blob: 72ade372ae18d9578e6d74ce30838b2120e28418 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
module vpp-ipsec {
yang-version 1;
namespace "http://fd.io/hc2vpp/yang/vpp-ipsec";
prefix "vpp-ipsec";
import hc2vpp-ietf-ipsec {
prefix "hc2vpp-ietf-ipsec";
}
import ietf-inet-types {
prefix inet;
}
import yang-ext {
prefix "ext";
}
import ietf-interfaces {
prefix "if";
}
revision "2018-12-13" {
description "Initial revision of ipsec model";
}
grouping vpp-ipsec-spd-entry-grouping {
description
"common information when using IPsec tunnel mode";
leaf spi {
type int32;
}
leaf priority {
type int32;
}
leaf direction {
type hc2vpp-ietf-ipsec:ipsec-traffic-direction;
}
leaf is-ipv6 {
type boolean;
}
leaf operation {
type hc2vpp-ietf-ipsec:ipsec-spd-operation;
}
leaf protect-sa-id {
type int32;
}
leaf laddr-start {
type inet:ip-address;
}
leaf laddr-stop {
type inet:ip-address;
}
leaf raddr-start {
type inet:ip-address;
}
leaf raddr-stop {
type inet:ip-address;
}
}
grouping spd-interfaces-grouping {
container spd-interfaces {
list interface {
key "interface-ref";
leaf interface-ref {
type if:interface-ref;
}
}
}
}
grouping ikev2-policy-aug-grouping {
leaf certificate {
type string;
description "Local file with RSA signature";
}
list traffic-selectors {
key "ts-name";
description "List of traffic selectors of profile";
leaf ts-name {
type string;
}
uses hc2vpp-ietf-ipsec:traffic-selector;
leaf protocol {
type uint8;
description "Protocol. If zero not relevant.";
}
}
}
augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:sad/hc2vpp-ietf-ipsec:sad-entries {
ext:augment-identifier "ipsec-sad-entries-augmentation";
leaf sa-id {
type int32;
}
}
augment /hc2vpp-ietf-ipsec:ikev2/hc2vpp-ietf-ipsec:ike-global-configuration {
ext:augment-identifier "ipsec-ike-global-conf-augmentation";
leaf local-key-file {
type string;
description "Local file with RSA signature";
}
}
augment /hc2vpp-ietf-ipsec:ikev2/hc2vpp-ietf-ipsec:policy {
ext:augment-identifier "ipsec-ikev2-policy-augmentation";
uses ikev2-policy-aug-grouping;
}
augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:spd {
ext:augment-identifier "ipsec-spd-enabled-interfaces-augmentation";
uses spd-interfaces-grouping;
}
augment /hc2vpp-ietf-ipsec:ipsec/hc2vpp-ietf-ipsec:spd/hc2vpp-ietf-ipsec:spd-entries {
ext:augment-identifier "ipsec-spd-entries-augmentation";
uses vpp-ipsec-spd-entry-grouping;
}
augment /hc2vpp-ietf-ipsec:ipsec-state {
ext:augment-identifier "ipsec-state-spd-augmentation";
list spd {
key "spd-id";
leaf spd-id {
type int32;
}
list spd-entries {
uses vpp-ipsec-spd-entry-grouping;
}
uses spd-interfaces-grouping;
}
}
}
|
