1 module ietf-packet-fields {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
6 import ietf-inet-types {
9 "RFC 6991 - Common YANG Data Types.";
12 import ietf-yang-types {
15 "RFC 6991 - Common YANG Data Types.";
18 import ietf-ethertypes {
21 "RFC 8519 - YANG Data Model for Network Access Control
26 "IETF NETMOD (Network Modeling) Working Group.";
29 "WG Web: <https://datatracker.ietf.org/wg/netmod/>
30 WG List: netmod@ietf.org
32 Editor: Mahesh Jethanandani
33 mjethanandani@gmail.com
43 "This YANG module defines groupings that are used by
44 the ietf-access-control-list YANG module. Their usage
45 is not limited to ietf-access-control-list and can be
46 used anywhere as applicable.
48 Copyright (c) 2019 IETF Trust and the persons identified as
49 the document authors. All rights reserved.
51 Redistribution and use in source and binary forms, with or
52 without modification, is permitted pursuant to, and subject
53 to the license terms contained in, the Simplified BSD
54 License set forth in Section 4.c of the IETF Trust's Legal
55 Provisions Relating to IETF Documents
56 (http://trustee.ietf.org/license-info).
58 This version of this YANG module is part of RFC 8519; see
59 the RFC itself for full legal notices.";
65 "RFC 8519: YANG Data Model for Network Access Control
76 "Less than or equal to.";
80 "Greater than or equal to.";
92 "The source and destination port range definitions
93 can be further qualified using an operator. An
94 operator is needed only if the lower-port is specified
95 and the upper-port is not specified. The operator
96 therefore further qualifies the lower-port only.";
102 grouping port-range-or-operator {
103 choice port-range-or-operator {
106 type inet:port-number;
107 must '. <= ../upper-port' {
109 "The lower-port must be less than or equal to
114 "Lower boundary for a port.";
117 type inet:port-number;
120 "Upper boundary for a port.";
128 "Operator to be applied on the port below.";
131 type inet:port-number;
134 "Port number along with the operator on which to
139 "Choice of specifying a port range or a single
140 port along with an operator.";
143 "Grouping for port definitions in the form of a
147 grouping acl-ip-header-fields {
149 "IP header fields common to IPv4 and IPv6";
151 "RFC 791: Internet Protocol.";
156 "Differentiated Services Code Point.";
158 "RFC 2474: Definition of the Differentiated Services
159 Field (DS Field) in the IPv4 and IPv6
168 "Explicit Congestion Notification.";
170 "RFC 3168: The Addition of Explicit Congestion
171 Notification (ECN) to IP.";
177 "In the IPv4 header field, this field is known as the Total
178 Length. Total Length is the length of the datagram, measured
179 in octets, including internet header and data.
181 In the IPv6 header field, this field is known as the Payload
182 Length, which is the length of the IPv6 payload, i.e., the rest
183 of the packet following the IPv6 header, in octets.";
185 "RFC 791: Internet Protocol
186 RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
191 "This field indicates the maximum time the datagram is allowed
192 to remain in the internet system. If this field contains the
193 value zero, then the datagram must be dropped.
195 In IPv6, this field is known as the Hop Limit.";
197 "RFC 791: Internet Protocol
198 RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
203 "Internet Protocol number. Refers to the protocol of the
204 payload. In IPv6, this field is known as 'next-header',
205 and if extension headers are present, the protocol is
206 present in the 'upper-layer' header.";
208 "RFC 791: Internet Protocol
209 RFC 8200: Internet Protocol, Version 6 (IPv6) Specification.";
213 grouping acl-ipv4-header-fields {
215 "Fields in the IPv4 header.";
221 "In an IPv4 header field, the Internet Header Length (IHL) is
222 the length of the internet header in 32-bit words and
223 thus points to the beginning of the data. Note that the
224 minimum value for a correct header is 5.";
231 "Reserved. Must be zero.";
236 "Setting the value to 0 indicates may fragment, while
237 setting the value to 1 indicates do not fragment.";
242 "Setting the value to 0 indicates this is the last fragment,
243 and setting the value to 1 indicates more fragments are
248 "Bit definitions for the Flags field in the IPv4 header.";
255 "The fragment offset is measured in units of 8 octets (64 bits).
256 The first fragment has offset zero. The length is 13 bits";
258 leaf identification {
261 "An identifying value assigned by the sender to aid in
262 assembling the fragments of a datagram.";
265 choice destination-network {
266 case destination-ipv4-network {
267 leaf destination-ipv4-network {
268 type inet:ipv4-prefix;
270 "Destination IPv4 address prefix.";
274 "Choice of specifying a destination IPv4 address or
275 referring to a group of IPv4 destination addresses.";
278 choice source-network {
279 case source-ipv4-network {
280 leaf source-ipv4-network {
281 type inet:ipv4-prefix;
283 "Source IPv4 address prefix.";
287 "Choice of specifying a source IPv4 address or
288 referring to a group of IPv4 source addresses.";
292 grouping acl-ipv6-header-fields {
294 "Fields in the IPv6 header.";
296 choice destination-network {
297 case destination-ipv6-network {
298 leaf destination-ipv6-network {
299 type inet:ipv6-prefix;
301 "Destination IPv6 address prefix.";
305 "Choice of specifying a destination IPv6 address
306 or referring to a group of IPv6 destination
310 choice source-network {
311 case source-ipv6-network {
312 leaf source-ipv6-network {
313 type inet:ipv6-prefix;
315 "Source IPv6 address prefix.";
319 "Choice of specifying a source IPv6 address or
320 referring to a group of IPv6 source addresses.";
324 type inet:ipv6-flow-label;
329 "RFC 4291: IP Version 6 Addressing Architecture
330 RFC 4007: IPv6 Scoped Address Architecture
331 RFC 5952: A Recommendation for IPv6 Address Text
335 grouping acl-eth-header-fields {
337 "Fields in the Ethernet header.";
338 leaf destination-mac-address {
339 type yang:mac-address;
341 "Destination IEEE 802 Media Access Control (MAC)
344 leaf destination-mac-address-mask {
345 type yang:mac-address;
347 "Destination IEEE 802 MAC address mask.";
349 leaf source-mac-address {
350 type yang:mac-address;
352 "Source IEEE 802 MAC address.";
354 leaf source-mac-address-mask {
355 type yang:mac-address;
357 "Source IEEE 802 MAC address mask.";
362 "The Ethernet Type (or Length) value represented
363 in the canonical order defined by IEEE 802.
364 The canonical representation uses lowercase
367 "IEEE 802-2014, Clause 9.2.";
370 "IEEE 802: IEEE Standard for Local and Metropolitan
371 Area Networks: Overview and Architecture.";
374 grouping acl-tcp-header-fields {
376 "Collection of TCP header fields that can be used to
377 set up a match filter.";
378 leaf sequence-number {
381 "Sequence number that appears in the packet.";
383 leaf acknowledgement-number {
386 "The acknowledgement number that appears in the
394 "Specifies the size of the TCP header in 32-bit
395 words. The minimum size header is 5 words and
396 the maximum is 15 words; thus, this gives a
397 minimum size of 20 bytes and a maximum of 60
398 bytes, allowing for up to 40 bytes of options
404 "Reserved for future use.";
411 "The Congestion Window Reduced (CWR) flag is set
412 by the sending host to indicate that it received
413 a TCP segment with the ECN-Echo (ECE) flag set
414 and had responded in the congestion control
417 "RFC 3168: The Addition of Explicit Congestion
418 Notification (ECN) to IP.";
423 "ECN-Echo has a dual role, depending on the value
424 of the SYN flag. It indicates the following: if
425 the SYN flag is set (1), the TCP peer is ECN
426 capable, and if the SYN flag is clear (0), a packet
427 with the Congestion Experienced flag set (ECN=11)
428 in the IP header was received during normal
429 transmission (added to the header by RFC 3168).
430 This serves as an indication of network congestion
431 (or impending congestion) to the TCP sender.";
433 "RFC 3168: The Addition of Explicit Congestion
434 Notification (ECN) to IP.";
439 "Indicates that the Urgent Pointer field is significant.";
444 "Indicates that the Acknowledgement field is significant.
445 All packets after the initial SYN packet sent by the
446 client should have this flag set.";
451 "Push function. Asks to push the buffered data to the
452 receiving application.";
457 "Reset the connection.";
462 "Synchronize sequence numbers. Only the first packet
463 sent from each end should have this flag set. Some
464 other flags and fields change meaning based on this
465 flag, and some are only valid for when it is set,
466 and others when it is clear.";
471 "Last package from the sender.";
475 "Also known as Control Bits. Contains nine 1-bit flags.";
477 "RFC 793: Transmission Control Protocol.";
483 "The size of the receive window, which specifies
484 the number of window size units beyond the segment
485 identified by the sequence number in the Acknowledgement
486 field that the sender of this segment is currently
487 willing to receive.";
489 leaf urgent-pointer {
492 "This field is an offset from the sequence number
493 indicating the last urgent data byte.";
500 "The length of this field is determined by the
501 Data Offset field. Options have up to three
502 fields: Option-Kind (1 byte), Option-Length
503 (1 byte), and Option-Data (variable). The Option-Kind
504 field indicates the type of option and is the
505 only field that is not optional. Depending on
506 what kind of option we are dealing with,
507 the next two fields may be set: the Option-Length
508 field indicates the total length of the option,
509 and the Option-Data field contains the value of
510 the option, if applicable.";
514 grouping acl-udp-header-fields {
516 "Collection of UDP header fields that can be used
517 to set up a match filter.";
521 "A field that specifies the length in bytes of
522 the UDP header and UDP data. The minimum
523 length is 8 bytes because that is the length of
524 the header. The field size sets a theoretical
525 limit of 65,535 bytes (8-byte header plus 65,527
526 bytes of data) for a UDP datagram. However, the
527 actual limit for the data length, which is
528 imposed by the underlying IPv4 protocol, is
529 65,507 bytes (65,535 minus 8-byte UDP header
530 minus 20-byte IP header).
532 In IPv6 jumbograms, it is possible to have
533 UDP packets of a size greater than 65,535 bytes.
534 RFC 2675 specifies that the Length field is set
535 to zero if the length of the UDP header plus
536 UDP data is greater than 65,535.";
540 grouping acl-icmp-header-fields {
542 "Collection of ICMP header fields that can be
543 used to set up a match filter.";
547 "Also known as control messages.";
549 "RFC 792: Internet Control Message Protocol
550 RFC 4443: Internet Control Message Protocol (ICMPv6)
551 for Internet Protocol Version 6 (IPv6)
557 "ICMP subtype. Also known as control messages.";
559 "RFC 792: Internet Control Message Protocol
560 RFC 4443: Internet Control Message Protocol (ICMPv6)
561 for Internet Protocol Version 6 (IPv6)
564 leaf rest-of-header {
567 "Unbounded in length, the contents vary based on the
568 ICMP type and code. Also referred to as 'Message Body'
571 "RFC 792: Internet Control Message Protocol
572 RFC 4443: Internet Control Message Protocol (ICMPv6)
573 for Internet Protocol Version 6 (IPv6)