module ietf-dots-data-channel {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-data-channel";
prefix "data-channel";
import ietf-inet-types {prefix "inet";}
import ietf-access-control-list {prefix "ietf-acl";}
organization "IETF DDoS Open Threat Signaling (DOTS) Working Group";
contact
"WG Web:
WG List:
Editor: Konda, Tirumaleswar Reddy
Editor: Mohamed Boucadair
Author: Kaname Nishizuka
Author: Liang Xia
Author: Prashanth Patil
Author: Andrew Mortensen
Author: Nik Teague
";
description
"This module contains YANG definition for configuring
identifiers for resources and filtering rules using DOTS
data channel.
Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision 2017-12-18 {
description
"Initial revision.";
reference
"RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Data Channel";
}
container identifier {
description "Top level container for identifiers";
leaf-list client-identifier {
type binary;
description
"A client identifier conveyed by a
server-side DOTS gateway to a remote DOTS server.";
reference
"I-D.itef-dots-signal-channel: Distributed Denial-of-Service
Open Threat Signaling (DOTS) Signal Channel";
}
list alias {
key alias-name;
description
"List of identifiers";
leaf alias-name {
type string;
description "alias name";
}
leaf-list target-prefix {
type inet:ip-prefix;
description
"IPv4 or IPv6 prefix identifying the target.";
}
list target-port-range {
key "lower-port upper-port";
description
"Port range. When only lower-port is
present, it represents a single port.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower port number.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper port number must be greater than
or equal to lower port number.";
}
description
"Upper port number.";
}
}
leaf-list target-protocol {
type uint8;
description
"Identifies the target protocol number.
The value '0' means 'all protocols'.
Values are taken from the IANA protocol registry:
https://www.iana.org/assignments/protocol-numbers/
protocol-numbers.xhtml
For example, 6 for a TCP or 17 for UDP.";
}
leaf-list target-fqdn {
type inet:domain-name;
description
"FQDN identifying the target.";
}
leaf-list target-uri {
type inet:uri;
description
"URI identifying the target.";
}
}
}
augment "/ietf-acl:access-lists" {
description
"client-identifier parameter.";
leaf-list client-identifier {
type binary;
description
"A client identifier conveyed by a server-side DOTS
gateway to a remote DOTS server.";
}
}
augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" +
"/ietf-acl:ace/ietf-acl:actions" {
description
"rate-limit action";
leaf rate-limit {
when "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces/" +
"ietf-acl:ace/ietf-acl:actions/" +
"ietf-acl:forwarding = 'ietf-acl:accept'" {
description
"rate-limit valid only when accept action is used";
}
type decimal64 {
fraction-digits 2;
}
description
"rate-limit traffic";
}
}
augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" +
"/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv4-acl" {
description
"Handle non-initial and initial fragments for IPv4 packets.";
leaf fragments {
type empty;
description
"Handle fragments.";
}
}
augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:aces" +
"/ietf-acl:ace/ietf-acl:matches/ietf-acl:ipv6-acl" {
description
"Handle non-initial and initial fragments for IPv6 packets.";
leaf fragments {
type empty;
description
"Handle fragments.";
}
}
augment "/ietf-acl:access-lists" {
description
"Handle ordering of ACLs from a DOTS client";
container dots-acl-order {
description
"Enclosing container for ordering
the ACLs from a DOTS client";
list acl-set {
key "set-name type";
ordered-by user;
description
"List of ACLs";
leaf set-name {
type leafref {
path "/ietf-acl:access-lists/ietf-acl:acl" +
"/ietf-acl:acl-name";
}
description
"Reference to the ACL set name";
}
leaf type {
type leafref {
path "/ietf-acl:access-lists/ietf-acl:acl" +
"/ietf-acl:acl-type";
}
description
"Reference to the ACL set type";
}
}
}
}
}