| module ietf-packet-fields { |
| yang-version 1.1; |
| namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; |
| prefix packet-fields; |
| |
| import ietf-inet-types { |
| prefix inet; |
| reference |
| "RFC 6991 - Common YANG Data Types."; |
| } |
| |
| import ietf-yang-types { |
| prefix yang; |
| reference |
| "RFC 6991 - Common YANG Data Types."; |
| } |
| |
| import ietf-ethertypes { |
| prefix eth; |
| reference |
| "RFC 8519 - YANG Data Model for Network Access Control |
| Lists (ACLs)."; |
| } |
| |
| organization |
| "IETF NETMOD (Network Modeling) Working Group."; |
| |
| contact |
| "WG Web: <https://datatracker.ietf.org/wg/netmod/> |
| WG List: netmod@ietf.org |
| |
| Editor: Mahesh Jethanandani |
| mjethanandani@gmail.com |
| Editor: Lisa Huang |
| huangyi_99@yahoo.com |
| Editor: Sonal Agarwal |
| sagarwal12@gmail.com |
| Editor: Dana Blair |
| dana@blairhome.com"; |
| |
| description |
| "This YANG module defines groupings that are used by |
| the ietf-access-control-list YANG module. Their usage |
| is not limited to ietf-access-control-list and can be |
| used anywhere as applicable. |
| |
| Copyright (c) 2019 IETF Trust and the persons identified as |
| the document authors. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with or |
| without modification, is permitted pursuant to, and subject |
| to the license terms contained in, the Simplified BSD |
| License set forth in Section 4.c of the IETF Trust's Legal |
| Provisions Relating to IETF Documents |
| (http://trustee.ietf.org/license-info). |
| |
| This version of this YANG module is part of RFC 8519; see |
| the RFC itself for full legal notices."; |
| |
| revision 2019-03-04 { |
| description |
| "Initial version."; |
| reference |
| "RFC 8519: YANG Data Model for Network Access Control |
| Lists (ACLs)."; |
| } |
| |
| /* |
| * Typedefs |
| */ |
| typedef operator { |
| type enumeration { |
| enum lte { |
| description |
| "Less than or equal to."; |
| } |
| enum gte { |
| description |
| "Greater than or equal to."; |
| } |
| enum eq { |
| description |
| "Equal to."; |
| } |
| enum neq { |
| description |
| "Not equal to."; |
| } |
| } |
| description |
| "The source and destination port range definitions |
| can be further qualified using an operator. An |
| operator is needed only if the lower-port is specified |
| and the upper-port is not specified. The operator |
| therefore further qualifies the lower-port only."; |
| } |
| |
| /* |
| * Groupings |
| */ |
| grouping port-range-or-operator { |
| choice port-range-or-operator { |
| case range { |
| leaf lower-port { |
| type inet:port-number; |
| must '. <= ../upper-port' { |
| error-message |
| "The lower-port must be less than or equal to |
| the upper-port."; |
| } |
| mandatory true; |
| description |
| "Lower boundary for a port."; |
| } |
| leaf upper-port { |
| type inet:port-number; |
| mandatory true; |
| description |
| "Upper boundary for a port."; |
| } |
| } |
| case operator { |
| leaf operator { |
| type operator; |
| default "eq"; |
| description |
| "Operator to be applied on the port below."; |
| } |
| leaf port { |
| type inet:port-number; |
| mandatory true; |
| description |
| "Port number along with the operator on which to |
| match."; |
| } |
| } |
| description |
| "Choice of specifying a port range or a single |
| port along with an operator."; |
| } |
| description |
| "Grouping for port definitions in the form of a |
| choice statement."; |
| } |
| |
| grouping acl-ip-header-fields { |
| description |
| "IP header fields common to IPv4 and IPv6"; |
| reference |
| "RFC 791: Internet Protocol."; |
| |
| leaf dscp { |
| type inet:dscp; |
| description |
| "Differentiated Services Code Point."; |
| reference |
| "RFC 2474: Definition of the Differentiated Services |
| Field (DS Field) in the IPv4 and IPv6 |
| Headers."; |
| } |
| |
| leaf ecn { |
| type uint8 { |
| range "0..3"; |
| } |
| description |
| "Explicit Congestion Notification."; |
| reference |
| "RFC 3168: The Addition of Explicit Congestion |
| Notification (ECN) to IP."; |
| } |
| |
| leaf length { |
| type uint16; |
| description |
| "In the IPv4 header field, this field is known as the Total |
| Length. Total Length is the length of the datagram, measured |
| in octets, including internet header and data. |
| |
| In the IPv6 header field, this field is known as the Payload |
| Length, which is the length of the IPv6 payload, i.e., the rest |
| of the packet following the IPv6 header, in octets."; |
| reference |
| "RFC 791: Internet Protocol |
| RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; |
| } |
| leaf ttl { |
| type uint8; |
| description |
| "This field indicates the maximum time the datagram is allowed |
| to remain in the internet system. If this field contains the |
| value zero, then the datagram must be dropped. |
| |
| In IPv6, this field is known as the Hop Limit."; |
| reference |
| "RFC 791: Internet Protocol |
| RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; |
| } |
| leaf protocol { |
| type uint8; |
| description |
| "Internet Protocol number. Refers to the protocol of the |
| payload. In IPv6, this field is known as 'next-header', |
| and if extension headers are present, the protocol is |
| present in the 'upper-layer' header."; |
| reference |
| "RFC 791: Internet Protocol |
| RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; |
| } |
| } |
| |
| grouping acl-ipv4-header-fields { |
| description |
| "Fields in the IPv4 header."; |
| leaf ihl { |
| type uint8 { |
| range "5..60"; |
| } |
| description |
| "In an IPv4 header field, the Internet Header Length (IHL) is |
| the length of the internet header in 32-bit words and |
| thus points to the beginning of the data. Note that the |
| minimum value for a correct header is 5."; |
| } |
| leaf flags { |
| type bits { |
| bit reserved { |
| position 0; |
| description |
| "Reserved. Must be zero."; |
| } |
| bit fragment { |
| position 1; |
| description |
| "Setting the value to 0 indicates may fragment, while |
| setting the value to 1 indicates do not fragment."; |
| } |
| bit more { |
| position 2; |
| description |
| "Setting the value to 0 indicates this is the last fragment, |
| and setting the value to 1 indicates more fragments are |
| coming."; |
| } |
| } |
| description |
| "Bit definitions for the Flags field in the IPv4 header."; |
| } |
| leaf offset { |
| type uint16 { |
| range "20..65535"; |
| } |
| description |
| "The fragment offset is measured in units of 8 octets (64 bits). |
| The first fragment has offset zero. The length is 13 bits"; |
| } |
| leaf identification { |
| type uint16; |
| description |
| "An identifying value assigned by the sender to aid in |
| assembling the fragments of a datagram."; |
| } |
| |
| choice destination-network { |
| case destination-ipv4-network { |
| leaf destination-ipv4-network { |
| type inet:ipv4-prefix; |
| description |
| "Destination IPv4 address prefix."; |
| } |
| } |
| description |
| "Choice of specifying a destination IPv4 address or |
| referring to a group of IPv4 destination addresses."; |
| } |
| |
| choice source-network { |
| case source-ipv4-network { |
| leaf source-ipv4-network { |
| type inet:ipv4-prefix; |
| description |
| "Source IPv4 address prefix."; |
| } |
| } |
| description |
| "Choice of specifying a source IPv4 address or |
| referring to a group of IPv4 source addresses."; |
| } |
| } |
| |
| grouping acl-ipv6-header-fields { |
| description |
| "Fields in the IPv6 header."; |
| |
| choice destination-network { |
| case destination-ipv6-network { |
| leaf destination-ipv6-network { |
| type inet:ipv6-prefix; |
| description |
| "Destination IPv6 address prefix."; |
| } |
| } |
| description |
| "Choice of specifying a destination IPv6 address |
| or referring to a group of IPv6 destination |
| addresses."; |
| } |
| |
| choice source-network { |
| case source-ipv6-network { |
| leaf source-ipv6-network { |
| type inet:ipv6-prefix; |
| description |
| "Source IPv6 address prefix."; |
| } |
| } |
| description |
| "Choice of specifying a source IPv6 address or |
| referring to a group of IPv6 source addresses."; |
| } |
| |
| leaf flow-label { |
| type inet:ipv6-flow-label; |
| description |
| "IPv6 Flow label."; |
| } |
| reference |
| "RFC 4291: IP Version 6 Addressing Architecture |
| RFC 4007: IPv6 Scoped Address Architecture |
| RFC 5952: A Recommendation for IPv6 Address Text |
| Representation."; |
| } |
| |
| grouping acl-eth-header-fields { |
| description |
| "Fields in the Ethernet header."; |
| leaf destination-mac-address { |
| type yang:mac-address; |
| description |
| "Destination IEEE 802 Media Access Control (MAC) |
| address."; |
| } |
| leaf destination-mac-address-mask { |
| type yang:mac-address; |
| description |
| "Destination IEEE 802 MAC address mask."; |
| } |
| leaf source-mac-address { |
| type yang:mac-address; |
| description |
| "Source IEEE 802 MAC address."; |
| } |
| leaf source-mac-address-mask { |
| type yang:mac-address; |
| description |
| "Source IEEE 802 MAC address mask."; |
| } |
| leaf ethertype { |
| type eth:ethertype; |
| description |
| "The Ethernet Type (or Length) value represented |
| in the canonical order defined by IEEE 802. |
| The canonical representation uses lowercase |
| characters."; |
| reference |
| "IEEE 802-2014, Clause 9.2."; |
| } |
| reference |
| "IEEE 802: IEEE Standard for Local and Metropolitan |
| Area Networks: Overview and Architecture."; |
| } |
| |
| grouping acl-tcp-header-fields { |
| description |
| "Collection of TCP header fields that can be used to |
| set up a match filter."; |
| leaf sequence-number { |
| type uint32; |
| description |
| "Sequence number that appears in the packet."; |
| } |
| leaf acknowledgement-number { |
| type uint32; |
| description |
| "The acknowledgement number that appears in the |
| packet."; |
| } |
| leaf data-offset { |
| type uint8 { |
| range "5..15"; |
| } |
| description |
| "Specifies the size of the TCP header in 32-bit |
| words. The minimum size header is 5 words and |
| the maximum is 15 words; thus, this gives a |
| minimum size of 20 bytes and a maximum of 60 |
| bytes, allowing for up to 40 bytes of options |
| in the header."; |
| } |
| leaf reserved { |
| type uint8; |
| description |
| "Reserved for future use."; |
| } |
| leaf flags { |
| type bits { |
| bit cwr { |
| position 1; |
| description |
| "The Congestion Window Reduced (CWR) flag is set |
| by the sending host to indicate that it received |
| a TCP segment with the ECN-Echo (ECE) flag set |
| and had responded in the congestion control |
| mechanism."; |
| reference |
| "RFC 3168: The Addition of Explicit Congestion |
| Notification (ECN) to IP."; |
| } |
| bit ece { |
| position 2; |
| description |
| "ECN-Echo has a dual role, depending on the value |
| of the SYN flag. It indicates the following: if |
| the SYN flag is set (1), the TCP peer is ECN |
| capable, and if the SYN flag is clear (0), a packet |
| with the Congestion Experienced flag set (ECN=11) |
| in the IP header was received during normal |
| transmission (added to the header by RFC 3168). |
| This serves as an indication of network congestion |
| (or impending congestion) to the TCP sender."; |
| reference |
| "RFC 3168: The Addition of Explicit Congestion |
| Notification (ECN) to IP."; |
| } |
| bit urg { |
| position 3; |
| description |
| "Indicates that the Urgent Pointer field is significant."; |
| } |
| bit ack { |
| position 4; |
| description |
| "Indicates that the Acknowledgement field is significant. |
| All packets after the initial SYN packet sent by the |
| client should have this flag set."; |
| } |
| bit psh { |
| position 5; |
| description |
| "Push function. Asks to push the buffered data to the |
| receiving application."; |
| } |
| bit rst { |
| position 6; |
| description |
| "Reset the connection."; |
| } |
| bit syn { |
| position 7; |
| description |
| "Synchronize sequence numbers. Only the first packet |
| sent from each end should have this flag set. Some |
| other flags and fields change meaning based on this |
| flag, and some are only valid for when it is set, |
| and others when it is clear."; |
| } |
| bit fin { |
| position 8; |
| description |
| "Last package from the sender."; |
| } |
| } |
| description |
| "Also known as Control Bits. Contains nine 1-bit flags."; |
| reference |
| "RFC 793: Transmission Control Protocol."; |
| } |
| leaf window-size { |
| type uint16; |
| units "bytes"; |
| description |
| "The size of the receive window, which specifies |
| the number of window size units beyond the segment |
| identified by the sequence number in the Acknowledgement |
| field that the sender of this segment is currently |
| willing to receive."; |
| } |
| leaf urgent-pointer { |
| type uint16; |
| description |
| "This field is an offset from the sequence number |
| indicating the last urgent data byte."; |
| } |
| leaf options { |
| type binary { |
| length "1..40"; |
| } |
| description |
| "The length of this field is determined by the |
| Data Offset field. Options have up to three |
| fields: Option-Kind (1 byte), Option-Length |
| (1 byte), and Option-Data (variable). The Option-Kind |
| field indicates the type of option and is the |
| only field that is not optional. Depending on |
| what kind of option we are dealing with, |
| the next two fields may be set: the Option-Length |
| field indicates the total length of the option, |
| and the Option-Data field contains the value of |
| the option, if applicable."; |
| } |
| } |
| |
| grouping acl-udp-header-fields { |
| description |
| "Collection of UDP header fields that can be used |
| to set up a match filter."; |
| leaf length { |
| type uint16; |
| description |
| "A field that specifies the length in bytes of |
| the UDP header and UDP data. The minimum |
| length is 8 bytes because that is the length of |
| the header. The field size sets a theoretical |
| limit of 65,535 bytes (8-byte header plus 65,527 |
| bytes of data) for a UDP datagram. However, the |
| actual limit for the data length, which is |
| imposed by the underlying IPv4 protocol, is |
| 65,507 bytes (65,535 minus 8-byte UDP header |
| minus 20-byte IP header). |
| |
| In IPv6 jumbograms, it is possible to have |
| UDP packets of a size greater than 65,535 bytes. |
| RFC 2675 specifies that the Length field is set |
| to zero if the length of the UDP header plus |
| UDP data is greater than 65,535."; |
| } |
| } |
| |
| grouping acl-icmp-header-fields { |
| description |
| "Collection of ICMP header fields that can be |
| used to set up a match filter."; |
| leaf type { |
| type uint8; |
| description |
| "Also known as control messages."; |
| reference |
| "RFC 792: Internet Control Message Protocol |
| RFC 4443: Internet Control Message Protocol (ICMPv6) |
| for Internet Protocol Version 6 (IPv6) |
| Specification."; |
| } |
| leaf code { |
| type uint8; |
| description |
| "ICMP subtype. Also known as control messages."; |
| reference |
| "RFC 792: Internet Control Message Protocol |
| RFC 4443: Internet Control Message Protocol (ICMPv6) |
| for Internet Protocol Version 6 (IPv6) |
| Specification."; |
| } |
| leaf rest-of-header { |
| type binary; |
| description |
| "Unbounded in length, the contents vary based on the |
| ICMP type and code. Also referred to as 'Message Body' |
| in ICMPv6."; |
| reference |
| "RFC 792: Internet Control Message Protocol |
| RFC 4443: Internet Control Message Protocol (ICMPv6) |
| for Internet Protocol Version 6 (IPv6) |
| Specification."; |
| } |
| } |
| } |