diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-23 09:41:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-23 09:41:28 +0000 |
commit | 76ffd5ce84e4adb412833c8186fc6b26b656947f (patch) | |
tree | 11da7c12c05e9d2a85ec40022d43a970184bb867 /tools/lint/examples | |
parent | Initial commit. (diff) | |
download | libyang3-upstream/3.1.0.tar.xz libyang3-upstream/3.1.0.zip |
Adding upstream version 3.1.0.upstream/3.1.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
36 files changed, 5881 insertions, 0 deletions
diff --git a/tools/lint/examples/README.md b/tools/lint/examples/README.md new file mode 100644 index 0000000..93d3c2a --- /dev/null +++ b/tools/lint/examples/README.md @@ -0,0 +1,536 @@ +# YANGLINT - Interactive Mode Examples + +This text provides several use-case of the `yanglint(1)` interactive +mode. For basic information about the `yanglint(1)` usage, please see +the man page. + +The examples are supposed to be went through one by one. Some of the examples +suppose the specific schemas loaded in some of the previous example is still +loaded. If an addition work is need, the *preparation* part in the example +provides information what to do. + +To show all available command of the `yanglint(1)`, use the `help` command: +``` +> help +Available commands: + help Display commands description + add Add a new module from a specific file + load Load a new schema from the searchdirs + print Print a module + data Load, validate and optionally print instance data + list List all the loaded modules + feature Print all features of module(s) with their state + searchpath Print/set the search path(s) for schemas + clear Clear the context - remove all the loaded modules + verb Change verbosity + debug Display specific debug message groups + quit Quit the program + ? Display commands description + exit Quit the program +``` +To show the information about the specific command, use the `help` command in +combination with the command name you are interested in: +``` +> help searchpath +Usage: searchpath [--clear] [<modules-dir-path> ...] + Set paths of directories where to search for imports and includes + of the schema modules. Subdirectories are also searched. The current + working directory and the path of the module being added is used implicitly. + The 'load' command uses these paths to search even for the schema modules + to be loaded. +``` + +The input files referred in this document are available together with this +document. + +## Duplicit Data Model + +Let's have two data models [module1.yang](./module1.yang) +and [module1b.yang](./module1b.yang). +They differ in the module name but their namespaces are the same. + +Preparation: + +``` +> clear +> add module1.yang +> list +``` + +Output: + +``` +List of the loaded models: + i ietf-yang-metadata@2016-08-05 + I yang@2022-06-16 + i ietf-inet-types@2013-07-15 + i ietf-yang-types@2013-07-15 + I ietf-yang-schema-mount@2019-01-14 + I module1 +``` + +Command and its output: + +``` +> add module1b.yang +libyang[0]: Two different modules ("module1" and "module1b") have the same namespace "urn:yanglint:module". +libyang[0]: Parsing module "module1b" failed. +``` + +## Yang Data Model Validation + +**YANG/YIN syntax** + +`module2.yin` contains a syntax error. +There is a bad syntax of the `type` statement in YIN file. + +``` +<type value="string"/> +``` + +instead of + +``` +<type name="string"/> +``` + +Preparation: + +``` +> clear +``` + +Command and its output: + +``` +> add module2.yin +libyang[0]: Unexpected attribute "value" of "type" element. (path: Line number 8.) +libyang[0]: Parsing module "module2" failed. +``` + +Similarly, there is a typo in `module2.yang`. + +**XPath errors** + +`libyang` and `yanglint(1)` is able to detect also errors in XPath expressions. +In `module3.yang` the `must` expression refers to the node which does not exists. + +Preparation: + +``` +> clear +``` + +Command and its output: + +``` +> add module3.yang +libyang[1]: Schema node "a" for parent "/module3:c" not found; in expr "../c/a" with context node "/module3:m". +``` + +Note that libyang prints only a warning in this case because it is not +specified that XPath expressions must refer to existing nodes. + +## Data Validation + +Preparation: + +``` +> clear +> add ietf-netconf-acm.yang +``` + +**Unknown data** + +By default, yanglint ignores unknown data and no error is printed (you can +compare real content of the `datastore.xml` file and what yanglint prints +in the following command if you add `-f xml` option). + +Command and its output: + +``` +> data -t config datastore.xml +``` + +We use option `-t` to specify type of the data in `datastore.xml`. By the +`config` value we declare that the input file contains all the configuration +data (with at least all the mandatory nodes as required by the loaded schemas), +but without the status data. More examples of different data types will follow. + +Command and its output: + +``` +> data -t config datastore.xml +libyang[0]: No module with namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces" in the context. (path: Line number 20.) +YANGLINT[E]: Failed to parse input data file "datastore.xml". +``` + +Note that in case of working with complete datastore including the status data +(no `-t` option is specified), `yanglint(1)` has to add status data from its +internal `ietf-yang-library` module. + +**RPC and RPC-reply** + +It is possible to validate RPCs and their replies as well. + +Peparation: + +``` +> clear +> add module4.yang +``` + +Command and its output: + +``` +> data -t rpc rpc.xml +``` + +Reply to this RPC can be validated too, but it must be nested in the original +RPC element. + +Command and its output: + +``` +> data -t reply ../tools/lint/examples/rpc-reply.xml +``` + +**action and action-reply** + +Actions are validated the same way as RPCs except you need to be careful +about the input file structure. No NETCONF-specific envelopes are expected. + +Preparation + +``` +> clear +> add module4.yang +``` + +Command and its output: + +``` +> data -t rpc action.xml +``` + +Command and its output: + +``` +> data -t rpc action-reply.xml action.xml +``` + +**notification** + +Both top-level and nested notification can be validated. + +Preparation + +``` +> clear +> add module4.yang +``` + +Command and its output: + +``` +> data -t notif notification.xml +``` + +Command and its output: + +``` +> data -t notif nested-notification.xml +``` + + +**Multiple top-level elements in a single document** + +As a feature and in conflict with the XML definition, `yanglint(1)` (and libyang) +is able to read XML files with multiple top-level elements. Such documents +are not well-formed according to the XML spec, but it fits to how the YANG +interconnects data trees (defined as top-level elements of a single schema +or by multiple schemas). + +Preparation: + +``` +> clear +> add ietf-netconf-acm.yang +> add ietf-interfaces.yang +> add ietf-ip.yang +> add iana-if-type.yang +``` + +Command and its output: + +``` +> data -t config datastore.xml +``` + +**Different data content types** + +Since NETCONF requires the data described by YANG to be used in different +situations (e.g. as <edit-config data>, result of the <get> with status data +included or as a result of the <get-config> without the status data and +possibly filtered, so without specified subtrees), it must be possible to +specify which kind of data is going to be parsed. In `yanglint(1)`, this is done +via `-t` option. The list of supported modes can be displayed by the `-h` +option given to the `data` command. In general, the `auto` value lets the +`yanglint(1)` to recognize the data type automatically by the additional top-level +elements added to the parsed data. This is the same way as `pyang(1)` uses. Note, +that the automatic data type recognition is available only for the XML input. + +**Malformed XML data** + +Command and its output: + +``` +> data -t edit config-missing-key.xml +libyang[0]: Node "nam" not found as a child of "group" node. (path: Schema location "/ietf-netconf-acm:nacm/groups/group", data location "/ietf-netconf-acm:group", line number 19.) +YANGLINT[E]: Failed to parse input data file "config-missing-key.xml". +``` + +**State information in edit-config XML** + +Command and its output: + +``` +> data -t edit config-unknown-element.xml +libyang[0]: Unexpected data state node "denied-operations" found. (path: Schema location "/ietf-netconf-acm:nacm/denied-operations", data location "/ietf-netconf-acm:nacm", line number 24.) +YANGLINT[E]: Failed to parse input data file "config-unknown-element.xml". +``` + +**Missing required element in NETCONF data** + +Command and its output: + +``` +> data data-missing-key.xml +libyang[0]: List instance is missing its key "name". (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule", data location "/ietf-netconf-acm:rule", line number 10.) +YANGLINT[E]: Failed to parse input data file "data-missing-key.xml". +``` + +**Malformed XML** + +Command and its output: + +``` +> data data-malformed-xml.xml +libyang[0]: Node "nam" not found as a child of "rule" node. (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule", data location "/ietf-netconf-acm:rule", line number 8.) +YANGLINT[E]: Failed to parse input data file "data-malformed-xml.xml". +``` + +Command and its output: + +``` +> data data-malformed-xml2.xml +libyang[0]: Child element "module-name" inside a terminal node "name" found. (path: Schema location "/ietf-netconf-acm:nacm/rule-list/rule/name", data location "/ietf-netconf-acm:name", line number 7.) +YANGLINT[E]: Failed to parse input data file "data-malformed-xml2.xml". +``` + +**Bad value** + +Command and its output: + +``` +> data data-out-of-range-value.xml +libyang[0]: Value "-1" is out of type uint32 min/max bounds. (path: Schema location "/ietf-netconf-acm:nacm/denied-operations", data location "/ietf-netconf-acm:nacm", line number 24.) +YANGLINT[E]: Failed to parse input data file "data-out-of-range-value.xml". +``` + +## Validation of "when" Statement in Data + +Preparation: + +``` +> clear +> add ietf-netconf-acm-when.yang +``` + +**`When` condition is not satisfied since `denied-operation = 0`** + +Command and its output: + +``` +> data data-acm.xml +libyang[0]: When condition "../denied-operations > 0" not satisfied. (path: Schema location "/ietf-netconf-acm-when:nacm/denied-data-writes", data location "/ietf-netconf-acm-when:nacm/denied-data-writes".) +YANGLINT[E]: Failed to parse input data file "data-acm.xml". +``` + +## Printing a Data Model + +Preparation: + +``` +> clear +> add ietf-netconf-acm.yang +``` + +**Print a `pyang`-style tree** + +Command and its output: + +``` +> print ietf-netconf-acm +module: ietf-netconf-acm + +--rw nacm + +--rw enable-nacm? boolean + +--rw read-default? action-type + +--rw write-default? action-type + +--rw exec-default? action-type + +--rw enable-external-groups? boolean + +--ro denied-operations yang:zero-based-counter32 + +--ro denied-data-writes yang:zero-based-counter32 + +--ro denied-notifications yang:zero-based-counter32 + +--rw groups + | +--rw group* [name] + | +--rw name group-name-type + | +--rw user-name* user-name-type + +--rw rule-list* [name] + +--rw name string + +--rw group* union + +--rw rule* [name] + +--rw name string + +--rw module-name? union + +--rw (rule-type)? + | +--:(protocol-operation) + | | +--rw rpc-name? union + | +--:(notification) + | | +--rw notification-name? union + | +--:(data-node) + | +--rw path node-instance-identifier + +--rw access-operations? union + +--rw action action-type + +--rw comment? string +``` + +**Print information about specific model part** + +Command and its output: + +``` +> print -f info -P /ietf-netconf-acm:nacm/ietf-netconf-acm:enable-nacm ietf-netconf-acm +leaf enable-nacm { + ietf-netconf-acm:default-deny-all; + type boolean; + default "true"; + config true; + status current; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; +} +``` + +## Usage of `feature` in Yang + +Preparation: + +``` +> clear +> add ietf-interfaces.yang +> add ietf-ip.yang -F ietf-ip:* +> add iana-if-type.yang +``` + +Note: This example also shows `JSON` output of the command. + +Command and its output: +``` +> feature ietf-ip +ietf-ip features: + ipv4-non-contiguous-netmasks (on) + ipv6-privacy-autoconf (on) +> data -f json -t config data-ip.xml +{ + "ietf-interfaces:interfaces": { + "interface": [ + { + "name": "eth0", + "description": "Wire Connection", + "type": "iana-if-type:ethernetCsmacd", + "enabled": true, + "ietf-ip:ipv4": { + "address": [ + { + "ip": "192.168.1.15", + "netmask": "255.255.255.0" + }, + { + "ip": "192.168.1.10", + "netmask": "255.255.255.0" + } + ] + } + } + ] + } +} +``` + +## YANG modules with the Schema Mount extension + +In these examples the non-interactive `yanglint` is used to simplify creating the context, a `yang-library` data file is +used. The working directory is `libyang/tools/lint/examples` and *libyang* must be installed. + +**Print tree output of a model with Schema Mount** + +Command and its output: + +``` +$ yanglint -f tree -p . -Y sm-context-main.xml -x sm-context-extension.xml sm-main.yang +module: sm-main + +--mp root* [node] + | +--rw node string + +--mp root2 + +--rw root3 + +--mp my-list* [name] + +--rw things/* [name] + | +--rw name -> /if:interfaces/if:interface/if:name + | +--rw attribute? uint32 + +--rw not-compiled/ + | +--rw first? string + | +--rw second? string + +--rw interfaces@ + | +--rw interface* [name] + | +--rw name string + | +--rw type identityref + +--rw name string +``` + +**Validating and printing mounted data** + +Command and its output: + +``` +$ yanglint -f json -t config -p . -Y sm-context-main.xml -x sm-context-extension.xml sm-data.xml +{ + "ietf-interfaces:interfaces": { + "interface": [ + { + "name": "eth0", + "type": "iana-if-type:ethernetCsmacd" + }, + { + "name": "eth1", + "type": "iana-if-type:ethernetCsmacd" + } + ] + }, + "sm-main:root3": { + "my-list": [ + { + "name": "list item 1", + "sm-extension:things": [ + { + "name": "eth0", + "attribute": 1 + } + ] + } + ] + } +} +``` diff --git a/tools/lint/examples/action-reply.xml b/tools/lint/examples/action-reply.xml new file mode 100644 index 0000000..e6fc284 --- /dev/null +++ b/tools/lint/examples/action-reply.xml @@ -0,0 +1,8 @@ +<cont1 xmlns="urn:module4"> + <list> + <leaf1>key_val</leaf1> + <act> + <leaf3>some_output</leaf3> + </act> + </list> +</cont1> diff --git a/tools/lint/examples/action.xml b/tools/lint/examples/action.xml new file mode 100644 index 0000000..661fecf --- /dev/null +++ b/tools/lint/examples/action.xml @@ -0,0 +1,8 @@ +<cont1 xmlns="urn:module4"> + <list> + <leaf1>key_val</leaf1> + <act> + <leaf2>some_input</leaf2> + </act> + </list> +</cont1> diff --git a/tools/lint/examples/config-acm.xml b/tools/lint/examples/config-acm.xml new file mode 100644 index 0000000..8c99419 --- /dev/null +++ b/tools/lint/examples/config-acm.xml @@ -0,0 +1,24 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group nc:operation="create">test</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> +</nacm> diff --git a/tools/lint/examples/config-missing-key.xml b/tools/lint/examples/config-missing-key.xml new file mode 100644 index 0000000..c30c2b0 --- /dev/null +++ b/tools/lint/examples/config-missing-key.xml @@ -0,0 +1,24 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <nam>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> +</nacm> diff --git a/tools/lint/examples/config-unknown-element.xml b/tools/lint/examples/config-unknown-element.xml new file mode 100644 index 0000000..66ae880 --- /dev/null +++ b/tools/lint/examples/config-unknown-element.xml @@ -0,0 +1,27 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>0</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/data-acm.xml b/tools/lint/examples/data-acm.xml new file mode 100644 index 0000000..66ae880 --- /dev/null +++ b/tools/lint/examples/data-acm.xml @@ -0,0 +1,27 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>0</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/data-ip.xml b/tools/lint/examples/data-ip.xml new file mode 100644 index 0000000..1894f6d --- /dev/null +++ b/tools/lint/examples/data-ip.xml @@ -0,0 +1,12 @@ +<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>eth0</name> + <description>Wire Connection</description> + <type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type> + <enabled>true</enabled> + <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"> + <address><ip>192.168.1.15</ip><netmask>255.255.255.0</netmask></address> + <address><ip>192.168.1.10</ip><netmask>255.255.255.0</netmask></address> + </ipv4> + </interface> +</interfaces> diff --git a/tools/lint/examples/data-malformed-xml.xml b/tools/lint/examples/data-malformed-xml.xml new file mode 100644 index 0000000..908d79b --- /dev/null +++ b/tools/lint/examples/data-malformed-xml.xml @@ -0,0 +1,27 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <nam>almighty + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>0</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/data-malformed-xml2.xml b/tools/lint/examples/data-malformed-xml2.xml new file mode 100644 index 0000000..8d0e5f4 --- /dev/null +++ b/tools/lint/examples/data-malformed-xml2.xml @@ -0,0 +1,26 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <name>almighty<module-name></name> *</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>0</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/data-missing-key.xml b/tools/lint/examples/data-missing-key.xml new file mode 100644 index 0000000..2e9684d --- /dev/null +++ b/tools/lint/examples/data-missing-key.xml @@ -0,0 +1,26 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>0</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/data-out-of-range-value.xml b/tools/lint/examples/data-out-of-range-value.xml new file mode 100644 index 0000000..2af5ba9 --- /dev/null +++ b/tools/lint/examples/data-out-of-range-value.xml @@ -0,0 +1,27 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <group>test</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>test</name> + <user-name>smith</user-name> + </group> + <group> + <name>almighty</name> + <user-name>smith</user-name> + <user-name>doe</user-name> + </group> + </groups> + <denied-operations>-1</denied-operations> + <denied-data-writes>0</denied-data-writes> + <denied-notifications>0</denied-notifications> +</nacm> diff --git a/tools/lint/examples/datastore.xml b/tools/lint/examples/datastore.xml new file mode 100644 index 0000000..c6a6fc9 --- /dev/null +++ b/tools/lint/examples/datastore.xml @@ -0,0 +1,29 @@ +<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"> + <rule-list> + <name>almighty</name> + <group>almighty</group> + <rule> + <name>almighty</name> + <module-name>*</module-name> + <access-operations>*</access-operations> + <action>permit</action> + </rule> + </rule-list> + <groups> + <group> + <name>almighty</name> + <user-name>smith</user-name> + </group> + </groups> +</nacm> +<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>eth0</name> + <description>Wire Connection</description> + <type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type> + <enabled>true</enabled> + <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"> + <address><ip>192.168.1.15</ip><prefix-length>24</prefix-length></address> + </ipv4> + </interface> +</interfaces> diff --git a/tools/lint/examples/iana-if-type.yang b/tools/lint/examples/iana-if-type.yang new file mode 100644 index 0000000..5dd8219 --- /dev/null +++ b/tools/lint/examples/iana-if-type.yang @@ -0,0 +1,1547 @@ +module iana-if-type { + namespace "urn:ietf:params:xml:ns:yang:iana-if-type"; + prefix ianaift; + + import ietf-interfaces { + prefix if; + } + + organization "IANA"; + contact + " Internet Assigned Numbers Authority + + Postal: ICANN + 4676 Admiralty Way, Suite 330 + Marina del Rey, CA 90292 + + Tel: +1 310 823 9358 + <mailto:iana@iana.org>"; + description + "This YANG module defines YANG identities for IANA-registered + interface types. + + This YANG module is maintained by IANA and reflects the + 'ifType definitions' registry. + + The latest revision of this YANG module can be obtained from + the IANA web site. + + Requests for new values should be made to IANA via + email (iana@iana.org). + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 7224; + see the RFC itself for full legal notices."; + reference + "IANA 'ifType definitions' registry. + <http://www.iana.org/assignments/smi-numbers>"; + + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7224: IANA Interface Type YANG Module"; + } + + identity iana-interface-type { + base if:interface-type; + description + "This identity is used as a base for all interface types + defined in the 'ifType definitions' registry."; + } + + + + + + + identity other { + base iana-interface-type; + } + identity regular1822 { + base iana-interface-type; + } + identity hdh1822 { + base iana-interface-type; + } + identity ddnX25 { + base iana-interface-type; + } + identity rfc877x25 { + base iana-interface-type; + reference + "RFC 1382 - SNMP MIB Extension for the X.25 Packet Layer"; + } + identity ethernetCsmacd { + base iana-interface-type; + description + "For all Ethernet-like interfaces, regardless of speed, + as per RFC 3635."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88023Csmacd { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88024TokenBus { + base iana-interface-type; + } + identity iso88025TokenRing { + base iana-interface-type; + } + identity iso88026Man { + base iana-interface-type; + } + identity starLan { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity proteon10Mbit { + base iana-interface-type; + } + identity proteon80Mbit { + base iana-interface-type; + } + identity hyperchannel { + base iana-interface-type; + } + identity fddi { + base iana-interface-type; + reference + "RFC 1512 - FDDI Management Information Base"; + } + identity lapb { + base iana-interface-type; + reference + "RFC 1381 - SNMP MIB Extension for X.25 LAPB"; + } + identity sdlc { + base iana-interface-type; + } + identity ds1 { + base iana-interface-type; + description + "DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + identity e1 { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + + + identity basicISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity primaryISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity propPointToPointSerial { + base iana-interface-type; + description + "Proprietary serial."; + } + identity ppp { + base iana-interface-type; + } + identity softwareLoopback { + base iana-interface-type; + } + identity eon { + base iana-interface-type; + description + "CLNP over IP."; + } + identity ethernet3Mbit { + base iana-interface-type; + } + identity nsip { + base iana-interface-type; + description + "XNS over IP."; + } + identity slip { + base iana-interface-type; + description + "Generic SLIP."; + } + identity ultra { + base iana-interface-type; + description + "Ultra Technologies."; + } + identity ds3 { + base iana-interface-type; + description + "DS3-MIB."; + reference + "RFC 3896 - Definitions of Managed Objects for the + DS3/E3 Interface Type"; + } + identity sip { + base iana-interface-type; + description + "SMDS, coffee."; + reference + "RFC 1694 - Definitions of Managed Objects for SMDS + Interfaces using SMIv2"; + } + identity frameRelay { + base iana-interface-type; + description + "DTE only."; + reference + "RFC 2115 - Management Information Base for Frame Relay + DTEs Using SMIv2"; + } + identity rs232 { + base iana-interface-type; + reference + "RFC 1659 - Definitions of Managed Objects for RS-232-like + Hardware Devices using SMIv2"; + } + identity para { + base iana-interface-type; + description + "Parallel-port."; + reference + "RFC 1660 - Definitions of Managed Objects for + Parallel-printer-like Hardware Devices using + SMIv2"; + } + identity arcnet { + base iana-interface-type; + description + "ARCnet."; + } + identity arcnetPlus { + base iana-interface-type; + description + "ARCnet Plus."; + } + + + + identity atm { + base iana-interface-type; + description + "ATM cells."; + } + identity miox25 { + base iana-interface-type; + reference + "RFC 1461 - SNMP MIB extension for Multiprotocol + Interconnect over X.25"; + } + identity sonet { + base iana-interface-type; + description + "SONET or SDH."; + } + identity x25ple { + base iana-interface-type; + reference + "RFC 2127 - ISDN Management Information Base using SMIv2"; + } + identity iso88022llc { + base iana-interface-type; + } + identity localTalk { + base iana-interface-type; + } + identity smdsDxi { + base iana-interface-type; + } + identity frameRelayService { + base iana-interface-type; + description + "FRNETSERV-MIB."; + reference + "RFC 2954 - Definitions of Managed Objects for Frame + Relay Service"; + } + identity v35 { + base iana-interface-type; + } + identity hssi { + base iana-interface-type; + } + identity hippi { + base iana-interface-type; + } + + identity modem { + base iana-interface-type; + description + "Generic modem."; + } + identity aal5 { + base iana-interface-type; + description + "AAL5 over ATM."; + } + identity sonetPath { + base iana-interface-type; + } + identity sonetVT { + base iana-interface-type; + } + identity smdsIcip { + base iana-interface-type; + description + "SMDS InterCarrier Interface."; + } + identity propVirtual { + base iana-interface-type; + description + "Proprietary virtual/internal."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity propMultiplexor { + base iana-interface-type; + description + "Proprietary multiplexing."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity ieee80212 { + base iana-interface-type; + description + "100BaseVG."; + } + identity fibreChannel { + base iana-interface-type; + description + "Fibre Channel."; + } + + + + identity hippiInterface { + base iana-interface-type; + description + "HIPPI interfaces."; + } + identity frameRelayInterconnect { + base iana-interface-type; + status obsolete; + description + "Obsolete; use either + frameRelay(32) or frameRelayService(44)."; + } + identity aflane8023 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.3."; + } + identity aflane8025 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.5."; + } + identity cctEmul { + base iana-interface-type; + description + "ATM Emulated circuit."; + } + identity fastEther { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity isdn { + base iana-interface-type; + description + "ISDN and X.25."; + reference + "RFC 1356 - Multiprotocol Interconnect on X.25 and ISDN + in the Packet Mode"; + } + + + + identity v11 { + base iana-interface-type; + description + "CCITT V.11/X.21."; + } + identity v36 { + base iana-interface-type; + description + "CCITT V.36."; + } + identity g703at64k { + base iana-interface-type; + description + "CCITT G703 at 64Kbps."; + } + identity g703at2mb { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + } + identity qllc { + base iana-interface-type; + description + "SNA QLLC."; + } + identity fastEtherFX { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity channel { + base iana-interface-type; + description + "Channel."; + } + identity ieee80211 { + base iana-interface-type; + description + "Radio spread spectrum."; + } + identity ibm370parChan { + base iana-interface-type; + description + "IBM System 360/370 OEMI Channel."; + } + identity escon { + base iana-interface-type; + description + "IBM Enterprise Systems Connection."; + } + identity dlsw { + base iana-interface-type; + description + "Data Link Switching."; + } + identity isdns { + base iana-interface-type; + description + "ISDN S/T interface."; + } + identity isdnu { + base iana-interface-type; + description + "ISDN U interface."; + } + identity lapd { + base iana-interface-type; + description + "Link Access Protocol D."; + } + identity ipSwitch { + base iana-interface-type; + description + "IP Switching Objects."; + } + identity rsrb { + base iana-interface-type; + description + "Remote Source Route Bridging."; + } + identity atmLogical { + base iana-interface-type; + description + "ATM Logical Port."; + reference + "RFC 3606 - Definitions of Supplemental Managed Objects + for ATM Interface"; + } + identity ds0 { + base iana-interface-type; + description + "Digital Signal Level 0."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity ds0Bundle { + base iana-interface-type; + description + "Group of ds0s on the same ds1."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity bsc { + base iana-interface-type; + description + "Bisynchronous Protocol."; + } + identity async { + base iana-interface-type; + description + "Asynchronous Protocol."; + } + identity cnr { + base iana-interface-type; + description + "Combat Net Radio."; + } + identity iso88025Dtr { + base iana-interface-type; + description + "ISO 802.5r DTR."; + } + identity eplrs { + base iana-interface-type; + description + "Ext Pos Loc Report Sys."; + } + identity arap { + base iana-interface-type; + description + "Appletalk Remote Access Protocol."; + } + identity propCnls { + base iana-interface-type; + description + "Proprietary Connectionless Protocol."; + } + identity hostPad { + base iana-interface-type; + description + "CCITT-ITU X.29 PAD Protocol."; + } + identity termPad { + base iana-interface-type; + description + "CCITT-ITU X.3 PAD Facility."; + } + identity frameRelayMPI { + base iana-interface-type; + description + "Multiproto Interconnect over FR."; + } + identity x213 { + base iana-interface-type; + description + "CCITT-ITU X213."; + } + identity adsl { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop."; + } + identity radsl { + base iana-interface-type; + description + "Rate-Adapt. Digital Subscriber Loop."; + } + identity sdsl { + base iana-interface-type; + description + "Symmetric Digital Subscriber Loop."; + } + identity vdsl { + base iana-interface-type; + description + "Very H-Speed Digital Subscrib. Loop."; + } + identity iso88025CRFPInt { + base iana-interface-type; + description + "ISO 802.5 CRFP."; + } + identity myrinet { + base iana-interface-type; + description + "Myricom Myrinet."; + } + identity voiceEM { + base iana-interface-type; + description + "Voice recEive and transMit."; + } + identity voiceFXO { + base iana-interface-type; + description + "Voice Foreign Exchange Office."; + } + identity voiceFXS { + base iana-interface-type; + description + "Voice Foreign Exchange Station."; + } + identity voiceEncap { + base iana-interface-type; + description + "Voice encapsulation."; + } + identity voiceOverIp { + base iana-interface-type; + description + "Voice over IP encapsulation."; + } + identity atmDxi { + base iana-interface-type; + description + "ATM DXI."; + } + identity atmFuni { + base iana-interface-type; + description + "ATM FUNI."; + } + identity atmIma { + base iana-interface-type; + description + "ATM IMA."; + } + identity pppMultilinkBundle { + base iana-interface-type; + description + "PPP Multilink Bundle."; + } + identity ipOverCdlc { + base iana-interface-type; + description + "IBM ipOverCdlc."; + } + identity ipOverClaw { + base iana-interface-type; + description + "IBM Common Link Access to Workstn."; + } + identity stackToStack { + base iana-interface-type; + description + "IBM stackToStack."; + } + identity virtualIpAddress { + base iana-interface-type; + description + "IBM VIPA."; + } + identity mpc { + base iana-interface-type; + description + "IBM multi-protocol channel support."; + } + identity ipOverAtm { + base iana-interface-type; + description + "IBM ipOverAtm."; + reference + "RFC 2320 - Definitions of Managed Objects for Classical IP + and ARP Over ATM Using SMIv2 (IPOA-MIB)"; + } + identity iso88025Fiber { + base iana-interface-type; + description + "ISO 802.5j Fiber Token Ring."; + } + identity tdlc { + base iana-interface-type; + description + "IBM twinaxial data link control."; + } + identity gigabitEthernet { + base iana-interface-type; + status deprecated; + + + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity hdlc { + base iana-interface-type; + description + "HDLC."; + } + identity lapf { + base iana-interface-type; + description + "LAP F."; + } + identity v37 { + base iana-interface-type; + description + "V.37."; + } + identity x25mlp { + base iana-interface-type; + description + "Multi-Link Protocol."; + } + identity x25huntGroup { + base iana-interface-type; + description + "X25 Hunt Group."; + } + identity transpHdlc { + base iana-interface-type; + description + "Transp HDLC."; + } + identity interleave { + base iana-interface-type; + description + "Interleave channel."; + } + identity fast { + base iana-interface-type; + description + "Fast channel."; + } + + identity ip { + base iana-interface-type; + description + "IP (for APPN HPR in IP networks)."; + } + identity docsCableMaclayer { + base iana-interface-type; + description + "CATV Mac Layer."; + } + identity docsCableDownstream { + base iana-interface-type; + description + "CATV Downstream interface."; + } + identity docsCableUpstream { + base iana-interface-type; + description + "CATV Upstream interface."; + } + identity a12MppSwitch { + base iana-interface-type; + description + "Avalon Parallel Processor."; + } + identity tunnel { + base iana-interface-type; + description + "Encapsulation interface."; + } + identity coffee { + base iana-interface-type; + description + "Coffee pot."; + reference + "RFC 2325 - Coffee MIB"; + } + identity ces { + base iana-interface-type; + description + "Circuit Emulation Service."; + } + identity atmSubInterface { + base iana-interface-type; + description + "ATM Sub Interface."; + } + + identity l2vlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using 802.1Q."; + } + identity l3ipvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IP."; + } + identity l3ipxvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IPX."; + } + identity digitalPowerline { + base iana-interface-type; + description + "IP over Power Lines."; + } + identity mediaMailOverIp { + base iana-interface-type; + description + "Multimedia Mail over IP."; + } + identity dtm { + base iana-interface-type; + description + "Dynamic synchronous Transfer Mode."; + } + identity dcn { + base iana-interface-type; + description + "Data Communications Network."; + } + identity ipForward { + base iana-interface-type; + description + "IP Forwarding Interface."; + } + identity msdsl { + base iana-interface-type; + description + "Multi-rate Symmetric DSL."; + } + identity ieee1394 { + base iana-interface-type; + + description + "IEEE1394 High Performance Serial Bus."; + } + identity if-gsn { + base iana-interface-type; + description + "HIPPI-6400."; + } + identity dvbRccMacLayer { + base iana-interface-type; + description + "DVB-RCC MAC Layer."; + } + identity dvbRccDownstream { + base iana-interface-type; + description + "DVB-RCC Downstream Channel."; + } + identity dvbRccUpstream { + base iana-interface-type; + description + "DVB-RCC Upstream Channel."; + } + identity atmVirtual { + base iana-interface-type; + description + "ATM Virtual Interface."; + } + identity mplsTunnel { + base iana-interface-type; + description + "MPLS Tunnel Virtual Interface."; + } + identity srp { + base iana-interface-type; + description + "Spatial Reuse Protocol."; + } + identity voiceOverAtm { + base iana-interface-type; + description + "Voice over ATM."; + } + identity voiceOverFrameRelay { + base iana-interface-type; + description + "Voice Over Frame Relay."; + } + identity idsl { + base iana-interface-type; + description + "Digital Subscriber Loop over ISDN."; + } + identity compositeLink { + base iana-interface-type; + description + "Avici Composite Link Interface."; + } + identity ss7SigLink { + base iana-interface-type; + description + "SS7 Signaling Link."; + } + identity propWirelessP2P { + base iana-interface-type; + description + "Prop. P2P wireless interface."; + } + identity frForward { + base iana-interface-type; + description + "Frame Forward Interface."; + } + identity rfc1483 { + base iana-interface-type; + description + "Multiprotocol over ATM AAL5."; + reference + "RFC 1483 - Multiprotocol Encapsulation over ATM + Adaptation Layer 5"; + } + identity usb { + base iana-interface-type; + description + "USB Interface."; + } + identity ieee8023adLag { + base iana-interface-type; + description + "IEEE 802.3ad Link Aggregate."; + } + identity bgppolicyaccounting { + base iana-interface-type; + description + "BGP Policy Accounting."; + } + identity frf16MfrBundle { + base iana-interface-type; + description + "FRF.16 Multilink Frame Relay."; + } + identity h323Gatekeeper { + base iana-interface-type; + description + "H323 Gatekeeper."; + } + identity h323Proxy { + base iana-interface-type; + description + "H323 Voice and Video Proxy."; + } + identity mpls { + base iana-interface-type; + description + "MPLS."; + } + identity mfSigLink { + base iana-interface-type; + description + "Multi-frequency signaling link."; + } + identity hdsl2 { + base iana-interface-type; + description + "High Bit-Rate DSL - 2nd generation."; + } + identity shdsl { + base iana-interface-type; + description + "Multirate HDSL2."; + } + identity ds1FDL { + base iana-interface-type; + description + "Facility Data Link (4Kbps) on a DS1."; + } + identity pos { + base iana-interface-type; + description + "Packet over SONET/SDH Interface."; + } + + + + identity dvbAsiIn { + base iana-interface-type; + description + "DVB-ASI Input."; + } + identity dvbAsiOut { + base iana-interface-type; + description + "DVB-ASI Output."; + } + identity plc { + base iana-interface-type; + description + "Power Line Communications."; + } + identity nfas { + base iana-interface-type; + description + "Non-Facility Associated Signaling."; + } + identity tr008 { + base iana-interface-type; + description + "TR008."; + } + identity gr303RDT { + base iana-interface-type; + description + "Remote Digital Terminal."; + } + identity gr303IDT { + base iana-interface-type; + description + "Integrated Digital Terminal."; + } + identity isup { + base iana-interface-type; + description + "ISUP."; + } + identity propDocsWirelessMaclayer { + base iana-interface-type; + description + "Cisco proprietary Maclayer."; + } + + + + identity propDocsWirelessDownstream { + base iana-interface-type; + description + "Cisco proprietary Downstream."; + } + identity propDocsWirelessUpstream { + base iana-interface-type; + description + "Cisco proprietary Upstream."; + } + identity hiperlan2 { + base iana-interface-type; + description + "HIPERLAN Type 2 Radio Interface."; + } + identity propBWAp2Mp { + base iana-interface-type; + description + "PropBroadbandWirelessAccesspt2Multipt (use of this value + for IEEE 802.16 WMAN interfaces as per IEEE Std 802.16f + is deprecated, and ieee80216WMAN(237) should be used + instead)."; + } + identity sonetOverheadChannel { + base iana-interface-type; + description + "SONET Overhead Channel."; + } + identity digitalWrapperOverheadChannel { + base iana-interface-type; + description + "Digital Wrapper."; + } + identity aal2 { + base iana-interface-type; + description + "ATM adaptation layer 2."; + } + identity radioMAC { + base iana-interface-type; + description + "MAC layer over radio links."; + } + identity atmRadio { + base iana-interface-type; + description + "ATM over radio links."; + } + identity imt { + base iana-interface-type; + description + "Inter-Machine Trunks."; + } + identity mvl { + base iana-interface-type; + description + "Multiple Virtual Lines DSL."; + } + identity reachDSL { + base iana-interface-type; + description + "Long Reach DSL."; + } + identity frDlciEndPt { + base iana-interface-type; + description + "Frame Relay DLCI End Point."; + } + identity atmVciEndPt { + base iana-interface-type; + description + "ATM VCI End Point."; + } + identity opticalChannel { + base iana-interface-type; + description + "Optical Channel."; + } + identity opticalTransport { + base iana-interface-type; + description + "Optical Transport."; + } + identity propAtm { + base iana-interface-type; + description + "Proprietary ATM."; + } + identity voiceOverCable { + base iana-interface-type; + description + "Voice Over Cable Interface."; + } + + + + identity infiniband { + base iana-interface-type; + description + "Infiniband."; + } + identity teLink { + base iana-interface-type; + description + "TE Link."; + } + identity q2931 { + base iana-interface-type; + description + "Q.2931."; + } + identity virtualTg { + base iana-interface-type; + description + "Virtual Trunk Group."; + } + identity sipTg { + base iana-interface-type; + description + "SIP Trunk Group."; + } + identity sipSig { + base iana-interface-type; + description + "SIP Signaling."; + } + identity docsCableUpstreamChannel { + base iana-interface-type; + description + "CATV Upstream Channel."; + } + identity econet { + base iana-interface-type; + description + "Acorn Econet."; + } + identity pon155 { + base iana-interface-type; + description + "FSAN 155Mb Symetrical PON interface."; + } + + + + identity pon622 { + base iana-interface-type; + description + "FSAN 622Mb Symetrical PON interface."; + } + identity bridge { + base iana-interface-type; + description + "Transparent bridge interface."; + } + identity linegroup { + base iana-interface-type; + description + "Interface common to multiple lines."; + } + identity voiceEMFGD { + base iana-interface-type; + description + "Voice E&M Feature Group D."; + } + identity voiceFGDEANA { + base iana-interface-type; + description + "Voice FGD Exchange Access North American."; + } + identity voiceDID { + base iana-interface-type; + description + "Voice Direct Inward Dialing."; + } + identity mpegTransport { + base iana-interface-type; + description + "MPEG transport interface."; + } + identity sixToFour { + base iana-interface-type; + status deprecated; + description + "6to4 interface (DEPRECATED)."; + reference + "RFC 4087 - IP Tunnel MIB"; + } + identity gtp { + base iana-interface-type; + description + "GTP (GPRS Tunneling Protocol)."; + } + identity pdnEtherLoop1 { + base iana-interface-type; + description + "Paradyne EtherLoop 1."; + } + identity pdnEtherLoop2 { + base iana-interface-type; + description + "Paradyne EtherLoop 2."; + } + identity opticalChannelGroup { + base iana-interface-type; + description + "Optical Channel Group."; + } + identity homepna { + base iana-interface-type; + description + "HomePNA ITU-T G.989."; + } + identity gfp { + base iana-interface-type; + description + "Generic Framing Procedure (GFP)."; + } + identity ciscoISLvlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using Cisco ISL."; + } + identity actelisMetaLOOP { + base iana-interface-type; + description + "Acteleis proprietary MetaLOOP High Speed Link."; + } + identity fcipLink { + base iana-interface-type; + description + "FCIP Link."; + } + identity rpr { + base iana-interface-type; + description + "Resilient Packet Ring Interface Type."; + } + + + + identity qam { + base iana-interface-type; + description + "RF Qam Interface."; + } + identity lmp { + base iana-interface-type; + description + "Link Management Protocol."; + reference + "RFC 4327 - Link Management Protocol (LMP) Management + Information Base (MIB)"; + } + identity cblVectaStar { + base iana-interface-type; + description + "Cambridge Broadband Networks Limited VectaStar."; + } + identity docsCableMCmtsDownstream { + base iana-interface-type; + description + "CATV Modular CMTS Downstream Interface."; + } + identity adsl2 { + base iana-interface-type; + status deprecated; + description + "Asymmetric Digital Subscriber Loop Version 2 + (DEPRECATED/OBSOLETED - please use adsl2plus(238) + instead)."; + reference + "RFC 4706 - Definitions of Managed Objects for Asymmetric + Digital Subscriber Line 2 (ADSL2)"; + } + identity macSecControlledIF { + base iana-interface-type; + description + "MACSecControlled."; + } + identity macSecUncontrolledIF { + base iana-interface-type; + description + "MACSecUncontrolled."; + } + identity aviciOpticalEther { + base iana-interface-type; + description + "Avici Optical Ethernet Aggregate."; + } + identity atmbond { + base iana-interface-type; + description + "atmbond."; + } + identity voiceFGDOS { + base iana-interface-type; + description + "Voice FGD Operator Services."; + } + identity mocaVersion1 { + base iana-interface-type; + description + "MultiMedia over Coax Alliance (MoCA) Interface + as documented in information provided privately to IANA."; + } + identity ieee80216WMAN { + base iana-interface-type; + description + "IEEE 802.16 WMAN interface."; + } + identity adsl2plus { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop Version 2 - + Version 2 Plus and all variants."; + } + identity dvbRcsMacLayer { + base iana-interface-type; + description + "DVB-RCS MAC Layer."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbTdm { + base iana-interface-type; + description + "DVB Satellite TDM."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbRcsTdma { + base iana-interface-type; + description + "DVB-RCS TDMA."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity x86Laps { + base iana-interface-type; + description + "LAPS based on ITU-T X.86/Y.1323."; + } + identity wwanPP { + base iana-interface-type; + description + "3GPP WWAN."; + } + identity wwanPP2 { + base iana-interface-type; + description + "3GPP2 WWAN."; + } + identity voiceEBS { + base iana-interface-type; + description + "Voice P-phone EBS physical interface."; + } + identity ifPwType { + base iana-interface-type; + description + "Pseudowire interface type."; + reference + "RFC 5601 - Pseudowire (PW) Management Information Base (MIB)"; + } + identity ilan { + base iana-interface-type; + description + "Internal LAN on a bridge per IEEE 802.1ap."; + } + identity pip { + base iana-interface-type; + description + "Provider Instance Port on a bridge per IEEE 802.1ah PBB."; + } + identity aluELP { + base iana-interface-type; + description + "Alcatel-Lucent Ethernet Link Protection."; + } + identity gpon { + base iana-interface-type; + description + "Gigabit-capable passive optical networks (G-PON) as per + ITU-T G.948."; + } + identity vdsl2 { + base iana-interface-type; + description + "Very high speed digital subscriber line Version 2 + (as per ITU-T Recommendation G.993.2)."; + reference + "RFC 5650 - Definitions of Managed Objects for Very High + Speed Digital Subscriber Line 2 (VDSL2)"; + } + identity capwapDot11Profile { + base iana-interface-type; + description + "WLAN Profile Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapDot11Bss { + base iana-interface-type; + description + "WLAN BSS Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapWtpVirtualRadio { + base iana-interface-type; + description + "WTP Virtual Radio Interface."; + reference + "RFC 5833 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Base MIB"; + } + identity bits { + base iana-interface-type; + description + "bitsport."; + } + identity docsCableUpstreamRfPort { + base iana-interface-type; + description + "DOCSIS CATV Upstream RF Port."; + } + + + identity cableDownstreamRfPort { + base iana-interface-type; + description + "CATV downstream RF Port."; + } + identity vmwareVirtualNic { + base iana-interface-type; + description + "VMware Virtual Network Interface."; + } + identity ieee802154 { + base iana-interface-type; + description + "IEEE 802.15.4 WPAN interface."; + reference + "IEEE 802.15.4-2006"; + } + identity otnOdu { + base iana-interface-type; + description + "OTN Optical Data Unit."; + } + identity otnOtu { + base iana-interface-type; + description + "OTN Optical channel Transport Unit."; + } + identity ifVfiType { + base iana-interface-type; + description + "VPLS Forwarding Instance Interface Type."; + } + identity g9981 { + base iana-interface-type; + description + "G.998.1 bonded interface."; + } + identity g9982 { + base iana-interface-type; + description + "G.998.2 bonded interface."; + } + identity g9983 { + base iana-interface-type; + description + "G.998.3 bonded interface."; + } + + identity aluEpon { + base iana-interface-type; + description + "Ethernet Passive Optical Networks (E-PON)."; + } + identity aluEponOnu { + base iana-interface-type; + description + "EPON Optical Network Unit."; + } + identity aluEponPhysicalUni { + base iana-interface-type; + description + "EPON physical User to Network interface."; + } + identity aluEponLogicalLink { + base iana-interface-type; + description + "The emulation of a point-to-point link over the EPON + layer."; + } + identity aluGponOnu { + base iana-interface-type; + description + "GPON Optical Network Unit."; + reference + "ITU-T G.984.2"; + } + identity aluGponPhysicalUni { + base iana-interface-type; + description + "GPON physical User to Network interface."; + reference + "ITU-T G.984.2"; + } + identity vmwareNicTeam { + base iana-interface-type; + description + "VMware NIC Team."; + } +} diff --git a/tools/lint/examples/ietf-interfaces.yang b/tools/lint/examples/ietf-interfaces.yang new file mode 100644 index 0000000..ad64425 --- /dev/null +++ b/tools/lint/examples/ietf-interfaces.yang @@ -0,0 +1,725 @@ +module ietf-interfaces { + + namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces"; + prefix if; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: <http://tools.ietf.org/wg/netmod/> + WG List: <mailto:netmod@ietf.org> + + WG Chair: Thomas Nadeau + <mailto:tnadeau@lucidvision.com> + + WG Chair: Juergen Schoenwaelder + <mailto:j.schoenwaelder@jacobs-university.de> + + Editor: Martin Bjorklund + <mailto:mbj@tail-f.com>"; + + description + "This module contains a collection of YANG definitions for + managing network interfaces. + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 7223; see + the RFC itself for full legal notices."; + + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7223: A YANG Data Model for Interface Management"; + } + + /* + * Typedefs + */ + + typedef interface-ref { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + description + "This type is used by data models that need to reference + configured interfaces."; + } + + typedef interface-state-ref { + type leafref { + path "/if:interfaces-state/if:interface/if:name"; + } + description + "This type is used by data models that need to reference + the operationally present interfaces."; + } + + /* + * Identities + */ + + identity interface-type { + description + "Base identity from which specific interface types are + derived."; + } + + /* + * Features + */ + + feature arbitrary-names { + description + "This feature indicates that the device allows user-controlled + interfaces to be named arbitrarily."; + } + feature pre-provisioning { + description + "This feature indicates that the device supports + pre-provisioning of interface configuration, i.e., it is + possible to configure an interface whose physical interface + hardware is not present on the device."; + } + + feature if-mib { + description + "This feature indicates that the device implements + the IF-MIB."; + reference + "RFC 2863: The Interfaces Group MIB"; + } + + /* + * Configuration data nodes + */ + + container interfaces { + description + "Interface configuration parameters."; + + list interface { + key "name"; + + description + "The list of configured interfaces on the device. + + The operational state of an interface is available in the + /interfaces-state/interface list. If the configuration of a + system-controlled interface cannot be used by the system + (e.g., the interface hardware present does not match the + interface type), then the configuration is not applied to + the system-controlled interface shown in the + /interfaces-state/interface list. If the configuration + of a user-controlled interface cannot be used by the system, + the configured interface is not instantiated in the + /interfaces-state/interface list."; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. The 'config false' + list /interfaces-state/interface contains the currently + existing interfaces on the device. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + /interfaces-state/interface list, the server MAY reject + the request if the implementation does not support + pre-provisioning of interfaces or if the name refers to + an interface that can never exist in the system. A + NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case. + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + /interface-state/interface list."; + } + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + datastore. + + Specifically, if the device supports ':startup', when + ifAlias is read the device MUST return the value of + 'description' in the 'startup' datastore, and when it is + written, it MUST be written to the 'running' and 'startup' + datastores. Note that it is up to the implementation to + + decide whether to modify this single leaf in 'startup' or + perform an implicit copy-config from 'running' to + 'startup'. + + If the device does not support ':startup', ifAlias MUST + be mapped to the 'description' leaf in the 'running' + datastore."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the 'running' datastore to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + + + Changes in this leaf in the 'running' datastore are + reflected in ifAdminStatus, but if ifAdminStatus is + changed over SNMP, this leaf is not affected."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf link-up-down-trap-enable { + if-feature if-mib; + type enumeration { + enum enabled { + value 1; + } + enum disabled { + value 2; + } + } + description + "Controls whether linkUp/linkDown SNMP notifications + should be generated for this interface. + + If this node is not configured, the value 'enabled' is + operationally used by the server for interfaces that do + not operate on top of any other interface (i.e., there are + no 'lower-layer-if' entries), and 'disabled' otherwise."; + reference + "RFC 2863: The Interfaces Group MIB - + ifLinkUpDownTrapEnable"; + } + } + } + + /* + * Operational state data nodes + */ + + container interfaces-state { + config false; + description + "Data nodes for the operational state of interfaces."; + + list interface { + key "name"; + + + + + + description + "The list of interfaces on the device. + + System-controlled interfaces created by the system are + always present in this list, whether they are configured or + not."; + + leaf name { + type string; + description + "The name of the interface. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + description + "The type of the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + + + + enum testing { + value 3; + description + "In some test mode."; + } + } + mandatory true; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + mandatory true; + description + "The ifIndex value for the ifEntry represented by this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + + + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-state-ref; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-state-ref; + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + + + + + + + + + container statistics { + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + + + + leaf in-broadcast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + + + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + + + + + leaf out-octets { + type yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + + leaf out-multicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + + + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + } + } +} diff --git a/tools/lint/examples/ietf-ip.yang b/tools/lint/examples/ietf-ip.yang new file mode 100644 index 0000000..1499120 --- /dev/null +++ b/tools/lint/examples/ietf-ip.yang @@ -0,0 +1,758 @@ +module ietf-ip { + + namespace "urn:ietf:params:xml:ns:yang:ietf-ip"; + prefix ip; + + import ietf-interfaces { + prefix if; + } + import ietf-inet-types { + prefix inet; + } + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: <http://tools.ietf.org/wg/netmod/> + WG List: <mailto:netmod@ietf.org> + + WG Chair: Thomas Nadeau + <mailto:tnadeau@lucidvision.com> + + WG Chair: Juergen Schoenwaelder + <mailto:j.schoenwaelder@jacobs-university.de> + + Editor: Martin Bjorklund + <mailto:mbj@tail-f.com>"; + + + + + + + + + + + description + "This module contains a collection of YANG definitions for + configuring IP implementations. + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 7277; see + the RFC itself for full legal notices."; + + revision 2014-06-16 { + description + "Initial revision."; + reference + "RFC 7277: A YANG Data Model for IP Management"; + } + + /* + + * Features + */ + + feature ipv4-non-contiguous-netmasks { + description + "Indicates support for configuring non-contiguous + subnet masks."; + } + + feature ipv6-privacy-autoconf { + description + "Indicates support for Privacy Extensions for Stateless Address + Autoconfiguration in IPv6."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + + + + + /* + * Typedefs + */ + + typedef ip-address-origin { + type enumeration { + enum other { + description + "None of the following."; + } + enum static { + description + "Indicates that the address has been statically + configured - for example, using NETCONF or a Command Line + Interface."; + } + enum dhcp { + description + "Indicates an address that has been assigned to this + system by a DHCP server."; + } + enum link-layer { + description + "Indicates an address created by IPv6 stateless + autoconfiguration that embeds a link-layer address in its + interface identifier."; + } + enum random { + description + "Indicates an address chosen by the system at + + random, e.g., an IPv4 address within 169.254/16, an + RFC 4941 temporary address, or an RFC 7217 semantically + opaque address."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + RFC 7217: A Method for Generating Semantically Opaque + Interface Identifiers with IPv6 Stateless + Address Autoconfiguration (SLAAC)"; + } + } + description + "The origin of an address."; + } + + + + typedef neighbor-origin { + type enumeration { + enum other { + description + "None of the following."; + } + enum static { + description + "Indicates that the mapping has been statically + configured - for example, using NETCONF or a Command Line + Interface."; + } + enum dynamic { + description + "Indicates that the mapping has been dynamically resolved + using, e.g., IPv4 ARP or the IPv6 Neighbor Discovery + protocol."; + } + } + description + "The origin of a neighbor entry."; + } + + /* + * Configuration data nodes + */ + + augment "/if:interfaces/if:interface" { + description + "Parameters for configuring IP on interfaces. + + If an interface is not capable of running IP, the server + must not allow the client to configure these parameters."; + + container ipv4 { + presence + "Enables IPv4 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv4 address family."; + + + + + + + + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv4 is enabled or disabled on this + interface. When IPv4 is enabled, this interface is + connected to an IPv4 stack, and the interface can send + and receive IPv4 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv4 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv4 routers + forward datagrams. IPv4 hosts do not (except those + source-routed via the host)."; + } + leaf mtu { + type uint16 { + range "68..max"; + } + units octets; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + description + "The list of configured IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address on the interface."; + } + + + + choice subnet { + mandatory true; + description + "The subnet can be specified as a prefix-length, or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + description + "The subnet specified as a netmask."; + } + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + Entries in this list are used as static entries in the + ARP Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + } + + } + + + container ipv6 { + presence + "Enables IPv6 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv6 address family."; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv6 is enabled or disabled on this + interface. When IPv6 is enabled, this interface is + connected to an IPv6 stack, and the interface can send + and receive IPv6 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv6 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv6 routers + forward datagrams. IPv6 hosts do not (except those + source-routed via the host)."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units octets; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + Section 5"; + } + + + list address { + key "ip"; + description + "The list of configured IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + description + "The length of the subnet prefix."; + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + Entries in this list are used as static entries in the + Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + } + + + + + + + leaf dup-addr-detect-transmits { + type uint32; + default 1; + description + "The number of consecutive Neighbor Solicitation messages + sent while performing Duplicate Address Detection on a + tentative address. A value of zero indicates that + Duplicate Address Detection is not performed on + tentative addresses. A value of one indicates a single + transmission with no follow-up retransmissions."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + container autoconf { + description + "Parameters to control the autoconfiguration of IPv6 + addresses, as described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + + leaf create-global-addresses { + type boolean; + default true; + description + "If enabled, the host creates global addresses as + described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration + Section 5.5"; + } + leaf create-temporary-addresses { + if-feature ipv6-privacy-autoconf; + type boolean; + default false; + description + "If enabled, the host creates temporary addresses as + described in RFC 4941."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + + + + + + + leaf temporary-valid-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 604800; + description + "The time period during which the temporary address + is valid."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_VALID_LIFETIME"; + } + leaf temporary-preferred-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 86400; + description + "The time period during which the temporary address is + preferred."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_PREFERRED_LIFETIME"; + } + } + } + } + + /* + * Operational state data nodes + */ + + augment "/if:interfaces-state/if:interface" { + description + "Data nodes for the operational state of IP on interfaces."; + + container ipv4 { + presence "Present if IPv4 is enabled on this interface"; + config false; + description + "Interface-specific parameters for the IPv4 address family."; + + + + + + leaf forwarding { + type boolean; + description + "Indicates whether IPv4 packet forwarding is enabled or + disabled on this interface."; + } + leaf mtu { + type uint16 { + range "68..max"; + } + units octets; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + description + "The list of IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address on the interface."; + } + choice subnet { + description + "The subnet can be specified as a prefix-length, or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + description + "The subnet specified as a netmask."; + } + } + + + leaf origin { + type ip-address-origin; + description + "The origin of this address."; + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + This list represents the ARP Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + description + "The origin of this neighbor entry."; + } + } + + } + + container ipv6 { + presence "Present if IPv6 is enabled on this interface"; + config false; + description + "Parameters for the IPv6 address family."; + + + + + + + + + leaf forwarding { + type boolean; + default false; + description + "Indicates whether IPv6 packet forwarding is enabled or + disabled on this interface."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units octets; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive."; + reference + "RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + Section 5"; + } + list address { + key "ip"; + description + "The list of IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + description + "The length of the subnet prefix."; + } + leaf origin { + type ip-address-origin; + description + "The origin of this address."; + } + + + + leaf status { + type enumeration { + enum preferred { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum deprecated { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum invalid { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + enum inaccessible { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum unknown { + description + "The status cannot be determined for some reason."; + } + enum tentative { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum duplicate { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + + + + + + + + enum optimistic { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + This list represents the Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type empty; + description + "Indicates that the neighbor node acts as a router."; + } + leaf state { + type enumeration { + enum incomplete { + description + "Address resolution is in progress, and the link-layer + address of the neighbor has not yet been + determined."; + } + enum reachable { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum stale { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum delay { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum probe { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + } + } +} diff --git a/tools/lint/examples/ietf-netconf-acm-when.yang b/tools/lint/examples/ietf-netconf-acm-when.yang new file mode 100644 index 0000000..902fcbf --- /dev/null +++ b/tools/lint/examples/ietf-netconf-acm-when.yang @@ -0,0 +1,412 @@ +module ietf-netconf-acm-when { + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm"; + prefix nacm; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://tools.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + + WG Chair: Mehmet Ersue + <mailto:mehmet.ersue@nsn.com> + + WG Chair: Bert Wijnen + <mailto:bertietf@bwijnen.net> + + Editor: Andy Bierman + <mailto:andy@yumaworks.com> + + Editor: Martin Bjorklund + <mailto:mbj@tail-f.com>"; + description + "NETCONF Access Control Model. + + Copyright (c) 2012 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6536; see + the RFC itself for full legal notices."; + + revision 2012-02-22 { + description + "Initial version"; + reference + "RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model"; + } + + extension default-deny-write { + description + "Used to indicate that the data model node + represents a sensitive security system parameter. + + If present, and the NACM module is enabled (i.e., + /nacm/enable-nacm object equals 'true'), the NETCONF server + will only allow the designated 'recovery session' to have + write access to the node. An explicit access control rule is + required for all other users. + + The 'default-deny-write' extension MAY appear within a data + definition statement. It is ignored otherwise."; + } + + extension default-deny-all { + description + "Used to indicate that the data model node + controls a very sensitive security system parameter. + + If present, and the NACM module is enabled (i.e., + /nacm/enable-nacm object equals 'true'), the NETCONF server + will only allow the designated 'recovery session' to have + read, write, or execute access to the node. An explicit + access control rule is required for all other users. + + The 'default-deny-all' extension MAY appear within a data + definition statement, 'rpc' statement, or 'notification' + statement. It is ignored otherwise."; + } + + typedef user-name-type { + type string { + length "1..max"; + } + description + "General Purpose Username string."; + } + + typedef matchall-string-type { + type string { + pattern "\\*"; + } + description + "The string containing a single asterisk '*' is used + to conceptually represent all possible values + for the particular leaf using this data type."; + } + + typedef access-operations-type { + type bits { + bit create { + description + "Any protocol operation that creates a + new data node."; + } + bit read { + description + "Any protocol operation or notification that + returns the value of a data node."; + } + bit update { + description + "Any protocol operation that alters an existing + data node."; + } + bit delete { + description + "Any protocol operation that removes a data node."; + } + bit exec { + description + "Execution access to the specified protocol operation."; + } + } + description + "NETCONF Access Operation."; + } + + typedef group-name-type { + type string { + length "1..max"; + pattern "[^\\*].*"; + } + description + "Name of administrative group to which + users can be assigned."; + } + + typedef action-type { + type enumeration { + enum "permit" { + description + "Requested action is permitted."; + } + enum "deny" { + description + "Requested action is denied."; + } + } + description + "Action taken by the server when a particular + rule matches."; + } + + typedef node-instance-identifier { + type yang:xpath1.0; + description + "Path expression used to represent a special + data node instance identifier string. + + A node-instance-identifier value is an + unrestricted YANG instance-identifier expression. + All the same rules as an instance-identifier apply + except predicates for keys are optional. If a key + predicate is missing, then the node-instance-identifier + represents all possible server instances for that key. + + This XPath expression is evaluated in the following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the current + session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree."; + } + + container nacm { + nacm:default-deny-all; + description + "Parameters for NETCONF Access Control Model."; + leaf enable-nacm { + type boolean; + default "true"; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; + } + leaf read-default { + type action-type; + default "permit"; + description + "Controls whether read access is granted if + no appropriate rule is found for a + particular read request."; + } + leaf write-default { + type action-type; + default "deny"; + description + "Controls whether create, update, or delete access + is granted if no appropriate rule is found for a + particular write request."; + } + leaf exec-default { + type action-type; + default "permit"; + description + "Controls whether exec access is granted if no appropriate + rule is found for a particular protocol operation request."; + } + leaf enable-external-groups { + type boolean; + default "true"; + description + "Controls whether the server uses the groups reported by the + NETCONF transport layer when it assigns the user to a set of + NACM groups. If this leaf has the value 'false', any group + names reported by the transport layer are ignored by the + server."; + } + leaf denied-operations { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request was denied."; + } + leaf denied-data-writes { + type yang:zero-based-counter32; + config false; + mandatory true; + when "../denied-operations > 0"; + description + "Number of times since the server last restarted that a + protocol operation request to alter + a configuration datastore was denied."; + } + leaf denied-notifications { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that + a notification was dropped for a subscription because + access to the event type was denied."; + } + container groups { + description + "NETCONF Access Control Groups."; + list group { + key "name"; + description + "One NACM Group Entry. This list will only contain + configured entries, not any entries learned from + any transport protocols."; + leaf name { + type group-name-type; + description + "Group name associated with this entry."; + } + leaf-list user-name { + type user-name-type; + description + "Each entry identifies the username of + a member of the group associated with + this entry."; + } + } + } + list rule-list { + key "name"; + ordered-by user; + description + "An ordered collection of access control rules."; + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule-list."; + } + leaf-list group { + type union { + type matchall-string-type; + type group-name-type; + } + description + "List of administrative groups that will be + assigned the associated access rights + defined by the 'rule' list. + + The string '*' indicates that all groups apply to the + entry."; + } + list rule { + key "name"; + ordered-by user; + description + "One access control rule. + + Rules are processed in user-defined order until a match is + found. A rule matches if 'module-name', 'rule-type', and + 'access-operations' match the request. If a rule + matches, the 'action' leaf determines if access is granted + or not."; + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule."; + } + leaf module-name { + type union { + type matchall-string-type; + type string; + } + default "*"; + description + "Name of the module associated with this rule. + + This leaf matches if it has the value '*' or if the + object being accessed is defined in the module with the + specified module name."; + } + choice rule-type { + description + "This choice matches if all leafs present in the rule + match the request. If no leafs are present, the + choice matches all requests."; + case protocol-operation { + leaf rpc-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if + its value equals the requested protocol operation + name."; + } + } + case notification { + leaf notification-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if its + value equals the requested notification name."; + } + } + case data-node { + leaf path { + type node-instance-identifier; + mandatory true; + description + "Data Node Instance Identifier associated with the + data node controlled by this rule. + + Configuration data or state data instance + identifiers start with a top-level data node. A + complete instance identifier is required for this + type of path value. + + The special value '/' refers to all possible + datastore contents."; + } + } + } + leaf access-operations { + type union { + type matchall-string-type; + type access-operations-type; + } + default "*"; + description + "Access operations associated with this rule. + + This leaf matches if it has the value '*' or if the + bit corresponding to the requested operation is set."; + } + leaf action { + type action-type; + mandatory true; + description + "The access control action associated with the + rule. If a rule is determined to match a + particular request, then this object is used + to determine whether to permit or deny the + request."; + } + leaf comment { + type string; + description + "A textual description of the access rule."; + } + } + } + } +} diff --git a/tools/lint/examples/ietf-netconf-acm-when.yin b/tools/lint/examples/ietf-netconf-acm-when.yin new file mode 100644 index 0000000..cbff758 --- /dev/null +++ b/tools/lint/examples/ietf-netconf-acm-when.yin @@ -0,0 +1,447 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when"> + <namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/> + <prefix value="nacm"/> + <import module="ietf-yang-types"> + <prefix value="yang"/> + </import> + <organization> + <text>IETF NETCONF (Network Configuration) Working Group</text> + </organization> + <contact> + <text>WG Web: <http://tools.ietf.org/wg/netconf/> +WG List: <mailto:netconf@ietf.org> + +WG Chair: Mehmet Ersue + <mailto:mehmet.ersue@nsn.com> + +WG Chair: Bert Wijnen + <mailto:bertietf@bwijnen.net> + +Editor: Andy Bierman + <mailto:andy@yumaworks.com> + +Editor: Martin Bjorklund + <mailto:mbj@tail-f.com></text> + </contact> + <description> + <text>NETCONF Access Control Model. + +Copyright (c) 2012 IETF Trust and the persons identified as +authors of the code. All rights reserved. + +Redistribution and use in source and binary forms, with or +without modification, is permitted pursuant to, and subject +to the license terms contained in, the Simplified BSD +License set forth in Section 4.c of the IETF Trust's +Legal Provisions Relating to IETF Documents +(http://trustee.ietf.org/license-info). + +This version of this YANG module is part of RFC 6536; see +the RFC itself for full legal notices.</text> + </description> + <revision date="2012-02-22"> + <description> + <text>Initial version</text> + </description> + <reference> + <text>RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model</text> + </reference> + </revision> + <extension name="default-deny-write"> + <description> + <text>Used to indicate that the data model node +represents a sensitive security system parameter. + +If present, and the NACM module is enabled (i.e., +/nacm/enable-nacm object equals 'true'), the NETCONF server +will only allow the designated 'recovery session' to have +write access to the node. An explicit access control rule is +required for all other users. + +The 'default-deny-write' extension MAY appear within a data +definition statement. It is ignored otherwise.</text> + </description> + </extension> + <extension name="default-deny-all"> + <description> + <text>Used to indicate that the data model node +controls a very sensitive security system parameter. + +If present, and the NACM module is enabled (i.e., +/nacm/enable-nacm object equals 'true'), the NETCONF server +will only allow the designated 'recovery session' to have +read, write, or execute access to the node. An explicit +access control rule is required for all other users. + +The 'default-deny-all' extension MAY appear within a data +definition statement, 'rpc' statement, or 'notification' +statement. It is ignored otherwise.</text> + </description> + </extension> + <typedef name="user-name-type"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>General Purpose Username string.</text> + </description> + </typedef> + <typedef name="matchall-string-type"> + <type name="string"> + <pattern value="\*"/> + </type> + <description> + <text>The string containing a single asterisk '*' is used +to conceptually represent all possible values +for the particular leaf using this data type.</text> + </description> + </typedef> + <typedef name="access-operations-type"> + <type name="bits"> + <bit name="create"> + <description> + <text>Any protocol operation that creates a +new data node.</text> + </description> + </bit> + <bit name="read"> + <description> + <text>Any protocol operation or notification that +returns the value of a data node.</text> + </description> + </bit> + <bit name="update"> + <description> + <text>Any protocol operation that alters an existing +data node.</text> + </description> + </bit> + <bit name="delete"> + <description> + <text>Any protocol operation that removes a data node.</text> + </description> + </bit> + <bit name="exec"> + <description> + <text>Execution access to the specified protocol operation.</text> + </description> + </bit> + </type> + <description> + <text>NETCONF Access Operation.</text> + </description> + </typedef> + <typedef name="group-name-type"> + <type name="string"> + <length value="1..max"/> + <pattern value="[^\*].*"/> + </type> + <description> + <text>Name of administrative group to which +users can be assigned.</text> + </description> + </typedef> + <typedef name="action-type"> + <type name="enumeration"> + <enum name="permit"> + <description> + <text>Requested action is permitted.</text> + </description> + </enum> + <enum name="deny"> + <description> + <text>Requested action is denied.</text> + </description> + </enum> + </type> + <description> + <text>Action taken by the server when a particular +rule matches.</text> + </description> + </typedef> + <typedef name="node-instance-identifier"> + <type name="yang:xpath1.0"/> + <description> + <text>Path expression used to represent a special +data node instance identifier string. + +A node-instance-identifier value is an +unrestricted YANG instance-identifier expression. +All the same rules as an instance-identifier apply +except predicates for keys are optional. If a key +predicate is missing, then the node-instance-identifier +represents all possible server instances for that key. + +This XPath expression is evaluated in the following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the current + session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree.</text> + </description> + </typedef> + <container name="nacm"> + <nacm:default-deny-all/> + <description> + <text>Parameters for NETCONF Access Control Model.</text> + </description> + <leaf name="enable-nacm"> + <type name="boolean"/> + <default value="true"/> + <description> + <text>Enables or disables all NETCONF access control +enforcement. If 'true', then enforcement +is enabled. If 'false', then enforcement +is disabled.</text> + </description> + </leaf> + <leaf name="read-default"> + <type name="action-type"/> + <default value="permit"/> + <description> + <text>Controls whether read access is granted if +no appropriate rule is found for a +particular read request.</text> + </description> + </leaf> + <leaf name="write-default"> + <type name="action-type"/> + <default value="deny"/> + <description> + <text>Controls whether create, update, or delete access +is granted if no appropriate rule is found for a +particular write request.</text> + </description> + </leaf> + <leaf name="exec-default"> + <type name="action-type"/> + <default value="permit"/> + <description> + <text>Controls whether exec access is granted if no appropriate +rule is found for a particular protocol operation request.</text> + </description> + </leaf> + <leaf name="enable-external-groups"> + <type name="boolean"/> + <default value="true"/> + <description> + <text>Controls whether the server uses the groups reported by the +NETCONF transport layer when it assigns the user to a set of +NACM groups. If this leaf has the value 'false', any group +names reported by the transport layer are ignored by the +server.</text> + </description> + </leaf> + <leaf name="denied-operations"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <description> + <text>Number of times since the server last restarted that a +protocol operation request was denied.</text> + </description> + </leaf> + <leaf name="denied-data-writes"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <when value="../denied-operations > 0"/> + <description> + <text>Number of times since the server last restarted that a +protocol operation request to alter +a configuration datastore was denied.</text> + </description> + </leaf> + <leaf name="denied-notifications"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <description> + <text>Number of times since the server last restarted that +a notification was dropped for a subscription because +access to the event type was denied.</text> + </description> + </leaf> + <container name="groups"> + <description> + <text>NETCONF Access Control Groups.</text> + </description> + <list name="group"> + <key value="name"/> + <description> + <text>One NACM Group Entry. This list will only contain +configured entries, not any entries learned from +any transport protocols.</text> + </description> + <leaf name="name"> + <type name="group-name-type"/> + <description> + <text>Group name associated with this entry.</text> + </description> + </leaf> + <leaf-list name="user-name"> + <type name="user-name-type"/> + <description> + <text>Each entry identifies the username of +a member of the group associated with +this entry.</text> + </description> + </leaf-list> + </list> + </container> + <list name="rule-list"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>An ordered collection of access control rules.</text> + </description> + <leaf name="name"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>Arbitrary name assigned to the rule-list.</text> + </description> + </leaf> + <leaf-list name="group"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="group-name-type"/> + </type> + <description> + <text>List of administrative groups that will be +assigned the associated access rights +defined by the 'rule' list. + +The string '*' indicates that all groups apply to the +entry.</text> + </description> + </leaf-list> + <list name="rule"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>One access control rule. + +Rules are processed in user-defined order until a match is +found. A rule matches if 'module-name', 'rule-type', and +'access-operations' match the request. If a rule +matches, the 'action' leaf determines if access is granted +or not.</text> + </description> + <leaf name="name"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>Arbitrary name assigned to the rule.</text> + </description> + </leaf> + <leaf name="module-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <default value="*"/> + <description> + <text>Name of the module associated with this rule. + +This leaf matches if it has the value '*' or if the +object being accessed is defined in the module with the +specified module name.</text> + </description> + </leaf> + <choice name="rule-type"> + <description> + <text>This choice matches if all leafs present in the rule +match the request. If no leafs are present, the +choice matches all requests.</text> + </description> + <case name="protocol-operation"> + <leaf name="rpc-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <description> + <text>This leaf matches if it has the value '*' or if +its value equals the requested protocol operation +name.</text> + </description> + </leaf> + </case> + <case name="notification"> + <leaf name="notification-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <description> + <text>This leaf matches if it has the value '*' or if its +value equals the requested notification name.</text> + </description> + </leaf> + </case> + <case name="data-node"> + <leaf name="path"> + <type name="node-instance-identifier"/> + <mandatory value="true"/> + <description> + <text>Data Node Instance Identifier associated with the +data node controlled by this rule. + +Configuration data or state data instance +identifiers start with a top-level data node. A +complete instance identifier is required for this +type of path value. + +The special value '/' refers to all possible +datastore contents.</text> + </description> + </leaf> + </case> + </choice> + <leaf name="access-operations"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="access-operations-type"/> + </type> + <default value="*"/> + <description> + <text>Access operations associated with this rule. + +This leaf matches if it has the value '*' or if the +bit corresponding to the requested operation is set.</text> + </description> + </leaf> + <leaf name="action"> + <type name="action-type"/> + <mandatory value="true"/> + <description> + <text>The access control action associated with the +rule. If a rule is determined to match a +particular request, then this object is used +to determine whether to permit or deny the +request.</text> + </description> + </leaf> + <leaf name="comment"> + <type name="string"/> + <description> + <text>A textual description of the access rule.</text> + </description> + </leaf> + </list> + </list> + </container> +</module> diff --git a/tools/lint/examples/ietf-netconf-acm-when2.yin b/tools/lint/examples/ietf-netconf-acm-when2.yin new file mode 100644 index 0000000..f8f25a0 --- /dev/null +++ b/tools/lint/examples/ietf-netconf-acm-when2.yin @@ -0,0 +1,447 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" name="ietf-netconf-acm-when2"> + <namespace uri="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/> + <prefix value="nacm"/> + <import module="ietf-yang-types"> + <prefix value="yang"/> + </import> + <organization> + <text>IETF NETCONF (Network Configuration) Working Group</text> + </organization> + <contact> + <text>WG Web: <http://tools.ietf.org/wg/netconf/> +WG List: <mailto:netconf@ietf.org> + +WG Chair: Mehmet Ersue + <mailto:mehmet.ersue@nsn.com> + +WG Chair: Bert Wijnen + <mailto:bertietf@bwijnen.net> + +Editor: Andy Bierman + <mailto:andy@yumaworks.com> + +Editor: Martin Bjorklund + <mailto:mbj@tail-f.com></text> + </contact> + <description> + <text>NETCONF Access Control Model. + +Copyright (c) 2012 IETF Trust and the persons identified as +authors of the code. All rights reserved. + +Redistribution and use in source and binary forms, with or +without modification, is permitted pursuant to, and subject +to the license terms contained in, the Simplified BSD +License set forth in Section 4.c of the IETF Trust's +Legal Provisions Relating to IETF Documents +(http://trustee.ietf.org/license-info). + +This version of this YANG module is part of RFC 6536; see +the RFC itself for full legal notices.</text> + </description> + <revision date="2012-02-22"> + <description> + <text>Initial version</text> + </description> + <reference> + <text>RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model</text> + </reference> + </revision> + <extension name="default-deny-write"> + <description> + <text>Used to indicate that the data model node +represents a sensitive security system parameter. + +If present, and the NACM module is enabled (i.e., +/nacm/enable-nacm object equals 'true'), the NETCONF server +will only allow the designated 'recovery session' to have +write access to the node. An explicit access control rule is +required for all other users. + +The 'default-deny-write' extension MAY appear within a data +definition statement. It is ignored otherwise.</text> + </description> + </extension> + <extension name="default-deny-all"> + <description> + <text>Used to indicate that the data model node +controls a very sensitive security system parameter. + +If present, and the NACM module is enabled (i.e., +/nacm/enable-nacm object equals 'true'), the NETCONF server +will only allow the designated 'recovery session' to have +read, write, or execute access to the node. An explicit +access control rule is required for all other users. + +The 'default-deny-all' extension MAY appear within a data +definition statement, 'rpc' statement, or 'notification' +statement. It is ignored otherwise.</text> + </description> + </extension> + <typedef name="user-name-type"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>General Purpose Username string.</text> + </description> + </typedef> + <typedef name="matchall-string-type"> + <type name="string"> + <pattern value="\*"/> + </type> + <description> + <text>The string containing a single asterisk '*' is used +to conceptually represent all possible values +for the particular leaf using this data type.</text> + </description> + </typedef> + <typedef name="access-operations-type"> + <type name="bits"> + <bit name="create"> + <description> + <text>Any protocol operation that creates a +new data node.</text> + </description> + </bit> + <bit name="read"> + <description> + <text>Any protocol operation or notification that +returns the value of a data node.</text> + </description> + </bit> + <bit name="update"> + <description> + <text>Any protocol operation that alters an existing +data node.</text> + </description> + </bit> + <bit name="delete"> + <description> + <text>Any protocol operation that removes a data node.</text> + </description> + </bit> + <bit name="exec"> + <description> + <text>Execution access to the specified protocol operation.</text> + </description> + </bit> + </type> + <description> + <text>NETCONF Access Operation.</text> + </description> + </typedef> + <typedef name="group-name-type"> + <type name="string"> + <length value="1..max"/> + <pattern value="[^\*].*"/> + </type> + <description> + <text>Name of administrative group to which +users can be assigned.</text> + </description> + </typedef> + <typedef name="action-type"> + <type name="enumeration"> + <enum name="permit"> + <description> + <text>Requested action is permitted.</text> + </description> + </enum> + <enum name="deny"> + <description> + <text>Requested action is denied.</text> + </description> + </enum> + </type> + <description> + <text>Action taken by the server when a particular +rule matches.</text> + </description> + </typedef> + <typedef name="node-instance-identifier"> + <type name="yang:xpath1.0"/> + <description> + <text>Path expression used to represent a special +data node instance identifier string. + +A node-instance-identifier value is an +unrestricted YANG instance-identifier expression. +All the same rules as an instance-identifier apply +except predicates for keys are optional. If a key +predicate is missing, then the node-instance-identifier +represents all possible server instances for that key. + +This XPath expression is evaluated in the following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the current + session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree.</text> + </description> + </typedef> + <container name="nacm"> + <nacm:default-deny-all/> + <description> + <text>Parameters for NETCONF Access Control Model.</text> + </description> + <leaf name="enable-nacm"> + <type name="boolean"/> + <default value="true"/> + <description> + <text>Enables or disables all NETCONF access control +enforcement. If 'true', then enforcement +is enabled. If 'false', then enforcement +is disabled.</text> + </description> + </leaf> + <leaf name="read-default"> + <type name="action-type"/> + <default value="permit"/> + <description> + <text>Controls whether read access is granted if +no appropriate rule is found for a +particular read request.</text> + </description> + </leaf> + <leaf name="write-default"> + <type name="action-type"/> + <default value="deny"/> + <description> + <text>Controls whether create, update, or delete access +is granted if no appropriate rule is found for a +particular write request.</text> + </description> + </leaf> + <leaf name="exec-default"> + <type name="action-type"/> + <default value="permit"/> + <description> + <text>Controls whether exec access is granted if no appropriate +rule is found for a particular protocol operation request.</text> + </description> + </leaf> + <leaf name="enable-external-groups"> + <type name="boolean"/> + <default value="true"/> + <description> + <text>Controls whether the server uses the groups reported by the +NETCONF transport layer when it assigns the user to a set of +NACM groups. If this leaf has the value 'false', any group +names reported by the transport layer are ignored by the +server.</text> + </description> + </leaf> + <leaf name="denied-operations"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <description> + <text>Number of times since the server last restarted that a +protocol operation request was denied.</text> + </description> + </leaf> + <leaf name="denied-data-writes"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <when condition="../denied-operations > 0"/> + <description> + <text>Number of times since the server last restarted that a +protocol operation request to alter +a configuration datastore was denied.</text> + </description> + </leaf> + <leaf name="denied-notifications"> + <type name="yang:zero-based-counter32"/> + <config value="false"/> + <mandatory value="true"/> + <description> + <text>Number of times since the server last restarted that +a notification was dropped for a subscription because +access to the event type was denied.</text> + </description> + </leaf> + <container name="groups"> + <description> + <text>NETCONF Access Control Groups.</text> + </description> + <list name="group"> + <key value="name"/> + <description> + <text>One NACM Group Entry. This list will only contain +configured entries, not any entries learned from +any transport protocols.</text> + </description> + <leaf name="name"> + <type name="group-name-type"/> + <description> + <text>Group name associated with this entry.</text> + </description> + </leaf> + <leaf-list name="user-name"> + <type name="user-name-type"/> + <description> + <text>Each entry identifies the username of +a member of the group associated with +this entry.</text> + </description> + </leaf-list> + </list> + </container> + <list name="rule-list"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>An ordered collection of access control rules.</text> + </description> + <leaf name="name"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>Arbitrary name assigned to the rule-list.</text> + </description> + </leaf> + <leaf-list name="group"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="group-name-type"/> + </type> + <description> + <text>List of administrative groups that will be +assigned the associated access rights +defined by the 'rule' list. + +The string '*' indicates that all groups apply to the +entry.</text> + </description> + </leaf-list> + <list name="rule"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>One access control rule. + +Rules are processed in user-defined order until a match is +found. A rule matches if 'module-name', 'rule-type', and +'access-operations' match the request. If a rule +matches, the 'action' leaf determines if access is granted +or not.</text> + </description> + <leaf name="name"> + <type name="string"> + <length value="1..max"/> + </type> + <description> + <text>Arbitrary name assigned to the rule.</text> + </description> + </leaf> + <leaf name="module-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <default value="*"/> + <description> + <text>Name of the module associated with this rule. + +This leaf matches if it has the value '*' or if the +object being accessed is defined in the module with the +specified module name.</text> + </description> + </leaf> + <choice name="rule-type"> + <description> + <text>This choice matches if all leafs present in the rule +match the request. If no leafs are present, the +choice matches all requests.</text> + </description> + <case name="protocol-operation"> + <leaf name="rpc-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <description> + <text>This leaf matches if it has the value '*' or if +its value equals the requested protocol operation +name.</text> + </description> + </leaf> + </case> + <case name="notification"> + <leaf name="notification-name"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="string"/> + </type> + <description> + <text>This leaf matches if it has the value '*' or if its +value equals the requested notification name.</text> + </description> + </leaf> + </case> + <case name="data-node"> + <leaf name="path"> + <type name="node-instance-identifier"/> + <mandatory value="true"/> + <description> + <text>Data Node Instance Identifier associated with the +data node controlled by this rule. + +Configuration data or state data instance +identifiers start with a top-level data node. A +complete instance identifier is required for this +type of path value. + +The special value '/' refers to all possible +datastore contents.</text> + </description> + </leaf> + </case> + </choice> + <leaf name="access-operations"> + <type name="union"> + <type name="matchall-string-type"/> + <type name="access-operations-type"/> + </type> + <default value="*"/> + <description> + <text>Access operations associated with this rule. + +This leaf matches if it has the value '*' or if the +bit corresponding to the requested operation is set.</text> + </description> + </leaf> + <leaf name="action"> + <type name="action-type"/> + <mandatory value="true"/> + <description> + <text>The access control action associated with the +rule. If a rule is determined to match a +particular request, then this object is used +to determine whether to permit or deny the +request.</text> + </description> + </leaf> + <leaf name="comment"> + <type name="string"/> + <description> + <text>A textual description of the access rule.</text> + </description> + </leaf> + </list> + </list> + </container> +</module> diff --git a/tools/lint/examples/ietf-netconf-acm.yang b/tools/lint/examples/ietf-netconf-acm.yang new file mode 100644 index 0000000..dc3655e --- /dev/null +++ b/tools/lint/examples/ietf-netconf-acm.yang @@ -0,0 +1,411 @@ +module ietf-netconf-acm { + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm"; + prefix nacm; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://tools.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + + WG Chair: Mehmet Ersue + <mailto:mehmet.ersue@nsn.com> + + WG Chair: Bert Wijnen + <mailto:bertietf@bwijnen.net> + + Editor: Andy Bierman + <mailto:andy@yumaworks.com> + + Editor: Martin Bjorklund + <mailto:mbj@tail-f.com>"; + description + "NETCONF Access Control Model. + + Copyright (c) 2012 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6536; see + the RFC itself for full legal notices."; + + revision 2012-02-22 { + description + "Initial version"; + reference + "RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model"; + } + + extension default-deny-write { + description + "Used to indicate that the data model node + represents a sensitive security system parameter. + + If present, and the NACM module is enabled (i.e., + /nacm/enable-nacm object equals 'true'), the NETCONF server + will only allow the designated 'recovery session' to have + write access to the node. An explicit access control rule is + required for all other users. + + The 'default-deny-write' extension MAY appear within a data + definition statement. It is ignored otherwise."; + } + + extension default-deny-all { + description + "Used to indicate that the data model node + controls a very sensitive security system parameter. + + If present, and the NACM module is enabled (i.e., + /nacm/enable-nacm object equals 'true'), the NETCONF server + will only allow the designated 'recovery session' to have + read, write, or execute access to the node. An explicit + access control rule is required for all other users. + + The 'default-deny-all' extension MAY appear within a data + definition statement, 'rpc' statement, or 'notification' + statement. It is ignored otherwise."; + } + + typedef user-name-type { + type string { + length "1..max"; + } + description + "General Purpose Username string."; + } + + typedef matchall-string-type { + type string { + pattern "\\*"; + } + description + "The string containing a single asterisk '*' is used + to conceptually represent all possible values + for the particular leaf using this data type."; + } + + typedef access-operations-type { + type bits { + bit create { + description + "Any protocol operation that creates a + new data node."; + } + bit read { + description + "Any protocol operation or notification that + returns the value of a data node."; + } + bit update { + description + "Any protocol operation that alters an existing + data node."; + } + bit delete { + description + "Any protocol operation that removes a data node."; + } + bit exec { + description + "Execution access to the specified protocol operation."; + } + } + description + "NETCONF Access Operation."; + } + + typedef group-name-type { + type string { + length "1..max"; + pattern "[^\\*].*"; + } + description + "Name of administrative group to which + users can be assigned."; + } + + typedef action-type { + type enumeration { + enum "permit" { + description + "Requested action is permitted."; + } + enum "deny" { + description + "Requested action is denied."; + } + } + description + "Action taken by the server when a particular + rule matches."; + } + + typedef node-instance-identifier { + type yang:xpath1.0; + description + "Path expression used to represent a special + data node instance identifier string. + + A node-instance-identifier value is an + unrestricted YANG instance-identifier expression. + All the same rules as an instance-identifier apply + except predicates for keys are optional. If a key + predicate is missing, then the node-instance-identifier + represents all possible server instances for that key. + + This XPath expression is evaluated in the following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the current + session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree."; + } + + container nacm { + nacm:default-deny-all; + description + "Parameters for NETCONF Access Control Model."; + leaf enable-nacm { + type boolean; + default "true"; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; + } + leaf read-default { + type action-type; + default "permit"; + description + "Controls whether read access is granted if + no appropriate rule is found for a + particular read request."; + } + leaf write-default { + type action-type; + default "deny"; + description + "Controls whether create, update, or delete access + is granted if no appropriate rule is found for a + particular write request."; + } + leaf exec-default { + type action-type; + default "permit"; + description + "Controls whether exec access is granted if no appropriate + rule is found for a particular protocol operation request."; + } + leaf enable-external-groups { + type boolean; + default "true"; + description + "Controls whether the server uses the groups reported by the + NETCONF transport layer when it assigns the user to a set of + NACM groups. If this leaf has the value 'false', any group + names reported by the transport layer are ignored by the + server."; + } + leaf denied-operations { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request was denied."; + } + leaf denied-data-writes { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request to alter + a configuration datastore was denied."; + } + leaf denied-notifications { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that + a notification was dropped for a subscription because + access to the event type was denied."; + } + container groups { + description + "NETCONF Access Control Groups."; + list group { + key "name"; + description + "One NACM Group Entry. This list will only contain + configured entries, not any entries learned from + any transport protocols."; + leaf name { + type group-name-type; + description + "Group name associated with this entry."; + } + leaf-list user-name { + type user-name-type; + description + "Each entry identifies the username of + a member of the group associated with + this entry."; + } + } + } + list rule-list { + key "name"; + ordered-by user; + description + "An ordered collection of access control rules."; + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule-list."; + } + leaf-list group { + type union { + type matchall-string-type; + type group-name-type; + } + description + "List of administrative groups that will be + assigned the associated access rights + defined by the 'rule' list. + + The string '*' indicates that all groups apply to the + entry."; + } + list rule { + key "name"; + ordered-by user; + description + "One access control rule. + + Rules are processed in user-defined order until a match is + found. A rule matches if 'module-name', 'rule-type', and + 'access-operations' match the request. If a rule + matches, the 'action' leaf determines if access is granted + or not."; + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule."; + } + leaf module-name { + type union { + type matchall-string-type; + type string; + } + default "*"; + description + "Name of the module associated with this rule. + + This leaf matches if it has the value '*' or if the + object being accessed is defined in the module with the + specified module name."; + } + choice rule-type { + description + "This choice matches if all leafs present in the rule + match the request. If no leafs are present, the + choice matches all requests."; + case protocol-operation { + leaf rpc-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if + its value equals the requested protocol operation + name."; + } + } + case notification { + leaf notification-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if its + value equals the requested notification name."; + } + } + case data-node { + leaf path { + type node-instance-identifier; + mandatory true; + description + "Data Node Instance Identifier associated with the + data node controlled by this rule. + + Configuration data or state data instance + identifiers start with a top-level data node. A + complete instance identifier is required for this + type of path value. + + The special value '/' refers to all possible + datastore contents."; + } + } + } + leaf access-operations { + type union { + type matchall-string-type; + type access-operations-type; + } + default "*"; + description + "Access operations associated with this rule. + + This leaf matches if it has the value '*' or if the + bit corresponding to the requested operation is set."; + } + leaf action { + type action-type; + mandatory true; + description + "The access control action associated with the + rule. If a rule is determined to match a + particular request, then this object is used + to determine whether to permit or deny the + request."; + } + leaf comment { + type string; + description + "A textual description of the access rule."; + } + } + } + } +} diff --git a/tools/lint/examples/module1.yang b/tools/lint/examples/module1.yang new file mode 100644 index 0000000..1df7bf1 --- /dev/null +++ b/tools/lint/examples/module1.yang @@ -0,0 +1,5 @@ +module module1 { + namespace "urn:yanglint:module"; + prefix m; + leaf m { type string; } +} diff --git a/tools/lint/examples/module1b.yang b/tools/lint/examples/module1b.yang new file mode 100644 index 0000000..463c936 --- /dev/null +++ b/tools/lint/examples/module1b.yang @@ -0,0 +1,5 @@ +module module1b { + namespace "urn:yanglint:module"; + prefix m; + leaf mb { type string; } +} diff --git a/tools/lint/examples/module2.yang b/tools/lint/examples/module2.yang new file mode 100644 index 0000000..c87c764 --- /dev/null +++ b/tools/lint/examples/module2.yang @@ -0,0 +1,5 @@ +module module2 { + namespace "urn:yanglint:module"; + prefix m; + leaf m { ttype string; } +} diff --git a/tools/lint/examples/module2.yin b/tools/lint/examples/module2.yin new file mode 100644 index 0000000..af6cb50 --- /dev/null +++ b/tools/lint/examples/module2.yin @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<module name="module2" + xmlns="urn:ietf:params:xml:ns:yang:yin:1" + xmlns:m="urn:yanglint:module"> + <namespace uri="urn:yanglint:module"/> + <prefix value="m"/> + <leaf name="m"> + <type value="string"/> + </leaf> +</module> diff --git a/tools/lint/examples/module3.yang b/tools/lint/examples/module3.yang new file mode 100644 index 0000000..63754b1 --- /dev/null +++ b/tools/lint/examples/module3.yang @@ -0,0 +1,8 @@ +module module3 { + namespace "urn:yanglint:module"; + prefix m; + leaf m { type string; must "../c/a"; } + container c { + leaf b { type string; } + } +} diff --git a/tools/lint/examples/module4.yang b/tools/lint/examples/module4.yang new file mode 100644 index 0000000..23ea289 --- /dev/null +++ b/tools/lint/examples/module4.yang @@ -0,0 +1,52 @@ +module module4 { + yang-version 1.1; + namespace "urn:module4"; + prefix m4; + + container cont1 { + list list { + key "leaf1"; + leaf leaf1 { + type string; + } + action act { + input { + leaf leaf2 { + type string; + } + } + output { + leaf leaf3 { + type string; + } + } + } + notification notif1 { + leaf leaf4 { + type string; + } + } + } + } + + rpc rpc { + input { + leaf leaf5 { + type string; + } + } + output { + container cont2 { + leaf leaf6 { + type empty; + } + } + } + } + + notification notif2 { + leaf leaf7 { + type empty; + } + } +} diff --git a/tools/lint/examples/nested-notification.xml b/tools/lint/examples/nested-notification.xml new file mode 100644 index 0000000..024b65a --- /dev/null +++ b/tools/lint/examples/nested-notification.xml @@ -0,0 +1,8 @@ +<cont1 xmlns="urn:module4"> + <list> + <leaf1>key_val</leaf1> + <notif1> + <leaf4>some_value</leaf4> + </notif1> + </list> +</cont1> diff --git a/tools/lint/examples/notification.xml b/tools/lint/examples/notification.xml new file mode 100644 index 0000000..803ddad --- /dev/null +++ b/tools/lint/examples/notification.xml @@ -0,0 +1,3 @@ +<notif2 xmlns="urn:module4"> + <leaf7/> +</notif2> diff --git a/tools/lint/examples/rpc-reply.xml b/tools/lint/examples/rpc-reply.xml new file mode 100644 index 0000000..54aab3e --- /dev/null +++ b/tools/lint/examples/rpc-reply.xml @@ -0,0 +1,5 @@ +<rpc xmlns="urn:module4"> + <cont2> + <leaf6/> + </cont2> +</rpc> diff --git a/tools/lint/examples/rpc.xml b/tools/lint/examples/rpc.xml new file mode 100644 index 0000000..ea8ca90 --- /dev/null +++ b/tools/lint/examples/rpc.xml @@ -0,0 +1,3 @@ +<rpc xmlns="urn:module4"> + <leaf5>some_input</leaf5> +</rpc> diff --git a/tools/lint/examples/sm-context-extension.xml b/tools/lint/examples/sm-context-extension.xml new file mode 100644 index 0000000..747c60f --- /dev/null +++ b/tools/lint/examples/sm-context-extension.xml @@ -0,0 +1,64 @@ +<yang-library xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library" + xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> + <module-set> + <name>test-set</name> + <module> + <name>ietf-datastores</name> + <revision>2018-02-14</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-datastores</namespace> + </module> + <module> + <name>ietf-yang-library</name> + <revision>2019-01-04</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace> + </module> + <module> + <name>sm-extension</name> + <namespace>urn:sm-ext</namespace> + </module> + <module> + <name>iana-if-type</name> + <namespace>urn:ietf:params:xml:ns:yang:iana-if-type</namespace> + </module> + <import-only-module> + <name>ietf-yang-types</name> + <revision>2013-07-15</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-types</namespace> + </import-only-module> + <import-only-module> + <name>sm-mod</name> + <revision>2017-01-26</revision> + <namespace>urn:yanglint:sm-mod</namespace> + </import-only-module> + </module-set> + <schema> + <name>test-schema</name> + <module-set>test-set</module-set> + </schema> + <datastore> + <name>ds:running</name> + <schema>test-schema</schema> + </datastore> + <datastore> + <name>ds:operational</name> + <schema>test-schema</schema> + </datastore> + <content-id>1</content-id> + </yang-library> + <modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"> + <module-set-id>1</module-set-id> + </modules-state> + <schema-mounts xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-schema-mount"> + <namespace> + <prefix>if</prefix> + <uri>urn:ietf:params:xml:ns:yang:ietf-interfaces</uri> + </namespace> + <mount-point> + <module>sm-main</module> + <label>mnt-root</label> + <shared-schema> + <parent-reference>/if:interfaces/if:interface/if:name</parent-reference> + <parent-reference>/if:interfaces/if:interface/if:type</parent-reference> + </shared-schema> + </mount-point> + </schema-mounts> diff --git a/tools/lint/examples/sm-context-main.xml b/tools/lint/examples/sm-context-main.xml new file mode 100644 index 0000000..43558c3 --- /dev/null +++ b/tools/lint/examples/sm-context-main.xml @@ -0,0 +1,54 @@ +<yang-library xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library" + xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores"> + <module-set> + <name>main-set</name> + <module> + <name>ietf-datastores</name> + <revision>2018-02-14</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-datastores</namespace> + </module> + <module> + <name>ietf-yang-library</name> + <revision>2019-01-04</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace> + </module> + <module> + <name>ietf-yang-schema-mount</name> + <revision>2019-01-14</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-schema-mount</namespace> + </module> + <module> + <name>sm-main</name> + <namespace>urn:sm-main</namespace> + </module> + <module> + <name>iana-if-type</name> + <namespace>urn:ietf:params:xml:ns:yang:iana-if-type</namespace> + </module> + <module> + <name>ietf-interfaces</name> + <namespace>urn:ietf:params:xml:ns:yang:ietf-interfaces</namespace> + </module> + <import-only-module> + <name>ietf-yang-types</name> + <revision>2013-07-15</revision> + <namespace>urn:ietf:params:xml:ns:yang:ietf-yang-types</namespace> + </import-only-module> + </module-set> + <schema> + <name>main-schema</name> + <module-set>main-set</module-set> + </schema> + <datastore> + <name>ds:running</name> + <schema>main-schema</schema> + </datastore> + <datastore> + <name>ds:operational</name> + <schema>main-schema</schema> + </datastore> + <content-id>1</content-id> + </yang-library> + <modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library"> + <module-set-id>2</module-set-id> + </modules-state> diff --git a/tools/lint/examples/sm-data.xml b/tools/lint/examples/sm-data.xml new file mode 100644 index 0000000..478d324 --- /dev/null +++ b/tools/lint/examples/sm-data.xml @@ -0,0 +1,19 @@ +<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> + <interface> + <name>eth0</name> + <type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type> + </interface> + <interface> + <name>eth1</name> + <type xmlns:ift="urn:ietf:params:xml:ns:yang:iana-if-type">ift:ethernetCsmacd</type> + </interface> +</interfaces> +<root3 xmlns="urn:sm-main"> + <my-list> + <name>list item 1</name> + <things xmlns="urn:sm-ext"> + <name>eth0</name> + <attribute>1</attribute> + </things> + </my-list> +</root3> diff --git a/tools/lint/examples/sm-extension.yang b/tools/lint/examples/sm-extension.yang new file mode 100644 index 0000000..2214cf6 --- /dev/null +++ b/tools/lint/examples/sm-extension.yang @@ -0,0 +1,39 @@ +module sm-extension { + yang-version 1.1; + namespace "urn:sm-ext"; + prefix "sm-ext"; + + import ietf-interfaces { + prefix if; + } + import sm-mod { + prefix sm-mod; + } + + revision 2022-09-15 { + description + "initial"; + reference + ""; + } + + list things { + key "name"; + leaf name { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + } + leaf attribute { + type uint32; + } + } + + augment "/if:interfaces/if:interface" { + leaf thing-attribute { + type leafref { + path "/things/attribute"; + } + } + } +} diff --git a/tools/lint/examples/sm-main.yang b/tools/lint/examples/sm-main.yang new file mode 100644 index 0000000..53df6b6 --- /dev/null +++ b/tools/lint/examples/sm-main.yang @@ -0,0 +1,32 @@ +module sm-main { + yang-version 1.1; + namespace "urn:sm-main"; + prefix "sm-main"; + + import ietf-yang-schema-mount { + prefix yangmnt; + } + import ietf-interfaces { + prefix if; + } + + list root { + key "node"; + leaf node { + type string; + } + yangmnt:mount-point "root"; + } + container root2 { + yangmnt:mount-point "root"; + } + container root3 { + list my-list { + key name; + leaf name { + type string; + } + yangmnt:mount-point "mnt-root"; + } + } +} diff --git a/tools/lint/examples/sm-mod.yang b/tools/lint/examples/sm-mod.yang new file mode 100644 index 0000000..79d1a50 --- /dev/null +++ b/tools/lint/examples/sm-mod.yang @@ -0,0 +1,21 @@ +module sm-mod { + yang-version 1.1; + namespace "urn:yanglint:sm-mod"; + prefix "sm-mod"; + + revision 2017-01-26 { + description + "initial"; + reference + ""; + } + + container not-compiled { + leaf first { + type string; + } + leaf second { + type string; + } + } +} |