From 31fc94b009db9c2a0d3c21fdf77dea8599399c30 Mon Sep 17 00:00:00 2001
From: Aswin Suryanarayanan <asuryana@redhat.com>
Date: Wed, 25 May 2016 21:15:55 +0530
Subject: [PATCH] Ietf yang for access control list and the dependent yang are
 added.

Change-Id: Ibaf4d71da09da1c854df7a32409f7f47a67e5fe9
Signed-off-by: Aswin Suryanarayanan <asuryana@redhat.com>
---
 model/artifacts/pom.xml                       |  10 +
 model/features/pom.xml                        |   8 +
 model/features/src/main/features/features.xml |   2 +
 model/ietf/ietf-access-control-list/pom.xml   |  50 +++++
 .../main/yang/ietf-access-control-list.yang   | 209 ++++++++++++++++++
 model/ietf/ietf-packet-fields/pom.xml         |  57 +++++
 .../src/main/yang/ietf-packet-fields.yang     | 195 ++++++++++++++++
 model/ietf/pom.xml                            |   2 +
 8 files changed, 533 insertions(+)
 create mode 100644 model/ietf/ietf-access-control-list/pom.xml
 create mode 100644 model/ietf/ietf-access-control-list/src/main/yang/ietf-access-control-list.yang
 create mode 100644 model/ietf/ietf-packet-fields/pom.xml
 create mode 100644 model/ietf/ietf-packet-fields/src/main/yang/ietf-packet-fields.yang

diff --git a/model/artifacts/pom.xml b/model/artifacts/pom.xml
index fc95fcb187..1652c481a5 100644
--- a/model/artifacts/pom.xml
+++ b/model/artifacts/pom.xml
@@ -127,6 +127,16 @@
                 <artifactId>ietf-type-util</artifactId>
                 <version>1.0.0-SNAPSHOT</version>
             </dependency>
+            <dependency>
+                <groupId>org.opendaylight.mdsal.model</groupId>
+                <artifactId>ietf-packet-fields</artifactId>
+                <version>0.7.0-SNAPSHOT</version>
+            </dependency>
+            <dependency>
+                <groupId>org.opendaylight.mdsal.model</groupId>
+                <artifactId>ietf-access-control-list</artifactId>
+                <version>0.7.0-SNAPSHOT</version>
+            </dependency>
             <!-- TODO: Sort dependencies alphabetically? -->
         </dependencies>
     </dependencyManagement>
diff --git a/model/features/pom.xml b/model/features/pom.xml
index 3f71f64097..76ee2345fb 100644
--- a/model/features/pom.xml
+++ b/model/features/pom.xml
@@ -127,6 +127,14 @@
             <groupId>org.opendaylight.mdsal.model</groupId>
             <artifactId>ietf-type-util</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.opendaylight.mdsal.model</groupId>
+            <artifactId>ietf-packet-fields</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.opendaylight.mdsal.model</groupId>
+            <artifactId>ietf-access-control-list</artifactId>
+        </dependency>
     </dependencies>
 
   <!--
diff --git a/model/features/src/main/features/features.xml b/model/features/src/main/features/features.xml
index 8967e3f5f7..9f729f375c 100644
--- a/model/features/src/main/features/features.xml
+++ b/model/features/src/main/features/features.xml
@@ -32,6 +32,8 @@
         <bundle>mvn:org.opendaylight.mdsal.model/ietf-network-2015-06-08/{{VERSION}}</bundle>
         <bundle>mvn:org.opendaylight.mdsal.model/ietf-inet-types-2013-07-15/{{VERSION}}</bundle>
         <bundle>mvn:org.opendaylight.mdsal.model/ietf-type-util/{{VERSION}}</bundle>
+        <bundle>mvn:org.opendaylight.mdsal.model/ietf-packet-fields/{{VERSION}}</bundle>
+        <bundle>mvn:org.opendaylight.mdsal.model/ietf-access-control-list/{{VERSION}}</bundle>
     </feature>
 
 </features>
diff --git a/model/ietf/ietf-access-control-list/pom.xml b/model/ietf/ietf-access-control-list/pom.xml
new file mode 100644
index 0000000000..327ef43b60
--- /dev/null
+++ b/model/ietf/ietf-access-control-list/pom.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- vi: set et smarttab sw=4 tabstop=4: -->
+<!--
+ Copyright © 2016 Red Hat, Inc. and others. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <artifactId>model-ietf</artifactId>
+        <groupId>org.opendaylight.mdsal.model</groupId>
+        <version>0.9.0-SNAPSHOT</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>ietf-access-control-list</artifactId>
+    <version>0.7.0-SNAPSHOT</version>
+    <name>${project.artifactId}</name>
+    <description>${project.artifactId}</description>
+    <packaging>bundle</packaging>
+
+
+
+  <!--
+      Maven Site Configuration
+
+      The following configuration is necessary for maven-site-plugin to
+      correctly identify the correct deployment path for OpenDaylight Maven
+      sites.
+  -->
+  <url>${odl.site.url}/${project.groupId}/${stream}/${project.artifactId}/</url>
+
+  <distributionManagement>
+    <site>
+      <id>opendaylight-site</id>
+      <url>${nexus.site.url}/${project.artifactId}/</url>
+    </site>
+  </distributionManagement>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.opendaylight.mdsal.model</groupId>
+      <artifactId>ietf-packet-fields</artifactId>
+        <version>0.7.0-SNAPSHOT</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/model/ietf/ietf-access-control-list/src/main/yang/ietf-access-control-list.yang b/model/ietf/ietf-access-control-list/src/main/yang/ietf-access-control-list.yang
new file mode 100644
index 0000000000..90681653aa
--- /dev/null
+++ b/model/ietf/ietf-access-control-list/src/main/yang/ietf-access-control-list.yang
@@ -0,0 +1,209 @@
+module ietf-access-control-list {
+  yang-version 1.1;
+  namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list";
+  prefix acl;
+  import ietf-yang-types {
+    prefix yang; revision-date 2013-07-15;
+  }
+  import ietf-packet-fields {
+    prefix packet-fields; revision-date 2016-02-18;
+  }
+  organization "IETF NETMOD (NETCONF Data Modeling Language)
+           Working Group";
+  contact
+    "WG Web: http://tools.ietf.org/wg/netmod/
+    WG List: netmod@ietf.org
+    WG Chair: Juergen Schoenwaelder
+    j.schoenwaelder@jacobs-university.de
+    WG Chair: Tom Nadeau
+    tnadeau@lucidvision.com
+    Editor: Dean Bogdanovic
+    ivandean@gmail.com
+    Editor: Kiran Agrahara Sreenivasa
+    kkoushik@cisco.com
+    Editor: Lisa Huang
+    lyihuang@juniper.net
+    Editor: Dana Blair
+    dblair@cisco.com";
+  description
+    "This YANG module defines a component that describing the
+    configuration of Access Control Lists (ACLs).
+    Copyright (c) 2016 IETF Trust and the persons identified as
+    the document authors.  All rights reserved.
+    Redistribution and use in source and binary forms, with or
+    without modification, is permitted pursuant to, and subject
+    to the license terms contained in, the Simplified BSD
+    License set forth in Section 4.c of the IETF Trust's Legal
+    Provisions Relating to IETF Documents
+    (http://trustee.ietf.org/license-info).
+    This version of this YANG module is part of RFC XXXX; see
+    the RFC itself for full legal notices.";
+  revision 2016-02-18 {
+    description
+      "Base model for Network Access Control List (ACL).";
+    reference
+      "RFC XXXX: Network Access Control List (ACL)
+      YANG Data  Model";
+  }
+  identity acl-base {
+    description
+      "Base Access Control List type for all Access Control List type
+      identifiers.";
+  }
+  identity ipv4-acl {
+    base acl:acl-base;
+    description
+       "ACL that primarily matches on fields from the IPv4 header
+       (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP
+       destination port).  An acl of type ipv4-acl does not contain
+       matches on fields in the ethernet header or the IPv6 header.";
+  }
+  identity ipv6-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields from the IPv6 header
+      (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP
+      destination port). An acl of type ipv6-acl does not contain
+      matches on fields in the ethernet header or the IPv4 header.";
+  }
+  identity eth-acl {
+    base acl:acl-base;
+    description
+      "ACL that primarily matches on fields in the ethernet header,
+      like 10/100/1000baseT or WiFi Access Control List. An acl of
+      type eth-acl does not contain matches on fields in the IPv4
+      header, IPv6 header or layer 4 headers.";
+  }
+  typedef acl-type {
+    type identityref {
+      base acl:acl-base;
+    }
+    description
+      "This type is used to refer to an Access Control List
+      (ACL) type";
+  }
+  typedef access-control-list-ref {
+    type leafref {
+      path "/access-lists/acl/acl-name";
+    }
+    description
+      "This type is used by data models that need to reference an
+      Access Control List";
+  }
+  container access-lists {
+    description
+      "This is a top level container for Access Control Lists.
+      It can have one or more Access Control Lists.";
+    list acl {
+      key "acl-type acl-name";
+      description
+        "An Access Control List(ACL) is an ordered list of
+        Access List Entries (ACE). Each Access Control Entry has a
+        list of match criteria and a list of actions.
+        Since there are several kinds of Access Control Lists
+        implemented with different attributes for
+        different vendors, this
+        model accommodates customizing Access Control Lists for
+        each kind and for each vendor.";
+      leaf acl-name {
+        type string;
+        description
+          "The name of access-list. A device MAY restrict the length
+           and value of this name, possibly space and special
+           characters are not allowed.";
+      }
+      leaf acl-type {
+        type acl-type;
+        description
+            "Type of access control list. Indicates the primary intended
+            type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
+            used in the list instance.";
+      }
+      container acl-oper-data {
+        config false;
+        description
+          "Overall Access Control List operational data";
+      }
+      container access-list-entries {
+        description
+          "The access-list-entries container contains
+          a list of access-list-entries(ACE).";
+        list ace {
+          key "rule-name";
+          ordered-by user;
+          description
+            "List of access list entries(ACE)";
+          leaf rule-name {
+            type string;
+            description
+              "A unique name identifying this Access List
+              Entry(ACE).";
+          }
+          container matches {
+            description
+              "Definitions for match criteria for this Access List
+        Entry.";
+            choice ace-type {
+              description
+                "Type of access list entry.";
+              case ace-ip {
+                      description "IP Access List Entry.";
+                choice ace-ip-version {
+                  description
+                    "IP version used in this Access List Entry.";
+                  case ace-ipv4 {
+                    uses packet-fields:acl-ipv4-header-fields;
+                  }
+                  case ace-ipv6 {
+                    uses packet-fields:acl-ipv6-header-fields;
+                  }
+                }
+                uses packet-fields:acl-ip-header-fields;
+              }
+              case ace-eth {
+                description
+                  "Ethernet Access List entry.";
+                uses packet-fields:acl-eth-header-fields;
+              }
+            }
+            uses packet-fields:metadata;
+          }
+          container actions {
+            description
+              "Definitions of action criteria for this Access List
+        Entry.";
+            choice packet-handling {
+              default "deny";
+              description
+                "Packet handling action.";
+              case deny {
+                leaf deny {
+                  type empty;
+                  description
+                    "Deny action.";
+                }
+              }
+              case permit {
+                leaf permit {
+                  type empty;
+                  description
+                    "Permit action.";
+                }
+              }
+            }
+          }
+          container ace-oper-data {
+            config false;
+            description
+              "Operational data for this Access List Entry.";
+            leaf match-counter {
+              type yang:counter64;
+              description
+                "Number of matches for this Access List Entry";
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/model/ietf/ietf-packet-fields/pom.xml b/model/ietf/ietf-packet-fields/pom.xml
new file mode 100644
index 0000000000..ea28cb6d34
--- /dev/null
+++ b/model/ietf/ietf-packet-fields/pom.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- vi: set et smarttab sw=4 tabstop=4: -->
+<!--
+ Copyright © 2016 Red Hat, Inc. and others. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ and is available at http://www.eclipse.org/legal/epl-v10.html
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <artifactId>model-ietf</artifactId>
+        <groupId>org.opendaylight.mdsal.model</groupId>
+        <version>0.9.0-SNAPSHOT</version>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>ietf-packet-fields</artifactId>
+    <version>0.7.0-SNAPSHOT</version>
+    <name>${project.artifactId}</name>
+    <description>${project.artifactId}</description>
+    <packaging>bundle</packaging>
+
+    <dependencies>
+    <dependency>
+      <groupId>org.opendaylight.mdsal.model</groupId>
+      <artifactId>ietf-interfaces</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.opendaylight.mdsal.model</groupId>
+      <artifactId>ietf-yang-types-20130715</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.opendaylight.mdsal.model</groupId>
+      <artifactId>ietf-inet-types-2013-07-15</artifactId>
+    </dependency>
+    </dependencies>
+
+
+  <!--
+      Maven Site Configuration
+
+      The following configuration is necessary for maven-site-plugin to
+      correctly identify the correct deployment path for OpenDaylight Maven
+      sites.
+  -->
+  <url>${odl.site.url}/${project.groupId}/${stream}/${project.artifactId}/</url>
+
+  <distributionManagement>
+    <site>
+      <id>opendaylight-site</id>
+      <url>${nexus.site.url}/${project.artifactId}/</url>
+    </site>
+  </distributionManagement>
+
+</project>
diff --git a/model/ietf/ietf-packet-fields/src/main/yang/ietf-packet-fields.yang b/model/ietf/ietf-packet-fields/src/main/yang/ietf-packet-fields.yang
new file mode 100644
index 0000000000..0ca86a8905
--- /dev/null
+++ b/model/ietf/ietf-packet-fields/src/main/yang/ietf-packet-fields.yang
@@ -0,0 +1,195 @@
+module ietf-packet-fields {
+  yang-version 1.1;
+  namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields";
+  prefix packet-fields;
+  import ietf-inet-types {
+    prefix inet; revision-date 2013-07-15;
+  }
+  import ietf-yang-types {
+    prefix yang; revision-date 2013-07-15;
+  }
+  import ietf-interfaces {
+    prefix if; revision-date 2014-05-08;
+  }
+  organization "IETF NETMOD (NETCONF Data Modeling Language) Working
+                Group";
+  contact
+    "WG Web: http://tools.ietf.org/wg/netmod/
+    WG List: netmod@ietf.org
+    WG Chair: Juergen Schoenwaelder
+    j.schoenwaelder@jacobs-university.de
+    WG Chair: Tom Nadeau
+    tnadeau@lucidvision.com
+    Editor: Dean Bogdanovic
+    deanb@juniper.net
+    Editor: Kiran Agrahara Sreenivasa
+    kkoushik@cisco.com
+    Editor: Lisa Huang
+    lyihuang@juniper.net
+    Editor: Dana Blair
+    dblair@cisco.com";
+  description
+    "This YANG module defines groupings that are used by
+    ietf-access-control-list YANG module. Their usage is not
+    limited to ietf-access-control-list and can be
+    used anywhere as applicable.
+    Copyright (c) 2016 IETF Trust and the persons identified as
+    the document authors.  All rights reserved.
+    Redistribution and use in source and binary forms, with or
+    without modification, is permitted pursuant to, and subject
+    to the license terms contained in, the Simplified BSD
+    License set forth in Section 4.c of the IETF Trust's Legal
+    Provisions Relating to IETF Documents
+    (http://trustee.ietf.org/license-info).
+    This version of this YANG module is part of RFC XXXX; see
+    the RFC itself for full legal notices.";
+  revision 2016-02-18 {
+    description
+      "Initial version of packet fields used by
+      ietf-access-control-list";
+    reference
+      "RFC XXXX: Network Access Control List (ACL)
+      YANG Data  Model";
+  }
+  grouping acl-transport-header-fields {
+    description
+      "Transport header fields";
+    container source-port-range {
+      presence "Enables setting source port range";
+      description
+        "Inclusive range representing source ports to be used.
+        When only lower-port is present, it represents a single port.";
+      leaf lower-port {
+        type inet:port-number;
+        mandatory true;
+        description
+          "Lower boundary for port.";
+      }
+      leaf upper-port {
+        type inet:port-number;
+        must ". >= ../lower-port" {
+          error-message
+          "The upper-port must be greater than or equal to lower-port";
+        }
+        description
+          "Upper boundary for port . If existing, the upper port
+          must be greater or equal to lower-port.";
+      }
+    }
+    container destination-port-range {
+      presence "Enables setting destination port range";
+      description
+        "Inclusive range representing destination ports to be used. When
+	only lower-port is present, it represents a single port.";
+      leaf lower-port {
+        type inet:port-number;
+        mandatory true;
+        description
+          "Lower boundary for port.";
+      }
+      leaf upper-port {
+        type inet:port-number;
+        must ". >= ../lower-port" {
+          error-message
+            "The upper-port must be greater than or equal to lower-port";
+        }
+
+        description
+          "Upper boundary for port. If existing, the upper port must
+          be greater or equal to lower-port";
+      }
+    }
+  }
+  grouping acl-ip-header-fields {
+    description
+      "IP header fields common to ipv4 and ipv6";
+    leaf dscp {
+      type inet:dscp;
+      description
+        "Value of dscp.";
+    }
+    leaf protocol {
+      type uint8;
+      description
+        "Internet Protocol number.";
+    }
+    uses acl-transport-header-fields;
+  }
+  grouping acl-ipv4-header-fields {
+    description
+      "Fields in IPv4 header.";
+    leaf destination-ipv4-network {
+      type inet:ipv4-prefix;
+      description
+        "Destination IPv4 address prefix.";
+    }
+    leaf source-ipv4-network {
+      type inet:ipv4-prefix;
+      description
+        "Source IPv4 address prefix.";
+    }
+  }
+  grouping acl-ipv6-header-fields {
+    description
+      "Fields in IPv6 header";
+    leaf destination-ipv6-network {
+      type inet:ipv6-prefix;
+      description
+        "Destination IPv6 address prefix.";
+    }
+    leaf source-ipv6-network {
+      type inet:ipv6-prefix;
+      description
+        "Source IPv6 address prefix.";
+    }
+    leaf flow-label {
+      type inet:ipv6-flow-label;
+      description
+        "IPv6 Flow label.";
+    }
+    reference
+      "RFC 4291: IP Version 6 Addressing Architecture
+      RFC 4007: IPv6 Scoped Address Architecture
+      RFC 5952: A Recommendation for IPv6 Address Text Representation";
+  }
+  grouping acl-eth-header-fields {
+    description
+      "Fields in Ethernet header.";
+    leaf destination-mac-address {
+      type yang:mac-address;
+      description
+        "Destination IEEE 802 MAC address.";
+    }
+    leaf destination-mac-address-mask {
+      type yang:mac-address;
+      description
+        "Destination IEEE 802 MAC address mask.";
+    }
+    leaf source-mac-address {
+      type yang:mac-address;
+      description
+        "Source IEEE 802 MAC address.";
+    }
+    leaf source-mac-address-mask {
+      type yang:mac-address;
+      description
+        "Source IEEE 802 MAC address mask.";
+    }
+    reference
+      "IEEE 802: IEEE Standard for Local and Metropolitan Area
+      Networks: Overview and Architecture.";
+  }
+
+  grouping metadata {
+    description
+      "Fields associated with a packet whick are not in
+      the header.";
+    leaf input-interface {
+      type if:interface-ref {
+        require-instance false;
+      }
+      description
+        "Packet was received on this interface.";
+    }
+  }
+}
\ No newline at end of file
diff --git a/model/ietf/pom.xml b/model/ietf/pom.xml
index 61f23e548d..31b2a6393d 100644
--- a/model/ietf/pom.xml
+++ b/model/ietf/pom.xml
@@ -27,6 +27,8 @@
         <module>ietf-yang-types</module>
         <module>ietf-yang-types-20130715</module>
         <module>ietf-network</module>
+        <module>ietf-packet-fields</module>
+        <module>ietf-access-control-list</module>
 
         <!-- Legacy IETF topology models -->
         <module>ietf-ted</module>
-- 
2.36.6