netconfcentral logo

ietf-policy-voip@2018-11-04



  module ietf-policy-voip {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-policy-voip";

    prefix cf-interface;

    import ietf-yang-types {
      prefix yang;
    }
    import ietf-inet-types {
      prefix inet;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
   Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
   WG List: <mailto:i2nsf@ietf.org>

   WG Chair: Adrian Farrel
   <mailto:Adrain@olddog.co.uk>

   WG Chair: Linda Dunbar
   <mailto:Linda.duhbar@huawei.com>

   Editor: Jaehoon Paul Jeong
   <mailto:pauljeong@skku.edu>";

    description
      "This module defines a YANG data module for consumer-facing
   interface to security controller.";

    revision "2018-11-04" {
      description "sixth revision";
      reference
        "draft-kumar-i2nsf-client-facing-interface-im-07";

    }


    container policy-voip {
      description
        "This object is a policy instance to have
          complete information such as where and when
          a policy need to be applied.";
      list rule-voip {
        key "rule-voip-id";
        description
          "This is a container for rules.";
        leaf rule-voip-id {
          type uint16;
          mandatory true;
          description
            "This is ID for rules.";
        }

        leaf name {
          type string;
          description
            "This field idenfifies the name of this object.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "Date this object was created or last
            modified";
        }

        list event {
          key "event-id";
          description
            "This represents the security event of a
            policy-rule.";
          leaf event-id {
            type string;
            mandatory true;
            description
              "This represents the event-id.";
          }

          leaf name {
            type string;
            description
              "This field idenfifies the name of this object.";
          }

          leaf date {
            type yang:date-and-time;
            description
              "Date this object was created or last
            modified";
          }

          leaf event-type {
            type string;
            description
              "This field identifies the event event type
            .";
          }

          leaf Time-Information {
            type string;
            description
              "This field contains time calendar such as
           BEGIN-TIME and END-TIME for one time
           enforcement or recurring time calendar for
           periodic enforcement.";
          }

          leaf event-map-group {
            type leafref {
              path "/threat-feed/event-map-group/event-map-group-id";
            }
            description
              "This field contains security events or threat
          map in order to determine when a policy need
          to be activated. This is a reference to
          Evnet-Map-Group.";
          }

          leaf enable {
            type boolean;
            description
              "This determines whether the condition
            matches the security event or not.";
          }
        }  // list event

        list condition {
          key "condition-id";
          description
            "This represents the condition of a
            policy-rule.";
          leaf condition-id {
            type string;
            description
              "This represents the condition-id.";
          }

          leaf source-caller {
            type leafref {
              path "/threat-feed/threat-feed/threat-feed-id";
            }
            description
              "This field identifies the source of
            the traffic. This could be reference to
            either 'Policy Endpoint Group' or
            'Threat-Feed' or 'Custom-List' if Security
            Admin wants to specify the source; otherwise,
            the default is to match all traffic.";
          }

          leaf destination-callee {
            type leafref {
              path "/threat-feed/custom-list/custom-list-id";
            }
            description
              "This field identifies the source of
            the traffic. This could be reference to
            either 'Policy Endpoint Group' or
            'Threat-Feed' or 'Custom-List' if Security
            Admin wants to specify the source; otherwise,
            the default is to match all traffic.";
          }

          leaf match {
            type boolean;
            description
              "This field identifies the match criteria used to
           evaluate whether the specified action need to be
           taken or not.  This could be either a Policy-
           Endpoint-Group identifying a Application set or a
           set of traffic rules.";
          }

          leaf match-direction {
            type string;
            description
              "This field identifies if the match criteria is
           to evaluated for both direction of the traffic or
           only in one direction with default of allowing in
           the other direction for stateful match conditions.
           This is optional and by default rule should apply
           in both directions.";
          }

          leaf exception {
            type string;
            description
              "This field identifies the exception
            consideration when a rule is evaluated for a
            given communication.  This could be reference to
            Policy-Endpoint-Group object or set of traffic
            matching criteria.";
          }
        }  // list condition

        list action {
          key "action-id";
          description
            "This object represents actions that a
          Security Admin wants to perform based on
          a certain traffic class.";
          leaf action-id {
            type string;
            mandatory true;
            description
              "this represents the policy-action-id.";
          }

          leaf name {
            type string;
            description
              "The name of the policy-action object.";
          }

          leaf date {
            type yang:date-and-time;
            description
              "When the object was created or last
            modified.";
          }

          leaf primary-action {
            type string;
            description
              "This field identifies the action when a rule
            is matched by NSF. The action could be one of
            'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS',
            'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.";
          }

          leaf secondary-action {
            type string;
            description
              "This field identifies additional actions if
            a rule is matched. This could be one of 'LOG',
            'SYSLOG', 'SESSION-LOG', etc.";
          }
        }  // list action

        leaf precedence {
          type uint16;
          description
            "This field identifies the precedence
            assigned to this rule by Security Admin.
            This is helpful in conflict resolution
            when two or more rules match a given
            traffic class.";
        }
      }  // list rule-voip

      list owner {
        key "owner-id";
        description
          "This field defines the owner of this policy.
          Only the owner is authorized to modify the
          contents of the policy.";
        leaf owner-id {
          type string;
          mandatory true;
          description
            "this represents the owner-id.";
        }

        leaf name {
          type string;
          description
            "The name of the owner.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "When the object was created or last
            modified.";
        }
      }  // list owner
    }  // container policy-voip

    container threat-feed {
      description
        "this describes the list of threat-feed.";
      list threat-feed {
        key "threat-feed-id";
        description
          "This represents the threat feed within the
          threat-prevention-list.";
        leaf threat-feed-id {
          type uint16;
          mandatory true;
          description
            "This represents the threat-feed-id.";
        }

        leaf name {
          type string;
          description
            "Name of the theat feed.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the threat-feed was created.";
        }

        leaf feed-type {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "feed-type is unknown.";
            }
            enum "ip-address" {
              value 1;
              description
                "feed-type is IP address.";
            }
            enum "url" {
              value 2;
              description
                "feed-type is URL.";
            }
          }
          mandatory true;
          description
            "This determined whether the feed-type is IP address
            based or URL based.";
        }

        leaf feed-server {
          type inet:ipv4-address;
          description
            "this contains threat feed server information.";
        }

        leaf feed-priority {
          type uint16;
          description
            "this describes the priority of the threat from
            0 to 5, where 0 means the threat is minimum and
            5 meaning the maximum.";
        }
      }  // list threat-feed

      list custom-list {
        key "custom-list-id";
        description
          "this describes the threat-prevention custom list.";
        leaf custom-list-id {
          type uint16;
          description
            "this describes the custom-list-id.";
        }

        leaf name {
          type string;
          description
            "Name of the custom-list.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the custom list was created.";
        }

        leaf list-type {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "list-type is unknown.";
            }
            enum "ip-address" {
              value 1;
              description
                "list-type is IP address.";
            }
            enum "mac-address" {
              value 2;
              description
                "list-type is MAC address.";
            }
            enum "url" {
              value 3;
              description
                "list-type is URL.";
            }
          }
          mandatory true;
          description
            "This determined whether the feed-type is IP address
            based or URL based.";
        }

        leaf list-property {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "list-property is unknown.";
            }
            enum "blacklist" {
              value 1;
              description
                "list-property is blacklist.";
            }
            enum "whitelist" {
              value 2;
              description
                "list-property is whitelist.";
            }
          }
          mandatory true;
          description
            "This determined whether the list-type is blacklist
            or whitelist.";
        }

        leaf list-content {
          type string;
          description
            "This describes the contents of the custom-list.";
        }
      }  // list custom-list

      list malware-scan-group {
        key "malware-scan-group-id";
        description
          "This represents the malware-scan-group.";
        leaf malware-scan-group-id {
          type uint16;
          mandatory true;
          description
            "This is the malware-scan-group-id.";
        }

        leaf name {
          type string;
          description
            "Name of the malware-scan-group.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the malware-scan-group was created.";
        }

        leaf signature-server {
          type inet:ipv4-address;
          description
            "This describes the signature server of the
            malware-scan-group.";
        }

        leaf file-types {
          type string;
          description
            "This contains a list of file types needed to
            be scanned for the virus.";
        }

        leaf malware-signatures {
          type string;
          description
            "This contains a list of malware signatures or hash.";
        }
      }  // list malware-scan-group

      list event-map-group {
        key "event-map-group-id";
        description
          "This represents the event map group.";
        leaf event-map-group-id {
          type uint16;
          mandatory true;
          description
            "This is the event-map-group-id.";
        }

        leaf name {
          type string;
          description
            "Name of the event-map.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the event-map was created.";
        }

        leaf security-events {
          type string;
          description
            "This contains a list of security events.";
        }

        leaf threat-map {
          type string;
          description
            "This contains a list of threat levels.";
        }
      }  // list event-map-group
    }  // container threat-feed
  }  // module ietf-policy-voip