025.c" + "ontext.ContextEventH\000\022*\n\010topology\030\002 \001(\0132" + "\026.context.TopologyEventH\000\022&\n\006device\030\003 \001(" + "\0132\024.context.DeviceEventH\000\022\"\n\004link\030\004 \001(\0132" + "\022.context.LinkEventH\000\022(\n\007service\030\005 \001(\0132\025" + ".context.ServiceEventH\000\022$\n\005slice\030\006 \001(\0132\023" + ".context.SliceEventH\000\022.\n\nconnection\030\007 \001(" + "\0132\030.context.ConnectionEventH\000B\007\n\005event\"0" + "\n\tContextId\022#\n\014context_uuid\030\001 \001(\0132\r.cont" + "ext.Uuid\"\351\001\n\007Context\022&\n\ncontext_id\030\001 \001(\013" + "2\022.context.ContextId\022\014\n\004name\030\002 \001(\t\022)\n\014to" + "pology_ids\030\003 \003(\0132\023.context.TopologyId\022\'\n" + "\013service_ids\030\004 \003(\0132\022.context.ServiceId\022#" + "\n\tslice_ids\030\005 \003(\0132\020.context.SliceId\022/\n\nc" + "ontroller\030\006 \001(\0132\033.context.TeraFlowContro" + "ller\"8\n\rContextIdList\022\'\n\013context_ids\030\001 \003" + "(\0132\022.context.ContextId\"1\n\013ContextList\022\"\n" + "\010contexts\030\001 \003(\0132\020.context.Context\"U\n\014Con" + "textEvent\022\035\n\005event\030\001 \001(\0132\016.context.Event" + "\022&\n\ncontext_id\030\002 \001(\0132\022.context.ContextId" + "\"Z\n\nTopologyId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022$\n\rtopology_uuid\030\002 \001(\0132\r." + "context.Uuid\"\267\001\n\010Topology\022(\n\013topology_id" + "\030\001 \001(\0132\023.context.TopologyId\022\014\n\004name\030\002 \001(" + "\t\022%\n\ndevice_ids\030\003 \003(\0132\021.context.DeviceId" + "\022!\n\010link_ids\030\004 \003(\0132\017.context.LinkId\022)\n\020o" + "ptical_link_ids\030\005 \003(\0132\017.context.LinkId\"\266" + "\001\n\017TopologyDetails\022(\n\013topology_id\030\001 \001(\0132" + "\023.context.TopologyId\022\014\n\004name\030\002 \001(\t\022 \n\007de" + "vices\030\003 \003(\0132\017.context.Device\022\034\n\005links\030\004 " + "\003(\0132\r.context.Link\022+\n\roptical_links\030\005 \003(" + "\0132\024.context.OpticalLink\";\n\016TopologyIdLis" + "t\022)\n\014topology_ids\030\001 \003(\0132\023.context.Topolo" + "gyId\"5\n\014TopologyList\022%\n\ntopologies\030\001 \003(\013" + "2\021.context.Topology\"X\n\rTopologyEvent\022\035\n\005" + "event\030\001 \001(\0132\016.context.Event\022(\n\013topology_" + "id\030\002 \001(\0132\023.context.TopologyId\".\n\010DeviceI" + "d\022\"\n\013device_uuid\030\001 \001(\0132\r.context.Uuid\"\372\002" + "\n\006Device\022$\n\tdevice_id\030\001 \001(\0132\021.context.De" + "viceId\022\014\n\004name\030\002 \001(\t\022\023\n\013device_type\030\003 \001(" + "\t\022,\n\rdevice_config\030\004 \001(\0132\025.context.Devic" + "eConfig\022G\n\031device_operational_status\030\005 \001" + "(\0162$.context.DeviceOperationalStatusEnum" + "\0221\n\016device_drivers\030\006 \003(\0162\031.context.Devic" + "eDriverEnum\022+\n\020device_endpoints\030\007 \003(\0132\021." + "context.EndPoint\022&\n\ncomponents\030\010 \003(\0132\022.c" + "ontext.Component\022(\n\rcontroller_id\030\t \001(\0132" + "\021.context.DeviceId\"\311\001\n\tComponent\022%\n\016comp" + "onent_uuid\030\001 \001(\0132\r.context.Uuid\022\014\n\004name\030" + "\002 \001(\t\022\014\n\004type\030\003 \001(\t\0226\n\nattributes\030\004 \003(\0132" + "\".context.Component.AttributesEntry\022\016\n\006p" + "arent\030\005 \001(\t\0321\n\017AttributesEntry\022\013\n\003key\030\001 " + "\001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"9\n\014DeviceConfig\022)" + "\n\014config_rules\030\001 \003(\0132\023.context.ConfigRul" + "e\"5\n\014DeviceIdList\022%\n\ndevice_ids\030\001 \003(\0132\021." + "context.DeviceId\".\n\nDeviceList\022 \n\007device" + "s\030\001 \003(\0132\017.context.Device\"\216\001\n\014DeviceFilte" + "r\022)\n\ndevice_ids\030\001 \001(\0132\025.context.DeviceId" + "List\022\031\n\021include_endpoints\030\002 \001(\010\022\034\n\024inclu" + "de_config_rules\030\003 \001(\010\022\032\n\022include_compone" + "nts\030\004 \001(\010\"\200\001\n\013DeviceEvent\022\035\n\005event\030\001 \001(\013" + "2\016.context.Event\022$\n\tdevice_id\030\002 \001(\0132\021.co" + "ntext.DeviceId\022,\n\rdevice_config\030\003 \001(\0132\025." + "context.DeviceConfig\"*\n\006LinkId\022 \n\tlink_u" + "uid\030\001 \001(\0132\r.context.Uuid\"c\n\016LinkAttribut" + "es\022\030\n\020is_bidirectional\030\001 \001(\010\022\033\n\023total_ca" + "pacity_gbps\030\002 \001(\002\022\032\n\022used_capacity_gbps\030" + "\003 \001(\002\"\275\001\n\004Link\022 \n\007link_id\030\001 \001(\0132\017.contex" + "t.LinkId\022\014\n\004name\030\002 \001(\t\022(\n\tlink_type\030\003 \001(" + "\0162\025.context.LinkTypeEnum\022.\n\021link_endpoin" + "t_ids\030\004 \003(\0132\023.context.EndPointId\022+\n\nattr" + "ibutes\030\005 \001(\0132\027.context.LinkAttributes\"/\n" + "\nLinkIdList\022!\n\010link_ids\030\001 \003(\0132\017.context." + "LinkId\"(\n\010LinkList\022\034\n\005links\030\001 \003(\0132\r.cont" + "ext.Link\"L\n\tLinkEvent\022\035\n\005event\030\001 \001(\0132\016.c" + "ontext.Event\022 \n\007link_id\030\002 \001(\0132\017.context." + "LinkId\"X\n\tServiceId\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022#\n\014service_uuid\030\002 \001(" + "\0132\r.context.Uuid\"\333\002\n\007Service\022&\n\nservice_" + "id\030\001 \001(\0132\022.context.ServiceId\022\014\n\004name\030\002 \001" + "(\t\022.\n\014service_type\030\003 \001(\0162\030.context.Servi" + "ceTypeEnum\0221\n\024service_endpoint_ids\030\004 \003(\013" + "2\023.context.EndPointId\0220\n\023service_constra" + "ints\030\005 \003(\0132\023.context.Constraint\022.\n\016servi" + "ce_status\030\006 \001(\0132\026.context.ServiceStatus\022" + ".\n\016service_config\030\007 \001(\0132\026.context.Servic" + "eConfig\022%\n\ttimestamp\030\010 \001(\0132\022.context.Tim" + "estamp\"C\n\rServiceStatus\0222\n\016service_statu" + "s\030\001 \001(\0162\032.context.ServiceStatusEnum\":\n\rS" + "erviceConfig\022)\n\014config_rules\030\001 \003(\0132\023.con" + "text.ConfigRule\"8\n\rServiceIdList\022\'\n\013serv" + "ice_ids\030\001 \003(\0132\022.context.ServiceId\"1\n\013Ser" + "viceList\022\"\n\010services\030\001 \003(\0132\020.context.Ser" + "vice\"\225\001\n\rServiceFilter\022+\n\013service_ids\030\001 " + "\001(\0132\026.context.ServiceIdList\022\034\n\024include_e" + "ndpoint_ids\030\002 \001(\010\022\033\n\023include_constraints" + "\030\003 \001(\010\022\034\n\024include_config_rules\030\004 \001(\010\"U\n\014" + "ServiceEvent\022\035\n\005event\030\001 \001(\0132\016.context.Ev" + "ent\022&\n\nservice_id\030\002 \001(\0132\022.context.Servic" + "eId\"T\n\007SliceId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022!\n\nslice_uuid\030\002 \001(\0132\r.con" + "text.Uuid\"\240\003\n\005Slice\022\"\n\010slice_id\030\001 \001(\0132\020." + "context.SliceId\022\014\n\004name\030\002 \001(\t\022/\n\022slice_e" + "ndpoint_ids\030\003 \003(\0132\023.context.EndPointId\022." + "\n\021slice_constraints\030\004 \003(\0132\023.context.Cons" + "traint\022-\n\021slice_service_ids\030\005 \003(\0132\022.cont" + "ext.ServiceId\022,\n\022slice_subslice_ids\030\006 \003(" + "\0132\020.context.SliceId\022*\n\014slice_status\030\007 \001(" + "\0132\024.context.SliceStatus\022*\n\014slice_config\030" + "\010 \001(\0132\024.context.SliceConfig\022(\n\013slice_own" + "er\030\t \001(\0132\023.context.SliceOwner\022%\n\ttimesta" + "mp\030\n \001(\0132\022.context.Timestamp\"E\n\nSliceOwn" + "er\022!\n\nowner_uuid\030\001 \001(\0132\r.context.Uuid\022\024\n" + "\014owner_string\030\002 \001(\t\"=\n\013SliceStatus\022.\n\014sl" + "ice_status\030\001 \001(\0162\030.context.SliceStatusEn" + "um\"8\n\013SliceConfig\022)\n\014config_rules\030\001 \003(\0132" + "\023.context.ConfigRule\"2\n\013SliceIdList\022#\n\ts" + "lice_ids\030\001 \003(\0132\020.context.SliceId\"+\n\tSlic" + "eList\022\036\n\006slices\030\001 \003(\0132\016.context.Slice\"\312\001" + "\n\013SliceFilter\022\'\n\tslice_ids\030\001 \001(\0132\024.conte" + "xt.SliceIdList\022\034\n\024include_endpoint_ids\030\002" + " \001(\010\022\033\n\023include_constraints\030\003 \001(\010\022\033\n\023inc" + "lude_service_ids\030\004 \001(\010\022\034\n\024include_subsli" + "ce_ids\030\005 \001(\010\022\034\n\024include_config_rules\030\006 \001" + "(\010\"O\n\nSliceEvent\022\035\n\005event\030\001 \001(\0132\016.contex" + "t.Event\022\"\n\010slice_id\030\002 \001(\0132\020.context.Slic" + "eId\"6\n\014ConnectionId\022&\n\017connection_uuid\030\001" + " \001(\0132\r.context.Uuid\"2\n\025ConnectionSetting" + "s_L0\022\031\n\021lsp_symbolic_name\030\001 \001(\t\"\236\001\n\025Conn" + "ectionSettings_L2\022\027\n\017src_mac_address\030\001 \001" + "(\t\022\027\n\017dst_mac_address\030\002 \001(\t\022\022\n\nether_typ" + "e\030\003 \001(\r\022\017\n\007vlan_id\030\004 \001(\r\022\022\n\nmpls_label\030\005" + " \001(\r\022\032\n\022mpls_traffic_class\030\006 \001(\r\"t\n\025Conn" + "ectionSettings_L3\022\026\n\016src_ip_address\030\001 \001(" + "\t\022\026\n\016dst_ip_address\030\002 \001(\t\022\014\n\004dscp\030\003 \001(\r\022" + "\020\n\010protocol\030\004 \001(\r\022\013\n\003ttl\030\005 \001(\r\"[\n\025Connec" + "tionSettings_L4\022\020\n\010src_port\030\001 \001(\r\022\020\n\010dst" + "_port\030\002 \001(\r\022\021\n\ttcp_flags\030\003 \001(\r\022\013\n\003ttl\030\004 " + "\001(\r\"\304\001\n\022ConnectionSettings\022*\n\002l0\030\001 \001(\0132\036" + ".context.ConnectionSettings_L0\022*\n\002l2\030\002 \001" + "(\0132\036.context.ConnectionSettings_L2\022*\n\002l3" + "\030\003 \001(\0132\036.context.ConnectionSettings_L3\022*" + "\n\002l4\030\004 \001(\0132\036.context.ConnectionSettings_" + "L4\"\363\001\n\nConnection\022,\n\rconnection_id\030\001 \001(\013" + "2\025.context.ConnectionId\022&\n\nservice_id\030\002 " + "\001(\0132\022.context.ServiceId\0223\n\026path_hops_end" + "point_ids\030\003 \003(\0132\023.context.EndPointId\022+\n\017" + "sub_service_ids\030\004 \003(\0132\022.context.ServiceI" + "d\022-\n\010settings\030\005 \001(\0132\033.context.Connection" + "Settings\"A\n\020ConnectionIdList\022-\n\016connecti" + "on_ids\030\001 \003(\0132\025.context.ConnectionId\":\n\016C" + "onnectionList\022(\n\013connections\030\001 \003(\0132\023.con" + "text.Connection\"^\n\017ConnectionEvent\022\035\n\005ev" + "ent\030\001 \001(\0132\016.context.Event\022,\n\rconnection_" + "id\030\002 \001(\0132\025.context.ConnectionId\"\202\001\n\nEndP" + "ointId\022(\n\013topology_id\030\001 \001(\0132\023.context.To" + "pologyId\022$\n\tdevice_id\030\002 \001(\0132\021.context.De" + "viceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context." + "Uuid\"\310\002\n\010EndPoint\022(\n\013endpoint_id\030\001 \001(\0132\023" + ".context.EndPointId\022\014\n\004name\030\002 \001(\t\022\025\n\rend" + "point_type\030\003 \001(\t\0229\n\020kpi_sample_types\030\004 \003" + "(\0162\037.kpi_sample_types.KpiSampleType\022,\n\021e" + "ndpoint_location\030\005 \001(\0132\021.context.Locatio" + "n\0229\n\014capabilities\030\006 \003(\0132#.context.EndPoi" + "nt.CapabilitiesEntry\032I\n\021CapabilitiesEntr" + "y\022\013\n\003key\030\001 \001(\t\022#\n\005value\030\002 \001(\0132\024.google.p" + "rotobuf.Any:\0028\001\"{\n\014EndPointName\022(\n\013endpo" + "int_id\030\001 \001(\0132\023.context.EndPointId\022\023\n\013dev" + "ice_name\030\002 \001(\t\022\025\n\rendpoint_name\030\003 \001(\t\022\025\n" + "\rendpoint_type\030\004 \001(\t\";\n\016EndPointIdList\022)" + "\n\014endpoint_ids\030\001 \003(\0132\023.context.EndPointI" + "d\"A\n\020EndPointNameList\022-\n\016endpoint_names\030" + "\001 \003(\0132\025.context.EndPointName\"A\n\021ConfigRu" + "le_Custom\022\024\n\014resource_key\030\001 \001(\t\022\026\n\016resou" + "rce_value\030\002 \001(\t\"\213\001\n\016ConfigRule_ACL\022(\n\013en" + "dpoint_id\030\001 \001(\0132\023.context.EndPointId\022,\n\t" + "direction\030\002 \001(\0162\031.context.AclDirectionEn" + "um\022!\n\010rule_set\030\003 \001(\0132\017.acl.AclRuleSet\"f\n" + "\021ConfigRule_IPOWDM\022(\n\013endpoint_id\030\001 \001(\0132" + "\023.context.EndPointId\022\'\n\010rule_set\030\002 \001(\0132\025" + ".ipowdm.IpowdmRuleSet\"k\n\023ConfigRule_TAPI" + "_LSP\022(\n\013endpoint_id\030\001 \001(\0132\023.context.EndP" + "ointId\022*\n\010rule_set\030\002 \003(\0132\030.tapi_lsp.Tapi" + "LspRuleSet\"h\n\022ConfigRule_IP_LINK\022(\n\013endp" + "oint_id\030\001 \001(\0132\023.context.EndPointId\022(\n\010ru" + "le_set\030\002 \001(\0132\026.ip_link.IpLinkRuleSet\"\254\002\n" + "\nConfigRule\022)\n\006action\030\001 \001(\0162\031.context.Co" + "nfigActionEnum\022,\n\006custom\030\002 \001(\0132\032.context" + ".ConfigRule_CustomH\000\022&\n\003acl\030\003 \001(\0132\027.cont" + "ext.ConfigRule_ACLH\000\022.\n\007ip_link\030\004 \001(\0132\033." + "context.ConfigRule_IP_LINKH\000\0220\n\010tapi_lsp" + "\030\005 \001(\0132\034.context.ConfigRule_TAPI_LSPH\000\022," + "\n\006ipowdm\030\006 \001(\0132\032.context.ConfigRule_IPOW" + "DMH\000B\r\n\013config_rule\"F\n\021Constraint_Custom" + "\022\027\n\017constraint_type\030\001 \001(\t\022\030\n\020constraint_" + "value\030\002 \001(\t\"E\n\023Constraint_Schedule\022\027\n\017st" + "art_timestamp\030\001 \001(\001\022\025\n\rduration_days\030\002 \001" + "(\002\"3\n\014GPS_Position\022\020\n\010latitude\030\001 \001(\002\022\021\n\t" + "longitude\030\002 \001(\002\"\204\001\n\010Location\022\020\n\006region\030\001" + " \001(\tH\000\022-\n\014gps_position\030\002 \001(\0132\025.context.G" + "PS_PositionH\000\022\023\n\tinterface\030\003 \001(\tH\000\022\026\n\014ci" + "rcuit_pack\030\004 \001(\tH\000B\n\n\010location\"l\n\033Constr" + "aint_EndPointLocation\022(\n\013endpoint_id\030\001 \001" + "(\0132\023.context.EndPointId\022#\n\010location\030\002 \001(" + "\0132\021.context.Location\"Y\n\033Constraint_EndPo" + "intPriority\022(\n\013endpoint_id\030\001 \001(\0132\023.conte" + "xt.EndPointId\022\020\n\010priority\030\002 \001(\r\"0\n\026Const" + "raint_SLA_Latency\022\026\n\016e2e_latency_ms\030\001 \001(" + "\002\"0\n\027Constraint_SLA_Capacity\022\025\n\rcapacity" + "_gbps\030\001 \001(\002\"c\n\033Constraint_SLA_Availabili" + "ty\022\032\n\022num_disjoint_paths\030\001 \001(\r\022\022\n\nall_ac" + "tive\030\002 \001(\010\022\024\n\014availability\030\003 \001(\002\"V\n\036Cons" + "traint_SLA_Isolation_level\0224\n\017isolation_" + "level\030\001 \003(\0162\033.context.IsolationLevelEnum" + "\"\242\001\n\025Constraint_Exclusions\022\024\n\014is_permane" + "nt\030\001 \001(\010\022%\n\ndevice_ids\030\002 \003(\0132\021.context.D" + "eviceId\022)\n\014endpoint_ids\030\003 \003(\0132\023.context." + "EndPointId\022!\n\010link_ids\030\004 \003(\0132\017.context.L" + "inkId\"5\n\014QoSProfileId\022%\n\016qos_profile_id\030" + "\001 \001(\0132\r.context.Uuid\"`\n\025Constraint_QoSPr" + "ofile\022-\n\016qos_profile_id\030\001 \001(\0132\025.context." + "QoSProfileId\022\030\n\020qos_profile_name\030\002 \001(\t\"\222" + "\005\n\nConstraint\022-\n\006action\030\001 \001(\0162\035.context." + "ConstraintActionEnum\022,\n\006custom\030\002 \001(\0132\032.c" + "ontext.Constraint_CustomH\000\0220\n\010schedule\030\003" + " \001(\0132\034.context.Constraint_ScheduleH\000\022A\n\021" + "endpoint_location\030\004 \001(\0132$.context.Constr" + "aint_EndPointLocationH\000\022A\n\021endpoint_prio" + "rity\030\005 \001(\0132$.context.Constraint_EndPoint" + "PriorityH\000\0228\n\014sla_capacity\030\006 \001(\0132 .conte" + "xt.Constraint_SLA_CapacityH\000\0226\n\013sla_late" + "ncy\030\007 \001(\0132\037.context.Constraint_SLA_Laten" + "cyH\000\022@\n\020sla_availability\030\010 \001(\0132$.context" + ".Constraint_SLA_AvailabilityH\000\022@\n\rsla_is" + "olation\030\t \001(\0132\'.context.Constraint_SLA_I" + "solation_levelH\000\0224\n\nexclusions\030\n \001(\0132\036.c" + "ontext.Constraint_ExclusionsH\000\0225\n\013qos_pr" + "ofile\030\013 \001(\0132\036.context.Constraint_QoSProf" + "ileH\000B\014\n\nconstraint\"^\n\022TeraFlowControlle" + "r\022&\n\ncontext_id\030\001 \001(\0132\022.context.ContextI" + "d\022\022\n\nip_address\030\002 \001(\t\022\014\n\004port\030\003 \001(\r\"U\n\024A" + "uthenticationResult\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022\025\n\rauthenticated\030\002 \001" + "(\010\"-\n\017OpticalConfigId\022\032\n\022opticalconfig_u" + "uid\030\001 \001(\t\"y\n\rOpticalConfig\0222\n\020opticalcon" + "fig_id\030\001 \001(\0132\030.context.OpticalConfigId\022\016" + "\n\006config\030\002 \001(\t\022$\n\tdevice_id\030\003 \001(\0132\021.cont" + "ext.DeviceId\"C\n\021OpticalConfigList\022.\n\016opt" + "icalconfigs\030\001 \003(\0132\026.context.OpticalConfi" + "g\"g\n\022OpticalConfigEvent\022\035\n\005event\030\001 \001(\0132\016" + ".context.Event\0222\n\020opticalconfig_id\030\002 \001(\013" + "2\030.context.OpticalConfigId\"_\n\021OpticalEnd" + "PointId\022$\n\tdevice_id\030\002 \001(\0132\021.context.Dev" + "iceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context.U" + "uid\">\n\017OpticalLinkList\022+\n\roptical_links\030" + "\001 \003(\0132\024.context.OpticalLink\"\304\003\n\022OpticalL" + "inkDetails\022\016\n\006length\030\001 \001(\002\022\020\n\010src_port\030\002" + " \001(\t\022\020\n\010dst_port\030\003 \001(\t\022\027\n\017local_peer_por" + "t\030\004 \001(\t\022\030\n\020remote_peer_port\030\005 \001(\t\022\014\n\004use" + "d\030\006 \001(\010\0228\n\007c_slots\030\007 \003(\0132\'.context.Optic" + "alLinkDetails.CSlotsEntry\0228\n\007l_slots\030\010 \003" + "(\0132\'.context.OpticalLinkDetails.LSlotsEn" + "try\0228\n\007s_slots\030\t \003(\0132\'.context.OpticalLi" + "nkDetails.SSlotsEntry\032-\n\013CSlotsEntry\022\013\n\003" + "key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013LSlotsEn" + "try\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013S" + "SlotsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\002" + "8\001\"\243\001\n\013OpticalLink\022\014\n\004name\030\001 \001(\t\0224\n\017opti" + "cal_details\030\002 \001(\0132\033.context.OpticalLinkD" + "etails\022 \n\007link_id\030\003 \001(\0132\017.context.LinkId" + "\022.\n\021link_endpoint_ids\030\004 \003(\0132\023.context.En" + "dPointId\"0\n\tChannelId\022#\n\014channel_uuid\030\001 " + "\001(\0132\r.context.Uuid\"8\n\rOpticalBandId\022\'\n\020o" + "pticalband_uuid\030\001 \001(\0132\r.context.Uuid\"\247\002\n" + "\013OpticalBand\022.\n\016opticalband_id\030\001 \001(\0132\026.c" + "ontext.OpticalBandId\022,\n\rconnection_id\030\002 " + "\001(\0132\025.context.ConnectionId\022&\n\nchannel_id" + "\030\003 \001(\0132\022.context.ChannelId\022&\n\nservice_id" + "\030\004 \001(\0132\022.context.ServiceId\022#\n\007service\030\005 " + "\001(\0132\020.context.ServiceH\000\022)\n\nconnection\030\006 " + "\001(\0132\023.context.ConnectionH\000\022\021\n\007channel\030\007 " + "\001(\tH\000B\007\n\005field\"=\n\017OpticalBandList\022*\n\014opt" + "icalbands\030\001 \003(\0132\024.context.OpticalBand\"r\n" + "\021ServiceConfigRule\022&\n\nservice_id\030\001 \001(\0132\022" + ".context.ServiceId\0225\n\021configrule_custom\030" + "\002 \001(\0132\032.context.ConfigRule_Custom*j\n\rEve" + "ntTypeEnum\022\027\n\023EVENTTYPE_UNDEFINED\020\000\022\024\n\020E" + "VENTTYPE_CREATE\020\001\022\024\n\020EVENTTYPE_UPDATE\020\002\022" + "\024\n\020EVENTTYPE_REMOVE\020\003*\333\004\n\020DeviceDriverEn" + "um\022\032\n\026DEVICEDRIVER_UNDEFINED\020\000\022\033\n\027DEVICE" + "DRIVER_OPENCONFIG\020\001\022\036\n\032DEVICEDRIVER_TRAN" + "SPORT_API\020\002\022\023\n\017DEVICEDRIVER_P4\020\003\022&\n\"DEVI" + "CEDRIVER_IETF_NETWORK_TOPOLOGY\020\004\022\033\n\027DEVI" + "CEDRIVER_ONF_TR_532\020\005\022\023\n\017DEVICEDRIVER_XR" + "\020\006\022\033\n\027DEVICEDRIVER_IETF_L2VPN\020\007\022 \n\034DEVIC" + "EDRIVER_GNMI_OPENCONFIG\020\010\022\034\n\030DEVICEDRIVE" + "R_OPTICAL_TFS\020\t\022\032\n\026DEVICEDRIVER_IETF_ACT" + "N\020\n\022\023\n\017DEVICEDRIVER_OC\020\013\022\024\n\020DEVICEDRIVER" + "_QKD\020\014\022\033\n\027DEVICEDRIVER_IETF_L3VPN\020\r\022\033\n\027D" + "EVICEDRIVER_IETF_SLICE\020\016\022\024\n\020DEVICEDRIVER" + "_NCE\020\017\022\031\n\025DEVICEDRIVER_SMARTNIC\020\020\022\031\n\025DEV" + "ICEDRIVER_MORPHEUS\020\021\022\024\n\020DEVICEDRIVER_RYU" + "\020\022\022#\n\037DEVICEDRIVER_GNMI_NOKIA_SRLINUX\020\023\022" + "\032\n\026DEVICEDRIVER_OPENROADM\020\024*\217\001\n\033DeviceOp" + "erationalStatusEnum\022%\n!DEVICEOPERATIONAL" + "STATUS_UNDEFINED\020\000\022$\n DEVICEOPERATIONALS" + "TATUS_DISABLED\020\001\022#\n\037DEVICEOPERATIONALSTA" + "TUS_ENABLED\020\002*\245\001\n\014LinkTypeEnum\022\024\n\020LINKTY" + "PE_UNKNOWN\020\000\022\023\n\017LINKTYPE_COPPER\020\001\022\022\n\016LIN" + "KTYPE_FIBER\020\002\022\022\n\016LINKTYPE_RADIO\020\003\022\024\n\020LIN" + "KTYPE_VIRTUAL\020\004\022\027\n\023LINKTYPE_MANAGEMENT\020\005" + "\022\023\n\017LINKTYPE_REMOTE\020\006*\360\002\n\017ServiceTypeEnu" + "m\022\027\n\023SERVICETYPE_UNKNOWN\020\000\022\024\n\020SERVICETYP" + "E_L3NM\020\001\022\024\n\020SERVICETYPE_L2NM\020\002\022)\n%SERVIC" + "ETYPE_TAPI_CONNECTIVITY_SERVICE\020\003\022\022\n\016SER" + "VICETYPE_TE\020\004\022\023\n\017SERVICETYPE_E2E\020\005\022$\n SE" + "RVICETYPE_OPTICAL_CONNECTIVITY\020\006\022\023\n\017SERV" + "ICETYPE_QKD\020\007\022\024\n\020SERVICETYPE_L1NM\020\010\022\023\n\017S" + "ERVICETYPE_INT\020\t\022\023\n\017SERVICETYPE_ACL\020\n\022\027\n" + "\023SERVICETYPE_IP_LINK\020\013\022\030\n\024SERVICETYPE_TA" + "PI_LSP\020\014\022\026\n\022SERVICETYPE_IPOWDM\020\r*\304\001\n\021Ser" + "viceStatusEnum\022\033\n\027SERVICESTATUS_UNDEFINE" + "D\020\000\022\031\n\025SERVICESTATUS_PLANNED\020\001\022\030\n\024SERVIC" + "ESTATUS_ACTIVE\020\002\022\032\n\026SERVICESTATUS_UPDATI" + "NG\020\003\022!\n\035SERVICESTATUS_PENDING_REMOVAL\020\004\022" + "\036\n\032SERVICESTATUS_SLA_VIOLATED\020\005*\251\001\n\017Slic" + "eStatusEnum\022\031\n\025SLICESTATUS_UNDEFINED\020\000\022\027" + "\n\023SLICESTATUS_PLANNED\020\001\022\024\n\020SLICESTATUS_I" + "NIT\020\002\022\026\n\022SLICESTATUS_ACTIVE\020\003\022\026\n\022SLICEST" + "ATUS_DEINIT\020\004\022\034\n\030SLICESTATUS_SLA_VIOLATE" + "D\020\005*]\n\020ConfigActionEnum\022\032\n\026CONFIGACTION_" + "UNDEFINED\020\000\022\024\n\020CONFIGACTION_SET\020\001\022\027\n\023CON" + "FIGACTION_DELETE\020\002*\\\n\020AclDirectionEnum\022\025" + "\n\021ACLDIRECTION_BOTH\020\000\022\030\n\024ACLDIRECTION_IN" + "GRESS\020\001\022\027\n\023ACLDIRECTION_EGRESS\020\002*m\n\024Cons" + "traintActionEnum\022\036\n\032CONSTRAINTACTION_UND" + "EFINED\020\000\022\030\n\024CONSTRAINTACTION_SET\020\001\022\033\n\027CO" + "NSTRAINTACTION_DELETE\020\002*\203\002\n\022IsolationLev" + "elEnum\022\020\n\014NO_ISOLATION\020\000\022\026\n\022PHYSICAL_ISO" + "LATION\020\001\022\025\n\021LOGICAL_ISOLATION\020\002\022\025\n\021PROCE" + "SS_ISOLATION\020\003\022\035\n\031PHYSICAL_MEMORY_ISOLAT" + "ION\020\004\022\036\n\032PHYSICAL_NETWORK_ISOLATION\020\005\022\036\n" + "\032VIRTUAL_RESOURCE_ISOLATION\020\006\022\037\n\033NETWORK" + "_FUNCTIONS_ISOLATION\020\007\022\025\n\021SERVICE_ISOLAT" + "ION\020\0102\274\035\n\016ContextService\022:\n\016ListContextI" + "ds\022\016.context.Empty\032\026.context.ContextIdLi" + "st\"\000\0226\n\014ListContexts\022\016.context.Empty\032\024.c" + "ontext.ContextList\"\000\0224\n\nGetContext\022\022.con" + "text.ContextId\032\020.context.Context\"\000\0224\n\nSe" + "tContext\022\020.context.Context\032\022.context.Con" + "textId\"\000\0225\n\rRemoveContext\022\022.context.Cont" + "extId\032\016.context.Empty\"\000\022=\n\020GetContextEve" + "nts\022\016.context.Empty\032\025.context.ContextEve" + "nt\"\0000\001\022@\n\017ListTopologyIds\022\022.context.Cont" + "extId\032\027.context.TopologyIdList\"\000\022=\n\016List" + "Topologies\022\022.context.ContextId\032\025.context" + ".TopologyList\"\000\0227\n\013GetTopology\022\023.context" + ".TopologyId\032\021.context.Topology\"\000\022E\n\022GetT" + "opologyDetails\022\023.context.TopologyId\032\030.co" + "ntext.TopologyDetails\"\000\0227\n\013SetTopology\022\021" + ".context.Topology\032\023.context.TopologyId\"\000" + "\0227\n\016RemoveTopology\022\023.context.TopologyId\032" + "\016.context.Empty\"\000\022?\n\021GetTopologyEvents\022\016" + ".context.Empty\032\026.context.TopologyEvent\"\000" + "0\001\0228\n\rListDeviceIds\022\016.context.Empty\032\025.co" + "ntext.DeviceIdList\"\000\0224\n\013ListDevices\022\016.co" + "ntext.Empty\032\023.context.DeviceList\"\000\0221\n\tGe" + "tDevice\022\021.context.DeviceId\032\017.context.Dev" + "ice\"\000\0221\n\tSetDevice\022\017.context.Device\032\021.co" + "ntext.DeviceId\"\000\0223\n\014RemoveDevice\022\021.conte" + "xt.DeviceId\032\016.context.Empty\"\000\022;\n\017GetDevi" + "ceEvents\022\016.context.Empty\032\024.context.Devic" + "eEvent\"\0000\001\022<\n\014SelectDevice\022\025.context.Dev" + "iceFilter\032\023.context.DeviceList\"\000\022I\n\021List" + "EndPointNames\022\027.context.EndPointIdList\032\031" + ".context.EndPointNameList\"\000\0224\n\013ListLinkI" + "ds\022\016.context.Empty\032\023.context.LinkIdList\"" + "\000\0220\n\tListLinks\022\016.context.Empty\032\021.context" + ".LinkList\"\000\022+\n\007GetLink\022\017.context.LinkId\032" + "\r.context.Link\"\000\022+\n\007SetLink\022\r.context.Li" + "nk\032\017.context.LinkId\"\000\022/\n\nRemoveLink\022\017.co" + "ntext.LinkId\032\016.context.Empty\"\000\0227\n\rGetLin" + "kEvents\022\016.context.Empty\032\022.context.LinkEv" + "ent\"\0000\001\022>\n\016ListServiceIds\022\022.context.Cont" + "extId\032\026.context.ServiceIdList\"\000\022:\n\014ListS" + "ervices\022\022.context.ContextId\032\024.context.Se" + "rviceList\"\000\0224\n\nGetService\022\022.context.Serv" + "iceId\032\020.context.Service\"\000\0224\n\nSetService\022" + "\020.context.Service\032\022.context.ServiceId\"\000\022" + "6\n\014UnsetService\022\020.context.Service\032\022.cont" + "ext.ServiceId\"\000\0225\n\rRemoveService\022\022.conte" + "xt.ServiceId\032\016.context.Empty\"\000\022=\n\020GetSer" + "viceEvents\022\016.context.Empty\032\025.context.Ser", "viceEvent\"\0000\001\022?\n\rSelectService\022\026.context" + ".ServiceFilter\032\024.context.ServiceList\"\000\022:" + "\n\014ListSliceIds\022\022.context.ContextId\032\024.con" + "text.SliceIdList\"\000\0226\n\nListSlices\022\022.conte" + "xt.ContextId\032\022.context.SliceList\"\000\022.\n\010Ge" + "tSlice\022\020.context.SliceId\032\016.context.Slice" + "\"\000\022.\n\010SetSlice\022\016.context.Slice\032\020.context" + ".SliceId\"\000\0220\n\nUnsetSlice\022\016.context.Slice" + "\032\020.context.SliceId\"\000\0221\n\013RemoveSlice\022\020.co" + "ntext.SliceId\032\016.context.Empty\"\000\0229\n\016GetSl" + "iceEvents\022\016.context.Empty\032\023.context.Slic" + "eEvent\"\0000\001\0229\n\013SelectSlice\022\024.context.Slic" + "eFilter\032\022.context.SliceList\"\000\022D\n\021ListCon" + "nectionIds\022\022.context.ServiceId\032\031.context" + ".ConnectionIdList\"\000\022@\n\017ListConnections\022\022" + ".context.ServiceId\032\027.context.ConnectionL" + "ist\"\000\022=\n\rGetConnection\022\025.context.Connect" + "ionId\032\023.context.Connection\"\000\022=\n\rSetConne" + "ction\022\023.context.Connection\032\025.context.Con" + "nectionId\"\000\022;\n\020RemoveConnection\022\025.contex" + "t.ConnectionId\032\016.context.Empty\"\000\022C\n\023GetC" + "onnectionEvents\022\016.context.Empty\032\030.contex" + "t.ConnectionEvent\"\0000\001\0225\n\014GetAllEvents\022\016." + "context.Empty\032\021.context.AnyEvent\"\0000\001\022@\n\020" + "GetOpticalConfig\022\016.context.Empty\032\032.conte" + "xt.OpticalConfigList\"\000\022F\n\020SetOpticalConf" + "ig\022\026.context.OpticalConfig\032\030.context.Opt" + "icalConfigId\"\000\022I\n\023UpdateOpticalConfig\022\026." + "context.OpticalConfig\032\030.context.OpticalC" + "onfigId\"\000\022I\n\023SelectOpticalConfig\022\030.conte" + "xt.OpticalConfigId\032\026.context.OpticalConf" + "ig\"\000\022A\n\023DeleteOpticalConfig\022\030.context.Op" + "ticalConfigId\032\016.context.Empty\"\000\022@\n\024Delet" + "eOpticalChannel\022\026.context.OpticalConfig\032" + "\016.context.Empty\"\000\0228\n\016SetOpticalLink\022\024.co" + "ntext.OpticalLink\032\016.context.Empty\"\000\0229\n\016G" + "etOpticalLink\022\017.context.LinkId\032\024.context" + ".OpticalLink\"\000\0226\n\021DeleteOpticalLink\022\017.co" + "ntext.LinkId\032\016.context.Empty\"\000\022@\n\022GetOpt" + "icalLinkList\022\016.context.Empty\032\030.context.O" + "pticalLinkList\"\000\022<\n\016GetOpticalBand\022\016.con" + "text.Empty\032\030.context.OpticalBandList\"\000\022C" + "\n\021SelectOpticalBand\022\026.context.OpticalBan" + "dId\032\024.context.OpticalBand\"\000\022G\n\027DeleteSer" + "viceConfigRule\022\032.context.ServiceConfigRu" + "le\032\016.context.Empty\"\000b\006proto3" }; + java.lang.String[] descriptorData = { "\n\rcontext.proto\022\007context\032\031google/protobu" + "f/any.proto\032\tacl.proto\032\014ipowdm.proto\032\rip" + "_link.proto\032\026kpi_sample_types.proto\032\016tap" + "i_lsp.proto\"\007\n\005Empty\"\024\n\004Uuid\022\014\n\004uuid\030\001 \001" + "(\t\"\036\n\tTimestamp\022\021\n\ttimestamp\030\001 \001(\001\"Z\n\005Ev" + "ent\022%\n\ttimestamp\030\001 \001(\0132\022.context.Timesta" + "mp\022*\n\nevent_type\030\002 \001(\0162\026.context.EventTy" + "peEnum\"\265\002\n\010AnyEvent\022(\n\007context\030\001 \001(\0132\025.c" + "ontext.ContextEventH\000\022*\n\010topology\030\002 \001(\0132" + "\026.context.TopologyEventH\000\022&\n\006device\030\003 \001(" + "\0132\024.context.DeviceEventH\000\022\"\n\004link\030\004 \001(\0132" + "\022.context.LinkEventH\000\022(\n\007service\030\005 \001(\0132\025" + ".context.ServiceEventH\000\022$\n\005slice\030\006 \001(\0132\023" + ".context.SliceEventH\000\022.\n\nconnection\030\007 \001(" + "\0132\030.context.ConnectionEventH\000B\007\n\005event\"0" + "\n\tContextId\022#\n\014context_uuid\030\001 \001(\0132\r.cont" + "ext.Uuid\"\351\001\n\007Context\022&\n\ncontext_id\030\001 \001(\013" + "2\022.context.ContextId\022\014\n\004name\030\002 \001(\t\022)\n\014to" + "pology_ids\030\003 \003(\0132\023.context.TopologyId\022\'\n" + "\013service_ids\030\004 \003(\0132\022.context.ServiceId\022#" + "\n\tslice_ids\030\005 \003(\0132\020.context.SliceId\022/\n\nc" + "ontroller\030\006 \001(\0132\033.context.TeraFlowContro" + "ller\"8\n\rContextIdList\022\'\n\013context_ids\030\001 \003" + "(\0132\022.context.ContextId\"1\n\013ContextList\022\"\n" + "\010contexts\030\001 \003(\0132\020.context.Context\"U\n\014Con" + "textEvent\022\035\n\005event\030\001 \001(\0132\016.context.Event" + "\022&\n\ncontext_id\030\002 \001(\0132\022.context.ContextId" + "\"Z\n\nTopologyId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022$\n\rtopology_uuid\030\002 \001(\0132\r." + "context.Uuid\"\267\001\n\010Topology\022(\n\013topology_id" + "\030\001 \001(\0132\023.context.TopologyId\022\014\n\004name\030\002 \001(" + "\t\022%\n\ndevice_ids\030\003 \003(\0132\021.context.DeviceId" + "\022!\n\010link_ids\030\004 \003(\0132\017.context.LinkId\022)\n\020o" + "ptical_link_ids\030\005 \003(\0132\017.context.LinkId\"\266" + "\001\n\017TopologyDetails\022(\n\013topology_id\030\001 \001(\0132" + "\023.context.TopologyId\022\014\n\004name\030\002 \001(\t\022 \n\007de" + "vices\030\003 \003(\0132\017.context.Device\022\034\n\005links\030\004 " + "\003(\0132\r.context.Link\022+\n\roptical_links\030\005 \003(" + "\0132\024.context.OpticalLink\";\n\016TopologyIdLis" + "t\022)\n\014topology_ids\030\001 \003(\0132\023.context.Topolo" + "gyId\"5\n\014TopologyList\022%\n\ntopologies\030\001 \003(\013" + "2\021.context.Topology\"X\n\rTopologyEvent\022\035\n\005" + "event\030\001 \001(\0132\016.context.Event\022(\n\013topology_" + "id\030\002 \001(\0132\023.context.TopologyId\".\n\010DeviceI" + "d\022\"\n\013device_uuid\030\001 \001(\0132\r.context.Uuid\"\372\002" + "\n\006Device\022$\n\tdevice_id\030\001 \001(\0132\021.context.De" + "viceId\022\014\n\004name\030\002 \001(\t\022\023\n\013device_type\030\003 \001(" + "\t\022,\n\rdevice_config\030\004 \001(\0132\025.context.Devic" + "eConfig\022G\n\031device_operational_status\030\005 \001" + "(\0162$.context.DeviceOperationalStatusEnum" + "\0221\n\016device_drivers\030\006 \003(\0162\031.context.Devic" + "eDriverEnum\022+\n\020device_endpoints\030\007 \003(\0132\021." + "context.EndPoint\022&\n\ncomponents\030\010 \003(\0132\022.c" + "ontext.Component\022(\n\rcontroller_id\030\t \001(\0132" + "\021.context.DeviceId\"\311\001\n\tComponent\022%\n\016comp" + "onent_uuid\030\001 \001(\0132\r.context.Uuid\022\014\n\004name\030" + "\002 \001(\t\022\014\n\004type\030\003 \001(\t\0226\n\nattributes\030\004 \003(\0132" + "\".context.Component.AttributesEntry\022\016\n\006p" + "arent\030\005 \001(\t\0321\n\017AttributesEntry\022\013\n\003key\030\001 " + "\001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"9\n\014DeviceConfig\022)" + "\n\014config_rules\030\001 \003(\0132\023.context.ConfigRul" + "e\"5\n\014DeviceIdList\022%\n\ndevice_ids\030\001 \003(\0132\021." + "context.DeviceId\".\n\nDeviceList\022 \n\007device" + "s\030\001 \003(\0132\017.context.Device\"\216\001\n\014DeviceFilte" + "r\022)\n\ndevice_ids\030\001 \001(\0132\025.context.DeviceId" + "List\022\031\n\021include_endpoints\030\002 \001(\010\022\034\n\024inclu" + "de_config_rules\030\003 \001(\010\022\032\n\022include_compone" + "nts\030\004 \001(\010\"\200\001\n\013DeviceEvent\022\035\n\005event\030\001 \001(\013" + "2\016.context.Event\022$\n\tdevice_id\030\002 \001(\0132\021.co" + "ntext.DeviceId\022,\n\rdevice_config\030\003 \001(\0132\025." + "context.DeviceConfig\"*\n\006LinkId\022 \n\tlink_u" + "uid\030\001 \001(\0132\r.context.Uuid\"c\n\016LinkAttribut" + "es\022\030\n\020is_bidirectional\030\001 \001(\010\022\033\n\023total_ca" + "pacity_gbps\030\002 \001(\002\022\032\n\022used_capacity_gbps\030" + "\003 \001(\002\"\275\001\n\004Link\022 \n\007link_id\030\001 \001(\0132\017.contex" + "t.LinkId\022\014\n\004name\030\002 \001(\t\022(\n\tlink_type\030\003 \001(" + "\0162\025.context.LinkTypeEnum\022.\n\021link_endpoin" + "t_ids\030\004 \003(\0132\023.context.EndPointId\022+\n\nattr" + "ibutes\030\005 \001(\0132\027.context.LinkAttributes\"/\n" + "\nLinkIdList\022!\n\010link_ids\030\001 \003(\0132\017.context." + "LinkId\"(\n\010LinkList\022\034\n\005links\030\001 \003(\0132\r.cont" + "ext.Link\"L\n\tLinkEvent\022\035\n\005event\030\001 \001(\0132\016.c" + "ontext.Event\022 \n\007link_id\030\002 \001(\0132\017.context." + "LinkId\"X\n\tServiceId\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022#\n\014service_uuid\030\002 \001(" + "\0132\r.context.Uuid\"\333\002\n\007Service\022&\n\nservice_" + "id\030\001 \001(\0132\022.context.ServiceId\022\014\n\004name\030\002 \001" + "(\t\022.\n\014service_type\030\003 \001(\0162\030.context.Servi" + "ceTypeEnum\0221\n\024service_endpoint_ids\030\004 \003(\013" + "2\023.context.EndPointId\0220\n\023service_constra" + "ints\030\005 \003(\0132\023.context.Constraint\022.\n\016servi" + "ce_status\030\006 \001(\0132\026.context.ServiceStatus\022" + ".\n\016service_config\030\007 \001(\0132\026.context.Servic" + "eConfig\022%\n\ttimestamp\030\010 \001(\0132\022.context.Tim" + "estamp\"C\n\rServiceStatus\0222\n\016service_statu" + "s\030\001 \001(\0162\032.context.ServiceStatusEnum\":\n\rS" + "erviceConfig\022)\n\014config_rules\030\001 \003(\0132\023.con" + "text.ConfigRule\"8\n\rServiceIdList\022\'\n\013serv" + "ice_ids\030\001 \003(\0132\022.context.ServiceId\"1\n\013Ser" + "viceList\022\"\n\010services\030\001 \003(\0132\020.context.Ser" + "vice\"\225\001\n\rServiceFilter\022+\n\013service_ids\030\001 " + "\001(\0132\026.context.ServiceIdList\022\034\n\024include_e" + "ndpoint_ids\030\002 \001(\010\022\033\n\023include_constraints" + "\030\003 \001(\010\022\034\n\024include_config_rules\030\004 \001(\010\"U\n\014" + "ServiceEvent\022\035\n\005event\030\001 \001(\0132\016.context.Ev" + "ent\022&\n\nservice_id\030\002 \001(\0132\022.context.Servic" + "eId\"T\n\007SliceId\022&\n\ncontext_id\030\001 \001(\0132\022.con" + "text.ContextId\022!\n\nslice_uuid\030\002 \001(\0132\r.con" + "text.Uuid\"\240\003\n\005Slice\022\"\n\010slice_id\030\001 \001(\0132\020." + "context.SliceId\022\014\n\004name\030\002 \001(\t\022/\n\022slice_e" + "ndpoint_ids\030\003 \003(\0132\023.context.EndPointId\022." + "\n\021slice_constraints\030\004 \003(\0132\023.context.Cons" + "traint\022-\n\021slice_service_ids\030\005 \003(\0132\022.cont" + "ext.ServiceId\022,\n\022slice_subslice_ids\030\006 \003(" + "\0132\020.context.SliceId\022*\n\014slice_status\030\007 \001(" + "\0132\024.context.SliceStatus\022*\n\014slice_config\030" + "\010 \001(\0132\024.context.SliceConfig\022(\n\013slice_own" + "er\030\t \001(\0132\023.context.SliceOwner\022%\n\ttimesta" + "mp\030\n \001(\0132\022.context.Timestamp\"E\n\nSliceOwn" + "er\022!\n\nowner_uuid\030\001 \001(\0132\r.context.Uuid\022\024\n" + "\014owner_string\030\002 \001(\t\"=\n\013SliceStatus\022.\n\014sl" + "ice_status\030\001 \001(\0162\030.context.SliceStatusEn" + "um\"8\n\013SliceConfig\022)\n\014config_rules\030\001 \003(\0132" + "\023.context.ConfigRule\"2\n\013SliceIdList\022#\n\ts" + "lice_ids\030\001 \003(\0132\020.context.SliceId\"+\n\tSlic" + "eList\022\036\n\006slices\030\001 \003(\0132\016.context.Slice\"\312\001" + "\n\013SliceFilter\022\'\n\tslice_ids\030\001 \001(\0132\024.conte" + "xt.SliceIdList\022\034\n\024include_endpoint_ids\030\002" + " \001(\010\022\033\n\023include_constraints\030\003 \001(\010\022\033\n\023inc" + "lude_service_ids\030\004 \001(\010\022\034\n\024include_subsli" + "ce_ids\030\005 \001(\010\022\034\n\024include_config_rules\030\006 \001" + "(\010\"O\n\nSliceEvent\022\035\n\005event\030\001 \001(\0132\016.contex" + "t.Event\022\"\n\010slice_id\030\002 \001(\0132\020.context.Slic" + "eId\"6\n\014ConnectionId\022&\n\017connection_uuid\030\001" + " \001(\0132\r.context.Uuid\"2\n\025ConnectionSetting" + "s_L0\022\031\n\021lsp_symbolic_name\030\001 \001(\t\"\236\001\n\025Conn" + "ectionSettings_L2\022\027\n\017src_mac_address\030\001 \001" + "(\t\022\027\n\017dst_mac_address\030\002 \001(\t\022\022\n\nether_typ" + "e\030\003 \001(\r\022\017\n\007vlan_id\030\004 \001(\r\022\022\n\nmpls_label\030\005" + " \001(\r\022\032\n\022mpls_traffic_class\030\006 \001(\r\"t\n\025Conn" + "ectionSettings_L3\022\026\n\016src_ip_address\030\001 \001(" + "\t\022\026\n\016dst_ip_address\030\002 \001(\t\022\014\n\004dscp\030\003 \001(\r\022" + "\020\n\010protocol\030\004 \001(\r\022\013\n\003ttl\030\005 \001(\r\"[\n\025Connec" + "tionSettings_L4\022\020\n\010src_port\030\001 \001(\r\022\020\n\010dst" + "_port\030\002 \001(\r\022\021\n\ttcp_flags\030\003 \001(\r\022\013\n\003ttl\030\004 " + "\001(\r\"\304\001\n\022ConnectionSettings\022*\n\002l0\030\001 \001(\0132\036" + ".context.ConnectionSettings_L0\022*\n\002l2\030\002 \001" + "(\0132\036.context.ConnectionSettings_L2\022*\n\002l3" + "\030\003 \001(\0132\036.context.ConnectionSettings_L3\022*" + "\n\002l4\030\004 \001(\0132\036.context.ConnectionSettings_" + "L4\"\363\001\n\nConnection\022,\n\rconnection_id\030\001 \001(\013" + "2\025.context.ConnectionId\022&\n\nservice_id\030\002 " + "\001(\0132\022.context.ServiceId\0223\n\026path_hops_end" + "point_ids\030\003 \003(\0132\023.context.EndPointId\022+\n\017" + "sub_service_ids\030\004 \003(\0132\022.context.ServiceI" + "d\022-\n\010settings\030\005 \001(\0132\033.context.Connection" + "Settings\"A\n\020ConnectionIdList\022-\n\016connecti" + "on_ids\030\001 \003(\0132\025.context.ConnectionId\":\n\016C" + "onnectionList\022(\n\013connections\030\001 \003(\0132\023.con" + "text.Connection\"^\n\017ConnectionEvent\022\035\n\005ev" + "ent\030\001 \001(\0132\016.context.Event\022,\n\rconnection_" + "id\030\002 \001(\0132\025.context.ConnectionId\"\202\001\n\nEndP" + "ointId\022(\n\013topology_id\030\001 \001(\0132\023.context.To" + "pologyId\022$\n\tdevice_id\030\002 \001(\0132\021.context.De" + "viceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context." + "Uuid\"\310\002\n\010EndPoint\022(\n\013endpoint_id\030\001 \001(\0132\023" + ".context.EndPointId\022\014\n\004name\030\002 \001(\t\022\025\n\rend" + "point_type\030\003 \001(\t\0229\n\020kpi_sample_types\030\004 \003" + "(\0162\037.kpi_sample_types.KpiSampleType\022,\n\021e" + "ndpoint_location\030\005 \001(\0132\021.context.Locatio" + "n\0229\n\014capabilities\030\006 \003(\0132#.context.EndPoi" + "nt.CapabilitiesEntry\032I\n\021CapabilitiesEntr" + "y\022\013\n\003key\030\001 \001(\t\022#\n\005value\030\002 \001(\0132\024.google.p" + "rotobuf.Any:\0028\001\"{\n\014EndPointName\022(\n\013endpo" + "int_id\030\001 \001(\0132\023.context.EndPointId\022\023\n\013dev" + "ice_name\030\002 \001(\t\022\025\n\rendpoint_name\030\003 \001(\t\022\025\n" + "\rendpoint_type\030\004 \001(\t\";\n\016EndPointIdList\022)" + "\n\014endpoint_ids\030\001 \003(\0132\023.context.EndPointI" + "d\"A\n\020EndPointNameList\022-\n\016endpoint_names\030" + "\001 \003(\0132\025.context.EndPointName\"A\n\021ConfigRu" + "le_Custom\022\024\n\014resource_key\030\001 \001(\t\022\026\n\016resou" + "rce_value\030\002 \001(\t\"\213\001\n\016ConfigRule_ACL\022(\n\013en" + "dpoint_id\030\001 \001(\0132\023.context.EndPointId\022,\n\t" + "direction\030\002 \001(\0162\031.context.AclDirectionEn" + "um\022!\n\010rule_set\030\003 \001(\0132\017.acl.AclRuleSet\"f\n" + "\021ConfigRule_IPOWDM\022(\n\013endpoint_id\030\001 \001(\0132" + "\023.context.EndPointId\022\'\n\010rule_set\030\002 \001(\0132\025" + ".ipowdm.IpowdmRuleSet\"k\n\023ConfigRule_TAPI" + "_LSP\022(\n\013endpoint_id\030\001 \001(\0132\023.context.EndP" + "ointId\022*\n\010rule_set\030\002 \003(\0132\030.tapi_lsp.Tapi" + "LspRuleSet\"h\n\022ConfigRule_IP_LINK\022(\n\013endp" + "oint_id\030\001 \001(\0132\023.context.EndPointId\022(\n\010ru" + "le_set\030\002 \001(\0132\026.ip_link.IpLinkRuleSet\"\254\002\n" + "\nConfigRule\022)\n\006action\030\001 \001(\0162\031.context.Co" + "nfigActionEnum\022,\n\006custom\030\002 \001(\0132\032.context" + ".ConfigRule_CustomH\000\022&\n\003acl\030\003 \001(\0132\027.cont" + "ext.ConfigRule_ACLH\000\022.\n\007ip_link\030\004 \001(\0132\033." + "context.ConfigRule_IP_LINKH\000\0220\n\010tapi_lsp" + "\030\005 \001(\0132\034.context.ConfigRule_TAPI_LSPH\000\022," + "\n\006ipowdm\030\006 \001(\0132\032.context.ConfigRule_IPOW" + "DMH\000B\r\n\013config_rule\"F\n\021Constraint_Custom" + "\022\027\n\017constraint_type\030\001 \001(\t\022\030\n\020constraint_" + "value\030\002 \001(\t\"E\n\023Constraint_Schedule\022\027\n\017st" + "art_timestamp\030\001 \001(\001\022\025\n\rduration_days\030\002 \001" + "(\002\"3\n\014GPS_Position\022\020\n\010latitude\030\001 \001(\002\022\021\n\t" + "longitude\030\002 \001(\002\"\204\001\n\010Location\022\020\n\006region\030\001" + " \001(\tH\000\022-\n\014gps_position\030\002 \001(\0132\025.context.G" + "PS_PositionH\000\022\023\n\tinterface\030\003 \001(\tH\000\022\026\n\014ci" + "rcuit_pack\030\004 \001(\tH\000B\n\n\010location\"l\n\033Constr" + "aint_EndPointLocation\022(\n\013endpoint_id\030\001 \001" + "(\0132\023.context.EndPointId\022#\n\010location\030\002 \001(" + "\0132\021.context.Location\"Y\n\033Constraint_EndPo" + "intPriority\022(\n\013endpoint_id\030\001 \001(\0132\023.conte" + "xt.EndPointId\022\020\n\010priority\030\002 \001(\r\"0\n\026Const" + "raint_SLA_Latency\022\026\n\016e2e_latency_ms\030\001 \001(" + "\002\"0\n\027Constraint_SLA_Capacity\022\025\n\rcapacity" + "_gbps\030\001 \001(\002\"c\n\033Constraint_SLA_Availabili" + "ty\022\032\n\022num_disjoint_paths\030\001 \001(\r\022\022\n\nall_ac" + "tive\030\002 \001(\010\022\024\n\014availability\030\003 \001(\002\"V\n\036Cons" + "traint_SLA_Isolation_level\0224\n\017isolation_" + "level\030\001 \003(\0162\033.context.IsolationLevelEnum" + "\"\242\001\n\025Constraint_Exclusions\022\024\n\014is_permane" + "nt\030\001 \001(\010\022%\n\ndevice_ids\030\002 \003(\0132\021.context.D" + "eviceId\022)\n\014endpoint_ids\030\003 \003(\0132\023.context." + "EndPointId\022!\n\010link_ids\030\004 \003(\0132\017.context.L" + "inkId\"5\n\014QoSProfileId\022%\n\016qos_profile_id\030" + "\001 \001(\0132\r.context.Uuid\"`\n\025Constraint_QoSPr" + "ofile\022-\n\016qos_profile_id\030\001 \001(\0132\025.context." + "QoSProfileId\022\030\n\020qos_profile_name\030\002 \001(\t\"\222" + "\005\n\nConstraint\022-\n\006action\030\001 \001(\0162\035.context." + "ConstraintActionEnum\022,\n\006custom\030\002 \001(\0132\032.c" + "ontext.Constraint_CustomH\000\0220\n\010schedule\030\003" + " \001(\0132\034.context.Constraint_ScheduleH\000\022A\n\021" + "endpoint_location\030\004 \001(\0132$.context.Constr" + "aint_EndPointLocationH\000\022A\n\021endpoint_prio" + "rity\030\005 \001(\0132$.context.Constraint_EndPoint" + "PriorityH\000\0228\n\014sla_capacity\030\006 \001(\0132 .conte" + "xt.Constraint_SLA_CapacityH\000\0226\n\013sla_late" + "ncy\030\007 \001(\0132\037.context.Constraint_SLA_Laten" + "cyH\000\022@\n\020sla_availability\030\010 \001(\0132$.context" + ".Constraint_SLA_AvailabilityH\000\022@\n\rsla_is" + "olation\030\t \001(\0132\'.context.Constraint_SLA_I" + "solation_levelH\000\0224\n\nexclusions\030\n \001(\0132\036.c" + "ontext.Constraint_ExclusionsH\000\0225\n\013qos_pr" + "ofile\030\013 \001(\0132\036.context.Constraint_QoSProf" + "ileH\000B\014\n\nconstraint\"^\n\022TeraFlowControlle" + "r\022&\n\ncontext_id\030\001 \001(\0132\022.context.ContextI" + "d\022\022\n\nip_address\030\002 \001(\t\022\014\n\004port\030\003 \001(\r\"U\n\024A" + "uthenticationResult\022&\n\ncontext_id\030\001 \001(\0132" + "\022.context.ContextId\022\025\n\rauthenticated\030\002 \001" + "(\010\"-\n\017OpticalConfigId\022\032\n\022opticalconfig_u" + "uid\030\001 \001(\t\"y\n\rOpticalConfig\0222\n\020opticalcon" + "fig_id\030\001 \001(\0132\030.context.OpticalConfigId\022\016" + "\n\006config\030\002 \001(\t\022$\n\tdevice_id\030\003 \001(\0132\021.cont" + "ext.DeviceId\"C\n\021OpticalConfigList\022.\n\016opt" + "icalconfigs\030\001 \003(\0132\026.context.OpticalConfi" + "g\"g\n\022OpticalConfigEvent\022\035\n\005event\030\001 \001(\0132\016" + ".context.Event\0222\n\020opticalconfig_id\030\002 \001(\013" + "2\030.context.OpticalConfigId\"_\n\021OpticalEnd" + "PointId\022$\n\tdevice_id\030\002 \001(\0132\021.context.Dev" + "iceId\022$\n\rendpoint_uuid\030\003 \001(\0132\r.context.U" + "uid\">\n\017OpticalLinkList\022+\n\roptical_links\030" + "\001 \003(\0132\024.context.OpticalLink\"\304\003\n\022OpticalL" + "inkDetails\022\016\n\006length\030\001 \001(\002\022\020\n\010src_port\030\002" + " \001(\t\022\020\n\010dst_port\030\003 \001(\t\022\027\n\017local_peer_por" + "t\030\004 \001(\t\022\030\n\020remote_peer_port\030\005 \001(\t\022\014\n\004use" + "d\030\006 \001(\010\0228\n\007c_slots\030\007 \003(\0132\'.context.Optic" + "alLinkDetails.CSlotsEntry\0228\n\007l_slots\030\010 \003" + "(\0132\'.context.OpticalLinkDetails.LSlotsEn" + "try\0228\n\007s_slots\030\t \003(\0132\'.context.OpticalLi" + "nkDetails.SSlotsEntry\032-\n\013CSlotsEntry\022\013\n\003" + "key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013LSlotsEn" + "try\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\0028\001\032-\n\013S" + "SlotsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\005:\002" + "8\001\"\243\001\n\013OpticalLink\022\014\n\004name\030\001 \001(\t\0224\n\017opti" + "cal_details\030\002 \001(\0132\033.context.OpticalLinkD" + "etails\022 \n\007link_id\030\003 \001(\0132\017.context.LinkId" + "\022.\n\021link_endpoint_ids\030\004 \003(\0132\023.context.En" + "dPointId\"0\n\tChannelId\022#\n\014channel_uuid\030\001 " + "\001(\0132\r.context.Uuid\"8\n\rOpticalBandId\022\'\n\020o" + "pticalband_uuid\030\001 \001(\0132\r.context.Uuid\"\247\002\n" + "\013OpticalBand\022.\n\016opticalband_id\030\001 \001(\0132\026.c" + "ontext.OpticalBandId\022,\n\rconnection_id\030\002 " + "\001(\0132\025.context.ConnectionId\022&\n\nchannel_id" + "\030\003 \001(\0132\022.context.ChannelId\022&\n\nservice_id" + "\030\004 \001(\0132\022.context.ServiceId\022#\n\007service\030\005 " + "\001(\0132\020.context.ServiceH\000\022)\n\nconnection\030\006 " + "\001(\0132\023.context.ConnectionH\000\022\021\n\007channel\030\007 " + "\001(\tH\000B\007\n\005field\"=\n\017OpticalBandList\022*\n\014opt" + "icalbands\030\001 \003(\0132\024.context.OpticalBand\"r\n" + "\021ServiceConfigRule\022&\n\nservice_id\030\001 \001(\0132\022" + ".context.ServiceId\0225\n\021configrule_custom\030" + "\002 \001(\0132\032.context.ConfigRule_Custom*j\n\rEve" + "ntTypeEnum\022\027\n\023EVENTTYPE_UNDEFINED\020\000\022\024\n\020E" + "VENTTYPE_CREATE\020\001\022\024\n\020EVENTTYPE_UPDATE\020\002\022" + "\024\n\020EVENTTYPE_REMOVE\020\003*\201\005\n\020DeviceDriverEn" + "um\022\032\n\026DEVICEDRIVER_UNDEFINED\020\000\022\033\n\027DEVICE" + "DRIVER_OPENCONFIG\020\001\022\036\n\032DEVICEDRIVER_TRAN" + "SPORT_API\020\002\022\023\n\017DEVICEDRIVER_P4\020\003\022&\n\"DEVI" + "CEDRIVER_IETF_NETWORK_TOPOLOGY\020\004\022\033\n\027DEVI" + "CEDRIVER_ONF_TR_532\020\005\022\023\n\017DEVICEDRIVER_XR" + "\020\006\022\033\n\027DEVICEDRIVER_IETF_L2VPN\020\007\022 \n\034DEVIC" + "EDRIVER_GNMI_OPENCONFIG\020\010\022\034\n\030DEVICEDRIVE" + "R_OPTICAL_TFS\020\t\022\032\n\026DEVICEDRIVER_IETF_ACT" + "N\020\n\022\023\n\017DEVICEDRIVER_OC\020\013\022\024\n\020DEVICEDRIVER" + "_QKD\020\014\022\033\n\027DEVICEDRIVER_IETF_L3VPN\020\r\022\033\n\027D" + "EVICEDRIVER_IETF_SLICE\020\016\022\024\n\020DEVICEDRIVER" + "_NCE\020\017\022\031\n\025DEVICEDRIVER_SMARTNIC\020\020\022\031\n\025DEV" + "ICEDRIVER_MORPHEUS\020\021\022\024\n\020DEVICEDRIVER_RYU" + "\020\022\022#\n\037DEVICEDRIVER_GNMI_NOKIA_SRLINUX\020\023\022" + "\032\n\026DEVICEDRIVER_OPENROADM\020\024\022$\n DEVICEDRI" + "VER_RESTCONF_OPENCONFIG\020\025*\217\001\n\033DeviceOper" + "ationalStatusEnum\022%\n!DEVICEOPERATIONALST" + "ATUS_UNDEFINED\020\000\022$\n DEVICEOPERATIONALSTA" + "TUS_DISABLED\020\001\022#\n\037DEVICEOPERATIONALSTATU" + "S_ENABLED\020\002*\245\001\n\014LinkTypeEnum\022\024\n\020LINKTYPE" + "_UNKNOWN\020\000\022\023\n\017LINKTYPE_COPPER\020\001\022\022\n\016LINKT" + "YPE_FIBER\020\002\022\022\n\016LINKTYPE_RADIO\020\003\022\024\n\020LINKT" + "YPE_VIRTUAL\020\004\022\027\n\023LINKTYPE_MANAGEMENT\020\005\022\023" + "\n\017LINKTYPE_REMOTE\020\006*\360\002\n\017ServiceTypeEnum\022" + "\027\n\023SERVICETYPE_UNKNOWN\020\000\022\024\n\020SERVICETYPE_" + "L3NM\020\001\022\024\n\020SERVICETYPE_L2NM\020\002\022)\n%SERVICET" + "YPE_TAPI_CONNECTIVITY_SERVICE\020\003\022\022\n\016SERVI" + "CETYPE_TE\020\004\022\023\n\017SERVICETYPE_E2E\020\005\022$\n SERV" + "ICETYPE_OPTICAL_CONNECTIVITY\020\006\022\023\n\017SERVIC" + "ETYPE_QKD\020\007\022\024\n\020SERVICETYPE_L1NM\020\010\022\023\n\017SER" + "VICETYPE_INT\020\t\022\023\n\017SERVICETYPE_ACL\020\n\022\027\n\023S" + "ERVICETYPE_IP_LINK\020\013\022\030\n\024SERVICETYPE_TAPI" + "_LSP\020\014\022\026\n\022SERVICETYPE_IPOWDM\020\r*\304\001\n\021Servi" + "ceStatusEnum\022\033\n\027SERVICESTATUS_UNDEFINED\020" + "\000\022\031\n\025SERVICESTATUS_PLANNED\020\001\022\030\n\024SERVICES" + "TATUS_ACTIVE\020\002\022\032\n\026SERVICESTATUS_UPDATING" + "\020\003\022!\n\035SERVICESTATUS_PENDING_REMOVAL\020\004\022\036\n" + "\032SERVICESTATUS_SLA_VIOLATED\020\005*\251\001\n\017SliceS" + "tatusEnum\022\031\n\025SLICESTATUS_UNDEFINED\020\000\022\027\n\023" + "SLICESTATUS_PLANNED\020\001\022\024\n\020SLICESTATUS_INI" + "T\020\002\022\026\n\022SLICESTATUS_ACTIVE\020\003\022\026\n\022SLICESTAT" + "US_DEINIT\020\004\022\034\n\030SLICESTATUS_SLA_VIOLATED\020" + "\005*]\n\020ConfigActionEnum\022\032\n\026CONFIGACTION_UN" + "DEFINED\020\000\022\024\n\020CONFIGACTION_SET\020\001\022\027\n\023CONFI" + "GACTION_DELETE\020\002*\\\n\020AclDirectionEnum\022\025\n\021" + "ACLDIRECTION_BOTH\020\000\022\030\n\024ACLDIRECTION_INGR" + "ESS\020\001\022\027\n\023ACLDIRECTION_EGRESS\020\002*m\n\024Constr" + "aintActionEnum\022\036\n\032CONSTRAINTACTION_UNDEF" + "INED\020\000\022\030\n\024CONSTRAINTACTION_SET\020\001\022\033\n\027CONS" + "TRAINTACTION_DELETE\020\002*\203\002\n\022IsolationLevel" + "Enum\022\020\n\014NO_ISOLATION\020\000\022\026\n\022PHYSICAL_ISOLA" + "TION\020\001\022\025\n\021LOGICAL_ISOLATION\020\002\022\025\n\021PROCESS" + "_ISOLATION\020\003\022\035\n\031PHYSICAL_MEMORY_ISOLATIO" + "N\020\004\022\036\n\032PHYSICAL_NETWORK_ISOLATION\020\005\022\036\n\032V" + "IRTUAL_RESOURCE_ISOLATION\020\006\022\037\n\033NETWORK_F" + "UNCTIONS_ISOLATION\020\007\022\025\n\021SERVICE_ISOLATIO" + "N\020\0102\274\035\n\016ContextService\022:\n\016ListContextIds" + "\022\016.context.Empty\032\026.context.ContextIdList" + "\"\000\0226\n\014ListContexts\022\016.context.Empty\032\024.con" + "text.ContextList\"\000\0224\n\nGetContext\022\022.conte" + "xt.ContextId\032\020.context.Context\"\000\0224\n\nSetC" + "ontext\022\020.context.Context\032\022.context.Conte" + "xtId\"\000\0225\n\rRemoveContext\022\022.context.Contex" + "tId\032\016.context.Empty\"\000\022=\n\020GetContextEvent" + "s\022\016.context.Empty\032\025.context.ContextEvent" + "\"\0000\001\022@\n\017ListTopologyIds\022\022.context.Contex" + "tId\032\027.context.TopologyIdList\"\000\022=\n\016ListTo" + "pologies\022\022.context.ContextId\032\025.context.T" + "opologyList\"\000\0227\n\013GetTopology\022\023.context.T" + "opologyId\032\021.context.Topology\"\000\022E\n\022GetTop" + "ologyDetails\022\023.context.TopologyId\032\030.cont" + "ext.TopologyDetails\"\000\0227\n\013SetTopology\022\021.c" + "ontext.Topology\032\023.context.TopologyId\"\000\0227" + "\n\016RemoveTopology\022\023.context.TopologyId\032\016." + "context.Empty\"\000\022?\n\021GetTopologyEvents\022\016.c" + "ontext.Empty\032\026.context.TopologyEvent\"\0000\001" + "\0228\n\rListDeviceIds\022\016.context.Empty\032\025.cont" + "ext.DeviceIdList\"\000\0224\n\013ListDevices\022\016.cont" + "ext.Empty\032\023.context.DeviceList\"\000\0221\n\tGetD" + "evice\022\021.context.DeviceId\032\017.context.Devic" + "e\"\000\0221\n\tSetDevice\022\017.context.Device\032\021.cont" + "ext.DeviceId\"\000\0223\n\014RemoveDevice\022\021.context" + ".DeviceId\032\016.context.Empty\"\000\022;\n\017GetDevice" + "Events\022\016.context.Empty\032\024.context.DeviceE" + "vent\"\0000\001\022<\n\014SelectDevice\022\025.context.Devic" + "eFilter\032\023.context.DeviceList\"\000\022I\n\021ListEn" + "dPointNames\022\027.context.EndPointIdList\032\031.c" + "ontext.EndPointNameList\"\000\0224\n\013ListLinkIds" + "\022\016.context.Empty\032\023.context.LinkIdList\"\000\022" + "0\n\tListLinks\022\016.context.Empty\032\021.context.L" + "inkList\"\000\022+\n\007GetLink\022\017.context.LinkId\032\r." + "context.Link\"\000\022+\n\007SetLink\022\r.context.Link" + "\032\017.context.LinkId\"\000\022/\n\nRemoveLink\022\017.cont" + "ext.LinkId\032\016.context.Empty\"\000\0227\n\rGetLinkE" + "vents\022\016.context.Empty\032\022.context.LinkEven" + "t\"\0000\001\022>\n\016ListServiceIds\022\022.context.Contex" + "tId\032\026.context.ServiceIdList\"\000\022:\n\014ListSer" + "vices\022\022.context.ContextId\032\024.context.Serv" + "iceList\"\000\0224\n\nGetService\022\022.context.Servic" + "eId\032\020.context.Service\"\000\0224\n\nSetService\022\020." + "context.Service\032\022.context.ServiceId\"\000\0226\n" + "\014UnsetService\022\020.context.Service\032\022.contex" + "t.ServiceId\"\000\0225\n\rRemoveService\022\022.context" + ".ServiceId\032\016.context.Empty\"\000\022=\n\020GetServi", "ceEvents\022\016.context.Empty\032\025.context.Servi" + "ceEvent\"\0000\001\022?\n\rSelectService\022\026.context.S" + "erviceFilter\032\024.context.ServiceList\"\000\022:\n\014" + "ListSliceIds\022\022.context.ContextId\032\024.conte" + "xt.SliceIdList\"\000\0226\n\nListSlices\022\022.context" + ".ContextId\032\022.context.SliceList\"\000\022.\n\010GetS" + "lice\022\020.context.SliceId\032\016.context.Slice\"\000" + "\022.\n\010SetSlice\022\016.context.Slice\032\020.context.S" + "liceId\"\000\0220\n\nUnsetSlice\022\016.context.Slice\032\020" + ".context.SliceId\"\000\0221\n\013RemoveSlice\022\020.cont" + "ext.SliceId\032\016.context.Empty\"\000\0229\n\016GetSlic" + "eEvents\022\016.context.Empty\032\023.context.SliceE" + "vent\"\0000\001\0229\n\013SelectSlice\022\024.context.SliceF" + "ilter\032\022.context.SliceList\"\000\022D\n\021ListConne" + "ctionIds\022\022.context.ServiceId\032\031.context.C" + "onnectionIdList\"\000\022@\n\017ListConnections\022\022.c" + "ontext.ServiceId\032\027.context.ConnectionLis" + "t\"\000\022=\n\rGetConnection\022\025.context.Connectio" + "nId\032\023.context.Connection\"\000\022=\n\rSetConnect" + "ion\022\023.context.Connection\032\025.context.Conne" + "ctionId\"\000\022;\n\020RemoveConnection\022\025.context." + "ConnectionId\032\016.context.Empty\"\000\022C\n\023GetCon" + "nectionEvents\022\016.context.Empty\032\030.context." + "ConnectionEvent\"\0000\001\0225\n\014GetAllEvents\022\016.co" + "ntext.Empty\032\021.context.AnyEvent\"\0000\001\022@\n\020Ge" + "tOpticalConfig\022\016.context.Empty\032\032.context" + ".OpticalConfigList\"\000\022F\n\020SetOpticalConfig" + "\022\026.context.OpticalConfig\032\030.context.Optic" + "alConfigId\"\000\022I\n\023UpdateOpticalConfig\022\026.co" + "ntext.OpticalConfig\032\030.context.OpticalCon" + "figId\"\000\022I\n\023SelectOpticalConfig\022\030.context" + ".OpticalConfigId\032\026.context.OpticalConfig" + "\"\000\022A\n\023DeleteOpticalConfig\022\030.context.Opti" + "calConfigId\032\016.context.Empty\"\000\022@\n\024DeleteO" + "pticalChannel\022\026.context.OpticalConfig\032\016." + "context.Empty\"\000\0228\n\016SetOpticalLink\022\024.cont" + "ext.OpticalLink\032\016.context.Empty\"\000\0229\n\016Get" + "OpticalLink\022\017.context.LinkId\032\024.context.O" + "pticalLink\"\000\0226\n\021DeleteOpticalLink\022\017.cont" + "ext.LinkId\032\016.context.Empty\"\000\022@\n\022GetOptic" + "alLinkList\022\016.context.Empty\032\030.context.Opt" + "icalLinkList\"\000\022<\n\016GetOpticalBand\022\016.conte" + "xt.Empty\032\030.context.OpticalBandList\"\000\022C\n\021" + "SelectOpticalBand\022\026.context.OpticalBandI" + "d\032\024.context.OpticalBand\"\000\022G\n\027DeleteServi" + "ceConfigRule\022\032.context.ServiceConfigRule" + "\032\016.context.Empty\"\000b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(descriptorData, new com.google.protobuf.Descriptors.FileDescriptor[] { com.google.protobuf.AnyProto.getDescriptor(), acl.Acl.getDescriptor(), ipowdm.Ipowdm.getDescriptor(), ip_link.IpLink.getDescriptor(), kpi_sample_types.KpiSampleTypes.getDescriptor(), tapi_lsp.TapiLsp.getDescriptor() }); internal_static_context_Empty_descriptor = getDescriptor().getMessageTypes().get(0); internal_static_context_Empty_fieldAccessorTable = new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(internal_static_context_Empty_descriptor, new java.lang.String[] {}); diff --git a/src/ztp/target/kubernetes/kubernetes.yml b/src/ztp/target/kubernetes/kubernetes.yml index 23494d5c7af6e83a7ef33136f2bdcd0ae950f2af..0e964529c188a382bf5c27d9fa732aac319b86a2 100644 --- a/src/ztp/target/kubernetes/kubernetes.yml +++ b/src/ztp/target/kubernetes/kubernetes.yml @@ -3,8 +3,8 @@ apiVersion: v1 kind: Service metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:09:20 +0000 + app.quarkus.io/commit-id: 59066ee916761c04f91078d8bc6060eaf07764d7 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:16:03 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -17,18 +17,18 @@ metadata: name: ztpservice spec: ports: - - name: https - port: 443 + - name: grpc + port: 5050 protocol: TCP - targetPort: 8443 + targetPort: 5050 - name: http port: 9192 protocol: TCP targetPort: 8080 - - name: grpc - port: 5050 + - name: https + port: 443 protocol: TCP - targetPort: 5050 + targetPort: 8443 selector: app.kubernetes.io/name: ztpservice type: ClusterIP @@ -37,8 +37,8 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:09:20 +0000 + app.quarkus.io/commit-id: 59066ee916761c04f91078d8bc6060eaf07764d7 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:16:03 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -57,8 +57,8 @@ spec: template: metadata: annotations: - app.quarkus.io/commit-id: 0539e363a3349889ebd7d3d7b0509744e2a4d0aa - app.quarkus.io/build-timestamp: 2025-10-28 - 10:09:20 +0000 + app.quarkus.io/commit-id: 59066ee916761c04f91078d8bc6060eaf07764d7 + app.quarkus.io/build-timestamp: 2025-11-11 - 19:16:03 +0000 prometheus.io/scrape: "true" prometheus.io/path: /q/metrics prometheus.io/port: "8080" @@ -93,14 +93,14 @@ spec: timeoutSeconds: 10 name: ztpservice ports: - - containerPort: 8443 - name: https + - containerPort: 5050 + name: grpc protocol: TCP - containerPort: 8080 name: http protocol: TCP - - containerPort: 5050 - name: grpc + - containerPort: 8443 + name: https protocol: TCP readinessProbe: failureThreshold: 3