Adding OpenConfig YANG models.
Change-Id: I0a2fdd5826e80933cf4b9ae939ff3051acec02aa
diff --git a/models/openconfig/src/main/yang/acl/openconfig-acl.yang b/models/openconfig/src/main/yang/acl/openconfig-acl.yang
new file mode 100644
index 0000000..aee9e80
--- /dev/null
+++ b/models/openconfig/src/main/yang/acl/openconfig-acl.yang
@@ -0,0 +1,830 @@
+module openconfig-acl {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/acl";
+
+ prefix "oc-acl";
+
+ import openconfig-packet-match { prefix oc-match; }
+ import openconfig-interfaces { prefix oc-if; }
+ import openconfig-yang-types { prefix oc-yang; }
+ import openconfig-extensions { prefix oc-ext; }
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state
+ data for network access control lists (i.e., filters, rules,
+ etc.). ACLs are organized into ACL sets, with each set
+ containing one or more ACL entries. ACL sets are identified
+ by a unique name, while each entry within a set is assigned
+ a sequence-id that determines the order in which the ACL
+ rules are applied to a packet.
+
+ Individual ACL rules specify match criteria based on fields in
+ the packet, along with an action that defines how matching
+ packets should be handled. Entries have a type that indicates
+ the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.";
+
+ oc-ext:openconfig-version "1.0.0";
+
+ revision "2017-05-26" {
+ description
+ "Separated ACL entries by type";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-01-22" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+
+ identity ACL_TYPE {
+ description
+ "Base identity for types of ACL sets";
+ }
+
+ identity ACL_IPV4 {
+ base ACL_TYPE;
+ description
+ "IP-layer ACLs with IPv4 addresses";
+ }
+
+ identity ACL_IPV6 {
+ base ACL_TYPE;
+ description
+ "IP-layer ACLs with IPv6 addresses";
+ }
+
+ identity ACL_L2 {
+ base ACL_TYPE;
+ description
+ "MAC-layer ACLs";
+ }
+
+ identity ACL_MIXED {
+ base ACL_TYPE;
+ description
+ "Mixed-mode ACL that specifies L2 and L3 protocol
+ fields. This ACL type is not implemented by many
+ routing/switching devices.";
+ }
+
+ // ACL action type
+
+ identity FORWARDING_ACTION {
+ description
+ "Base identity for actions in the forwarding category";
+ }
+
+ identity ACCEPT {
+ base FORWARDING_ACTION;
+ description
+ "Accept the packet";
+ }
+
+ identity DROP {
+ base FORWARDING_ACTION;
+ description
+ "Drop packet without sending any ICMP error message";
+ }
+
+ identity REJECT {
+ base FORWARDING_ACTION;
+ description
+ "Drop the packet and send an ICMP error message to the source";
+ }
+
+ identity LOG_ACTION {
+ description
+ "Base identity for defining the destination for logging
+ actions";
+ }
+
+ identity LOG_SYSLOG {
+ base LOG_ACTION;
+ description
+ "Log the packet in Syslog";
+ }
+
+ identity LOG_NONE {
+ base LOG_ACTION;
+ description
+ "No logging";
+ }
+
+ identity ACL_COUNTER_CAPABILITY {
+ description
+ "Base identity for system to indicate how it is able to report
+ counters";
+ }
+
+ identity INTERFACE_ONLY {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are available and reported only per interface";
+ }
+
+ identity AGGREGATE_ONLY {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are aggregated over all interfaces, and reported
+ only per ACL entry";
+ }
+
+ identity INTERFACE_AGGREGATE {
+ base ACL_COUNTER_CAPABILITY;
+ description
+ "ACL counters are reported per interface, and also aggregated
+ and reported per ACL entry.";
+ }
+
+ // grouping statements
+
+ // input interface
+ grouping input-interface-config {
+ description
+ "Config of interface";
+
+ }
+
+ grouping input-interface-state {
+ description
+ "State information of interface";
+ }
+
+ grouping input-interface-top {
+ description
+ "Input interface top level container";
+
+ container input-interface {
+ description
+ "Input interface container";
+
+ container config {
+ description
+ "Config data";
+ uses input-interface-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information";
+ uses input-interface-config;
+ uses input-interface-state;
+ }
+
+ uses oc-if:interface-ref;
+
+ }
+ }
+
+ // Action Type
+ grouping action-config {
+ description
+ "Config of action type";
+
+
+ leaf forwarding-action {
+ type identityref {
+ base FORWARDING_ACTION;
+ }
+ mandatory true;
+ description
+ "Specifies the forwarding action. One forwarding action
+ must be specified for each ACL entry";
+ }
+
+ leaf log-action {
+ type identityref {
+ base LOG_ACTION;
+ }
+ default LOG_NONE;
+ description
+ "Specifies the log action and destination for
+ matched packets. The default is not to log the
+ packet.";
+ }
+
+
+ }
+
+ grouping action-state {
+ description
+ "State information of action type";
+
+ }
+
+ grouping action-top {
+ description
+ "ACL action type top level container";
+
+ container actions {
+ description
+ "Enclosing container for list of ACL actions associated
+ with an entry";
+
+ container config {
+ description
+ "Config data for ACL actions";
+ uses action-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for ACL actions";
+ uses action-config;
+ uses action-state;
+ }
+ }
+ }
+
+ grouping acl-counters-state {
+ description
+ "Common grouping for ACL counters";
+
+ leaf matched-packets {
+ type oc-yang:counter64;
+ description
+ "Count of the number of packets matching the current ACL
+ entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able implement
+ the required aggregation if such a count is needed.";
+ }
+
+ leaf matched-octets {
+ type oc-yang:counter64;
+ description
+ "Count of the number of octets (bytes) matching the current
+ ACL entry.
+
+ An implementation should provide this counter on a
+ per-interface per-ACL-entry if possible.
+
+ If an implementation only supports ACL counters per entry
+ (i.e., not broken out per interface), then the value
+ should be equal to the aggregate count across all interfaces.
+
+ An implementation that provides counters per entry per
+ interface is not required to also provide an aggregate count,
+ e.g., per entry -- the user is expected to be able implement
+ the required aggregation if such a count is needed.";
+ }
+
+ }
+
+ // Access List Entries
+ grouping access-list-entries-config {
+ description
+ "Access List Entries (ACE) config.";
+
+ leaf sequence-id {
+ type uint32;
+ description
+ "The sequence id determines the order in which ACL entries
+ are applied. The sequence id must be unique for each entry
+ in an ACL set. Target devices should apply the ACL entry
+ rules in the order determined by sequence id, rather than
+ the relying only on order in the list.";
+ }
+
+ leaf description {
+ type string;
+ description
+ "A user-defined description, or comment, for this Access List
+ Entry.";
+ }
+
+ }
+
+ grouping access-list-entries-state {
+ description
+ "Access List Entries state.";
+
+ uses acl-counters-state;
+
+ }
+
+ grouping access-list-entries-top {
+ description
+ "Access list entries to level container";
+
+ container acl-entries {
+ description
+ "Access list entries container";
+
+ list acl-entry {
+ key "sequence-id";
+ description
+ "List of ACL entries comprising an ACL set";
+
+ leaf sequence-id {
+ type leafref {
+ path "../config/sequence-id";
+ }
+ description
+ "references the list key";
+ }
+
+ container config {
+ description
+ "Access list entries config";
+ uses access-list-entries-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for ACL entries";
+ uses access-list-entries-config;
+ uses access-list-entries-state;
+ }
+
+ uses oc-match:ethernet-header-top {
+ when "../../config/type='ACL_L2'" {
+ description
+ "MAC-layer fields are valid when the ACL type is L2";
+ }
+ }
+ uses oc-match:ipv4-protocol-fields-top {
+ when "../../config/type='ACL_IPV4'" {
+ description
+ "IPv4-layer fields are valid when the ACL type is
+ IPv4";
+ }
+ }
+ uses oc-match:ipv6-protocol-fields-top {
+ when "../../config/type='ACL_IPV6'" {
+ description
+ "IPv6-layer fields are valid when the ACL type is
+ IPv6";
+ }
+ }
+ uses oc-match:transport-fields-top {
+ when "../../config/type='ACL_IPV6' or " +
+ "../../config/type='ACL_IPV4'" {
+ description
+ "Transport-layer fields are valid when specifying
+ L3 ACL types";
+ }
+ }
+ uses input-interface-top;
+
+ uses action-top;
+ }
+ }
+ }
+
+ grouping acl-set-config {
+ description
+ "Access Control List config";
+
+ leaf name {
+ type string;
+ description
+ "The name of the access-list set";
+ }
+
+ leaf type {
+ type identityref {
+ base ACL_TYPE;
+ }
+ description
+ "The type determines the fields allowed in the ACL entries
+ belonging to the ACL set (e.g., IPv4, IPv6, etc.)";
+ }
+
+ leaf description {
+ type string;
+ description
+ "Description, or comment, for the ACL set";
+ }
+
+ }
+
+ grouping acl-set-state {
+ description
+ "Access Control List state";
+ }
+
+ grouping acl-set-top {
+ description
+ "Access list entries variables top level container";
+
+ container acl-sets {
+ description
+ "Access list entries variables enclosing container";
+
+ list acl-set {
+ key "name type";
+ description
+ "List of ACL sets, each comprising of a list of ACL
+ entries";
+
+ leaf name {
+ type leafref {
+ path "../config/name";
+ }
+ description
+ "Reference to the name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to the type list key";
+ }
+
+ container config {
+ description
+ "Access list config";
+ uses acl-set-config;
+ }
+
+ container state {
+ config false;
+ description
+ "Access list state information";
+ uses acl-set-config;
+ uses acl-set-state;
+ }
+ uses access-list-entries-top;
+ }
+ }
+ }
+
+ grouping interface-acl-entries-config {
+ description
+ "Configuration data for per-interface ACLs";
+
+ }
+
+ grouping interface-acl-entries-state {
+ description
+ "Operational state data for per-interface ACL entries";
+
+ leaf sequence-id {
+ type leafref {
+ path "/acl/acl-sets/" +
+ "acl-set[name=current()/../../../../set-name]" +
+ "[type=current()/../../../../type]/" +
+ "acl-entries/acl-entry/sequence-id";
+ }
+ description
+ "Reference to an entry in the ACL set applied to an
+ interface";
+ }
+
+ uses acl-counters-state;
+
+ }
+
+ grouping interface-acl-entries-top {
+ description
+ "Top-level grouping for per-interface ACL entries";
+
+ container acl-entries {
+ config false;
+ description
+ "Enclosing container for list of references to ACLs";
+
+ list acl-entry {
+ key "sequence-id";
+ description
+ "List of ACL entries assigned to an interface";
+
+ leaf sequence-id {
+ type leafref {
+ path "../state/sequence-id";
+ }
+ description
+ "Reference to per-interface acl entry key";
+ }
+
+ // no config container since the enclosing container is
+ // read-only
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for per-interface ACL entries";
+
+ uses interface-acl-entries-config;
+ uses interface-acl-entries-state;
+ }
+ }
+ }
+ }
+
+ grouping interface-ingress-acl-config {
+ description
+ "Configuration data for per-interface ingress ACLs";
+
+ leaf set-name {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set/config/name";
+ }
+ description
+ "Reference to the ACL set name applied on ingress";
+ }
+
+ leaf type {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" +
+ "/config/type";
+ }
+ description
+ "Reference to the ACL set type applied on ingress";
+ }
+ }
+
+ grouping interface-ingress-acl-state {
+ description
+ "Operational state data for the per-interface ingress ACL";
+ }
+
+ grouping interface-ingress-acl-top {
+ description
+ "Top-level grouping for per-interface ingress ACL data";
+
+ container ingress-acl-sets {
+ description
+ "Enclosing container the list of ingress ACLs on the
+ interface";
+
+ list ingress-acl-set {
+ key "set-name type";
+ description
+ "List of ingress ACLs on the interface";
+
+ leaf set-name {
+ type leafref {
+ path "../config/set-name";
+ }
+ description
+ "Reference to set name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to type list key";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses interface-ingress-acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for interface ingress ACLs";
+
+ uses interface-ingress-acl-config;
+ uses interface-ingress-acl-state;
+ }
+
+ uses interface-acl-entries-top;
+ }
+ }
+ }
+
+ grouping interface-egress-acl-config {
+ description
+ "Configuration data for per-interface egress ACLs";
+
+ leaf set-name {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set/config/name";
+ }
+ description
+ "Reference to the ACL set name applied on egress";
+ }
+
+ leaf type {
+ type leafref {
+ path "../../../../../../acl-sets/acl-set[name=current()/../set-name]" +
+ "/config/type";
+ }
+ description
+ "Reference to the ACL set type applied on egress.";
+ }
+ }
+
+ grouping interface-egress-acl-state {
+ description
+ "Operational state data for the per-interface egress ACL";
+ }
+
+ grouping interface-egress-acl-top {
+ description
+ "Top-level grouping for per-interface egress ACL data";
+
+ container egress-acl-sets {
+ description
+ "Enclosing container the list of egress ACLs on the
+ interface";
+
+ list egress-acl-set {
+ key "set-name type";
+ description
+ "List of egress ACLs on the interface";
+
+ leaf set-name {
+ type leafref {
+ path "../config/set-name";
+ }
+ description
+ "Reference to set name list key";
+ }
+
+ leaf type {
+ type leafref {
+ path "../config/type";
+ }
+ description
+ "Reference to type list key";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses interface-egress-acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for interface egress ACLs";
+
+ uses interface-egress-acl-config;
+ uses interface-egress-acl-state;
+ }
+
+ uses interface-acl-entries-top;
+ }
+ }
+ }
+
+ grouping acl-interfaces-config {
+ description
+ "Configuration data for interface references";
+
+ leaf id {
+ type oc-if:interface-id;
+ description
+ "User-defined identifier for the interface -- a common
+ convention could be '<if name>.<subif index>'";
+ }
+ }
+
+ grouping acl-interfaces-state {
+ description
+ "Operational state data for interface references";
+ }
+
+ grouping acl-interfaces-top {
+ description
+ "Top-level grouping for interface-specific ACL data";
+
+ container interfaces {
+ description
+ "Enclosing container for the list of interfaces on which
+ ACLs are set";
+
+ list interface {
+ key "id";
+ description
+ "List of interfaces on which ACLs are set";
+
+ leaf id {
+ type leafref {
+ path "../config/id";
+ }
+ description
+ "Reference to the interface id list key";
+ }
+
+ container config {
+ description
+ "Configuration for ACL per-interface data";
+
+ uses acl-interfaces-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state for ACL per-interface data";
+
+ uses acl-interfaces-config;
+ uses acl-interfaces-state;
+ }
+
+ uses oc-if:interface-ref;
+ uses interface-ingress-acl-top;
+ uses interface-egress-acl-top;
+ }
+ }
+ }
+
+ grouping acl-config {
+ description
+ "Global configuration data for ACLs";
+ }
+
+ grouping acl-state {
+ description
+ "Global operational state data for ACLs";
+
+ leaf counter-capability {
+ type identityref {
+ base ACL_COUNTER_CAPABILITY;
+ }
+ description
+ "System reported indication of how ACL counters are reported
+ by the target";
+ }
+ }
+ grouping acl-top {
+ description
+ "Top level grouping for ACL data and structure";
+
+ container acl {
+ description
+ "Top level enclosing container for ACL model config
+ and operational state data";
+
+ container config {
+ description
+ "Global config data for ACLs";
+
+ uses acl-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Global operational state data for ACLs";
+
+ uses acl-config;
+ uses acl-state;
+ }
+
+ uses acl-set-top;
+ uses acl-interfaces-top;
+ }
+ }
+
+ // data definition statements
+ uses acl-top;
+
+ // augment statements
+
+
+}
diff --git a/models/openconfig/src/main/yang/acl/openconfig-packet-match-types.yang b/models/openconfig/src/main/yang/acl/openconfig-packet-match-types.yang
new file mode 100644
index 0000000..7c99b80
--- /dev/null
+++ b/models/openconfig/src/main/yang/acl/openconfig-packet-match-types.yang
@@ -0,0 +1,293 @@
+module openconfig-packet-match-types {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/packet-match-types";
+
+ prefix "oc-pkt-match-types";
+
+ // import some basic types
+ import openconfig-inet-types { prefix oc-inet; }
+ import openconfig-extensions { prefix oc-ext; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines common types for use in models requiring
+ data definitions related to packet matches.";
+
+ oc-ext:openconfig-version "1.0.0";
+
+ revision "2017-05-26" {
+ description
+ "Separated IP matches into AFs";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-04-27" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+
+ //TODO: should replace this with an official IEEE module
+ // when available. Only a select number of types are
+ // defined in this identity.
+ identity ETHERTYPE {
+ description
+ "Base identity for commonly used Ethertype values used
+ in packet header matches on Ethernet frames. The Ethertype
+ indicates which protocol is encapsulated in the Ethernet
+ payload.";
+ reference
+ "IEEE 802.3";
+ }
+
+ identity ETHERTYPE_IPV4 {
+ base ETHERTYPE;
+ description
+ "IPv4 protocol (0x0800)";
+ }
+
+ identity ETHERTYPE_ARP {
+ base ETHERTYPE;
+ description
+ "Address resolution protocol (0x0806)";
+ }
+
+ identity ETHERTYPE_VLAN {
+ base ETHERTYPE;
+ description
+ "VLAN-tagged frame (as defined by IEEE 802.1q) (0x8100). Note
+ that this value is also used to represent Shortest Path
+ Bridging (IEEE 801.1aq) frames.";
+ }
+
+ identity ETHERTYPE_IPV6 {
+ base ETHERTYPE;
+ description
+ "IPv6 protocol (0x86DD)";
+ }
+
+ identity ETHERTYPE_MPLS {
+ base ETHERTYPE;
+ description
+ "MPLS unicast (0x8847)";
+ }
+
+ identity ETHERTYPE_LLDP {
+ base ETHERTYPE;
+ description
+ "Link Layer Discovery Protocol (0x88CC)";
+ }
+
+ identity ETHERTYPE_ROCE {
+ base ETHERTYPE;
+ description
+ "RDMA over Converged Ethernet (0x8915)";
+ }
+
+
+ //TODO: should replace this with an official IANA module when
+ //available. Only a select set of protocols are defined with
+ //this identity.
+ identity IP_PROTOCOL {
+ description
+ "Base identity for commonly used IP protocols used in
+ packet header matches";
+ reference
+ "IANA Assigned Internet Protocol Numbers";
+ }
+
+ identity IP_TCP {
+ base IP_PROTOCOL;
+ description
+ "Transmission Control Protocol (6)";
+ }
+
+ identity IP_UDP {
+ base IP_PROTOCOL;
+ description
+ "User Datagram Protocol (17)";
+ }
+
+ identity IP_ICMP {
+ base IP_PROTOCOL;
+ description
+ "Internet Control Message Protocol (1)";
+ }
+
+ identity IP_IGMP {
+ base IP_PROTOCOL;
+ description
+ "Internet Group Membership Protocol (2)";
+ }
+
+ identity IP_PIM {
+ base IP_PROTOCOL;
+ description
+ "Protocol Independent Multicast (103)";
+ }
+
+ identity IP_RSVP {
+ base IP_PROTOCOL;
+ description
+ "Resource Reservation Protocol (46)";
+ }
+
+ identity IP_GRE {
+ base IP_PROTOCOL;
+ description
+ "Generic Routing Encapsulation (47)";
+ }
+
+ identity IP_AUTH {
+ base IP_PROTOCOL;
+ description
+ "Authentication header, e.g., for IPSEC (51)";
+ }
+
+ identity IP_L2TP {
+ base IP_PROTOCOL;
+ description
+ "Layer Two Tunneling Protocol v.3 (115)";
+ }
+
+
+
+ identity TCP_FLAGS {
+ description
+ "Common TCP flags used in packet header matches";
+ reference
+ "IETF RFC 793 - Transmission Control Protocol
+ IETF RFC 3168 - The Addition of Explicit Congestion
+ Notification (ECN) to IP";
+ }
+
+ identity TCP_SYN {
+ base TCP_FLAGS;
+ description
+ "TCP SYN flag";
+ }
+
+ identity TCP_FIN {
+ base TCP_FLAGS;
+ description
+ "TCP FIN flag";
+ }
+
+ identity TCP_RST {
+ base TCP_FLAGS;
+ description
+ "TCP RST flag";
+ }
+
+ identity TCP_PSH {
+ base TCP_FLAGS;
+ description
+ "TCP push flag";
+ }
+
+ identity TCP_ACK {
+ base TCP_FLAGS;
+ description
+ "TCP ACK flag";
+ }
+
+ identity TCP_URG {
+ base TCP_FLAGS;
+ description
+ "TCP urgent flag";
+ }
+
+ identity TCP_ECE {
+ base TCP_FLAGS;
+ description
+ "TCP ECN-Echo flag. If the SYN flag is set, indicates that
+ the TCP peer is ECN-capable, otherwise indicates that a
+ packet with Congestion Experienced flag in the IP header
+ is set";
+ }
+
+ identity TCP_CWR {
+ base TCP_FLAGS;
+ description
+ "TCP Congestion Window Reduced flag";
+ }
+
+ // typedef statements
+
+ typedef port-num-range {
+ type union {
+ type string {
+ pattern '^(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?[0-9]?' +
+ '[0-9]?)\.\.(6[0-5][0-5][0-3][0-5]|[0-5]?[0-9]?[0-9]?' +
+ '[0-9]?[0-9]?)$';
+ }
+ type oc-inet:port-number;
+ type enumeration {
+ enum ANY {
+ description
+ "Indicates any valid port number (e.g., wildcard)";
+ }
+ }
+ }
+ description
+ "Port numbers may be represented as a single value,
+ an inclusive range as <lower>..<higher>, or as ANY to
+ indicate a wildcard.";
+ }
+
+ typedef ip-protocol-type {
+ type union {
+ type uint8 {
+ range 0..254;
+ }
+ type identityref {
+ base IP_PROTOCOL;
+ }
+ }
+ description
+ "The IP protocol number may be expressed as a valid protocol
+ number (integer) or using a protocol type defined by the
+ IP_PROTOCOL identity";
+ }
+
+ typedef ethertype-type {
+ type union {
+ type uint16 {
+ //Note range can only be expressed in decimal
+ //but value is expected in hex notation.
+ range 1..65535;
+ }
+ type identityref {
+ base ETHERTYPE;
+ }
+ }
+ description
+ "The Ethertype value may be expressed as a 16-bit number in
+ hexadecimal notation, or using a type defined by the
+ ETHERTYPE identity";
+ }
+
+}
\ No newline at end of file
diff --git a/models/openconfig/src/main/yang/acl/openconfig-packet-match.yang b/models/openconfig/src/main/yang/acl/openconfig-packet-match.yang
new file mode 100644
index 0000000..446df36
--- /dev/null
+++ b/models/openconfig/src/main/yang/acl/openconfig-packet-match.yang
@@ -0,0 +1,314 @@
+module openconfig-packet-match {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/header-fields";
+
+ prefix "oc-pkt-match";
+
+ // import some basic types
+ import openconfig-inet-types { prefix oc-inet; }
+ import openconfig-yang-types { prefix oc-yang; }
+ import openconfig-packet-match-types { prefix oc-pkt-match-types; }
+ import openconfig-extensions { prefix oc-ext; }
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines data related to packet header fields
+ used in matching operations, for example in ACLs. When a
+ field is omitted from a match expression, the effect is a
+ wildcard ('any') for that field.";
+
+ oc-ext:openconfig-version "1.0.0";
+
+ revision "2017-05-26" {
+ description
+ "Separated IP matches into AFs";
+ reference "1.0.0";
+ }
+
+ revision "2016-08-08" {
+ description
+ "OpenConfig public release";
+ reference "0.2.0";
+ }
+
+ revision "2016-04-27" {
+ description
+ "Initial revision";
+ reference "TBD";
+ }
+
+
+ // Physical Layer fields
+ // ethernet-header
+ grouping ethernet-header-config {
+ description
+ "Configuration data of fields in Ethernet header.";
+
+ leaf source-mac {
+ type oc-yang:mac-address;
+ description
+ "Source IEEE 802 MAC address.";
+ }
+
+ leaf source-mac-mask {
+ type oc-yang:mac-address;
+ description
+ "Source IEEE 802 MAC address mask.";
+ }
+
+ leaf destination-mac {
+ type oc-yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address.";
+ }
+
+ leaf destination-mac-mask {
+ type oc-yang:mac-address;
+ description
+ "Destination IEEE 802 MAC address mask.";
+ }
+
+ leaf ethertype {
+ type oc-pkt-match-types:ethertype-type;
+ description
+ "Ethertype field to match in Ethernet packets";
+ }
+ }
+
+ grouping ethernet-header-state {
+ description
+ "State information of fields in Ethernet header.";
+ }
+
+ grouping ethernet-header-top {
+ description
+ "Top level container for fields in Ethernet header.";
+
+ container l2 {
+ description
+ "Ethernet header fields";
+
+ container config {
+ description
+ "Configuration data";
+ uses ethernet-header-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State Information.";
+ uses ethernet-header-config;
+ uses ethernet-header-state;
+ }
+ }
+ }
+
+ grouping ip-protocol-fields-common-config {
+ description
+ "IP protocol fields common to IPv4 and IPv6";
+
+ leaf dscp {
+ type oc-inet:dscp;
+ description
+ "Value of diffserv codepoint.";
+ }
+
+ leaf protocol {
+ type oc-pkt-match-types:ip-protocol-type;
+ description
+ "The protocol carried in the IP packet, expressed either
+ as its IP protocol number, or by a defined identity.";
+ }
+
+ leaf hop-limit {
+ type uint8 {
+ range 0..255;
+ }
+ description
+ "The IP packet's hop limit -- known as TTL (in hops) in
+ IPv4 packets, and hop limit in IPv6";
+ }
+ }
+
+ // IP Layer
+ // ip-protocol-fields
+ grouping ipv4-protocol-fields-config {
+ description
+ "Configuration data of IP protocol fields
+ for IPv4";
+
+ leaf source-address {
+ type oc-inet:ipv4-prefix;
+ description
+ "Source IPv4 address prefix.";
+ }
+
+ leaf destination-address {
+ type oc-inet:ipv4-prefix;
+ description
+ "Destination IPv4 address prefix.";
+ }
+
+ uses ip-protocol-fields-common-config;
+
+ }
+
+ grouping ipv4-protocol-fields-state {
+ description
+ "State information of IP header fields for IPv4";
+ }
+
+ grouping ipv4-protocol-fields-top {
+ description
+ "IP header fields for IPv4";
+
+ container ipv4 {
+ description
+ "Top level container for IPv4 match field data";
+
+ container config {
+ description
+ "Configuration data for IPv4 match fields";
+ uses ipv4-protocol-fields-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State information for IPv4 match fields";
+ uses ipv4-protocol-fields-config;
+ uses ipv4-protocol-fields-state;
+ }
+ }
+ }
+
+ grouping ipv6-protocol-fields-config {
+ description
+ "Configuration data for IPv6 match fields";
+
+ leaf source-address {
+ type oc-inet:ipv6-prefix;
+ description
+ "Source IPv6 address prefix.";
+ }
+
+ leaf source-flow-label {
+ type oc-inet:ipv6-flow-label;
+ description
+ "Source IPv6 Flow label.";
+ }
+
+ leaf destination-address {
+ type oc-inet:ipv6-prefix;
+ description
+ "Destination IPv6 address prefix.";
+ }
+
+ leaf destination-flow-label {
+ type oc-inet:ipv6-flow-label;
+ description
+ "Destination IPv6 Flow label.";
+ }
+
+ uses ip-protocol-fields-common-config;
+ }
+
+ grouping ipv6-protocol-fields-state {
+ description
+ "Operational state data for IPv6 match fields";
+ }
+
+ grouping ipv6-protocol-fields-top {
+ description
+ "Top-level grouping for IPv6 match fields";
+
+ container ipv6 {
+ description
+ "Top-level container for IPv6 match field data";
+
+ container config {
+ description
+ "Configuration data for IPv6 match fields";
+
+ uses ipv6-protocol-fields-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for IPv6 match fields";
+
+ uses ipv6-protocol-fields-config;
+ uses ipv6-protocol-fields-state;
+ }
+ }
+ }
+
+ // Transport fields
+ grouping transport-fields-config {
+ description
+ "Configuration data of transport-layer packet fields";
+
+ leaf source-port {
+ type oc-pkt-match-types:port-num-range;
+ description
+ "Source port or range";
+ }
+
+ leaf destination-port {
+ type oc-pkt-match-types:port-num-range;
+ description
+ "Destination port or range";
+ }
+
+ leaf-list tcp-flags {
+ type identityref {
+ base oc-pkt-match-types:TCP_FLAGS;
+ }
+ description
+ "List of TCP flags to match";
+ }
+ }
+
+ grouping transport-fields-state {
+ description
+ "State data of transport-fields";
+ }
+
+ grouping transport-fields-top {
+ description
+ "Destination transport-fields top level grouping";
+
+ container transport {
+ description
+ "Transport fields container";
+
+ container config {
+ description
+ "Configuration data";
+ uses transport-fields-config;
+ }
+
+ container state {
+ config false;
+ description
+ "State data";
+ uses transport-fields-config;
+ uses transport-fields-state;
+ }
+ }
+ }
+
+}