netconfcentral logo

ietf-policy-voip

HTML

ietf-policy-voip@2018-11-04



  module ietf-policy-voip {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-policy-voip";

    prefix cf-interface;

    import ietf-yang-types {
      prefix yang;
    }
    import ietf-inet-types {
      prefix inet;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
   Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
   WG List: <mailto:i2nsf@ietf.org>

   WG Chair: Adrian Farrel
   <mailto:Adrain@olddog.co.uk>

   WG Chair: Linda Dunbar
   <mailto:Linda.duhbar@huawei.com>

   Editor: Jaehoon Paul Jeong
   <mailto:pauljeong@skku.edu>";

    description
      "This module defines a YANG data module for consumer-facing
   interface to security controller.";

    revision "2018-11-04" {
      description "sixth revision";
      reference
        "draft-kumar-i2nsf-client-facing-interface-im-07";

    }


    container policy-voip {
      description
        "This object is a policy instance to have
          complete information such as where and when
          a policy need to be applied.";
      list rule-voip {
        key "rule-voip-id";
        description
          "This is a container for rules.";
        leaf rule-voip-id {
          type uint16;
          mandatory true;
          description
            "This is ID for rules.";
        }

        leaf name {
          type string;
          description
            "This field idenfifies the name of this object.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "Date this object was created or last
            modified";
        }

        list event {
          key "event-id";
          description
            "This represents the security event of a
            policy-rule.";
          leaf event-id {
            type string;
            mandatory true;
            description
              "This represents the event-id.";
          }

          leaf name {
            type string;
            description
              "This field idenfifies the name of this object.";
          }

          leaf date {
            type yang:date-and-time;
            description
              "Date this object was created or last
            modified";
          }

          leaf event-type {
            type string;
            description
              "This field identifies the event event type
            .";
          }

          leaf Time-Information {
            type string;
            description
              "This field contains time calendar such as
           BEGIN-TIME and END-TIME for one time
           enforcement or recurring time calendar for
           periodic enforcement.";
          }

          leaf event-map-group {
            type leafref {
              path "/threat-feed/event-map-group/event-map-group-id";
            }
            description
              "This field contains security events or threat
          map in order to determine when a policy need
          to be activated. This is a reference to
          Evnet-Map-Group.";
          }

          leaf enable {
            type boolean;
            description
              "This determines whether the condition
            matches the security event or not.";
          }
        }  // list event

        list condition {
          key "condition-id";
          description
            "This represents the condition of a
            policy-rule.";
          leaf condition-id {
            type string;
            description
              "This represents the condition-id.";
          }

          leaf source-caller {
            type leafref {
              path "/threat-feed/threat-feed/threat-feed-id";
            }
            description
              "This field identifies the source of
            the traffic. This could be reference to
            either 'Policy Endpoint Group' or
            'Threat-Feed' or 'Custom-List' if Security
            Admin wants to specify the source; otherwise,
            the default is to match all traffic.";
          }

          leaf destination-callee {
            type leafref {
              path "/threat-feed/custom-list/custom-list-id";
            }
            description
              "This field identifies the source of
            the traffic. This could be reference to
            either 'Policy Endpoint Group' or
            'Threat-Feed' or 'Custom-List' if Security
            Admin wants to specify the source; otherwise,
            the default is to match all traffic.";
          }

          leaf match {
            type boolean;
            description
              "This field identifies the match criteria used to
           evaluate whether the specified action need to be
           taken or not.  This could be either a Policy-
           Endpoint-Group identifying a Application set or a
           set of traffic rules.";
          }

          leaf match-direction {
            type string;
            description
              "This field identifies if the match criteria is
           to evaluated for both direction of the traffic or
           only in one direction with default of allowing in
           the other direction for stateful match conditions.
           This is optional and by default rule should apply
           in both directions.";
          }

          leaf exception {
            type string;
            description
              "This field identifies the exception
            consideration when a rule is evaluated for a
            given communication.  This could be reference to
            Policy-Endpoint-Group object or set of traffic
            matching criteria.";
          }
        }  // list condition

        list action {
          key "action-id";
          description
            "This object represents actions that a
          Security Admin wants to perform based on
          a certain traffic class.";
          leaf action-id {
            type string;
            mandatory true;
            description
              "this represents the policy-action-id.";
          }

          leaf name {
            type string;
            description
              "The name of the policy-action object.";
          }

          leaf date {
            type yang:date-and-time;
            description
              "When the object was created or last
            modified.";
          }

          leaf primary-action {
            type string;
            description
              "This field identifies the action when a rule
            is matched by NSF. The action could be one of
            'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS',
            'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.";
          }

          leaf secondary-action {
            type string;
            description
              "This field identifies additional actions if
            a rule is matched. This could be one of 'LOG',
            'SYSLOG', 'SESSION-LOG', etc.";
          }
        }  // list action

        leaf precedence {
          type uint16;
          description
            "This field identifies the precedence
            assigned to this rule by Security Admin.
            This is helpful in conflict resolution
            when two or more rules match a given
            traffic class.";
        }
      }  // list rule-voip

      list owner {
        key "owner-id";
        description
          "This field defines the owner of this policy.
          Only the owner is authorized to modify the
          contents of the policy.";
        leaf owner-id {
          type string;
          mandatory true;
          description
            "this represents the owner-id.";
        }

        leaf name {
          type string;
          description
            "The name of the owner.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "When the object was created or last
            modified.";
        }
      }  // list owner
    }  // container policy-voip

    container threat-feed {
      description
        "this describes the list of threat-feed.";
      list threat-feed {
        key "threat-feed-id";
        description
          "This represents the threat feed within the
          threat-prevention-list.";
        leaf threat-feed-id {
          type uint16;
          mandatory true;
          description
            "This represents the threat-feed-id.";
        }

        leaf name {
          type string;
          description
            "Name of the theat feed.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the threat-feed was created.";
        }

        leaf feed-type {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "feed-type is unknown.";
            }
            enum "ip-address" {
              value 1;
              description
                "feed-type is IP address.";
            }
            enum "url" {
              value 2;
              description
                "feed-type is URL.";
            }
          }
          mandatory true;
          description
            "This determined whether the feed-type is IP address
            based or URL based.";
        }

        leaf feed-server {
          type inet:ipv4-address;
          description
            "this contains threat feed server information.";
        }

        leaf feed-priority {
          type uint16;
          description
            "this describes the priority of the threat from
            0 to 5, where 0 means the threat is minimum and
            5 meaning the maximum.";
        }
      }  // list threat-feed

      list custom-list {
        key "custom-list-id";
        description
          "this describes the threat-prevention custom list.";
        leaf custom-list-id {
          type uint16;
          description
            "this describes the custom-list-id.";
        }

        leaf name {
          type string;
          description
            "Name of the custom-list.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the custom list was created.";
        }

        leaf list-type {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "list-type is unknown.";
            }
            enum "ip-address" {
              value 1;
              description
                "list-type is IP address.";
            }
            enum "mac-address" {
              value 2;
              description
                "list-type is MAC address.";
            }
            enum "url" {
              value 3;
              description
                "list-type is URL.";
            }
          }
          mandatory true;
          description
            "This determined whether the feed-type is IP address
            based or URL based.";
        }

        leaf list-property {
          type enumeration {
            enum "unknown" {
              value 0;
              description
                "list-property is unknown.";
            }
            enum "blacklist" {
              value 1;
              description
                "list-property is blacklist.";
            }
            enum "whitelist" {
              value 2;
              description
                "list-property is whitelist.";
            }
          }
          mandatory true;
          description
            "This determined whether the list-type is blacklist
            or whitelist.";
        }

        leaf list-content {
          type string;
          description
            "This describes the contents of the custom-list.";
        }
      }  // list custom-list

      list malware-scan-group {
        key "malware-scan-group-id";
        description
          "This represents the malware-scan-group.";
        leaf malware-scan-group-id {
          type uint16;
          mandatory true;
          description
            "This is the malware-scan-group-id.";
        }

        leaf name {
          type string;
          description
            "Name of the malware-scan-group.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the malware-scan-group was created.";
        }

        leaf signature-server {
          type inet:ipv4-address;
          description
            "This describes the signature server of the
            malware-scan-group.";
        }

        leaf file-types {
          type string;
          description
            "This contains a list of file types needed to
            be scanned for the virus.";
        }

        leaf malware-signatures {
          type string;
          description
            "This contains a list of malware signatures or hash.";
        }
      }  // list malware-scan-group

      list event-map-group {
        key "event-map-group-id";
        description
          "This represents the event map group.";
        leaf event-map-group-id {
          type uint16;
          mandatory true;
          description
            "This is the event-map-group-id.";
        }

        leaf name {
          type string;
          description
            "Name of the event-map.";
        }

        leaf date {
          type yang:date-and-time;
          description
            "when the event-map was created.";
        }

        leaf security-events {
          type string;
          description
            "This contains a list of security events.";
        }

        leaf threat-map {
          type string;
          description
            "This contains a list of threat levels.";
        }
      }  // list event-map-group
    }  // container threat-feed
  }  // module ietf-policy-voip

Summary

  
  
Organization IETF I2NSF (Interface to Network Security Functions) Working Group
  
Module ietf-policy-voip
Version 2018-11-04
File ietf-policy-voip@2018-11-04.yang
  
Prefix cf-interface
Namespace urn:ietf:params:xml:ns:yang:ietf-policy-voip
  
Cooked /cookedmodules/ietf-policy-voip/2018-11-04
YANG /src/ietf-policy-voip@2018-11-04.yang
XSD /xsd/ietf-policy-voip@2018-11-04.xsd
  
Abstract This module defines a YANG data module for consumer-facing interface to security controller.
  
Contact
WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>

WG Chair: Adrian Farrel
<mailto:Adrain@olddog.co.uk>

WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>

Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>

Description

 
This module defines a YANG data module for consumer-facing
interface to security controller.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
policy-voip container This object is a policy instance to have complete information such as where and when a policy need to be applied.
   owner list This field defines the owner of this policy. Only the owner is authorized to modify the contents of the policy.
      date leaf When the object was created or last modified.
      name leaf The name of the owner.
      owner-id leaf this represents the owner-id.
   rule-voip list This is a container for rules.
      action list This object represents actions that a Security Admin wants to perform based on a certain traffic class.
         action-id leaf this represents the policy-action-id.
         date leaf When the object was created or last modified.
         name leaf The name of the policy-action object.
         primary-action leaf This field identifies the action when a rule is matched by NSF. The action could be one of 'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS', 'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.
         secondary-action leaf This field identifies additional actions if a rule is matched. This could be one of 'LOG', 'SYSLOG', 'SESSION-LOG', etc.
      condition list This represents the condition of a policy-rule.
         condition-id leaf This represents the condition-id.
         destination-callee leaf This field identifies the source of the traffic. This could be reference to either 'Policy Endpoint Group' or 'Threat-Feed' or 'Custom-List' if Security Admin wants to specify the source; otherwise, the default is to match all traffic.
         exception leaf This field identifies the exception consideration when a rule is evaluated for a given communication. This could be reference to Policy-Endpoint-Group object or set of traffic matching criteria.
         match leaf This field identifies the match criteria used to evaluate whether the specified action need to be taken or not. This could be either a Policy- Endpoint-Group identifying a Application set or a set of traffic rules.
         match-direction leaf This field identifies if the match criteria is to evaluated for both direction of the traffic or only in one direction with default of allowing in the other direction for stateful match conditions. This is optional and by default rule should apply in both...
         source-caller leaf This field identifies the source of the traffic. This could be reference to either 'Policy Endpoint Group' or 'Threat-Feed' or 'Custom-List' if Security Admin wants to specify the source; otherwise, the default is to match all traffic.
      date leaf Date this object was created or last modified
      event list This represents the security event of a policy-rule.
         date leaf Date this object was created or last modified
         enable leaf This determines whether the condition matches the security event or not.
         event-id leaf This represents the event-id.
         event-map-group leaf This field contains security events or threat map in order to determine when a policy need to be activated. This is a reference to Evnet-Map-Group.
         event-type leaf This field identifies the event event type .
         name leaf This field idenfifies the name of this object.
         Time-Information leaf This field contains time calendar such as BEGIN-TIME and END-TIME for one time enforcement or recurring time calendar for periodic enforcement.
      name leaf This field idenfifies the name of this object.
      precedence leaf This field identifies the precedence assigned to this rule by Security Admin. This is helpful in conflict resolution when two or more rules match a given traffic class.
      rule-voip-id leaf This is ID for rules.
threat-feed container this describes the list of threat-feed.
   custom-list list this describes the threat-prevention custom list.
      custom-list-id leaf this describes the custom-list-id.
      date leaf when the custom list was created.
      list-content leaf This describes the contents of the custom-list.
      list-property leaf This determined whether the list-type is blacklist or whitelist.
      list-type leaf This determined whether the feed-type is IP address based or URL based.
      name leaf Name of the custom-list.
   event-map-group list This represents the event map group.
      date leaf when the event-map was created.
      event-map-group-id leaf This is the event-map-group-id.
      name leaf Name of the event-map.
      security-events leaf This contains a list of security events.
      threat-map leaf This contains a list of threat levels.
   malware-scan-group list This represents the malware-scan-group.
      date leaf when the malware-scan-group was created.
      file-types leaf This contains a list of file types needed to be scanned for the virus.
      malware-scan-group-id leaf This is the malware-scan-group-id.
      malware-signatures leaf This contains a list of malware signatures or hash.
      name leaf Name of the malware-scan-group.
      signature-server leaf This describes the signature server of the malware-scan-group.
   threat-feed list This represents the threat feed within the threat-prevention-list.
      date leaf when the threat-feed was created.
      feed-priority leaf this describes the priority of the threat from 0 to 5, where 0 means the threat is minimum and 5 meaning the maximum.
      feed-server leaf this contains threat feed server information.
      feed-type leaf This determined whether the feed-type is IP address based or URL based.
      name leaf Name of the theat feed.
      threat-feed-id leaf This represents the threat-feed-id.