From 26589d440f332fe52238fa258d7d7b58df43eee5 Mon Sep 17 00:00:00 2001 From: Tibor Král Date: Wed, 14 Nov 2018 18:20:02 +0100 Subject: HC2VPP-87: Expose IPSEC management MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ib13a2cdba5a0902581c455de67cc0ee64d20598d Signed-off-by: Tibor Král --- .../src/main/yang/vpp-ipsec@2018-12-13.yang | 147 +++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 ipsec/ipsec-api/src/main/yang/vpp-ipsec@2018-12-13.yang (limited to 'ipsec/ipsec-api/src/main/yang/vpp-ipsec@2018-12-13.yang') diff --git a/ipsec/ipsec-api/src/main/yang/vpp-ipsec@2018-12-13.yang b/ipsec/ipsec-api/src/main/yang/vpp-ipsec@2018-12-13.yang new file mode 100644 index 000000000..72ade372a --- /dev/null +++ b/ipsec/ipsec-api/src/main/yang/vpp-ipsec@2018-12-13.yang @@ -0,0 +1,147 @@ +module vpp-ipsec { + yang-version 1; + namespace "http://fd.io/hc2vpp/yang/vpp-ipsec"; + prefix "vpp-ipsec"; + + import hc2vpp-ietf-ipsec { + prefix "hc2vpp-ietf-ipsec"; + } + + import ietf-inet-types { + prefix inet; + } + + import yang-ext { + prefix "ext"; + } + + import ietf-interfaces { + prefix "if"; + } + + revision "2018-12-13" { + description "Initial revision of ipsec model"; + } + + grouping vpp-ipsec-spd-entry-grouping { + description + "common information when using IPsec tunnel mode"; + leaf spi { + type int32; + } + + leaf priority { + type int32; + } + + leaf direction { + type hc2vpp-ietf-ipsec:ipsec-traffic-direction; + } + + leaf is-ipv6 { + type boolean; + } + + leaf operation { + type hc2vpp-ietf-ipsec:ipsec-spd-operation; + } + + leaf protect-sa-id { + type int32; + } + + leaf laddr-start { + type inet:ip-address; + } + + leaf laddr-stop { + type inet:ip-address; + } + + leaf raddr-start { + type inet:ip-address; + } + + leaf raddr-stop { + type inet:ip-address; + } + } + + grouping spd-interfaces-grouping { + container spd-interfaces { + list interface { + key "interface-ref"; + + leaf interface-ref { + type if:interface-ref; + } + } + } + } + + grouping ikev2-policy-aug-grouping { + leaf certificate { + type string; + description "Local file with RSA signature"; + } + + list traffic-selectors { + key "ts-name"; + description "List of traffic selectors of profile"; + leaf ts-name { + type string; + } + uses hc2vpp-ietf-ipsec:traffic-selector; + leaf protocol { + type uint8; + description "Protocol. If zero not relevant."; + } + } + } + + augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:sad/hc2vpp-ietf-ipsec:sad-entries { + ext:augment-identifier "ipsec-sad-entries-augmentation"; + leaf sa-id { + type int32; + } + } + + augment /hc2vpp-ietf-ipsec:ikev2/hc2vpp-ietf-ipsec:ike-global-configuration { + ext:augment-identifier "ipsec-ike-global-conf-augmentation"; + leaf local-key-file { + type string; + description "Local file with RSA signature"; + } + } + + augment /hc2vpp-ietf-ipsec:ikev2/hc2vpp-ietf-ipsec:policy { + ext:augment-identifier "ipsec-ikev2-policy-augmentation"; + uses ikev2-policy-aug-grouping; + } + + augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:spd { + ext:augment-identifier "ipsec-spd-enabled-interfaces-augmentation"; + uses spd-interfaces-grouping; + } + + augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:spd/hc2vpp-ietf-ipsec:spd-entries { + ext:augment-identifier "ipsec-spd-entries-augmentation"; + uses vpp-ipsec-spd-entry-grouping; + } + + augment /hc2vpp-ietf-ipsec:ipsec-state { + ext:augment-identifier "ipsec-state-spd-augmentation"; + list spd { + key "spd-id"; + + leaf spd-id { + type int32; + } + list spd-entries { + uses vpp-ipsec-spd-entry-grouping; + } + + uses spd-interfaces-grouping; + } + } +} -- cgit 1.2.3-korg