module ietf-dots-data-channel { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-dots-data-channel"; prefix "data-channel"; import ietf-inet-types {prefix "inet";} import ietf-access-control-list {prefix "ietf-acl";} organization "IETF DOTS Working Group"; contact "Konda, Tirumaleswar Reddy Mohamed Boucadair Kaname Nishizuka Liang Xia Prashanth Patil Andrew Mortensen Nik Teague "; description "This module contains YANG definition for configuring identifiers for resources and filtering rules using DOTS data channel. Copyright (c) 2017 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2017-12-08 { description "Initial revision."; reference "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel"; } container identifier { description "Top level container for identifiers"; leaf-list client-identifier { type binary; description "A client identifier conveyed by a DOTS gateway to a remote DOTS server."; reference "I-D.itef-dots-signal-channel: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel"; } list alias { key alias-name; description "List of identifiers"; leaf alias-name { type string; description "alias name"; } leaf-list target-ip { type inet:ip-address; description "IPv4 or IPv6 address identifying the target."; } leaf-list target-prefix { type inet:ip-prefix; description "IPv4 or IPv6 prefix identifying the target."; } list target-port-range { key "lower-port upper-port"; description "Port range. When only lower-port is present, it represents a single port."; leaf lower-port { type inet:port-number; mandatory true; description "Lower port number."; } leaf upper-port { type inet:port-number; must ". >= ../lower-port" { error-message "The upper port number must be greater than or equal to lower port number."; } description "Upper port number."; } } leaf-list target-protocol { type uint8; description "Identifies the target protocol number. The value '0' means 'all protocols'. Values are taken from the IANA protocol registry: https://www.iana.org/assignments/protocol-numbers/ protocol-numbers.xhtml For example, 6 for a TCP or 17 for UDP."; } leaf-list target-fqdn { type inet:domain-name; description "FQDN identifying the target."; } leaf-list target-uri { type inet:uri; description "URI identifying the target."; } } } augment "/ietf-acl:access-lists" { description "client-identifier parameter."; leaf-list client-identifier { type binary; description "A client identifier conveyed by a DOTS gateway to a remote DOTS server."; } } augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" + "/ietf-acl:ace/ietf-acl:actions" { description "rate-limit action"; leaf rate-limit { when "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/" + "ietf-acl:ace/ietf-acl:actions/" + "ietf-acl:forwarding = 'ietf-acl:accept'" { description "rate-limit valid only when accept action is used"; } type decimal64 { fraction-digits 2; } description "rate-limit traffic"; } } augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" + "/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv4-acl" { description "Handle non-initial and initial fragments for IPv4 packets."; leaf fragments { type empty; description "Handle fragments."; } } augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" + "/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv6-acl" { description "Handle non-initial and initial fragments for IPv6 packets."; leaf fragments { type empty; description "Handle fragments."; } } augment "/ietf-acl:access-lists" { description "Handle ordering of ACLs from a DOTS client"; container dots-acl-order { description "Enclosing container for ordering the ACLs from a DOTS client"; list acl-set { key "set-name type"; ordered-by user; description "List of ACLs"; leaf set-name { type leafref { path "/ietf-acl:access-lists/ietf-acl:acl" + "/ietf-acl:acl-name"; } description "Reference to the ACL set name"; } leaf type { type leafref { path "/ietf-acl:access-lists/ietf-acl:acl" + "/ietf-acl:acl-type"; } description "Reference to the ACL set type"; } } } } }