diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index a6f9163e..a3064031 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -21,10 +21,10 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up JDK 8 + - name: Set up JDK 11 uses: actions/setup-java@v3 with: - java-version: '8' + java-version: '11' distribution: 'temurin' cache: maven - name: Build with Maven diff --git a/pom.xml b/pom.xml index 3af54464..31a0be9c 100644 --- a/pom.xml +++ b/pom.xml @@ -62,7 +62,7 @@ 2.12.2 5.9.3 2.4.0 - 4.9.3 + 4.11.1 2.10.1 33.5.0-jre 3.25.1 diff --git a/yangkit-data-json-codec/src/test/java/org/yangcentral/yangkit/data/codec/json/test/source/JsonCodecDataTestGetSource.java b/yangkit-data-json-codec/src/test/java/org/yangcentral/yangkit/data/codec/json/test/source/JsonCodecDataTestGetSource.java index f776a6cb..8cd51d54 100644 --- a/yangkit-data-json-codec/src/test/java/org/yangcentral/yangkit/data/codec/json/test/source/JsonCodecDataTestGetSource.java +++ b/yangkit-data-json-codec/src/test/java/org/yangcentral/yangkit/data/codec/json/test/source/JsonCodecDataTestGetSource.java @@ -11,7 +11,7 @@ import org.yangcentral.yangkit.model.api.schema.YangSchemaContext; import org.yangcentral.yangkit.parser.YangParserException; import org.yangcentral.yangkit.parser.YangYinParser; - +import java.util.Arrays; import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -150,9 +150,12 @@ public void getMultipleYangModules() throws DocumentException, IOException, Yang YangDataDocument yangDataDocument = new YangDataDocumentJsonParser(schemaContext).parse(jsonNode,validatorResultBuilder); String[] result = yangDataDocument.getModulesStrings(); - assertEquals(result.length, 2); - assertArrayEquals(result, new String[]{readFile(yangComplexFile), readFile(yangSimpleFile)}); + String[] expected = new String[]{readFile(yangSimpleFile), readFile(yangComplexFile)}; + Arrays.sort(result); + Arrays.sort(expected); + assertEquals(result.length, 2); + assertArrayEquals(result, expected); } public String readFile(String path){ diff --git a/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App3.java b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App3.java index 755eabe7..c7b5ae6b 100644 --- a/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App3.java +++ b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App3.java @@ -34,7 +34,7 @@ */ public class App3 { public static void main(String[] args) throws IOException, YangParserException, DocumentException { - InputStream inputStream = App3.class.getClassLoader().getResourceAsStream("insa-test.yang"); + InputStream inputStream = App3.class.getClassLoader().getResourceAsStream("App3/yang/insa-test.yang"); // Parsing module YangSchemaContext schemaContext = YangYinParser.parse(inputStream, "insa-custom", null); @@ -49,7 +49,7 @@ public static void main(String[] args) throws IOException, YangParserException, // Parsing from file with a yang module dependence System.out.println("-------------------"); - URL dependentYang = App3.class.getClassLoader().getResource("insa-test-dependence.yang"); + URL dependentYang = App3.class.getClassLoader().getResource("App3/yang/insa-test-dependence.yang"); schemaContext = YangYinParser.parse(dependentYang.getFile(), schemaContext); ValidatorResult result2 = schemaContext.validate(); System.out.println("Second yang is valid ? " + result2.isOk()); diff --git a/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App5.java b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App5.java new file mode 100644 index 00000000..9aa9d3e3 --- /dev/null +++ b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App5.java @@ -0,0 +1,89 @@ +/* + * Copyright 2023 INSA Lyon. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.yangcentral.yangkit.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.dom4j.DocumentException; +import org.yangcentral.yangkit.common.api.validate.ValidatorRecord; +import org.yangcentral.yangkit.common.api.validate.ValidatorResult; +import org.yangcentral.yangkit.common.api.validate.ValidatorResultBuilder; +import org.yangcentral.yangkit.data.api.model.YangDataDocument; +import org.yangcentral.yangkit.data.codec.json.YangDataDocumentJsonParser; +import org.yangcentral.yangkit.model.api.schema.YangSchemaContext; +import org.yangcentral.yangkit.model.api.stmt.Module; +import org.yangcentral.yangkit.parser.YangParserException; +import org.yangcentral.yangkit.parser.YangYinParser; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; + +/** + * Usecase on how to use yang to validate YANG-push notification + * + */ +public class App5 { + public static void main(String[] args) throws IOException, YangParserException, DocumentException { + + URL yangUrl = App5.class.getClassLoader().getResource("App5/interfaces"); + String yangDir = yangUrl.getFile(); + + // Parsing module + YangSchemaContext schemaContext = YangYinParser.parse(yangDir); + ValidatorResult result = schemaContext.validate(); + System.out.println("Valid? " + result.isOk()); + System.out.println("Size modules = " + schemaContext.getModules().size()); + + int count = 0; + for (Module module : schemaContext.getModules()) { + System.out.println(count + "->Module["+ module.getModuleId().getModuleName()+"] prefix[" + module.getSelfPrefix()+"] | revision[" + module.getCurRevision().get() + "] ; root? [" + module.isSchemaTreeRoot() + "]"); + count++; + } + + if (!result.isOk()) { + for (ValidatorRecord record : result.getRecords()) { + System.out.println("Error: "+ record.getBadElement() + ':' + record.getErrorMsg().getMessage()); + } + } else { + System.out.println("YANGs valid"); + for (ValidatorRecord record : result.getRecords()) { + System.out.println("valid: "+ record.getBadElement() + ':' + record.getErrorMsg().getMessage() + "; Severity:" + record.getSeverity().getFieldName()); + } + } + System.out.println("------------ Validating valid message ------------"); + InputStream jsonInputStream = App5.class.getClassLoader().getResourceAsStream("App5/json/interface.json"); + JsonNode jsonElement = null; + ObjectMapper objectMapper = new ObjectMapper(); + jsonElement = objectMapper.readTree(jsonInputStream); + + System.out.println("Valid Message: " + jsonElement); + + // Validating + ValidatorResultBuilder validatorResultBuilder = new ValidatorResultBuilder(); + YangDataDocument doc = new YangDataDocumentJsonParser(schemaContext).parse(jsonElement, validatorResultBuilder); + doc.update(); + ValidatorResult validatorResult = validatorResultBuilder.build(); + + System.out.println("Is deserialization ok (should be true)? " + validatorResult.isOk()); + + ValidatorResult validationResult = doc.validate(); + System.out.println("second validation: " + validationResult.isOk()); + if (!validationResult.isOk()) System.out.println(validationResult); + + } +} diff --git a/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App6.java b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App6.java new file mode 100644 index 00000000..a4e5874a --- /dev/null +++ b/yangkit-examples/src/main/java/org/yangcentral/yangkit/examples/App6.java @@ -0,0 +1,89 @@ +/* + * Copyright 2023 INSA Lyon. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.yangcentral.yangkit.examples; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.dom4j.DocumentException; +import org.yangcentral.yangkit.common.api.validate.ValidatorRecord; +import org.yangcentral.yangkit.common.api.validate.ValidatorResult; +import org.yangcentral.yangkit.common.api.validate.ValidatorResultBuilder; +import org.yangcentral.yangkit.data.api.model.YangDataDocument; +import org.yangcentral.yangkit.data.codec.json.YangDataDocumentJsonParser; +import org.yangcentral.yangkit.model.api.schema.YangSchemaContext; +import org.yangcentral.yangkit.model.api.stmt.Module; +import org.yangcentral.yangkit.parser.YangParserException; +import org.yangcentral.yangkit.parser.YangYinParser; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; + +/** + * Usecase on how to use yang to validate YANG-push notification + * + */ +public class App6 { + public static void main(String[] args) throws IOException, YangParserException, DocumentException { + + URL yangUrl = App6.class.getClassLoader().getResource("App6/yangs"); + String yangDir = yangUrl.getFile(); + + // Parsing module + YangSchemaContext schemaContext = YangYinParser.parse(yangDir); + ValidatorResult result = schemaContext.validate(); + System.out.println("Valid? " + result.isOk()); + System.out.println("Size modules = " + schemaContext.getModules().size()); + + int count = 0; + for (Module module : schemaContext.getModules()) { + System.out.println(count + "->Module["+ module.getModuleId().getModuleName()+"] prefix[" + module.getSelfPrefix()+"] | revision[" + module.getCurRevision().get() + "] ; root? [" + module.isSchemaTreeRoot() + "]"); + count++; + } + + if (!result.isOk()) { + for (ValidatorRecord record : result.getRecords()) { + System.out.println("Error: "+ record.getBadElement() + ':' + record.getErrorMsg().getMessage()); + } + } else { + System.out.println("YANGs valid"); + for (ValidatorRecord record : result.getRecords()) { + System.out.println("valid: "+ record.getBadElement() + ':' + record.getErrorMsg().getMessage() + "; Severity:" + record.getSeverity().getFieldName()); + } + } + System.out.println("------------ Validating valid message ------------"); + InputStream jsonInputStream = App6.class.getClassLoader().getResourceAsStream("App6/json/telemetry-msg.json"); + JsonNode jsonElement = null; + ObjectMapper objectMapper = new ObjectMapper(); + jsonElement = objectMapper.readTree(jsonInputStream); + + System.out.println("Valid Message: " + jsonElement); + + // Validating + ValidatorResultBuilder validatorResultBuilder = new ValidatorResultBuilder(); + YangDataDocument doc = new YangDataDocumentJsonParser(schemaContext).parse(jsonElement, validatorResultBuilder); + doc.update(); + ValidatorResult validatorResult = validatorResultBuilder.build(); + + System.out.println("Is deserialization ok (should be true)? " + validatorResult.isOk()); + + ValidatorResult validationResult = doc.validate(); + System.out.println("second validation: " + validationResult.isOk()); + if (!validationResult.isOk()) System.out.println(validationResult); + + } +} diff --git a/yangkit-examples/src/main/resources/json/insa-test.json b/yangkit-examples/src/main/resources/App3/json/insa-test.json similarity index 100% rename from yangkit-examples/src/main/resources/json/insa-test.json rename to yangkit-examples/src/main/resources/App3/json/insa-test.json diff --git a/yangkit-examples/src/main/resources/insa-test-dependence.yang b/yangkit-examples/src/main/resources/App3/yang/insa-test-dependence.yang similarity index 100% rename from yangkit-examples/src/main/resources/insa-test-dependence.yang rename to yangkit-examples/src/main/resources/App3/yang/insa-test-dependence.yang diff --git a/yangkit-examples/src/main/resources/insa-test.yang b/yangkit-examples/src/main/resources/App3/yang/insa-test.yang similarity index 100% rename from yangkit-examples/src/main/resources/insa-test.yang rename to yangkit-examples/src/main/resources/App3/yang/insa-test.yang diff --git a/yangkit-examples/src/main/resources/App5/interfaces/iana-if-type@2023-01-26.yang b/yangkit-examples/src/main/resources/App5/interfaces/iana-if-type@2023-01-26.yang new file mode 100644 index 00000000..2ab3097f --- /dev/null +++ b/yangkit-examples/src/main/resources/App5/interfaces/iana-if-type@2023-01-26.yang @@ -0,0 +1,1851 @@ +module iana-if-type { + namespace "urn:ietf:params:xml:ns:yang:iana-if-type"; + prefix ianaift; + + import ietf-interfaces { + prefix if; + } + + organization "IANA"; + contact + " Internet Assigned Numbers Authority + + Postal: ICANN + 12025 Waterfront Drive, Suite 300 + Los Angeles, CA 90094-2536 + United States + + Tel: +1 310 301 5800 + "; + description + "This YANG module defines YANG identities for IANA-registered + interface types. + + This YANG module is maintained by IANA and reflects the + 'ifType definitions' registry. + + The latest revision of this YANG module can be obtained from + the IANA web site. + + Requests for new values should be made to IANA via + email (iana@iana.org). + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 7224; + see the RFC itself for full legal notices."; + reference + "IANA 'ifType definitions' registry. + "; + + revision 2023-01-26 { + description + "Fix incorrect quotation for previous 3 revision statements."; + } + + revision 2022-08-24 { + description + "Updated reference for ifType 303."; + } + + revision 2022-08-17 { + description + "Changed gpon description to refer to G.984."; + } + + revision 2022-03-07 { + description + "Coalesced revision history entries for 2018-06-28."; + } + + revision 2021-06-21 { + description + "Corrected reference for ifType 303."; + } + + revision 2021-05-17 { + description + "Registered ifType 303."; + } + + revision 2021-04-22 { + description + "Registered ifType 302."; + } + + revision 2021-04-01 { + description + "Updated reference for 301."; + } + + revision 2021-02-18 { + description + "Registered ifType 301."; + } + + revision 2020-08-27 { + description + "Added missing references."; + } + + revision 2020-07-13 { + description + "Added identity cpri."; + } + + revision 2020-07-10 { + description + "Registered ifType 300."; + } + + revision 2020-01-10 { + description + "Registered ifType 299."; + } + + revision 2019-10-16 { + description + "Registered ifType 298."; + } + revision 2019-07-16 { + description + "Registered ifType 297."; + } + revision 2019-06-21 { + description + "Updated reference associated with ifTypes 295-296."; + } + + revision 2019-02-08 { + description + "Corrected formatting issue."; + } + + revision 2019-01-31 { + description + "Registered ifTypes 295-296."; + } + + revision 2018-07-03 { + description + "Corrected revision date."; + } + + revision 2018-06-29 { + description + "Corrected formatting issue."; + } + + revision 2018-06-28 { + description + "Registered ifTypes 293 and 294."; + } + + revision 2018-06-22 { + description + "Registered ifType 292."; + } + + revision 2018-06-21 { + description + "Registered ifType 291."; + } + + revision 2017-03-30 { + description + "Registered ifType 290."; + } + + revision 2017-01-19 { + description + "Registered ifType 289."; + } + + revision 2016-11-23 { + description + "Registered ifTypes 283-288."; + } + + revision 2016-06-09 { + description + "Registered ifType 282."; + } + revision 2016-05-03 { + description + "Registered ifType 281."; + } + revision 2015-06-12 { + description + "Corrected formatting issue."; + } + revision 2014-09-24 { + description + "Registered ifType 280."; + } + revision 2014-09-19 { + description + "Registered ifType 279."; + } + revision 2014-07-03 { + description + "Registered ifTypes 277-278."; + } + revision 2014-05-19 { + description + "Updated the contact address."; + } + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7224: IANA Interface Type YANG Module"; + } + + identity iana-interface-type { + base if:interface-type; + description + "This identity is used as a base for all interface types + defined in the 'ifType definitions' registry."; + } + + identity other { + base iana-interface-type; + } + identity regular1822 { + base iana-interface-type; + } + identity hdh1822 { + base iana-interface-type; + } + identity ddnX25 { + base iana-interface-type; + } + identity rfc877x25 { + base iana-interface-type; + reference + "RFC 1382 - SNMP MIB Extension for the X.25 Packet Layer"; + } + identity ethernetCsmacd { + base iana-interface-type; + description + "For all Ethernet-like interfaces, regardless of speed, + as per RFC 3635."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88023Csmacd { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity iso88024TokenBus { + base iana-interface-type; + } + identity iso88025TokenRing { + base iana-interface-type; + } + identity iso88026Man { + base iana-interface-type; + } + identity starLan { + base iana-interface-type; + status deprecated; + description + "Deprecated via RFC 3635. + Use ethernetCsmacd(6) instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity proteon10Mbit { + base iana-interface-type; + } + identity proteon80Mbit { + base iana-interface-type; + } + identity hyperchannel { + base iana-interface-type; + } + identity fddi { + base iana-interface-type; + reference + "RFC 1512 - FDDI Management Information Base"; + } + identity lapb { + base iana-interface-type; + reference + "RFC 1381 - SNMP MIB Extension for X.25 LAPB"; + } + identity sdlc { + base iana-interface-type; + } + identity ds1 { + base iana-interface-type; + description + "DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + identity e1 { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + reference + "RFC 4805 - Definitions of Managed Objects for the + DS1, J1, E1, DS2, and E2 Interface Types"; + } + identity basicISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity primaryISDN { + base iana-interface-type; + description + "No longer used. See also RFC 2127."; + } + identity propPointToPointSerial { + base iana-interface-type; + description + "Proprietary serial."; + } + identity ppp { + base iana-interface-type; + } + identity softwareLoopback { + base iana-interface-type; + } + identity eon { + base iana-interface-type; + description + "CLNP over IP."; + } + identity ethernet3Mbit { + base iana-interface-type; + } + identity nsip { + base iana-interface-type; + description + "XNS over IP."; + } + identity slip { + base iana-interface-type; + description + "Generic SLIP."; + } + identity ultra { + base iana-interface-type; + description + "Ultra Technologies."; + } + identity ds3 { + base iana-interface-type; + description + "DS3-MIB."; + reference + "RFC 3896 - Definitions of Managed Objects for the + DS3/E3 Interface Type"; + } + identity sip { + base iana-interface-type; + description + "SMDS, coffee."; + reference + "RFC 1694 - Definitions of Managed Objects for SMDS + Interfaces using SMIv2"; + } + identity frameRelay { + base iana-interface-type; + description + "DTE only."; + reference + "RFC 2115 - Management Information Base for Frame Relay + DTEs Using SMIv2"; + } + identity rs232 { + base iana-interface-type; + reference + "RFC 1659 - Definitions of Managed Objects for RS-232-like + Hardware Devices using SMIv2"; + } + identity para { + base iana-interface-type; + description + "Parallel-port."; + reference + "RFC 1660 - Definitions of Managed Objects for + Parallel-printer-like Hardware Devices using + SMIv2"; + } + identity arcnet { + base iana-interface-type; + description + "ARCnet."; + } + identity arcnetPlus { + base iana-interface-type; + description + "ARCnet Plus."; + } + identity atm { + base iana-interface-type; + description + "ATM cells."; + } + identity miox25 { + base iana-interface-type; + reference + "RFC 1461 - SNMP MIB extension for Multiprotocol + Interconnect over X.25"; + } + identity sonet { + base iana-interface-type; + description + "SONET or SDH."; + } + identity x25ple { + base iana-interface-type; + reference + "RFC 2127 - ISDN Management Information Base using SMIv2"; + } + identity iso88022llc { + base iana-interface-type; + } + identity localTalk { + base iana-interface-type; + } + identity smdsDxi { + base iana-interface-type; + } + identity frameRelayService { + base iana-interface-type; + description + "FRNETSERV-MIB."; + reference + "RFC 2954 - Definitions of Managed Objects for Frame + Relay Service"; + } + identity v35 { + base iana-interface-type; + } + identity hssi { + base iana-interface-type; + } + identity hippi { + base iana-interface-type; + } + identity modem { + base iana-interface-type; + description + "Generic modem."; + } + identity aal5 { + base iana-interface-type; + description + "AAL5 over ATM."; + } + identity sonetPath { + base iana-interface-type; + } + identity sonetVT { + base iana-interface-type; + } + identity smdsIcip { + base iana-interface-type; + description + "SMDS InterCarrier Interface."; + } + identity propVirtual { + base iana-interface-type; + description + "Proprietary virtual/internal."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity propMultiplexor { + base iana-interface-type; + description + "Proprietary multiplexing."; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + identity ieee80212 { + base iana-interface-type; + description + "100BaseVG."; + } + identity fibreChannel { + base iana-interface-type; + description + "Fibre Channel."; + } + identity hippiInterface { + base iana-interface-type; + description + "HIPPI interfaces."; + } + identity frameRelayInterconnect { + base iana-interface-type; + status obsolete; + description + "Obsolete; use either + frameRelay(32) or frameRelayService(44)."; + } + identity aflane8023 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.3."; + } + identity aflane8025 { + base iana-interface-type; + description + "ATM Emulated LAN for 802.5."; + } + identity cctEmul { + base iana-interface-type; + description + "ATM Emulated circuit."; + } + identity fastEther { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity isdn { + base iana-interface-type; + description + "ISDN and X.25."; + reference + "RFC 1356 - Multiprotocol Interconnect on X.25 and ISDN + in the Packet Mode"; + } + identity v11 { + base iana-interface-type; + description + "CCITT V.11/X.21."; + } + identity v36 { + base iana-interface-type; + description + "CCITT V.36."; + } + identity g703at64k { + base iana-interface-type; + description + "CCITT G703 at 64Kbps."; + } + identity g703at2mb { + base iana-interface-type; + status obsolete; + description + "Obsolete; see DS1-MIB."; + } + identity qllc { + base iana-interface-type; + description + "SNA QLLC."; + } + identity fastEtherFX { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity channel { + base iana-interface-type; + description + "Channel."; + } + identity ieee80211 { + base iana-interface-type; + description + "Radio spread spectrum."; + } + identity ibm370parChan { + base iana-interface-type; + description + "IBM System 360/370 OEMI Channel."; + } + identity escon { + base iana-interface-type; + description + "IBM Enterprise Systems Connection."; + } + identity dlsw { + base iana-interface-type; + description + "Data Link Switching."; + } + identity isdns { + base iana-interface-type; + description + "ISDN S/T interface."; + } + identity isdnu { + base iana-interface-type; + description + "ISDN U interface."; + } + identity lapd { + base iana-interface-type; + description + "Link Access Protocol D."; + } + identity ipSwitch { + base iana-interface-type; + description + "IP Switching Objects."; + } + identity rsrb { + base iana-interface-type; + description + "Remote Source Route Bridging."; + } + identity atmLogical { + base iana-interface-type; + description + "ATM Logical Port."; + reference + "RFC 3606 - Definitions of Supplemental Managed Objects + for ATM Interface"; + } + identity ds0 { + base iana-interface-type; + description + "Digital Signal Level 0."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity ds0Bundle { + base iana-interface-type; + description + "Group of ds0s on the same ds1."; + reference + "RFC 2494 - Definitions of Managed Objects for the DS0 + and DS0 Bundle Interface Type"; + } + identity bsc { + base iana-interface-type; + description + "Bisynchronous Protocol."; + } + identity async { + base iana-interface-type; + description + "Asynchronous Protocol."; + } + identity cnr { + base iana-interface-type; + description + "Combat Net Radio."; + } + identity iso88025Dtr { + base iana-interface-type; + description + "ISO 802.5r DTR."; + } + identity eplrs { + base iana-interface-type; + description + "Ext Pos Loc Report Sys."; + } + identity arap { + base iana-interface-type; + description + "Appletalk Remote Access Protocol."; + } + identity propCnls { + base iana-interface-type; + description + "Proprietary Connectionless Protocol."; + } + identity hostPad { + base iana-interface-type; + description + "CCITT-ITU X.29 PAD Protocol."; + } + identity termPad { + base iana-interface-type; + description + "CCITT-ITU X.3 PAD Facility."; + } + identity frameRelayMPI { + base iana-interface-type; + description + "Multiproto Interconnect over FR."; + } + identity x213 { + base iana-interface-type; + description + "CCITT-ITU X213."; + } + identity adsl { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop."; + } + identity radsl { + base iana-interface-type; + description + "Rate-Adapt. Digital Subscriber Loop."; + } + identity sdsl { + base iana-interface-type; + description + "Symmetric Digital Subscriber Loop."; + } + identity vdsl { + base iana-interface-type; + description + "Very H-Speed Digital Subscrib. Loop."; + } + identity iso88025CRFPInt { + base iana-interface-type; + description + "ISO 802.5 CRFP."; + } + identity myrinet { + base iana-interface-type; + description + "Myricom Myrinet."; + } + identity voiceEM { + base iana-interface-type; + description + "Voice recEive and transMit."; + } + identity voiceFXO { + base iana-interface-type; + description + "Voice Foreign Exchange Office."; + } + identity voiceFXS { + base iana-interface-type; + description + "Voice Foreign Exchange Station."; + } + identity voiceEncap { + base iana-interface-type; + description + "Voice encapsulation."; + } + identity voiceOverIp { + base iana-interface-type; + description + "Voice over IP encapsulation."; + } + identity atmDxi { + base iana-interface-type; + description + "ATM DXI."; + } + identity atmFuni { + base iana-interface-type; + description + "ATM FUNI."; + } + identity atmIma { + base iana-interface-type; + description + "ATM IMA."; + } + identity pppMultilinkBundle { + base iana-interface-type; + description + "PPP Multilink Bundle."; + } + identity ipOverCdlc { + base iana-interface-type; + description + "IBM ipOverCdlc."; + } + identity ipOverClaw { + base iana-interface-type; + description + "IBM Common Link Access to Workstn."; + } + identity stackToStack { + base iana-interface-type; + description + "IBM stackToStack."; + } + identity virtualIpAddress { + base iana-interface-type; + description + "IBM VIPA."; + } + identity mpc { + base iana-interface-type; + description + "IBM multi-protocol channel support."; + } + identity ipOverAtm { + base iana-interface-type; + description + "IBM ipOverAtm."; + reference + "RFC 2320 - Definitions of Managed Objects for Classical IP + and ARP Over ATM Using SMIv2 (IPOA-MIB)"; + } + identity iso88025Fiber { + base iana-interface-type; + description + "ISO 802.5j Fiber Token Ring."; + } + identity tdlc { + base iana-interface-type; + description + "IBM twinaxial data link control."; + } + identity gigabitEthernet { + base iana-interface-type; + status deprecated; + description + "Obsoleted via RFC 3635. + ethernetCsmacd(6) should be used instead."; + reference + "RFC 3635 - Definitions of Managed Objects for the + Ethernet-like Interface Types"; + } + identity hdlc { + base iana-interface-type; + description + "HDLC."; + } + identity lapf { + base iana-interface-type; + description + "LAP F."; + } + identity v37 { + base iana-interface-type; + description + "V.37."; + } + identity x25mlp { + base iana-interface-type; + description + "Multi-Link Protocol."; + } + identity x25huntGroup { + base iana-interface-type; + description + "X25 Hunt Group."; + } + identity transpHdlc { + base iana-interface-type; + description + "Transp HDLC."; + } + identity interleave { + base iana-interface-type; + description + "Interleave channel."; + } + identity fast { + base iana-interface-type; + description + "Fast channel."; + } + identity ip { + base iana-interface-type; + description + "IP (for APPN HPR in IP networks)."; + } + identity docsCableMaclayer { + base iana-interface-type; + description + "CATV Mac Layer."; + } + identity docsCableDownstream { + base iana-interface-type; + description + "CATV Downstream interface."; + } + identity docsCableUpstream { + base iana-interface-type; + description + "CATV Upstream interface."; + } + identity a12MppSwitch { + base iana-interface-type; + description + "Avalon Parallel Processor."; + } + identity tunnel { + base iana-interface-type; + description + "Encapsulation interface."; + } + identity coffee { + base iana-interface-type; + description + "Coffee pot."; + reference + "RFC 2325 - Coffee MIB"; + } + identity ces { + base iana-interface-type; + description + "Circuit Emulation Service."; + } + identity atmSubInterface { + base iana-interface-type; + description + "ATM Sub Interface."; + } + identity l2vlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using 802.1Q."; + } + identity l3ipvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IP."; + } + identity l3ipxvlan { + base iana-interface-type; + description + "Layer 3 Virtual LAN using IPX."; + } + identity digitalPowerline { + base iana-interface-type; + description + "IP over Power Lines."; + } + identity mediaMailOverIp { + base iana-interface-type; + description + "Multimedia Mail over IP."; + } + identity dtm { + base iana-interface-type; + description + "Dynamic synchronous Transfer Mode."; + } + identity dcn { + base iana-interface-type; + description + "Data Communications Network."; + } + identity ipForward { + base iana-interface-type; + description + "IP Forwarding Interface."; + } + identity msdsl { + base iana-interface-type; + description + "Multi-rate Symmetric DSL."; + } + identity ieee1394 { + base iana-interface-type; + + description + "IEEE1394 High Performance Serial Bus."; + } + identity if-gsn { + base iana-interface-type; + description + "HIPPI-6400."; + } + identity dvbRccMacLayer { + base iana-interface-type; + description + "DVB-RCC MAC Layer."; + } + identity dvbRccDownstream { + base iana-interface-type; + description + "DVB-RCC Downstream Channel."; + } + identity dvbRccUpstream { + base iana-interface-type; + description + "DVB-RCC Upstream Channel."; + } + identity atmVirtual { + base iana-interface-type; + description + "ATM Virtual Interface."; + } + identity mplsTunnel { + base iana-interface-type; + description + "MPLS Tunnel Virtual Interface."; + } + identity srp { + base iana-interface-type; + description + "Spatial Reuse Protocol."; + } + identity voiceOverAtm { + base iana-interface-type; + description + "Voice over ATM."; + } + identity voiceOverFrameRelay { + base iana-interface-type; + description + "Voice Over Frame Relay."; + } + identity idsl { + base iana-interface-type; + description + "Digital Subscriber Loop over ISDN."; + } + identity compositeLink { + base iana-interface-type; + description + "Avici Composite Link Interface."; + } + identity ss7SigLink { + base iana-interface-type; + description + "SS7 Signaling Link."; + } + identity propWirelessP2P { + base iana-interface-type; + description + "Prop. P2P wireless interface."; + } + identity frForward { + base iana-interface-type; + description + "Frame Forward Interface."; + } + identity rfc1483 { + base iana-interface-type; + description + "Multiprotocol over ATM AAL5."; + reference + "RFC 1483 - Multiprotocol Encapsulation over ATM + Adaptation Layer 5"; + } + identity usb { + base iana-interface-type; + description + "USB Interface."; + } + identity ieee8023adLag { + base iana-interface-type; + description + "IEEE 802.3ad Link Aggregate."; + } + identity bgppolicyaccounting { + base iana-interface-type; + description + "BGP Policy Accounting."; + } + identity frf16MfrBundle { + base iana-interface-type; + description + "FRF.16 Multilink Frame Relay."; + } + identity h323Gatekeeper { + base iana-interface-type; + description + "H323 Gatekeeper."; + } + identity h323Proxy { + base iana-interface-type; + description + "H323 Voice and Video Proxy."; + } + identity mpls { + base iana-interface-type; + description + "MPLS."; + } + identity mfSigLink { + base iana-interface-type; + description + "Multi-frequency signaling link."; + } + identity hdsl2 { + base iana-interface-type; + description + "High Bit-Rate DSL - 2nd generation."; + } + identity shdsl { + base iana-interface-type; + description + "Multirate HDSL2."; + } + identity ds1FDL { + base iana-interface-type; + description + "Facility Data Link (4Kbps) on a DS1."; + } + identity pos { + base iana-interface-type; + description + "Packet over SONET/SDH Interface."; + } + identity dvbAsiIn { + base iana-interface-type; + description + "DVB-ASI Input."; + } + identity dvbAsiOut { + base iana-interface-type; + description + "DVB-ASI Output."; + } + identity plc { + base iana-interface-type; + description + "Power Line Communications."; + } + identity nfas { + base iana-interface-type; + description + "Non-Facility Associated Signaling."; + } + identity tr008 { + base iana-interface-type; + description + "TR008."; + } + identity gr303RDT { + base iana-interface-type; + description + "Remote Digital Terminal."; + } + identity gr303IDT { + base iana-interface-type; + description + "Integrated Digital Terminal."; + } + identity isup { + base iana-interface-type; + description + "ISUP."; + } + identity propDocsWirelessMaclayer { + base iana-interface-type; + description + "Cisco proprietary Maclayer."; + } + identity propDocsWirelessDownstream { + base iana-interface-type; + description + "Cisco proprietary Downstream."; + } + identity propDocsWirelessUpstream { + base iana-interface-type; + description + "Cisco proprietary Upstream."; + } + identity hiperlan2 { + base iana-interface-type; + description + "HIPERLAN Type 2 Radio Interface."; + } + identity propBWAp2Mp { + base iana-interface-type; + description + "PropBroadbandWirelessAccesspt2Multipt (use of this value + for IEEE 802.16 WMAN interfaces as per IEEE Std 802.16f + is deprecated, and ieee80216WMAN(237) should be used + instead)."; + } + identity sonetOverheadChannel { + base iana-interface-type; + description + "SONET Overhead Channel."; + } + identity digitalWrapperOverheadChannel { + base iana-interface-type; + description + "Digital Wrapper."; + } + identity aal2 { + base iana-interface-type; + description + "ATM adaptation layer 2."; + } + identity radioMAC { + base iana-interface-type; + description + "MAC layer over radio links."; + } + identity atmRadio { + base iana-interface-type; + description + "ATM over radio links."; + } + identity imt { + base iana-interface-type; + description + "Inter-Machine Trunks."; + } + identity mvl { + base iana-interface-type; + description + "Multiple Virtual Lines DSL."; + } + identity reachDSL { + base iana-interface-type; + description + "Long Reach DSL."; + } + identity frDlciEndPt { + base iana-interface-type; + description + "Frame Relay DLCI End Point."; + } + identity atmVciEndPt { + base iana-interface-type; + description + "ATM VCI End Point."; + } + identity opticalChannel { + base iana-interface-type; + description + "Optical Channel."; + } + identity opticalTransport { + base iana-interface-type; + description + "Optical Transport."; + } + identity propAtm { + base iana-interface-type; + description + "Proprietary ATM."; + } + identity voiceOverCable { + base iana-interface-type; + description + "Voice Over Cable Interface."; + } + identity infiniband { + base iana-interface-type; + description + "Infiniband."; + } + identity teLink { + base iana-interface-type; + description + "TE Link."; + } + identity q2931 { + base iana-interface-type; + description + "Q.2931."; + } + identity virtualTg { + base iana-interface-type; + description + "Virtual Trunk Group."; + } + identity sipTg { + base iana-interface-type; + description + "SIP Trunk Group."; + } + identity sipSig { + base iana-interface-type; + description + "SIP Signaling."; + } + identity docsCableUpstreamChannel { + base iana-interface-type; + description + "CATV Upstream Channel."; + } + identity econet { + base iana-interface-type; + description + "Acorn Econet."; + } + identity pon155 { + base iana-interface-type; + description + "FSAN 155Mb Symetrical PON interface."; + } + identity pon622 { + base iana-interface-type; + description + "FSAN 622Mb Symetrical PON interface."; + } + identity bridge { + base iana-interface-type; + description + "Transparent bridge interface."; + } + identity linegroup { + base iana-interface-type; + description + "Interface common to multiple lines."; + } + identity voiceEMFGD { + base iana-interface-type; + description + "Voice E&M Feature Group D."; + } + identity voiceFGDEANA { + base iana-interface-type; + description + "Voice FGD Exchange Access North American."; + } + identity voiceDID { + base iana-interface-type; + description + "Voice Direct Inward Dialing."; + } + identity mpegTransport { + base iana-interface-type; + description + "MPEG transport interface."; + } + identity sixToFour { + base iana-interface-type; + status deprecated; + description + "6to4 interface (DEPRECATED)."; + reference + "RFC 4087 - IP Tunnel MIB"; + } + identity gtp { + base iana-interface-type; + description + "GTP (GPRS Tunneling Protocol)."; + } + identity pdnEtherLoop1 { + base iana-interface-type; + description + "Paradyne EtherLoop 1."; + } + identity pdnEtherLoop2 { + base iana-interface-type; + description + "Paradyne EtherLoop 2."; + } + identity opticalChannelGroup { + base iana-interface-type; + description + "Optical Channel Group."; + } + identity homepna { + base iana-interface-type; + description + "HomePNA ITU-T G.989."; + } + identity gfp { + base iana-interface-type; + description + "Generic Framing Procedure (GFP)."; + } + identity ciscoISLvlan { + base iana-interface-type; + description + "Layer 2 Virtual LAN using Cisco ISL."; + } + identity actelisMetaLOOP { + base iana-interface-type; + description + "Acteleis proprietary MetaLOOP High Speed Link."; + } + identity fcipLink { + base iana-interface-type; + description + "FCIP Link."; + } + identity rpr { + base iana-interface-type; + description + "Resilient Packet Ring Interface Type."; + } + identity qam { + base iana-interface-type; + description + "RF Qam Interface."; + } + identity lmp { + base iana-interface-type; + description + "Link Management Protocol."; + reference + "RFC 4327 - Link Management Protocol (LMP) Management + Information Base (MIB)"; + } + identity cblVectaStar { + base iana-interface-type; + description + "Cambridge Broadband Networks Limited VectaStar."; + } + identity docsCableMCmtsDownstream { + base iana-interface-type; + description + "CATV Modular CMTS Downstream Interface."; + } + identity adsl2 { + base iana-interface-type; + status deprecated; + description + "Asymmetric Digital Subscriber Loop Version 2 + (DEPRECATED/OBSOLETED - please use adsl2plus(238) + instead)."; + reference + "RFC 4706 - Definitions of Managed Objects for Asymmetric + Digital Subscriber Line 2 (ADSL2)"; + } + identity macSecControlledIF { + base iana-interface-type; + description + "MACSecControlled."; + } + identity macSecUncontrolledIF { + base iana-interface-type; + description + "MACSecUncontrolled."; + } + identity aviciOpticalEther { + base iana-interface-type; + description + "Avici Optical Ethernet Aggregate."; + } + identity atmbond { + base iana-interface-type; + description + "atmbond."; + } + identity voiceFGDOS { + base iana-interface-type; + description + "Voice FGD Operator Services."; + } + identity mocaVersion1 { + base iana-interface-type; + description + "MultiMedia over Coax Alliance (MoCA) Interface + as documented in information provided privately to IANA."; + } + identity ieee80216WMAN { + base iana-interface-type; + description + "IEEE 802.16 WMAN interface."; + } + identity adsl2plus { + base iana-interface-type; + description + "Asymmetric Digital Subscriber Loop Version 2 - + Version 2 Plus and all variants."; + } + identity dvbRcsMacLayer { + base iana-interface-type; + description + "DVB-RCS MAC Layer."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbTdm { + base iana-interface-type; + description + "DVB Satellite TDM."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity dvbRcsTdma { + base iana-interface-type; + description + "DVB-RCS TDMA."; + reference + "RFC 5728 - The SatLabs Group DVB-RCS MIB"; + } + identity x86Laps { + base iana-interface-type; + description + "LAPS based on ITU-T X.86/Y.1323."; + } + identity wwanPP { + base iana-interface-type; + description + "3GPP WWAN."; + } + identity wwanPP2 { + base iana-interface-type; + description + "3GPP2 WWAN."; + } + identity voiceEBS { + base iana-interface-type; + description + "Voice P-phone EBS physical interface."; + } + identity ifPwType { + base iana-interface-type; + description + "Pseudowire interface type."; + reference + "RFC 5601 - Pseudowire (PW) Management Information Base (MIB)"; + } + identity ilan { + base iana-interface-type; + description + "Internal LAN on a bridge per IEEE 802.1ap."; + } + identity pip { + base iana-interface-type; + description + "Provider Instance Port on a bridge per IEEE 802.1ah PBB."; + } + identity aluELP { + base iana-interface-type; + description + "Alcatel-Lucent Ethernet Link Protection."; + } + identity gpon { + base iana-interface-type; + description + "Gigabit-capable passive optical networks (G-PON) as per + ITU-T G.984."; + } + identity vdsl2 { + base iana-interface-type; + description + "Very high speed digital subscriber line Version 2 + (as per ITU-T Recommendation G.993.2)."; + reference + "RFC 5650 - Definitions of Managed Objects for Very High + Speed Digital Subscriber Line 2 (VDSL2)"; + } + identity capwapDot11Profile { + base iana-interface-type; + description + "WLAN Profile Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapDot11Bss { + base iana-interface-type; + description + "WLAN BSS Interface."; + reference + "RFC 5834 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Binding MIB for + IEEE 802.11"; + } + identity capwapWtpVirtualRadio { + base iana-interface-type; + description + "WTP Virtual Radio Interface."; + reference + "RFC 5833 - Control and Provisioning of Wireless Access + Points (CAPWAP) Protocol Base MIB"; + } + identity bits { + base iana-interface-type; + description + "bitsport."; + } + identity docsCableUpstreamRfPort { + base iana-interface-type; + description + "DOCSIS CATV Upstream RF Port."; + } + identity cableDownstreamRfPort { + base iana-interface-type; + description + "CATV downstream RF Port."; + } + identity vmwareVirtualNic { + base iana-interface-type; + description + "VMware Virtual Network Interface."; + } + identity ieee802154 { + base iana-interface-type; + description + "IEEE 802.15.4 WPAN interface."; + reference + "IEEE 802.15.4-2006"; + } + identity otnOdu { + base iana-interface-type; + description + "OTN Optical Data Unit."; + } + identity otnOtu { + base iana-interface-type; + description + "OTN Optical channel Transport Unit."; + } + identity ifVfiType { + base iana-interface-type; + description + "VPLS Forwarding Instance Interface Type."; + } + identity g9981 { + base iana-interface-type; + description + "G.998.1 bonded interface."; + } + identity g9982 { + base iana-interface-type; + description + "G.998.2 bonded interface."; + } + identity g9983 { + base iana-interface-type; + description + "G.998.3 bonded interface."; + } + + identity aluEpon { + base iana-interface-type; + description + "Ethernet Passive Optical Networks (E-PON)."; + } + identity aluEponOnu { + base iana-interface-type; + description + "EPON Optical Network Unit."; + } + identity aluEponPhysicalUni { + base iana-interface-type; + description + "EPON physical User to Network interface."; + } + identity aluEponLogicalLink { + base iana-interface-type; + description + "The emulation of a point-to-point link over the EPON + layer."; + } + identity aluGponOnu { + base iana-interface-type; + description + "GPON Optical Network Unit."; + reference + "ITU-T G.984.2"; + } + identity aluGponPhysicalUni { + base iana-interface-type; + description + "GPON physical User to Network interface."; + reference + "ITU-T G.984.2"; + } + identity vmwareNicTeam { + base iana-interface-type; + description + "VMware NIC Team."; + } + identity docsOfdmDownstream { + base iana-interface-type; + description + "CATV Downstream OFDM interface."; + reference + "Cable Modem Operations Support System Interface + Specification"; + } + identity docsOfdmaUpstream { + base iana-interface-type; + description + "CATV Upstream OFDMA interface."; + reference + "Cable Modem Operations Support System Interface + Specification"; + } + identity gfast { + base iana-interface-type; + description + "G.fast port."; + reference + "ITU-T G.9701"; + } + identity sdci { + base iana-interface-type; + description + "SDCI (IO-Link)."; + reference + "IEC 61131-9 Edition 1.0 2013-09"; + } + identity xboxWireless { + base iana-interface-type; + description + "Xbox wireless."; + } + identity fastdsl { + base iana-interface-type; + description + "FastDSL."; + reference + "BBF TR-355"; + } + identity docsCableScte55d1FwdOob { + base iana-interface-type; + description + "Cable SCTE 55-1 OOB Forward Channel."; + reference + "ANSI/SCTE 55-1 2009"; + } + identity docsCableScte55d1RetOob { + base iana-interface-type; + description + "Cable SCTE 55-1 OOB Return Channel."; + reference + "ANSI/SCTE 55-1 2009"; + } + identity docsCableScte55d2DsOob { + base iana-interface-type; + description + "Cable SCTE 55-2 OOB Downstream Channel."; + reference + "ANSI/SCTE 55-2 2008"; + } + identity docsCableScte55d2UsOob { + base iana-interface-type; + description + "Cable SCTE 55-2 OOB Upstream Channel."; + reference + "ANSI/SCTE 55-2 2008"; + } + identity docsCableNdf { + base iana-interface-type; + description + "Cable Narrowband Digital Forward."; + } + identity docsCableNdr { + base iana-interface-type; + description + "Cable Narrowband Digital Return."; + } + identity ptm { + base iana-interface-type; + description + "Packet Transfer Mode."; + reference + "IEEE G.993.1, Annex H; IEEE G.993.2; IEEE G.9701"; + } + identity ghn { + base iana-interface-type; + description + "G.hn port."; + reference + "IEEE G.9961"; + } + identity otnOtsi { + base iana-interface-type; + description + "Optical Tributary Signal."; + reference + "ITU-T G.959.1"; + } + identity otnOtuc { + base iana-interface-type; + description + "OTN OTUCn."; + reference + "ITU-T G.709/Y.1331"; + } + identity otnOduc { + base iana-interface-type; + description + "OTN ODUC."; + reference + "ITU-T G.709"; + } + identity otnOtsig { + base iana-interface-type; + description + "OTN OTUC Signal."; + reference + "ITU-T G.709"; + } + identity microwaveCarrierTermination { + base iana-interface-type; + description + "air interface of a single microwave carrier."; + reference + "RFC 8561 - A YANG Data Model for Microwave Radio Link"; + } + identity microwaveRadioLinkTerminal { + base iana-interface-type; + description + "radio link interface for one or several aggregated microwave carriers."; + reference + "RFC 8561 - A YANG Data Model for Microwave Radio Link"; + } + identity ieee8021axDrni { + base iana-interface-type; + description + "IEEE 802.1AX Distributed Resilient Network Interface."; + reference + "IEEE 802.1AX-Rev-d2-0"; + } + identity ax25 { + base iana-interface-type; + description + "AX.25 network interfaces."; + reference + "AX.25 Link Access Protocol for Amateur Packet Radio version 2.2"; + } + identity ieee19061nanocom { + base iana-interface-type; + description + "Nanoscale and Molecular Communication."; + reference + "IEEE 1906.1-2015"; + } + identity cpri { + base iana-interface-type; + description + "Common Public Radio Interface."; + reference + "CPRI v7.0"; + } + identity omni { + base iana-interface-type; + description + "Overlay Multilink Network Interface (OMNI)."; + reference + "draft-templin-6man-omni-00"; + } + identity roe { + base iana-interface-type; + description + "Radio over Ethernet Interface."; + reference + "1914.3-2018 - IEEE Standard for Radio over Ethernet Encapsulations and Mappings"; + } + identity p2pOverLan { + base iana-interface-type; + description + "Point to Point over LAN interface."; + reference + "RFC 9296 - ifStackTable for the Point-to-Point (P2P) Interface over a LAN Type: Definition and Examples"; + } +} diff --git a/yangkit-examples/src/main/resources/App5/interfaces/ietf-interfaces@2018-02-20.yang b/yangkit-examples/src/main/resources/App5/interfaces/ietf-interfaces@2018-02-20.yang new file mode 100644 index 00000000..f66c205c --- /dev/null +++ b/yangkit-examples/src/main/resources/App5/interfaces/ietf-interfaces@2018-02-20.yang @@ -0,0 +1,1123 @@ +module ietf-interfaces { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces"; + prefix if; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (Network Modeling) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + "; + + description + "This module contains a collection of YANG definitions for + managing network interfaces. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8343; see + the RFC itself for full legal notices."; + + revision 2018-02-20 { + description + "Updated to support NMDA."; + reference + "RFC 8343: A YANG Data Model for Interface Management"; + } + + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7223: A YANG Data Model for Interface Management"; + } + + /* + * Typedefs + */ + + typedef interface-ref { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + description + "This type is used by data models that need to reference + interfaces."; + } + + /* + * Identities + */ + + identity interface-type { + description + "Base identity from which specific interface types are + derived."; + } + + /* + * Features + */ + + feature arbitrary-names { + description + "This feature indicates that the device allows user-controlled + interfaces to be named arbitrarily."; + } + feature pre-provisioning { + description + "This feature indicates that the device supports + pre-provisioning of interface configuration, i.e., it is + possible to configure an interface whose physical interface + hardware is not present on the device."; + } + feature if-mib { + description + "This feature indicates that the device implements + the IF-MIB."; + reference + "RFC 2863: The Interfaces Group MIB"; + } + + /* + * Data nodes + */ + + container interfaces { + description + "Interface parameters."; + + list interface { + key "name"; + + description + "The list of interfaces on the device. + + The status of an interface is available in this list in the + operational state. If the configuration of a + system-controlled interface cannot be used by the system + (e.g., the interface hardware present does not match the + interface type), then the configuration is not applied to + the system-controlled interface shown in the operational + state. If the configuration of a user-controlled interface + cannot be used by the system, the configured interface is + not instantiated in the operational state. + + System-controlled interfaces created by the system are + always present in this list in the operational state, + whether or not they are configured."; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + operational state, the server MAY reject the request if + the implementation does not support pre-provisioning of + interfaces or if the name refers to an interface that can + never exist in the system. A Network Configuration + Protocol (NETCONF) server MUST reply with an rpc-error + with the error-tag 'invalid-value' in this case. + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + operational state. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + configuration."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the intended configuration to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + Changes in this leaf in the intended configuration are + reflected in ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf link-up-down-trap-enable { + if-feature if-mib; + type enumeration { + enum enabled { + value 1; + description + "The device will generate linkUp/linkDown SNMP + notifications for this interface."; + } + enum disabled { + value 2; + description + "The device will not generate linkUp/linkDown SNMP + notifications for this interface."; + } + } + description + "Controls whether linkUp/linkDown SNMP notifications + should be generated for this interface. + + If this node is not configured, the value 'enabled' is + operationally used by the server for interfaces that do + not operate on top of any other interface (i.e., there are + no 'lower-layer-if' entries), and 'disabled' otherwise."; + reference + "RFC 2863: The Interfaces Group MIB - + ifLinkUpDownTrapEnable"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + config false; + mandatory true; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + config false; + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + config false; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + config false; + mandatory true; + description + "The ifIndex value for the ifEntry represented by this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + config false; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-ref; + config false; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-ref; + config false; + + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + config false; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + config false; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + + } + } + + /* + * Legacy typedefs + */ + + typedef interface-state-ref { + type leafref { + path "/if:interfaces-state/if:interface/if:name"; + } + status deprecated; + description + "This type is used by data models that need to reference + the operationally present interfaces."; + } + + /* + * Legacy operational state data nodes + */ + + container interfaces-state { + config false; + status deprecated; + description + "Data nodes for the operational state of interfaces."; + + list interface { + key "name"; + status deprecated; + + description + "The list of interfaces on the device. + + System-controlled interfaces created by the system are + always present in this list, whether or not they are + configured."; + + leaf name { + type string; + status deprecated; + description + "The name of the interface. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + status deprecated; + description + "The type of the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + mandatory true; + status deprecated; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + mandatory true; + status deprecated; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + status deprecated; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + mandatory true; + status deprecated; + description + "The ifIndex value for the ifEntry represented by this + interface."; + + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + status deprecated; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + status deprecated; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + status deprecated; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + status deprecated; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + status deprecated; + + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + status deprecated; + + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + status deprecated; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App5/interfaces/ietf-yang-types@2013-07-15.yang b/yangkit-examples/src/main/resources/App5/interfaces/ietf-yang-types@2013-07-15.yang new file mode 100644 index 00000000..ee58fa3a --- /dev/null +++ b/yangkit-examples/src/main/resources/App5/interfaces/ietf-yang-types@2013-07-15.yang @@ -0,0 +1,474 @@ +module ietf-yang-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types"; + prefix "yang"; + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: + WG List: + + WG Chair: David Kessens + + + WG Chair: Juergen Schoenwaelder + + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types. + + Copyright (c) 2013 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6991; see + the RFC itself for full legal notices."; + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - yang-identifier + - hex-string + - uuid + - dotted-quad"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of counter and gauge types ***/ + + typedef counter32 { + type uint32; + description + "The counter32 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter32 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter32 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter32. + + In the value set and its semantics, this type is equivalent + to the Counter32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter32 { + type yang:counter32; + default "0"; + description + "The zero-based-counter32 type represents a counter32 + that has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter32 textual convention of the SMIv2."; + reference + "RFC 4502: Remote Network Monitoring Management Information + Base Version 2"; + } + + typedef counter64 { + type uint64; + description + "The counter64 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter64 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter64 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter64. + + In the value set and its semantics, this type is equivalent + to the Counter64 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter64 { + type yang:counter64; + default "0"; + description + "The zero-based-counter64 type represents a counter64 that + has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter64 textual convention of the SMIv2."; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + typedef gauge32 { + type uint32; + description + "The gauge32 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^32-1 (4294967295 decimal), and + the minimum value cannot be smaller than 0. The value of + a gauge32 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge32 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the Gauge32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef gauge64 { + type uint64; + description + "The gauge64 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^64-1 (18446744073709551615), and + the minimum value cannot be smaller than 0. The value of + a gauge64 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge64 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the CounterBasedGauge64 SMIv2 textual convention defined + in RFC 2856"; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + /*** collection of identifier-related types ***/ + + typedef object-identifier { + type string { + pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))' + + '(\.(0|([1-9]\d*)))*'; + } + description + "The object-identifier type represents administratively + assigned names in a registration-hierarchical-name tree. + + Values of this type are denoted as a sequence of numerical + non-negative sub-identifier values. Each sub-identifier + value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers + are separated by single dots and without any intermediate + whitespace. + + The ASN.1 standard restricts the value space of the first + sub-identifier to 0, 1, or 2. Furthermore, the value space + of the second sub-identifier is restricted to the range + 0 to 39 if the first sub-identifier is 0 or 1. Finally, + the ASN.1 standard requires that an object identifier + has always at least two sub-identifiers. The pattern + captures these restrictions. + + Although the number of sub-identifiers is not limited, + module designers should realize that there may be + implementations that stick with the SMIv2 limit of 128 + sub-identifiers. + + This type is a superset of the SMIv2 OBJECT IDENTIFIER type + since it is not restricted to 128 sub-identifiers. Hence, + this type SHOULD NOT be used to represent the SMIv2 OBJECT + IDENTIFIER type; the object-identifier-128 type SHOULD be + used instead."; + reference + "ISO9834-1: Information technology -- Open Systems + Interconnection -- Procedures for the operation of OSI + Registration Authorities: General procedures and top + arcs of the ASN.1 Object Identifier tree"; + } + + typedef object-identifier-128 { + type object-identifier { + pattern '\d*(\.\d*){1,127}'; + } + description + "This type represents object-identifiers restricted to 128 + sub-identifiers. + + In the value set and its semantics, this type is equivalent + to the OBJECT IDENTIFIER type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef yang-identifier { + type string { + length "1..max"; + pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*'; + pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*'; + } + description + "A YANG identifier string as defined by the 'identifier' + rule in Section 12 of RFC 6020. An identifier must + start with an alphabetic character or an underscore + followed by an arbitrary sequence of alphabetic or + numeric characters, underscores, hyphens, or dots. + + A YANG identifier MUST NOT start with any possible + combination of the lowercase or uppercase character + sequence 'xml'."; + reference + "RFC 6020: YANG - A Data Modeling Language for the Network + Configuration Protocol (NETCONF)"; + } + + /*** collection of types related to date and time***/ + + typedef date-and-time { + type string { + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date-and-time type is a profile of the ISO 8601 + standard for representation of dates and times using the + Gregorian calendar. The profile is defined by the + date-time production in Section 5.6 of RFC 3339. + + The date-and-time type is compatible with the dateTime XML + schema type with the following notable exceptions: + + (a) The date-and-time type does not allow negative years. + + (b) The date-and-time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in dateTime. + + (c) The canonical format (see below) of data-and-time values + differs from the canonical format used by the dateTime XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + This type is not equivalent to the DateAndTime textual + convention of the SMIv2 since RFC 3339 uses a different + separator between full-date and full-time and provides + higher resolution of time-secfrac. + + The canonical format for date-and-time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date-and-time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date-and-time values with an unknown time zone (usually + referring to the notion of local time) uses the time-offset + -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + RFC 2579: Textual Conventions for SMIv2 + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef timeticks { + type uint32; + description + "The timeticks type represents a non-negative integer that + represents the time, modulo 2^32 (4294967296 decimal), in + hundredths of a second between two epochs. When a schema + node is defined that uses this type, the description of + the schema node identifies both of the reference epochs. + + In the value set and its semantics, this type is equivalent + to the TimeTicks type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef timestamp { + type yang:timeticks; + description + "The timestamp type represents the value of an associated + timeticks schema node at which a specific occurrence + happened. The specific occurrence must be defined in the + description of any schema node defined using this type. When + the specific occurrence occurred prior to the last time the + associated timeticks attribute was zero, then the timestamp + value is zero. Note that this requires all timestamp values + to be reset to zero when the value of the associated timeticks + attribute reaches 497+ days and wraps around to zero. + + The associated timeticks schema node must be specified + in the description of any schema node using this type. + + In the value set and its semantics, this type is equivalent + to the TimeStamp textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of generic address types ***/ + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + + description + "Represents media- or physical-level addresses represented + as a sequence octets, each octet represented by two hexadecimal + numbers. Octets are separated by colons. The canonical + representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the PhysAddress textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + } + description + "The mac-address type represents an IEEE 802 MAC address. + The canonical representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the MacAddress textual convention of the SMIv2."; + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture + RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of XML-specific types ***/ + + typedef xpath1.0 { + type string; + description + "This type represents an XPATH 1.0 expression. + + When a schema node is defined that uses this type, the + description of the schema node MUST specify the XPath + context in which the XPath expression is evaluated."; + reference + "XPATH: XML Path Language (XPath) Version 1.0"; + } + + /*** collection of string types ***/ + + typedef hex-string { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "A hexadecimal string with octets represented as hex digits + separated by colons. The canonical representation uses + lowercase characters."; + } + + typedef uuid { + type string { + pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' + + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'; + } + description + "A Universally Unique IDentifier in the string representation + defined in RFC 4122. The canonical representation uses + lowercase characters. + + The following is an example of a UUID in string representation: + f81d4fae-7dec-11d0-a765-00a0c91e6bf6 + "; + reference + "RFC 4122: A Universally Unique IDentifier (UUID) URN + Namespace"; + } + + typedef dotted-quad { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'; + } + description + "An unsigned 32-bit number expressed in the dotted-quad + notation, i.e., four octets written as decimal numbers + and separated with the '.' (full stop) character."; + } +} diff --git a/yangkit-examples/src/main/resources/App5/json/interface.json b/yangkit-examples/src/main/resources/App5/json/interface.json new file mode 100644 index 00000000..89d7e9ad --- /dev/null +++ b/yangkit-examples/src/main/resources/App5/json/interface.json @@ -0,0 +1,16 @@ +{ + "data": { + "ietf-interfaces:interfaces": { + "interface": [{ + "name": "eth0", + "type": "iana-if-type:ethernetCsmacd", + "if-index": 1, + "admin-status": "up", + "oper-status": "up", + "statistics": { + "discontinuity-time": "2014-07-29T13:43:12Z" + } + }] + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/json/telemetry-msg.json b/yangkit-examples/src/main/resources/App6/json/telemetry-msg.json new file mode 100644 index 00000000..4c2edc83 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/json/telemetry-msg.json @@ -0,0 +1,61 @@ +{ + "ietf-telemetry-message:message": { + "timestamp": "2024-02-14T12:10:10.12+01:00", + "session-protocol": "yp-push", + "network-node-manifest": { + "name": "pe1", + "vendor": "open source", + "software-version": "1.1.2" + }, + "data-collection-manifest": { + "name": "collector-1", + "vendor": "open source", + "software-version": "2.1.0" + }, + "telemetry-message-metadata": { + "event-time": "2024-02-14T12:10:10.10+01:00", + "ietf-yang-push-telemetry-message:yang-push-subscription": { + "id": 89, + "xpath-filter": "/ietf-interfaces:interfaces", + "datastore": "ietf-datastores:operational", + "transport": "ietf-udp-notif-transport:udp-notif", + "encoding": "ietf-subscribed-notifications:encode-json", + "module-version": [ + { + "module-name": "ietf-interfaces", + "revision": "2018-02-20", + "revision-label": "2.0.0" + } + ], + "yang-library-content-id": "abc" + } + }, + "data-collection-metadata": { + "remote-address": "192.168.1.100", + "remote-port": 123, + "local-address": "192.168.1.1", + "local-port": 9991, + "labels": [ + { + "name": "platform-name", + "string-value": "name" + } + ] + }, + "payload": { + "ietf-yang-push:push-update": { + "id": 89, + "datastore-contents": { + "ietf-interfaces:interfaces": { + "interface": [ + { + "name": "eth0", + "oper-status": "down" + } + ] + } + } + } + } + } +} \ No newline at end of file diff --git a/yangkit-examples/src/main/resources/App6/yangs/iana-tls-cipher-suite-algs@2024-10-16.yang b/yangkit-examples/src/main/resources/App6/yangs/iana-tls-cipher-suite-algs@2024-10-16.yang new file mode 100644 index 00000000..31145128 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/iana-tls-cipher-suite-algs@2024-10-16.yang @@ -0,0 +1,3551 @@ +module iana-tls-cipher-suite-algs { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:iana-tls-cipher-suite-algs"; + prefix tlscsa; + + organization + "Internet Assigned Numbers Authority (IANA)"; + + contact + "Postal: ICANN + 12025 Waterfront Drive, Suite 300 + Los Angeles, CA 90094-2536 + United States of America + Tel: +1 310 301 5800 + Email: "; + + description + "This module defines enumerations for the cipher suite + algorithms defined in the 'TLS Cipher Suites' registry + under the 'Transport Layer Security (TLS) Parameters' + registry group maintained by IANA. + + Copyright (c) 2024 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + The initial version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices. + + All versions of this module are published by IANA + (https://www.iana.org/assignments/yang-parameters)."; + + revision 2024-10-16 { + description + "This initial version of the module was created using + the script defined in RFC 9645 to reflect the contents + of the cipher-suite algorithms registry maintained by IANA."; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + typedef tls-cipher-suite-algorithm { + type enumeration { + enum TLS_NULL_WITH_NULL_NULL { + status deprecated; + description + "Enumeration for the 'TLS_NULL_WITH_NULL_NULL' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_MD5' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_SHA' algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version 1.1 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_RSA_WITH_IDEA_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_IDEA_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_DSS_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DHE_DSS_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DHE_RSA_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version 1.1 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DH_anon_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA' algorithm."; + reference + "RFC 4346: + The Transport Layer Security (TLS) Protocol Version + 1.1"; + } + enum TLS_DH_anon_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 8996: + Deprecating TLS 1.0 and TLS 1.1"; + } + enum TLS_DH_anon_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_KRB5_WITH_DES_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_DES_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_WITH_IDEA_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_IDEA_CBC_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_DES_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_DES_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_3DES_EDE_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_WITH_RC4_128_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_RC4_128_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_WITH_IDEA_CBC_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_WITH_IDEA_CBC_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC4_40_SHA { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { + status deprecated; + description + "Enumeration for the 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5' + algorithm."; + reference + "RFC 2712: + Addition of Kerberos Cipher Suites to Transport Layer + Security (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA' algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 4785: + Pre-Shared Key (PSK) Ciphersuites with NULL Encryption + for Transport Layer Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_DSS_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_DH_anon_WITH_AES_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_CBC_SHA256' + algorithm."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version + 1.2"; + } + enum TLS_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_SEED_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_SEED_CBC_SHA' + algorithm."; + reference + "RFC 4162: + Addition of SEED Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5288: + AES Galois Counter Mode (GCM) Cipher Suites for TLS"; + } + enum TLS_PSK_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_DHE_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5487: + Pre-Shared Key Cipher Suites for TLS with SHA-256/384 + and AES Galois Counter Mode"; + } + enum TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256' + algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256' algorithm."; + reference + "RFC 5932: + Camellia Cipher Suites for TLS"; + } + enum TLS_SM4_GCM_SM3 { + status deprecated; + description + "Enumeration for the 'TLS_SM4_GCM_SM3' algorithm."; + reference + "RFC 8998: + ShangMi (SM) Cipher Suites for TLS 1.3"; + } + enum TLS_SM4_CCM_SM3 { + status deprecated; + description + "Enumeration for the 'TLS_SM4_CCM_SM3' algorithm."; + reference + "RFC 8998: + ShangMi (SM) Cipher Suites for TLS 1.3"; + } + enum TLS_EMPTY_RENEGOTIATION_INFO_SCSV { + status deprecated; + description + "Enumeration for the 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' + algorithm."; + reference + "RFC 5746: + Transport Layer Security (TLS) Renegotiation Indication + Extension"; + } + enum TLS_AES_128_GCM_SHA256 { + description + "Enumeration for the 'TLS_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_256_GCM_SHA384 { + description + "Enumeration for the 'TLS_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the 'TLS_CHACHA20_POLY1305_SHA256' + algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_128_CCM_SHA256 { + description + "Enumeration for the 'TLS_AES_128_CCM_SHA256' algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version + 1.3"; + } + enum TLS_AES_128_CCM_8_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_AES_128_CCM_8_SHA256' + algorithm."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3 + IESG Action: + IESG Action 2018-08-16"; + } + enum TLS_AEGIS_256_SHA512 { + status deprecated; + description + "Enumeration for the 'TLS_AEGIS_256_SHA512' algorithm."; + reference + "draft-irtf-cfrg-aegis-aead-08: + The AEGIS Family of Authenticated Encryption + Algorithms"; + } + enum TLS_AEGIS_128L_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_AEGIS_128L_SHA256' algorithm."; + reference + "draft-irtf-cfrg-aegis-aead-08: + The AEGIS Family of Authenticated Encryption + Algorithms"; + } + enum TLS_FALLBACK_SCSV { + status deprecated; + description + "Enumeration for the 'TLS_FALLBACK_SCSV' algorithm."; + reference + "RFC 7507: + TLS Fallback Signaling Cipher Suite Value (SCSV) for + Preventing Protocol Downgrade Attacks"; + } + enum TLS_ECDH_ECDSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_NULL_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and Earlier + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_ECDH_anon_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 8422: + Elliptic Curve Cryptography (ECC) Cipher Suites for + Transport Layer Security (TLS) Versions 1.2 and + Earlier"; + } + enum TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the + 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA' algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5054: + Using the Secure Remote Password (SRP) Protocol for TLS + Authentication"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 5289: + TLS Elliptic Curve Cipher Suites with SHA-256/384 and + AES Galois Counter Mode (GCM)"; + } + enum TLS_ECDHE_PSK_WITH_RC4_128_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_RC4_128_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS) + RFC 6347: + Datagram Transport Layer Security Version 1.2"; + } + enum TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256' algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384' algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA256' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_NULL_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_PSK_WITH_NULL_SHA384' + algorithm."; + reference + "RFC 5489: + ECDHE_PSK Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6209: + Addition of the ARIA Cipher Suites to Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384' + algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384' algorithm."; + reference + "RFC 6367: + Addition of the Camellia Cipher Suites to Transport + Layer Security (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_128_CCM { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_256_CCM { + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_RSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_RSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_RSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_DHE_RSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_128_CCM { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_DHE_PSK_WITH_AES_256_CCM { + description + "Enumeration for the 'TLS_DHE_PSK_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_DHE_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_DHE_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_PSK_DHE_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_PSK_DHE_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 6655: + AES-CCM Cipher Suites for Transport Layer Security + (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CCM { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CCM { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 { + status deprecated; + description + "Enumeration for the 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8' + algorithm."; + reference + "RFC 7251: + AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites + for TLS"; + } + enum TLS_ECCPWD_WITH_AES_128_GCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_128_GCM_SHA256' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_256_GCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_256_GCM_SHA384' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_128_CCM_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_128_CCM_SHA256' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_ECCPWD_WITH_AES_256_CCM_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_ECCPWD_WITH_AES_256_CCM_SHA384' + algorithm."; + reference + "RFC 8492: + Secure Password Ciphersuites for Transport Layer + Security (TLS)"; + } + enum TLS_SHA256_SHA256 { + status deprecated; + description + "Enumeration for the 'TLS_SHA256_SHA256' algorithm."; + reference + "RFC 9150: + TLS 1.3 Authentication and Integrity-Only Cipher + Suites"; + } + enum TLS_SHA384_SHA384 { + status deprecated; + description + "Enumeration for the 'TLS_SHA384_SHA384' algorithm."; + reference + "RFC 9150: + TLS 1.3 Authentication and Integrity-Only Cipher + Suites"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC' + algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC' algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_28147_CNT_IMIT { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_28147_CNT_IMIT' algorithm."; + reference + "RFC 9189: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.2"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L' algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_MGM_L { + status deprecated; + description + "Enumeration for the 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_L' + algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S { + status deprecated; + description + "Enumeration for the + 'TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S' algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_GOSTR341112_256_WITH_MAGMA_MGM_S { + status deprecated; + description + "Enumeration for the 'TLS_GOSTR341112_256_WITH_MAGMA_MGM_S' + algorithm."; + reference + "RFC 9367: + GOST Cipher Suites for Transport Layer Security (TLS) + Protocol Version 1.3"; + } + enum TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256' + algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 { + description + "Enumeration for the + 'TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256' algorithm."; + reference + "RFC 7905: + ChaCha20-Poly1305 Cipher Suites for Transport Layer + Security (TLS)"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 { + status deprecated; + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + enum TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 { + description + "Enumeration for the + 'TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256' algorithm."; + reference + "RFC 8442: + ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for TLS + 1.2 and DTLS 1.2"; + } + } + description + "An enumeration for TLS cipher-suite algorithms."; + } + +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-crypto-types@2024-10-10.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-crypto-types@2024-10-10.yang new file mode 100644 index 00000000..1b547da2 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-crypto-types@2024-10-10.yang @@ -0,0 +1,1109 @@ +module ietf-crypto-types { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-crypto-types"; + prefix ct; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: https://datatracker.ietf.org/wg/netconf + WG List: NETCONF WG list + Author: Kent Watsen "; + + description + "This module defines common YANG types for cryptographic + applications. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9640 + (https://www.rfc-editor.org/info/rfc9640); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version."; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + + /****************/ + /* Features */ + /****************/ + + feature one-symmetric-key-format { + description + "Indicates that the server supports the + 'one-symmetric-key-format' identity."; + } + + feature one-asymmetric-key-format { + description + "Indicates that the server supports the + 'one-asymmetric-key-format' identity."; + } + + feature symmetrically-encrypted-value-format { + description + "Indicates that the server supports the + 'symmetrically-encrypted-value-format' identity."; + } + + feature asymmetrically-encrypted-value-format { + description + "Indicates that the server supports the + 'asymmetrically-encrypted-value-format' identity."; + } + + feature cms-enveloped-data-format { + description + "Indicates that the server supports the + 'cms-enveloped-data-format' identity."; + } + + feature cms-encrypted-data-format { + description + "Indicates that the server supports the + 'cms-encrypted-data-format' identity."; + } + + feature p10-csr-format { + description + "Indicates that the server implements support + for generating P10-based CSRs, as defined + in RFC 2986."; + reference + "RFC 2986: PKCS #10: Certification Request Syntax + Specification Version 1.7"; + } + + feature csr-generation { + description + "Indicates that the server implements the + 'generate-csr' action."; + } + + feature certificate-expiration-notification { + description + "Indicates that the server implements the + 'certificate-expiration' notification."; + } + + feature cleartext-passwords { + description + "Indicates that the server supports cleartext + passwords."; + } + + feature encrypted-passwords { + description + "Indicates that the server supports password + encryption."; + } + + feature cleartext-symmetric-keys { + description + "Indicates that the server supports cleartext + symmetric keys."; + } + + feature hidden-symmetric-keys { + description + "Indicates that the server supports hidden keys."; + } + + feature encrypted-symmetric-keys { + description + "Indicates that the server supports encryption + of symmetric keys."; + } + + feature cleartext-private-keys { + description + "Indicates that the server supports cleartext + private keys."; + } + + feature hidden-private-keys { + description + "Indicates that the server supports hidden keys."; + } + + feature encrypted-private-keys { + description + "Indicates that the server supports encryption + of private keys."; + } + + /*************************************************/ + /* Base Identities for Key Format Structures */ + /*************************************************/ + + identity symmetric-key-format { + description + "Base key-format identity for symmetric keys."; + } + + identity public-key-format { + description + "Base key-format identity for public keys."; + } + + identity private-key-format { + description + "Base key-format identity for private keys."; + } + + /****************************************************/ + /* Identities for Private Key Format Structures */ + /****************************************************/ + + identity rsa-private-key-format { + base private-key-format; + description + "Indicates that the private key value is encoded as + an RSAPrivateKey (from RFC 8017), encoded using ASN.1 + distinguished encoding rules (DER), as specified in + ITU-T X.690."; + reference + "RFC 8017: + PKCS #1: RSA Cryptography Specifications Version 2.2 + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + identity ec-private-key-format { + base private-key-format; + description + "Indicates that the private key value is encoded as + an ECPrivateKey (from RFC 5915), encoded using ASN.1 + distinguished encoding rules (DER), as specified in + ITU-T X.690."; + reference + "RFC 5915: + Elliptic Curve Private Key Structure + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + identity one-asymmetric-key-format { + if-feature "one-asymmetric-key-format"; + base private-key-format; + description + "Indicates that the private key value is a + Cryptographic Message Syntax (CMS) OneAsymmetricKey + structure, as defined in RFC 5958, encoded using + ASN.1 distinguished encoding rules (DER), as + specified in ITU-T X.690."; + reference + "RFC 5958: + Asymmetric Key Packages + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /***************************************************/ + /* Identities for Public Key Format Structures */ + /***************************************************/ + + identity ssh-public-key-format { + base public-key-format; + description + "Indicates that the public key value is a Secure Shell (SSH) + public key, as specified in RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity subject-public-key-info-format { + base public-key-format; + description + "Indicates that the public key value is a SubjectPublicKeyInfo + structure, as described in RFC 5280, encoded using ASN.1 + distinguished encoding rules (DER), as specified in + ITU-T X.690."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /******************************************************/ + /* Identities for Symmetric Key Format Structures */ + /******************************************************/ + + identity octet-string-key-format { + base symmetric-key-format; + description + "Indicates that the key is encoded as a raw octet string. + The length of the octet string MUST be appropriate for + the associated algorithm's block size. + + The identity of the associated algorithm is outside the + scope of this specification. This is also true when + the octet string has been encrypted."; + } + + identity one-symmetric-key-format { + if-feature "one-symmetric-key-format"; + base symmetric-key-format; + description + "Indicates that the private key value is a CMS + OneSymmetricKey structure, as defined in RFC 6031, + encoded using ASN.1 distinguished encoding rules + (DER), as specified in ITU-T X.690."; + reference + "RFC 6031: + Cryptographic Message Syntax (CMS) + Symmetric Key Package Content Type + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /*************************************************/ + /* Identities for Encrypted Value Structures */ + /*************************************************/ + + identity encrypted-value-format { + description + "Base format identity for encrypted values."; + } + + identity symmetrically-encrypted-value-format { + if-feature "symmetrically-encrypted-value-format"; + base encrypted-value-format; + description + "Base format identity for symmetrically encrypted + values."; + } + + identity asymmetrically-encrypted-value-format { + if-feature "asymmetrically-encrypted-value-format"; + base encrypted-value-format; + description + "Base format identity for asymmetrically encrypted + values."; + } + + identity cms-encrypted-data-format { + if-feature "cms-encrypted-data-format"; + base symmetrically-encrypted-value-format; + description + "Indicates that the encrypted value conforms to + the 'encrypted-data-cms' type with the constraint + that the 'unprotectedAttrs' value is not set."; + reference + "RFC 5652: + Cryptographic Message Syntax (CMS) + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + identity cms-enveloped-data-format { + if-feature "cms-enveloped-data-format"; + base asymmetrically-encrypted-value-format; + description + "Indicates that the encrypted value conforms to the + 'enveloped-data-cms' type with the following constraints: + + The EnvelopedData structure MUST have exactly one + 'RecipientInfo'. + + If the asymmetric key supports public key cryptography + (e.g., RSA), then the 'RecipientInfo' must be a + 'KeyTransRecipientInfo' with the 'RecipientIdentifier' + using a 'subjectKeyIdentifier' with the value set using + 'method 1' in RFC 7093 over the recipient's public key. + + Otherwise, if the asymmetric key supports key agreement + (e.g., Elliptic Curve Cryptography (ECC)), then the + 'RecipientInfo' must be a 'KeyAgreeRecipientInfo'. The + 'OriginatorIdentifierOrKey' value must use the + 'OriginatorPublicKey' alternative. The + 'UserKeyingMaterial' value must not be present. There + must be exactly one 'RecipientEncryptedKeys' value + having the 'KeyAgreeRecipientIdentifier' set to 'rKeyId' + with the value set using 'method 1' in RFC 7093 over the + recipient's public key."; + reference + "RFC 5652: + Cryptographic Message Syntax (CMS) + RFC 7093: + Additional Methods for Generating Key + Identifiers Values + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /*********************************************************/ + /* Identities for Certificate Signing Request Formats */ + /*********************************************************/ + + identity csr-format { + description + "A base identity for the certificate signing request + formats. Additional derived identities MAY be defined + by future efforts."; + } + + identity p10-csr-format { + if-feature "p10-csr-format"; + base csr-format; + description + "Indicates the CertificationRequest structure + defined in RFC 2986."; + reference + "RFC 2986: PKCS #10: Certification Request Syntax + Specification Version 1.7"; + } + + /***************************************************/ + /* Typedefs for ASN.1 structures from RFC 2986 */ + /***************************************************/ + + typedef csr-info { + type binary; + description + "A CertificationRequestInfo structure, as defined in + RFC 2986, encoded using ASN.1 distinguished encoding + rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7 + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + typedef p10-csr { + type binary; + description + "A CertificationRequest structure, as specified in + RFC 2986, encoded using ASN.1 distinguished encoding + rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax Specification + Version 1.7 + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /***************************************************/ + /* Typedefs for ASN.1 structures from RFC 5280 */ + /***************************************************/ + + typedef x509 { + type binary; + description + "A Certificate structure, as specified in RFC 5280, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + typedef crl { + type binary; + description + "A CertificateList structure, as specified in RFC 5280, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /***************************************************/ + /* Typedefs for ASN.1 structures from RFC 6960 */ + /***************************************************/ + + typedef oscp-request { + type binary; + description + "A OCSPRequest structure, as specified in RFC 6960, + encoded using ASN.1 distinguished encoding rules + (DER), as specified in ITU-T X.690."; + reference + "RFC 6960: + X.509 Internet Public Key Infrastructure Online + Certificate Status Protocol - OCSP + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + typedef oscp-response { + type binary; + description + "A OCSPResponse structure, as specified in RFC 6960, + encoded using ASN.1 distinguished encoding rules + (DER), as specified in ITU-T X.690."; + reference + "RFC 6960: + X.509 Internet Public Key Infrastructure Online + Certificate Status Protocol - OCSP + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + /***********************************************/ + /* Typedefs for ASN.1 structures from 5652 */ + /***********************************************/ + + typedef cms { + type binary; + description + "A ContentInfo structure, as specified in RFC 5652, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5652: + Cryptographic Message Syntax (CMS) + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER) 02/2021"; + } + + typedef data-content-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + data content type, as described in Section 4 of RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef signed-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + signed-data content type, as described in Section 5 of + RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef enveloped-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + enveloped-data content type, as described in Section 6 + of RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef digested-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + digested-data content type, as described in Section 7 + of RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef encrypted-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + encrypted-data content type, as described in Section 8 + of RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef authenticated-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + authenticated-data content type, as described in Section 9 + of RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + /*********************************************************/ + /* Typedefs for ASN.1 structures related to RFC 5280 */ + /*********************************************************/ + + typedef trust-anchor-cert-x509 { + type x509; + description + "A Certificate structure that MUST encode a self-signed + root certificate."; + } + + typedef end-entity-cert-x509 { + type x509; + description + "A Certificate structure that MUST encode a certificate + that is neither self-signed nor has Basic constraint + CA true."; + } + + /*********************************************************/ + /* Typedefs for ASN.1 structures related to RFC 5652 */ + /*********************************************************/ + + typedef trust-anchor-cert-cms { + type signed-data-cms; + description + "A CMS SignedData structure that MUST contain the chain of + X.509 certificates needed to authenticate the certificate + presented by a client or end entity. + + The CMS MUST contain only a single chain of certificates. + The client or end-entity certificate MUST only authenticate + to the last intermediate CA certificate listed in the chain. + + In all cases, the chain MUST include a self-signed root + certificate. In the case where the root certificate is + itself the issuer of the client or end-entity certificate, + only one certificate is present. + + This CMS structure MAY (as applicable where this type is + used) also contain suitably fresh (as defined by local + policy) revocation objects with which the device can + verify the revocation status of the certificates. + + This CMS encodes the degenerate form of the SignedData + structure (RFC 5652, Section 5.2) that is commonly used + to disseminate X.509 certificates and revocation objects + (RFC 5280)."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + RFC 5652: + Cryptographic Message Syntax (CMS)"; + } + + typedef end-entity-cert-cms { + type signed-data-cms; + description + "A CMS SignedData structure that MUST contain the end-entity + certificate itself and MAY contain any number + of intermediate certificates leading up to a trust + anchor certificate. The trust anchor certificate + MAY be included as well. + + The CMS MUST contain a single end-entity certificate. + The CMS MUST NOT contain any spurious certificates. + + This CMS structure MAY (as applicable where this type is + used) also contain suitably fresh (as defined by local + policy) revocation objects with which the device can + verify the revocation status of the certificates. + + This CMS encodes the degenerate form of the SignedData + structure (RFC 5652, Section 5.2) that is commonly + used to disseminate X.509 certificates and revocation + objects (RFC 5280)."; + + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + RFC 5652: + Cryptographic Message Syntax (CMS)"; + } + + /*****************/ + /* Groupings */ + /*****************/ + + grouping encrypted-value-grouping { + description + "A reusable grouping for a value that has been encrypted by + a referenced symmetric or asymmetric key."; + container encrypted-by { + nacm:default-deny-write; + description + "An empty container enabling a reference to the key that + encrypted the value to be augmented in. The referenced + key MUST be a symmetric key or an asymmetric key. + + A symmetric key MUST be referenced via a leaf node called + 'symmetric-key-ref'. An asymmetric key MUST be referenced + via a leaf node called 'asymmetric-key-ref'. + + The leaf nodes MUST be direct descendants in the data tree + and MAY be direct descendants in the schema tree (e.g., + 'choice'/'case' statements are allowed but not a + container)."; + } + leaf encrypted-value-format { + type identityref { + base encrypted-value-format; + } + mandatory true; + description + "Identifies the format of the 'encrypted-value' leaf. + + If 'encrypted-by' points to a symmetric key, then an + identity based on 'symmetrically-encrypted-value-format' + MUST be set (e.g., 'cms-encrypted-data-format'). + + If 'encrypted-by' points to an asymmetric key, then an + identity based on 'asymmetrically-encrypted-value-format' + MUST be set (e.g., 'cms-enveloped-data-format')."; + } + leaf encrypted-value { + nacm:default-deny-write; + type binary; + must '../encrypted-by'; + mandatory true; + description + "The value, encrypted using the referenced symmetric + or asymmetric key. The value MUST be encoded using + the format associated with the 'encrypted-value-format' + leaf."; + } + } + + grouping password-grouping { + description + "A password used for authenticating to a remote system. + + The 'ianach:crypt-hash' typedef from RFC 7317 should be + used instead when needing a password to authenticate a + local account."; + choice password-type { + nacm:default-deny-write; + mandatory true; + description + "Choice between password types."; + case cleartext-password { + if-feature "cleartext-passwords"; + leaf cleartext-password { + nacm:default-deny-all; + type string; + description + "The cleartext value of the password."; + } + } + case encrypted-password { + if-feature "encrypted-passwords"; + container encrypted-password { + description + "A container for the encrypted password value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping symmetric-key-grouping { + description + "A symmetric key."; + leaf key-format { + nacm:default-deny-write; + type identityref { + base symmetric-key-format; + } + description + "Identifies the symmetric key's format. Implementations + SHOULD ensure that the incoming symmetric key value is + encoded in the specified format. + + For encrypted keys, the value is the decrypted key's + format (i.e., the 'encrypted-value-format' conveys the + encrypted key's format)."; + } + choice key-type { + nacm:default-deny-write; + mandatory true; + description + "Choice between key types."; + case cleartext-symmetric-key { + leaf cleartext-symmetric-key { + if-feature "cleartext-symmetric-keys"; + nacm:default-deny-all; + type binary; + must '../key-format'; + description + "The binary value of the key. The interpretation of + the value is defined by the 'key-format' field."; + } + } + case hidden-symmetric-key { + if-feature "hidden-symmetric-keys"; + leaf hidden-symmetric-key { + type empty; + must 'not(../key-format)'; + description + "A hidden key is not exportable and not extractable; + therefore, it is of type 'empty' as its value is + inaccessible via management interfaces. Though hidden + to users, such keys are not hidden to the server and + may be referenced by configuration to indicate which + key a server should use for a cryptographic operation. + How such keys are created is outside the scope of this + module."; + } + } + case encrypted-symmetric-key { + if-feature "encrypted-symmetric-keys"; + container encrypted-symmetric-key { + must '../key-format'; + description + "A container for the encrypted symmetric key value. + The interpretation of the 'encrypted-value' node + is via the 'key-format' node"; + uses encrypted-value-grouping; + } + } + } + } + + grouping public-key-grouping { + description + "A public key."; + leaf public-key-format { + nacm:default-deny-write; + type identityref { + base public-key-format; + } + mandatory true; + description + "Identifies the public key's format. Implementations SHOULD + ensure that the incoming public key value is encoded in the + specified format."; + } + leaf public-key { + nacm:default-deny-write; + type binary; + mandatory true; + description + "The binary value of the public key. The interpretation + of the value is defined by the 'public-key-format' field."; + } + } + + grouping private-key-grouping { + description + "A private key."; + leaf private-key-format { + nacm:default-deny-write; + type identityref { + base private-key-format; + } + description + "Identifies the private key's format. Implementations SHOULD + ensure that the incoming private key value is encoded in the + specified format. + + For encrypted keys, the value is the decrypted key's + format (i.e., the 'encrypted-value-format' conveys the + encrypted key's format)."; + } + choice private-key-type { + nacm:default-deny-write; + mandatory true; + description + "Choice between key types."; + case cleartext-private-key { + if-feature "cleartext-private-keys"; + leaf cleartext-private-key { + nacm:default-deny-all; + type binary; + must '../private-key-format'; + description + "The value of the binary key. The key's value is + interpreted by the 'private-key-format' field."; + } + } + case hidden-private-key { + if-feature "hidden-private-keys"; + leaf hidden-private-key { + type empty; + must 'not(../private-key-format)'; + description + "A hidden key. It is of type 'empty' as its value is + inaccessible via management interfaces. Though hidden + to users, such keys are not hidden to the server and + may be referenced by configuration to indicate which + key a server should use for a cryptographic operation. + How such keys are created is outside the scope of this + module."; + } + } + case encrypted-private-key { + if-feature "encrypted-private-keys"; + container encrypted-private-key { + must '../private-key-format'; + description + "A container for the encrypted asymmetric private key + value. The interpretation of the 'encrypted-value' + node is via the 'private-key-format' node"; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-grouping { + description + "A private key and, optionally, its associated public key. + Implementations MUST ensure that the two keys, when both + are specified, are a matching pair."; + uses public-key-grouping { + refine "public-key-format" { + mandatory false; + } + refine "public-key" { + mandatory false; + } + } + uses private-key-grouping; + } + + grouping certificate-expiration-grouping { + description + "A notification for when a certificate is about to expire or + has already expired."; + notification certificate-expiration { + if-feature "certificate-expiration-notification"; + description + "A notification indicating that the configured certificate + is either about to expire or has already expired. When to + send notifications is an implementation-specific decision, + but it is RECOMMENDED that a notification be sent once a + month for 3 months, then once a week for four weeks, and + then once a day thereafter until the issue is resolved. + + If the certificate's issuer maintains a Certificate + Revocation List (CRL), the expiration notification MAY + be sent if the CRL is about to expire."; + leaf expiration-date { + type yang:date-and-time; + mandatory true; + description + "Identifies the expiration date on the certificate."; + } + } + } + + grouping trust-anchor-cert-grouping { + description + "A trust anchor certificate and a notification for when + it is about to expire or has already expired."; + leaf cert-data { + nacm:default-deny-all; + type trust-anchor-cert-cms; + description + "The binary certificate data for this certificate."; + } + uses certificate-expiration-grouping; + } + + grouping end-entity-cert-grouping { + description + "An end-entity certificate and a notification for when + it is about to expire or has already expired. Implementations + SHOULD assert that, where used, the end-entity certificate + contains the expected public key."; + leaf cert-data { + nacm:default-deny-all; + type end-entity-cert-cms; + description + "The binary certificate data for this certificate."; + } + uses certificate-expiration-grouping; + } + + grouping generate-csr-grouping { + description + "Defines the 'generate-csr' action."; + action generate-csr { + if-feature "csr-generation"; + nacm:default-deny-all; + description + "Generates a certificate signing request structure for + the associated asymmetric key using the passed subject + and attribute values. + + This 'action' statement is only available when the + associated 'public-key-format' node's value is + 'subject-public-key-info-format'."; + input { + leaf csr-format { + type identityref { + base csr-format; + } + mandatory true; + description + "Specifies the format for the returned certificate."; + } + leaf csr-info { + type csr-info; + mandatory true; + description + "A CertificationRequestInfo structure, as defined in + RFC 2986. + + Enables the client to provide a fully populated + CertificationRequestInfo structure that the server + only needs to sign in order to generate the complete + CertificationRequest structure to return in the + 'output'. + + The 'AlgorithmIdentifier' field contained inside + the 'SubjectPublicKeyInfo' field MUST be one known + to be supported by the device."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax Specification + RFC 9640: + YANG Data Types and Groupings for Cryptography"; + } + } + output { + choice csr-type { + mandatory true; + description + "A choice amongst certificate signing request formats. + Additional formats MAY be augmented into this 'choice' + statement by future efforts."; + case p10-csr { + leaf p10-csr { + type p10-csr; + description + "A CertificationRequest, as defined in RFC 2986."; + } + description + "A CertificationRequest, as defined in RFC 2986."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax Specification + RFC 9640: + YANG Data Types and Groupings for Cryptography"; + } + } + } + } + } // generate-csr-grouping + + grouping asymmetric-key-pair-with-cert-grouping { + description + "A private/public key pair and an associated certificate. + Implementations MUST assert that the certificate contains + the matching public key."; + uses asymmetric-key-pair-grouping; + uses end-entity-cert-grouping; + uses generate-csr-grouping; + } // asymmetric-key-pair-with-cert-grouping + + grouping asymmetric-key-pair-with-certs-grouping { + description + "A private/public key pair and a list of associated + certificates. Implementations MUST assert that + certificates contain the matching public key."; + uses asymmetric-key-pair-grouping; + container certificates { + nacm:default-deny-write; + description + "Certificates associated with this asymmetric key."; + list certificate { + key "name"; + description + "A certificate for this asymmetric key."; + leaf name { + type string; + description + "An arbitrary name for the certificate."; + } + uses end-entity-cert-grouping { + refine "cert-data" { + mandatory true; + } + } + } + } + uses generate-csr-grouping; + } // asymmetric-key-pair-with-certs-grouping + +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-datastores@2018-02-14.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-datastores@2018-02-14.yang new file mode 100644 index 00000000..9e875ab6 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-datastores@2018-02-14.yang @@ -0,0 +1,117 @@ +module ietf-datastores { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-datastores"; + prefix ds; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + + WG List: + + Author: Martin Bjorklund + + + Author: Juergen Schoenwaelder + + + Author: Phil Shafer + + + Author: Kent Watsen + + + Author: Rob Wilton + "; + + description + "This YANG module defines a set of identities for identifying + datastores. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8342 + (https://www.rfc-editor.org/info/rfc8342); see the RFC itself + for full legal notices."; + + revision 2018-02-14 { + description + "Initial revision."; + reference + "RFC 8342: Network Management Datastore Architecture (NMDA)"; + } + + /* + * Identities + */ + + identity datastore { + description + "Abstract base identity for datastore identities."; + } + + identity conventional { + base datastore; + description + "Abstract base identity for conventional configuration + datastores."; + } + + identity running { + base conventional; + description + "The running configuration datastore."; + } + + identity candidate { + base conventional; + description + "The candidate configuration datastore."; + } + + identity startup { + base conventional; + description + "The startup configuration datastore."; + } + + identity intended { + base conventional; + description + "The intended configuration datastore."; + } + + identity dynamic { + base datastore; + description + "Abstract base identity for dynamic configuration datastores."; + } + + identity operational { + base datastore; + description + "The operational state datastore."; + } + + /* + * Type definitions + */ + + typedef datastore-ref { + type identityref { + base datastore; + } + description + "A datastore identity reference."; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-inet-types@2021-02-22.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-inet-types@2021-02-22.yang new file mode 100644 index 00000000..a5ef84e5 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-inet-types@2021-02-22.yang @@ -0,0 +1,589 @@ +module ietf-inet-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types"; + prefix "inet"; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types for Internet addresses and related things. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2021 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + + revision 2021-02-22 { + description + "This revision adds the following new data types: + - inet:ip-address-and-prefix + - inet:ipv4-address-and-prefix + - inet:ipv6-address-and-prefix + - inet:host-name + - inet:email-address + The inet:host union was changed to use inet:host-name instead + of inet:domain-name."; + reference + "RFC XXXX: Common YANG Data Types"; + } + revision 2013-07-15 { + description + "This revision adds the following new data types: + - inet:ip-address-no-zone + - inet:ipv4-address-no-zone + - inet:ipv6-address-no-zone"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of types related to protocol fields ***/ + + typedef ip-version { + type enumeration { + enum unknown { + value "0"; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum ipv4 { + value "1"; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum ipv6 { + value "2"; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + + In the value set and its semantics, this type is equivalent + to the InetVersion textual convention of the SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + typedef dscp { + type uint8 { + range "0..63"; + } + description + "The dscp type represents a Differentiated Services Code Point + that may be used for marking packets in a traffic stream. + + In the value set and its semantics, this type is equivalent + to the Dscp textual convention of the SMIv2."; + reference + "RFC 3289: Management Information Base for the Differentiated + Services Architecture + RFC 2474: Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers + RFC 2780: IANA Allocation Guidelines For Values In + the Internet Protocol and Related Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The ipv6-flow-label type represents the flow identifier or + Flow Label in an IPv6 packet header that may be used to + discriminate traffic flows. + + In the value set and its semantics, this type is equivalent + to the IPv6FlowLabel textual convention of the SMIv2."; + reference + "RFC 3595: Textual Conventions for IPv6 Flow Label + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16 { + range "0..65535"; + } + description + "The port-number type represents a 16-bit port number of an + Internet transport-layer protocol such as UDP, TCP, DCCP, or + SCTP. Port numbers are assigned by IANA. A current list of + all assignments is available from . + + Note that the port number value zero is reserved by IANA. In + situations where the value zero does not make sense, it can + be excluded by subtyping the port-number type. + In the value set and its semantics, this type is equivalent + to the InetPortNumber textual convention of the SMIv2."; + reference + "RFC 768: User Datagram Protocol + RFC 793: Transmission Control Protocol + RFC 4960: Stream Control Transmission Protocol + RFC 4340: Datagram Congestion Control Protocol (DCCP) + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + /*** collection of types related to autonomous systems ***/ + + typedef as-number { + type uint32; + description + "The as-number type represents autonomous system numbers + which identify an Autonomous System (AS). An AS is a set + of routers under a single technical administration, using + an interior gateway protocol and common metrics to route + packets within the AS, and using an exterior gateway + protocol to route packets to other ASes. IANA maintains + the AS number space and has delegated large parts to the + regional registries. + + Autonomous system numbers were originally limited to 16 + bits. BGP extensions have enlarged the autonomous system + number space to 32 bits. This type therefore uses an uint32 + base type without a range restriction in order to support + a larger autonomous system number space. + + In the value set and its semantics, this type is equivalent + to the InetAutonomousSystemNumber textual convention of + the SMIv2."; + reference + "RFC 1930: Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271: A Border Gateway Protocol 4 (BGP-4) + RFC 4001: Textual Conventions for Internet Network Addresses + RFC 6793: BGP Support for Four-Octet Autonomous System (AS) + Number Space"; + } + + /*** collection of types related to IP addresses and hostnames ***/ + + typedef ip-address { + type union { + type inet:ipv4-address; + type inet:ipv6-address; + } + description + "The ip-address type represents an IP address and is IP + version neutral. The format of the textual representation + implies the IP version. This type supports scoped addresses + by allowing zone identifiers in the address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '(%[\p{N}\p{L}]+)?'; + } + description + "The ipv4-address type represents an IPv4 address in + dotted-quad notation. The IPv4 address may include a zone + index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format for the zone index is the numerical + format"; + } + + typedef ipv6-address { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(%[\p{N}\p{L}]+)?'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(%.+)?'; + } + description + "The ipv6-address type represents an IPv6 address in full, + mixed, shortened, and shortened-mixed notation. The IPv6 + address may include a zone index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format of IPv6 addresses uses the textual + representation defined in Section 4 of RFC 5952. The + canonical format for the zone index is the numerical + format as described in Section 11.2 of RFC 4007."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-no-zone { + type union { + type inet:ipv4-address-no-zone; + type inet:ipv6-address-no-zone; + } + description + "The ip-address-no-zone type represents an IP address and is + IP version neutral. The format of the textual representation + implies the IP version. This type does not support scoped + addresses since it does not allow zone identifiers in the + address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address-no-zone { + type inet:ipv4-address { + pattern '[0-9\.]*'; + } + description + "An IPv4 address without a zone index. This type, derived from + ipv4-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + } + + typedef ipv6-address-no-zone { + type inet:ipv6-address { + pattern '[0-9a-fA-F:\.]*'; + } + description + "An IPv6 address without a zone index. This type, derived from + ipv6-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-prefix { + type union { + type inet:ipv4-prefix; + type inet:ipv6-prefix; + } + description + "The ip-prefix type represents an IP prefix and is IP + version neutral. The format of the textual representations + implies the IP version."; + } + + typedef ipv4-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-prefix type represents an IPv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format of an IPv4 prefix has all bits of + the IPv4 address set to zero that are not part of the + IPv4 prefix. + + The definition of ipv4-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 192.0.2.1/24 must be accepted as a valid value but it + will be converted into the canonical format 192.0.2.0/24."; + } + + typedef ipv6-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-prefix type represents an IPv6 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format of an IPv6 prefix has all bits of + the IPv6 address set to zero that are not part of the + IPv6 prefix. Furthermore, the IPv6 address is represented + as defined in Section 4 of RFC 5952. + + The definition of ipv6-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 2001:db8::1/64 must be accepted as a valid value but it + will be converted into the canonical format 2001:db8::/64."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-and-prefix { + type union { + type inet:ipv4-address-and-prefix; + type inet:ipv6-address-and-prefix; + } + description + "The ip-address-and-prefix type represents an IP address and + prefix and is IP version neutral. The format of the textual + representations implies the IP version."; + } + + typedef ipv4-address-and-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-address-and-prefix type represents an IPv4 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0."; + } + + typedef ipv6-address-and-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-address-and-prefix type represents an IPv6 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format requires that the IPv6 address is + represented as defined in Section 4 of RFC 5952."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + /*** collection of domain name and URI types ***/ + + typedef domain-name { + type string { + length "1..253"; + pattern + '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.'; + } + description + "The domain-name type represents a DNS domain name. The + name SHOULD be fully qualified whenever possible. This + type does not support wildcards (see RFC 4592) or + classless in-addr.arpa delegations (see RFC 2317). + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. Note that Internet host names have a + stricter syntax (described in RFC 952) than the DNS + recommendations in RFCs 1034 and 1123. Schema nodes + representing host names should use the host-name type + instead of the domain-type. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + The description clause of schema nodes using the domain-name + type MUST describe when and how these names are resolved to + IP addresses. Note that the resolution of a domain-name value + may require to query multiple DNS records (e.g., A for IPv4 + and AAAA for IPv6). The order of the resolution process and + which DNS record takes precedence can either be defined + explicitly or may depend on the configuration of the + resolver. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be A-labels as per RFC 5890."; + reference + "RFC 952: DoD Internet Host Table Specification + RFC 1034: Domain Names - Concepts and Facilities + RFC 1123: Requirements for Internet Hosts -- Application + and Support + RFC 2317: Classless IN-ADDR.ARPA delegation + RFC 2782: A DNS RR for specifying the location of services + (DNS SRV) + RFC 4592: The Role of Wildcards in the Domain Name System + RFC 5890: Internationalized Domain Names in Applications + (IDNA): Definitions and Document Framework"; + } + + typedef host-name { + type domain-name { + pattern '[a-zA-Z0-9\-\.]+'; + length "2..max"; + } + description + "The host-name type represents (fully qualified) host names. + Host names must be at least two characters long (see RFC 952) + and they are restricted to labels consisting of letters, digits + and hyphens separated by dots (see RFC1123 and RFC 952)."; + reference + "RFC 952: DoD Internet Host Table Specification + RFC 1123: Requirements for Internet Hosts: Application and Support"; + } + + typedef host { + type union { + type inet:ip-address; + type inet:host-name; + } + description + "The host type represents either an IP address or a (fully + qualified) host name."; + } + + /* + * DISCUSS: + * - It was discussed to define int-domain-name and int-host-name + * that use U-labels instead of A-labels and to add int-host-name + * to the inet:host union, perhaps all gated by an inet:idna-aware + * feature. + * - It is not clear how inet:idna-aware affects inet:email-address + * and inet:uri - do we also need int-uri and int-email-address? + */ + + typedef uri { + type string; + description + "The uri type represents a Uniform Resource Identifier + (URI) as defined by STD 66. + + Objects using the uri type MUST be in US-ASCII encoding, + and MUST be normalized as described by RFC 3986 Sections + 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary + percent-encoding is removed, and all case-insensitive + characters are set to lowercase except for hexadecimal + digits, which are normalized to uppercase as described in + Section 6.2.2.1. + + The purpose of this normalization is to help provide + unique URIs. Note that this normalization is not + sufficient to provide uniqueness. Two URIs that are + textually distinct after this normalization may still be + equivalent. + + Objects using the uri type may restrict the schemes that + they permit. For example, 'data:' and 'urn:' schemes + might not be appropriate. + + A zero-length URI is not a valid URI. This can be used to + express 'URI absent' where required. + + In the value set and its semantics, this type is equivalent + to the Uri SMIv2 textual convention defined in RFC 5017."; + reference + "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax + RFC 3305: Report from the Joint W3C/IETF URI Planning Interest + Group: Uniform Resource Identifiers (URIs), URLs, + and Uniform Resource Names (URNs): Clarifications + and Recommendations + RFC 5017: MIB Textual Conventions for Uniform Resource + Identifiers (URIs)"; + } + + typedef email-address { + type string { + // dot-atom-text "@" ... + pattern '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*' + + '@' + + '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*'; + } + description + "The email-address type represents an email address as + defined as addr-spec in RFC 5322 section 3.4.1."; + reference + "RFC 5322: Internet Message Format"; + } + + /* + * DISCUSS: + * - Need to define a pattern that has a meaningful trade-off + * between precision and complexity (there are very tight + * pattern that are very long and complex). The current + * pattern does not take care of quoted-string, obs-local-part, + * domain-literal, obs-domain. + */ + +} \ No newline at end of file diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-interfaces@2018-02-20.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-interfaces@2018-02-20.yang new file mode 100644 index 00000000..f66c205c --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-interfaces@2018-02-20.yang @@ -0,0 +1,1123 @@ +module ietf-interfaces { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-interfaces"; + prefix if; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (Network Modeling) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + "; + + description + "This module contains a collection of YANG definitions for + managing network interfaces. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8343; see + the RFC itself for full legal notices."; + + revision 2018-02-20 { + description + "Updated to support NMDA."; + reference + "RFC 8343: A YANG Data Model for Interface Management"; + } + + revision 2014-05-08 { + description + "Initial revision."; + reference + "RFC 7223: A YANG Data Model for Interface Management"; + } + + /* + * Typedefs + */ + + typedef interface-ref { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + description + "This type is used by data models that need to reference + interfaces."; + } + + /* + * Identities + */ + + identity interface-type { + description + "Base identity from which specific interface types are + derived."; + } + + /* + * Features + */ + + feature arbitrary-names { + description + "This feature indicates that the device allows user-controlled + interfaces to be named arbitrarily."; + } + feature pre-provisioning { + description + "This feature indicates that the device supports + pre-provisioning of interface configuration, i.e., it is + possible to configure an interface whose physical interface + hardware is not present on the device."; + } + feature if-mib { + description + "This feature indicates that the device implements + the IF-MIB."; + reference + "RFC 2863: The Interfaces Group MIB"; + } + + /* + * Data nodes + */ + + container interfaces { + description + "Interface parameters."; + + list interface { + key "name"; + + description + "The list of interfaces on the device. + + The status of an interface is available in this list in the + operational state. If the configuration of a + system-controlled interface cannot be used by the system + (e.g., the interface hardware present does not match the + interface type), then the configuration is not applied to + the system-controlled interface shown in the operational + state. If the configuration of a user-controlled interface + cannot be used by the system, the configured interface is + not instantiated in the operational state. + + System-controlled interfaces created by the system are + always present in this list in the operational state, + whether or not they are configured."; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + operational state, the server MAY reject the request if + the implementation does not support pre-provisioning of + interfaces or if the name refers to an interface that can + never exist in the system. A Network Configuration + Protocol (NETCONF) server MUST reply with an rpc-error + with the error-tag 'invalid-value' in this case. + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + operational state. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + configuration."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the intended configuration to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + Changes in this leaf in the intended configuration are + reflected in ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf link-up-down-trap-enable { + if-feature if-mib; + type enumeration { + enum enabled { + value 1; + description + "The device will generate linkUp/linkDown SNMP + notifications for this interface."; + } + enum disabled { + value 2; + description + "The device will not generate linkUp/linkDown SNMP + notifications for this interface."; + } + } + description + "Controls whether linkUp/linkDown SNMP notifications + should be generated for this interface. + + If this node is not configured, the value 'enabled' is + operationally used by the server for interfaces that do + not operate on top of any other interface (i.e., there are + no 'lower-layer-if' entries), and 'disabled' otherwise."; + reference + "RFC 2863: The Interfaces Group MIB - + ifLinkUpDownTrapEnable"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + config false; + mandatory true; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + config false; + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + config false; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + config false; + mandatory true; + description + "The ifIndex value for the ifEntry represented by this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + config false; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-ref; + config false; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-ref; + config false; + + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + config false; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + config false; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + + } + } + + /* + * Legacy typedefs + */ + + typedef interface-state-ref { + type leafref { + path "/if:interfaces-state/if:interface/if:name"; + } + status deprecated; + description + "This type is used by data models that need to reference + the operationally present interfaces."; + } + + /* + * Legacy operational state data nodes + */ + + container interfaces-state { + config false; + status deprecated; + description + "Data nodes for the operational state of interfaces."; + + list interface { + key "name"; + status deprecated; + + description + "The list of interfaces on the device. + + System-controlled interfaces created by the system are + always present in this list, whether or not they are + configured."; + + leaf name { + type string; + status deprecated; + description + "The name of the interface. + + A server implementation MAY map this leaf to the ifName + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifName. The definition of + such a mechanism is outside the scope of this document."; + reference + "RFC 2863: The Interfaces Group MIB - ifName"; + } + + leaf type { + type identityref { + base interface-type; + } + mandatory true; + status deprecated; + description + "The type of the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf admin-status { + if-feature if-mib; + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "Not ready to pass packets and not in some test mode."; + } + enum testing { + value 3; + description + "In some test mode."; + } + } + mandatory true; + status deprecated; + description + "The desired state of the interface. + + This leaf has the same read semantics as ifAdminStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum up { + value 1; + description + "Ready to pass packets."; + } + enum down { + value 2; + description + "The interface does not pass any packets."; + } + enum testing { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum unknown { + value 4; + description + "Status cannot be determined for some reason."; + } + enum dormant { + value 5; + description + "Waiting for some external event."; + } + enum not-present { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum lower-layer-down { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + mandatory true; + status deprecated; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type yang:date-and-time; + status deprecated; + description + "The time the interface entered its current operational + state. If the current state was entered prior to the + last re-initialization of the local network management + subsystem, then this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + leaf if-index { + if-feature if-mib; + type int32 { + range "1..2147483647"; + } + mandatory true; + status deprecated; + description + "The ifIndex value for the ifEntry represented by this + interface."; + + reference + "RFC 2863: The Interfaces Group MIB - ifIndex"; + } + + leaf phys-address { + type yang:phys-address; + status deprecated; + description + "The interface's address at its protocol sub-layer. For + example, for an 802.x interface, this object normally + contains a Media Access Control (MAC) address. The + interface's media-specific modules must define the bit + and byte ordering and the format of the value of this + object. For interfaces that do not have such an address + (e.g., a serial line), this node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - ifPhysAddress"; + } + + leaf-list higher-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered on top of this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf-list lower-layer-if { + type interface-state-ref; + status deprecated; + description + "A list of references to interfaces layered underneath this + interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifStackTable"; + } + + leaf speed { + type yang:gauge64; + units "bits/second"; + status deprecated; + description + "An estimate of the interface's current bandwidth in bits + per second. For interfaces that do not vary in + bandwidth or for those where no accurate estimation can + + be made, this node should contain the nominal bandwidth. + For interfaces that have no concept of bandwidth, this + node is not present."; + reference + "RFC 2863: The Interfaces Group MIB - + ifSpeed, ifHighSpeed"; + } + + container statistics { + status deprecated; + description + "A collection of interface-related statistics objects."; + + leaf discontinuity-time { + type yang:date-and-time; + mandatory true; + status deprecated; + description + "The time on the most recent occasion at which any one or + more of this interface's counters suffered a + discontinuity. If no such discontinuities have occurred + since the last re-initialization of the local management + subsystem, then this node contains the time the local + management subsystem re-initialized itself."; + } + + leaf in-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type yang:counter32; + status deprecated; + + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf out-octets { + type yang:counter64; + status deprecated; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type yang:counter64; + status deprecated; + + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + leaf out-multicast-pkts { + type yang:counter64; + status deprecated; + description + "The total number of packets that higher-level protocols + requested be transmitted and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type yang:counter32; + status deprecated; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type yang:counter32; + status deprecated; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system and at + other times as indicated by the value of + 'discontinuity-time'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-ip@2018-02-22.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-ip@2018-02-22.yang new file mode 100644 index 00000000..a270f67b --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-ip@2018-02-22.yang @@ -0,0 +1,876 @@ +module ietf-ip { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ip"; + prefix ip; + + import ietf-interfaces { + prefix if; + } + import ietf-inet-types { + prefix inet; + } + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETMOD (Network Modeling) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + "; + description + "This module contains a collection of YANG definitions for + managing IP implementations. + + Copyright (c) 2018 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8344; see + the RFC itself for full legal notices."; + + revision 2018-02-22 { + description + "Updated to support NMDA."; + reference + "RFC 8344: A YANG Data Model for IP Management"; + } + + revision 2014-06-16 { + description + "Initial revision."; + reference + "RFC 7277: A YANG Data Model for IP Management"; + } + + /* + * Features + */ + + feature ipv4-non-contiguous-netmasks { + description + "Indicates support for configuring non-contiguous + subnet masks."; + } + + feature ipv6-privacy-autoconf { + description + "Indicates support for privacy extensions for stateless address + autoconfiguration in IPv6."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + /* + * Typedefs + */ + + typedef ip-address-origin { + type enumeration { + enum other { + description + "None of the following."; + } + + enum static { + description + "Indicates that the address has been statically + configured -- for example, using the Network Configuration + Protocol (NETCONF) or a command line interface."; + } + enum dhcp { + description + "Indicates an address that has been assigned to this + system by a DHCP server."; + } + enum link-layer { + description + "Indicates an address created by IPv6 stateless + autoconfiguration that embeds a link-layer address in its + interface identifier."; + } + enum random { + description + "Indicates an address chosen by the system at + random, e.g., an IPv4 address within 169.254/16, a + temporary address as described in RFC 4941, or a + semantically opaque address as described in RFC 7217."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + RFC 7217: A Method for Generating Semantically Opaque + Interface Identifiers with IPv6 Stateless + Address Autoconfiguration (SLAAC)"; + } + } + description + "The origin of an address."; + } + + typedef neighbor-origin { + type enumeration { + enum other { + description + "None of the following."; + } + enum static { + description + "Indicates that the mapping has been statically + configured -- for example, using NETCONF or a command line + interface."; + } + + enum dynamic { + description + "Indicates that the mapping has been dynamically resolved + using, for example, IPv4 ARP or the IPv6 Neighbor + Discovery protocol."; + } + } + description + "The origin of a neighbor entry."; + } + + /* + * Data nodes + */ + + augment "/if:interfaces/if:interface" { + description + "IP parameters on interfaces. + + If an interface is not capable of running IP, the server + must not allow the client to configure these parameters."; + + container ipv4 { + presence + "Enables IPv4 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv4 address family."; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv4 is enabled or disabled on this + interface. When IPv4 is enabled, this interface is + connected to an IPv4 stack, and the interface can send + and receive IPv4 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv4 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv4 routers + forward datagrams. IPv4 hosts do not (except those + source-routed via the host)."; + } + + leaf mtu { + type uint16 { + range "68..max"; + } + units "octets"; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + description + "The list of IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address on the interface."; + } + choice subnet { + mandatory true; + description + "The subnet can be specified as a prefix length or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + description + "The subnet specified as a netmask."; + } + } + + leaf origin { + type ip-address-origin; + config false; + description + "The origin of this address."; + } + } + list neighbor { + key "ip"; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + Entries in this list in the intended configuration are + used as static entries in the ARP Cache. + + In the operational state, this list represents the ARP + Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + description + "The IPv4 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + config false; + description + "The origin of this neighbor entry."; + } + } + } + + container ipv6 { + presence + "Enables IPv6 unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; + description + "Parameters for the IPv6 address family."; + + leaf enabled { + type boolean; + default true; + description + "Controls whether IPv6 is enabled or disabled on this + interface. When IPv6 is enabled, this interface is + connected to an IPv6 stack, and the interface can send + and receive IPv6 packets."; + } + leaf forwarding { + type boolean; + default false; + description + "Controls IPv6 packet forwarding of datagrams received by, + but not addressed to, this interface. IPv6 routers + forward datagrams. IPv6 hosts do not (except those + source-routed via the host)."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units "octets"; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive. + + The server may restrict the allowed values for this leaf, + depending on the interface's type. + + If this leaf is not configured, the operationally used MTU + depends on the interface's type."; + reference + "RFC 8200: Internet Protocol, Version 6 (IPv6) + Specification + Section 5"; + } + + list address { + key "ip"; + description + "The list of IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + description + "The length of the subnet prefix."; + } + leaf origin { + type ip-address-origin; + config false; + description + "The origin of this address."; + } + leaf status { + type enumeration { + enum preferred { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum deprecated { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum invalid { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + + enum inaccessible { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum unknown { + description + "The status cannot be determined for some reason."; + } + enum tentative { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum duplicate { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + enum optimistic { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + config false; + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + + list neighbor { + key "ip"; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + Entries in this list in the intended configuration are + used as static entries in the Neighbor Cache. + + In the operational state, this list represents the + Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + mandatory true; + description + "The link-layer address of the neighbor node. + + In the operational state, if the neighbor's 'state' leaf + is 'incomplete', this leaf is not instantiated."; + } + leaf origin { + type neighbor-origin; + config false; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type empty; + config false; + description + "Indicates that the neighbor node acts as a router."; + } + + leaf state { + type enumeration { + enum incomplete { + description + "Address resolution is in progress, and the + link-layer address of the neighbor has not yet been + determined."; + } + enum reachable { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum stale { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum delay { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum probe { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + config false; + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + + leaf dup-addr-detect-transmits { + type uint32; + default 1; + description + "The number of consecutive Neighbor Solicitation messages + sent while performing Duplicate Address Detection on a + tentative address. A value of zero indicates that + Duplicate Address Detection is not performed on + tentative addresses. A value of one indicates a single + transmission with no follow-up retransmissions."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + container autoconf { + description + "Parameters to control the autoconfiguration of IPv6 + addresses, as described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration"; + + leaf create-global-addresses { + type boolean; + default true; + description + "If enabled, the host creates global addresses as + described in RFC 4862."; + reference + "RFC 4862: IPv6 Stateless Address Autoconfiguration + Section 5.5"; + } + leaf create-temporary-addresses { + if-feature ipv6-privacy-autoconf; + type boolean; + default false; + description + "If enabled, the host creates temporary addresses as + described in RFC 4941."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6"; + } + + leaf temporary-valid-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 604800; + description + "The time period during which the temporary address + is valid."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_VALID_LIFETIME"; + } + leaf temporary-preferred-lifetime { + if-feature ipv6-privacy-autoconf; + type uint32; + units "seconds"; + default 86400; + description + "The time period during which the temporary address is + preferred."; + reference + "RFC 4941: Privacy Extensions for Stateless Address + Autoconfiguration in IPv6 + - TEMP_PREFERRED_LIFETIME"; + } + } + } + } + + /* + * Legacy operational state data nodes + */ + + augment "/if:interfaces-state/if:interface" { + status deprecated; + description + "Data nodes for the operational state of IP on interfaces."; + + container ipv4 { + presence + "Present if IPv4 is enabled on this interface"; + config false; + status deprecated; + description + "Interface-specific parameters for the IPv4 address family."; + + leaf forwarding { + type boolean; + status deprecated; + description + "Indicates whether IPv4 packet forwarding is enabled or + disabled on this interface."; + } + leaf mtu { + type uint16 { + range "68..max"; + } + units "octets"; + status deprecated; + description + "The size, in octets, of the largest IPv4 packet that the + interface will send and receive."; + reference + "RFC 791: Internet Protocol"; + } + list address { + key "ip"; + status deprecated; + description + "The list of IPv4 addresses on the interface."; + + leaf ip { + type inet:ipv4-address-no-zone; + status deprecated; + description + "The IPv4 address on the interface."; + } + choice subnet { + status deprecated; + description + "The subnet can be specified as a prefix length or, + if the server supports non-contiguous netmasks, as + a netmask."; + leaf prefix-length { + type uint8 { + range "0..32"; + } + status deprecated; + description + "The length of the subnet prefix."; + } + leaf netmask { + if-feature ipv4-non-contiguous-netmasks; + type yang:dotted-quad; + status deprecated; + description + "The subnet specified as a netmask."; + } + } + leaf origin { + type ip-address-origin; + status deprecated; + description + "The origin of this address."; + } + } + list neighbor { + key "ip"; + status deprecated; + description + "A list of mappings from IPv4 addresses to + link-layer addresses. + + This list represents the ARP Cache."; + reference + "RFC 826: An Ethernet Address Resolution Protocol"; + + leaf ip { + type inet:ipv4-address-no-zone; + status deprecated; + description + "The IPv4 address of the neighbor node."; + } + + leaf link-layer-address { + type yang:phys-address; + status deprecated; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + status deprecated; + description + "The origin of this neighbor entry."; + } + } + } + + container ipv6 { + presence + "Present if IPv6 is enabled on this interface"; + config false; + status deprecated; + description + "Parameters for the IPv6 address family."; + + leaf forwarding { + type boolean; + default false; + status deprecated; + description + "Indicates whether IPv6 packet forwarding is enabled or + disabled on this interface."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 6.2.1, IsRouter"; + } + leaf mtu { + type uint32 { + range "1280..max"; + } + units "octets"; + status deprecated; + description + "The size, in octets, of the largest IPv6 packet that the + interface will send and receive."; + reference + "RFC 8200: Internet Protocol, Version 6 (IPv6) + Specification + Section 5"; + } + list address { + key "ip"; + status deprecated; + description + "The list of IPv6 addresses on the interface."; + + leaf ip { + type inet:ipv6-address-no-zone; + status deprecated; + description + "The IPv6 address on the interface."; + } + leaf prefix-length { + type uint8 { + range "0..128"; + } + mandatory true; + status deprecated; + description + "The length of the subnet prefix."; + } + leaf origin { + type ip-address-origin; + status deprecated; + description + "The origin of this address."; + } + leaf status { + type enumeration { + enum preferred { + description + "This is a valid address that can appear as the + destination or source address of a packet."; + } + enum deprecated { + description + "This is a valid but deprecated address that should + no longer be used as a source address in new + communications, but packets addressed to such an + address are processed as expected."; + } + enum invalid { + description + "This isn't a valid address, and it shouldn't appear + as the destination or source address of a packet."; + } + + enum inaccessible { + description + "The address is not accessible because the interface + to which this address is assigned is not + operational."; + } + enum unknown { + description + "The status cannot be determined for some reason."; + } + enum tentative { + description + "The uniqueness of the address on the link is being + verified. Addresses in this state should not be + used for general communication and should only be + used to determine the uniqueness of the address."; + } + enum duplicate { + description + "The address has been determined to be non-unique on + the link and so must not be used."; + } + enum optimistic { + description + "The address is available for use, subject to + restrictions, while its uniqueness on a link is + being verified."; + } + } + status deprecated; + description + "The status of an address. Most of the states correspond + to states from the IPv6 Stateless Address + Autoconfiguration protocol."; + reference + "RFC 4293: Management Information Base for the + Internet Protocol (IP) + - IpAddressStatusTC + RFC 4862: IPv6 Stateless Address Autoconfiguration"; + } + } + + list neighbor { + key "ip"; + status deprecated; + description + "A list of mappings from IPv6 addresses to + link-layer addresses. + + This list represents the Neighbor Cache."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6)"; + + leaf ip { + type inet:ipv6-address-no-zone; + status deprecated; + description + "The IPv6 address of the neighbor node."; + } + leaf link-layer-address { + type yang:phys-address; + status deprecated; + description + "The link-layer address of the neighbor node."; + } + leaf origin { + type neighbor-origin; + status deprecated; + description + "The origin of this neighbor entry."; + } + leaf is-router { + type empty; + status deprecated; + description + "Indicates that the neighbor node acts as a router."; + } + leaf state { + type enumeration { + enum incomplete { + description + "Address resolution is in progress, and the + link-layer address of the neighbor has not yet been + determined."; + } + enum reachable { + description + "Roughly speaking, the neighbor is known to have been + reachable recently (within tens of seconds ago)."; + } + enum stale { + description + "The neighbor is no longer known to be reachable, but + until traffic is sent to the neighbor no attempt + should be made to verify its reachability."; + } + enum delay { + description + "The neighbor is no longer known to be reachable, and + traffic has recently been sent to the neighbor. + Rather than probe the neighbor immediately, however, + delay sending probes for a short while in order to + give upper-layer protocols a chance to provide + reachability confirmation."; + } + enum probe { + description + "The neighbor is no longer known to be reachable, and + unicast Neighbor Solicitation probes are being sent + to verify reachability."; + } + } + status deprecated; + description + "The Neighbor Unreachability Detection state of this + entry."; + reference + "RFC 4861: Neighbor Discovery for IP version 6 (IPv6) + Section 7.3.2"; + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-keystore@2024-10-10.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-keystore@2024-10-10.yang new file mode 100644 index 00000000..88900e46 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-keystore@2024-10-10.yang @@ -0,0 +1,407 @@ +module ietf-keystore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-keystore"; + prefix ks; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: https://datatracker.ietf.org/wg/netconf + WG List: NETCONF WG list + Author: Kent Watsen "; + + description + "This module defines a 'keystore' to centralize management + of security credentials. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9642 + (https://www.rfc-editor.org/info/rfc9642); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version"; + reference + "RFC 9642: A YANG Data Model for a Keystore"; + } + + /****************/ + /* Features */ + /****************/ + + feature central-keystore-supported { + description + "The 'central-keystore-supported' feature indicates that + the server supports the central keystore (i.e., fully + implements the 'ietf-keystore' module)."; + } + + feature inline-definitions-supported { + description + "The 'inline-definitions-supported' feature indicates that + the server supports locally defined keys."; + } + + feature asymmetric-keys { + description + "The 'asymmetric-keys' feature indicates that the server + implements the /keystore/asymmetric-keys subtree."; + + } + + feature symmetric-keys { + description + "The 'symmetric-keys' feature indicates that the server + implements the /keystore/symmetric-keys subtree."; + } + + /****************/ + /* Typedefs */ + /****************/ + + typedef central-symmetric-key-ref { + type leafref { + path "/ks:keystore/ks:symmetric-keys/ks:symmetric-key" + + "/ks:name"; + } + description + "This typedef enables modules to easily define a reference + to a symmetric key stored in the central keystore."; + } + + typedef central-asymmetric-key-ref { + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key" + + "/ks:name"; + } + description + "This typedef enables modules to easily define a reference + to an asymmetric key stored in the central keystore."; + } + + /*****************/ + /* Groupings */ + /*****************/ + + grouping encrypted-by-grouping { + description + "A grouping that defines a 'choice' statement that can be + augmented into the 'encrypted-by' node, present in the + 'symmetric-key-grouping' and 'asymmetric-key-pair-grouping' + groupings defined in RFC 9640, enabling references to keys + in the central keystore."; + choice encrypted-by { + nacm:default-deny-write; + mandatory true; + description + "A choice amongst other symmetric or asymmetric keys."; + case central-symmetric-key-ref { + if-feature "central-keystore-supported"; + if-feature "symmetric-keys"; + leaf symmetric-key-ref { + type ks:central-symmetric-key-ref; + description + "Identifies the symmetric key used to encrypt the + associated key."; + } + } + case central-asymmetric-key-ref { + if-feature "central-keystore-supported"; + if-feature "asymmetric-keys"; + leaf asymmetric-key-ref { + type ks:central-asymmetric-key-ref; + description + "Identifies the asymmetric key whose public key + encrypted the associated key."; + } + } + } + } + + // *-ref groupings + + grouping central-asymmetric-key-certificate-ref-grouping { + description + "A grouping for the reference to a certificate associated + with an asymmetric key stored in the central keystore."; + leaf asymmetric-key { + nacm:default-deny-write; + if-feature "central-keystore-supported"; + if-feature "asymmetric-keys"; + type ks:central-asymmetric-key-ref; + must '../certificate'; + description + "A reference to an asymmetric key in the keystore."; + } + leaf certificate { + nacm:default-deny-write; + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key" + + "[ks:name = current()/../asymmetric-key]/" + + "ks:certificates/ks:certificate/ks:name"; + } + must '../asymmetric-key'; + description + "A reference to a specific certificate of the + asymmetric key in the keystore."; + } + } + + // inline-or-keystore-* groupings + + grouping inline-or-keystore-symmetric-key-grouping { + description + "A grouping for the configuration of a symmetric key. The + symmetric key may be defined inline or as a reference to + a symmetric key stored in the central keystore. + + Servers that wish to define alternate keystore locations + SHOULD augment in custom 'case' statements enabling + references to those alternate keystore locations."; + choice inline-or-keystore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container to hold the local key definition."; + uses ct:symmetric-key-grouping; + } + } + case central-keystore { + if-feature "central-keystore-supported"; + if-feature "symmetric-keys"; + leaf central-keystore-reference { + type ks:central-symmetric-key-ref; + description + "A reference to a symmetric key that exists in + the central keystore."; + } + } + } + } + + grouping inline-or-keystore-asymmetric-key-grouping { + description + "A grouping for the configuration of an asymmetric key. The + asymmetric key may be defined inline or as a reference to + an asymmetric key stored in the central keystore. + + Servers that wish to define alternate keystore locations + SHOULD augment in custom 'case' statements enabling + references to those alternate keystore locations."; + choice inline-or-keystore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container to hold the local key definition."; + uses ct:asymmetric-key-pair-grouping; + } + } + case central-keystore { + if-feature "central-keystore-supported"; + if-feature "asymmetric-keys"; + leaf central-keystore-reference { + type ks:central-asymmetric-key-ref; + description + "A reference to an asymmetric key that exists in + the central keystore. The intent is to reference + just the asymmetric key without any regard for + any certificates that may be associated with it."; + } + } + } + } + + grouping inline-or-keystore-asymmetric-key-with-certs-grouping { + description + "A grouping for the configuration of an asymmetric key and + its associated certificates. The asymmetric key and its + associated certificates may be defined inline or as a + reference to an asymmetric key (and its associated + certificates) in the central keystore. + + Servers that wish to define alternate keystore locations + SHOULD augment in custom 'case' statements enabling + references to those alternate keystore locations."; + choice inline-or-keystore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container to hold the local key definition."; + uses ct:asymmetric-key-pair-with-certs-grouping; + } + } + case central-keystore { + if-feature "central-keystore-supported"; + if-feature "asymmetric-keys"; + leaf central-keystore-reference { + type ks:central-asymmetric-key-ref; + description + "A reference to an asymmetric key (and all of its + associated certificates) in the keystore, when + this module is implemented."; + } + } + } + } + + grouping inline-or-keystore-end-entity-cert-with-key-grouping { + description + "A grouping for the configuration of an asymmetric key and + its associated end-entity certificate. The asymmetric key + and its associated end-entity certificate may be defined + inline or as a reference to an asymmetric key (and its + associated end-entity certificate) in the central keystore. + + Servers that wish to define alternate keystore locations + SHOULD augment in custom 'case' statements enabling + references to those alternate keystore locations."; + choice inline-or-keystore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container to hold the local key definition."; + uses ct:asymmetric-key-pair-with-cert-grouping; + } + } + case central-keystore { + if-feature "central-keystore-supported"; + if-feature "asymmetric-keys"; + container central-keystore-reference { + uses central-asymmetric-key-certificate-ref-grouping; + description + "A reference to a specific certificate associated with + an asymmetric key stored in the central keystore."; + } + } + } + } + + // the keystore grouping + + grouping keystore-grouping { + description + "A grouping definition enables use in other contexts. If ever + done, implementations MUST augment new 'case' statements + into the various inline-or-keystore 'choice' statements to + supply leafrefs to the model-specific location(s)."; + container asymmetric-keys { + nacm:default-deny-write; + if-feature "asymmetric-keys"; + description + "A list of asymmetric keys."; + list asymmetric-key { + key "name"; + description + "An asymmetric key."; + leaf name { + type string; + description + "An arbitrary name for the asymmetric key."; + } + uses ct:asymmetric-key-pair-with-certs-grouping; + } + } + container symmetric-keys { + nacm:default-deny-write; + if-feature "symmetric-keys"; + description + "A list of symmetric keys."; + list symmetric-key { + key "name"; + description + "A symmetric key."; + leaf name { + type string; + description + "An arbitrary name for the symmetric key."; + } + uses ct:symmetric-key-grouping; + } + } + } + + /*********************************/ + /* Protocol accessible nodes */ + /*********************************/ + + container keystore { + if-feature "central-keystore-supported"; + description + "A central keystore containing a list of symmetric keys and + a list of asymmetric keys."; + nacm:default-deny-write; + uses keystore-grouping { + augment "symmetric-keys/symmetric-key/key-type/encrypted-" + + "symmetric-key/encrypted-symmetric-key/encrypted-by" { + description + "Augments in a choice statement enabling the encrypting + key to be any other symmetric or asymmetric key in the + central keystore."; + uses encrypted-by-grouping; + } + augment "asymmetric-keys/asymmetric-key/private-key-type/" + + "encrypted-private-key/encrypted-private-key/" + + "encrypted-by" { + description + "Augments in a choice statement enabling the encrypting + key to be any other symmetric or asymmetric key in the + central keystore."; + uses encrypted-by-grouping; + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-netconf-acm@2018-02-14.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-netconf-acm@2018-02-14.yang new file mode 100644 index 00000000..bf4855fa --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-netconf-acm@2018-02-14.yang @@ -0,0 +1,464 @@ +module ietf-netconf-acm { + + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm"; + + prefix nacm; + + import ietf-yang-types { + prefix yang; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + "; + + description + "Network Configuration Access Control Model. + + Copyright (c) 2012 - 2018 IETF Trust and the persons + identified as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8341; see + the RFC itself for full legal notices."; + + revision "2018-02-14" { + description + "Added support for YANG 1.1 actions and notifications tied to + data nodes. Clarified how NACM extensions can be used by + other data models."; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + revision "2012-02-22" { + description + "Initial version."; + reference + "RFC 6536: Network Configuration Protocol (NETCONF) + Access Control Model"; + } + + /* + * Extension statements + */ + + extension default-deny-write { + description + "Used to indicate that the data model node + represents a sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have write access to the node. An + explicit access control rule is required for all other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-write' extension MAY appear within a data + definition statement. It is ignored otherwise."; + } + + extension default-deny-all { + description + "Used to indicate that the data model node + controls a very sensitive security system parameter. + + If present, the NETCONF server will only allow the designated + 'recovery session' to have read, write, or execute access to + the node. An explicit access control rule is required for all + other users. + + If the NACM module is used, then it must be enabled (i.e., + /nacm/enable-nacm object equals 'true'), or this extension + is ignored. + + The 'default-deny-all' extension MAY appear within a data + definition statement, 'rpc' statement, or 'notification' + statement. It is ignored otherwise."; + } + + /* + * Derived types + */ + + typedef user-name-type { + type string { + length "1..max"; + } + description + "General-purpose username string."; + } + + typedef matchall-string-type { + type string { + pattern '\*'; + } + description + "The string containing a single asterisk '*' is used + to conceptually represent all possible values + for the particular leaf using this data type."; + } + + typedef access-operations-type { + type bits { + bit create { + description + "Any protocol operation that creates a + new data node."; + } + bit read { + description + "Any protocol operation or notification that + returns the value of a data node."; + } + bit update { + description + "Any protocol operation that alters an existing + data node."; + } + bit delete { + description + "Any protocol operation that removes a data node."; + } + bit exec { + description + "Execution access to the specified protocol operation."; + } + } + description + "Access operation."; + } + + typedef group-name-type { + type string { + length "1..max"; + pattern '[^\*].*'; + } + description + "Name of administrative group to which + users can be assigned."; + } + + typedef action-type { + type enumeration { + enum permit { + description + "Requested action is permitted."; + } + enum deny { + description + "Requested action is denied."; + } + } + description + "Action taken by the server when a particular + rule matches."; + } + + typedef node-instance-identifier { + type yang:xpath1.0; + description + "Path expression used to represent a special + data node, action, or notification instance-identifier + string. + + A node-instance-identifier value is an + unrestricted YANG instance-identifier expression. + All the same rules as an instance-identifier apply, + except that predicates for keys are optional. If a key + predicate is missing, then the node-instance-identifier + represents all possible server instances for that key. + + This XML Path Language (XPath) expression is evaluated in the + following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the + current session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree. + + The accessible tree includes actions and notifications tied + to data nodes."; + } + + /* + * Data definition statements + */ + + container nacm { + nacm:default-deny-all; + + description + "Parameters for NETCONF access control model."; + + leaf enable-nacm { + type boolean; + default "true"; + description + "Enables or disables all NETCONF access control + enforcement. If 'true', then enforcement + is enabled. If 'false', then enforcement + is disabled."; + } + + leaf read-default { + type action-type; + default "permit"; + description + "Controls whether read access is granted if + no appropriate rule is found for a + particular read request."; + } + + leaf write-default { + type action-type; + default "deny"; + description + "Controls whether create, update, or delete access + is granted if no appropriate rule is found for a + particular write request."; + } + + leaf exec-default { + type action-type; + default "permit"; + description + "Controls whether exec access is granted if no appropriate + rule is found for a particular protocol operation request."; + } + + leaf enable-external-groups { + type boolean; + default "true"; + description + "Controls whether the server uses the groups reported by the + NETCONF transport layer when it assigns the user to a set of + NACM groups. If this leaf has the value 'false', any group + names reported by the transport layer are ignored by the + server."; + } + + leaf denied-operations { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request was denied."; + } + + leaf denied-data-writes { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that a + protocol operation request to alter + a configuration datastore was denied."; + } + + leaf denied-notifications { + type yang:zero-based-counter32; + config false; + mandatory true; + description + "Number of times since the server last restarted that + a notification was dropped for a subscription because + access to the event type was denied."; + } + + container groups { + description + "NETCONF access control groups."; + + list group { + key name; + + description + "One NACM group entry. This list will only contain + configured entries, not any entries learned from + any transport protocols."; + + leaf name { + type group-name-type; + description + "Group name associated with this entry."; + } + + leaf-list user-name { + type user-name-type; + description + "Each entry identifies the username of + a member of the group associated with + this entry."; + } + } + } + + list rule-list { + key name; + ordered-by user; + description + "An ordered collection of access control rules."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule-list."; + } + leaf-list group { + type union { + type matchall-string-type; + type group-name-type; + } + description + "List of administrative groups that will be + assigned the associated access rights + defined by the 'rule' list. + + The string '*' indicates that all groups apply to the + entry."; + } + + list rule { + key name; + ordered-by user; + description + "One access control rule. + + Rules are processed in user-defined order until a match is + found. A rule matches if 'module-name', 'rule-type', and + 'access-operations' match the request. If a rule + matches, the 'action' leaf determines whether or not + access is granted."; + + leaf name { + type string { + length "1..max"; + } + description + "Arbitrary name assigned to the rule."; + } + + leaf module-name { + type union { + type matchall-string-type; + type string; + } + default "*"; + description + "Name of the module associated with this rule. + + This leaf matches if it has the value '*' or if the + object being accessed is defined in the module with the + specified module name."; + } + choice rule-type { + description + "This choice matches if all leafs present in the rule + match the request. If no leafs are present, the + choice matches all requests."; + case protocol-operation { + leaf rpc-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if + its value equals the requested protocol operation + name."; + } + } + case notification { + leaf notification-name { + type union { + type matchall-string-type; + type string; + } + description + "This leaf matches if it has the value '*' or if its + value equals the requested notification name."; + } + } + + case data-node { + leaf path { + type node-instance-identifier; + mandatory true; + description + "Data node instance-identifier associated with the + data node, action, or notification controlled by + this rule. + + Configuration data or state data + instance-identifiers start with a top-level + data node. A complete instance-identifier is + required for this type of path value. + + The special value '/' refers to all possible + datastore contents."; + } + } + } + + leaf access-operations { + type union { + type matchall-string-type; + type access-operations-type; + } + default "*"; + description + "Access operations associated with this rule. + + This leaf matches if it has the value '*' or if the + bit corresponding to the requested operation is set."; + } + + leaf action { + type action-type; + mandatory true; + description + "The access control action associated with the + rule. If a rule has been determined to match a + particular request, then this object is used + to determine whether to permit or deny the + request."; + } + + leaf comment { + type string; + description + "A textual description of the access rule."; + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-network-instance@2019-01-21.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-network-instance@2019-01-21.yang new file mode 100644 index 00000000..dfde7fbe --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-network-instance@2019-01-21.yang @@ -0,0 +1,282 @@ +module ietf-network-instance { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-network-instance"; + prefix ni; + + // import some basic types + + import ietf-interfaces { + prefix if; + reference + "RFC 8343: A YANG Data Model for Interface Management"; + } + import ietf-ip { + prefix ip; + reference + "RFC 8344: A YANG Data Model for IP Management"; + } + import ietf-yang-schema-mount { + prefix yangmnt; + reference + "RFC 8528: YANG Schema Mount"; + } + + organization + "IETF Routing Area (rtgwg) Working Group"; + contact + "WG Web: + WG List: + + Author: Lou Berger + + Author: Christian Hopps + + Author: Acee Lindem + + Author: Dean Bogdanovic + "; + description + "This module is used to support multiple network instances + within a single physical or virtual device. Network + instances are commonly known as VRFs (VPN Routing and + Forwarding) and VSIs (Virtual Switching Instances). + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all capitals, + as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8529; see + the RFC itself for full legal notices."; + + revision 2019-01-21 { + description + "Initial revision."; + reference + "RFC 8529"; + } + + // top-level device definition statements + + container network-instances { + description + "Network instances, each of which consists of + VRFs and/or VSIs."; + reference + "RFC 8349: A YANG Data Model for Routing Management"; + list network-instance { + key "name"; + description + "List of network instances."; + leaf name { + type string; + mandatory true; + description + "device-scoped identifier for the network + instance."; + } + leaf enabled { + type boolean; + default "true"; + description + "Flag indicating whether or not the network + instance is enabled."; + } + leaf description { + type string; + description + "Description of the network instance + and its intended purpose."; + } + choice ni-type { + description + "This node serves as an anchor point for different types + of network instances. Each 'case' is expected to + differ in terms of the information needed in the + parent/core to support the NI and may differ in their + mounted-schema definition. When the mounted schema is + not expected to be the same for a specific type of NI, + a mount point should be defined."; + } + choice root-type { + mandatory true; + description + "Well-known mount points."; + container vrf-root { + description + "Container for mount point."; + yangmnt:mount-point "vrf-root" { + description + "Root for L3VPN-type models. This will typically + not be an inline-type mount point."; + } + } + container vsi-root { + description + "Container for mount point."; + yangmnt:mount-point "vsi-root" { + description + "Root for L2VPN-type models. This will typically + not be an inline-type mount point."; + } + } + container vv-root { + description + "Container for mount point."; + yangmnt:mount-point "vv-root" { + description + "Root models that support both L2VPN-type bridging + and L3VPN-type routing. This will typically + not be an inline-type mount point."; + } + } + } + } + } + + // augment statements + + augment "/if:interfaces/if:interface" { + description + "Add a node for the identification of the network + instance associated with the information configured + on a interface. + + Note that a standard error will be returned if the + identified leafref isn't present. If an interface cannot + be assigned for any other reason, the operation SHALL fail + with an error-tag of 'operation-failed' and an + error-app-tag of 'ni-assignment-failed'. A meaningful + error-info that indicates the source of the assignment + failure SHOULD also be provided."; + leaf bind-ni-name { + type leafref { + path "/network-instances/network-instance/name"; + } + description + "Network instance to which an interface is bound."; + } + } + augment "/if:interfaces/if:interface/ip:ipv4" { + description + "Add a node for the identification of the network + instance associated with the information configured + on an IPv4 interface. + + Note that a standard error will be returned if the + identified leafref isn't present. If an interface cannot + be assigned for any other reason, the operation SHALL fail + with an error-tag of 'operation-failed' and an + error-app-tag of 'ni-assignment-failed'. A meaningful + error-info that indicates the source of the assignment + failure SHOULD also be provided."; + leaf bind-ni-name { + type leafref { + path "/network-instances/network-instance/name"; + } + description + "Network instance to which IPv4 interface is bound."; + } + } + augment "/if:interfaces/if:interface/ip:ipv6" { + description + "Add a node for the identification of the network + instance associated with the information configured + on an IPv6 interface. + + Note that a standard error will be returned if the + identified leafref isn't present. If an interface cannot + be assigned for any other reason, the operation SHALL fail + with an error-tag of 'operation-failed' and an + error-app-tag of 'ni-assignment-failed'. A meaningful + error-info that indicates the source of the assignment + failure SHOULD also be provided."; + leaf bind-ni-name { + type leafref { + path "/network-instances/network-instance/name"; + } + description + "Network instance to which IPv6 interface is bound."; + } + } + + // notification statements + + notification bind-ni-name-failed { + description + "Indicates an error in the association of an interface to an + NI. Only generated after success is initially returned when + bind-ni-name is set. + + Note: Some errors may need to be reported for multiple + associations, e.g., a single error may need to be reported + for an IPv4 and an IPv6 bind-ni-name. + + At least one container with a bind-ni-name leaf MUST be + included in this notification."; + leaf name { + type leafref { + path "/if:interfaces/if:interface/if:name"; + } + mandatory true; + description + "Contains the interface name associated with the + failure."; + } + container interface { + description + "Generic interface type."; + leaf bind-ni-name { + type leafref { + path "/if:interfaces/if:interface" + + "/ni:bind-ni-name"; + } + description + "Contains the bind-ni-name associated with the + failure."; + } + } + container ipv4 { + description + "IPv4 interface type."; + leaf bind-ni-name { + type leafref { + path "/if:interfaces/if:interface/ip:ipv4/ni:bind-ni-name"; + } + description + "Contains the bind-ni-name associated with the + failure."; + } + } + container ipv6 { + description + "IPv6 interface type."; + leaf bind-ni-name { + type leafref { + path "/if:interfaces/if:interface/ip:ipv6" + + "/ni:bind-ni-name"; + } + description + "Contains the bind-ni-name associated with the + failure."; + } + } + leaf error-info { + type string; + description + "Optionally, indicates the source of the assignment + failure."; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-notification-capabilities@2022-02-17.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-notification-capabilities@2022-02-17.yang new file mode 100644 index 00000000..c9385b25 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-notification-capabilities@2022-02-17.yang @@ -0,0 +1,262 @@ +module ietf-notification-capabilities { + yang-version 1.1; + namespace + "urn:ietf:params:xml:ns:yang:ietf-notification-capabilities"; + prefix notc; + + import ietf-yang-push { + prefix yp; + description + "This module requires ietf-yang-push to be implemented."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates"; + } + import ietf-system-capabilities { + prefix sysc; + description + "This module requires ietf-system-capabilities to be + implemented."; + reference + "RFC 9196: YANG Modules Describing Capabilities for Systems + and Datastore Update Notifications"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Editor: Balazs Lengyel + "; + description + "This module specifies publisher capabilities related to + YANG-Push (RFC 8641). + + The module contains: + + - a specification of the data nodes that support 'on-change' or + 'periodic' notifications. + + - capabilities related to the throughput of notification data + that the publisher can support. (Note that for a specific + subscription, the publisher MAY allow only longer periods + or smaller updates depending on, e.g., actual load conditions.) + + Capability values can be specified at the system/publisher + level, at the datastore level, or for specific data nodes of + a specific datastore (and their contained subtrees), as defined + in the ietf-system-capabilities module. + + If different data nodes covered by a single subscription + have different values for a specific capability, then using + values that are only acceptable for some of these data nodes, + but not for others, may result in the rejection of the + subscription. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2022 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9196 + (https://www.rfc-editor.org/info/rfc9196); see the RFC itself + for full legal notices."; + + revision 2022-02-17 { + description + "Initial version"; + reference + "RFC 9196: YANG Modules Describing Capabilities for Systems + and Datastore Update Notifications"; + } + + grouping subscription-capabilities { + description + "Capabilities related to YANG-Push subscriptions + and notifications"; + container subscription-capabilities { + description + "Capabilities related to YANG-Push subscriptions + and notifications"; + typedef notification-support { + type bits { + bit config-changes { + description + "The publisher is capable of sending + notifications for 'config true' nodes for the + relevant scope and subscription type."; + } + bit state-changes { + description + "The publisher is capable of sending + notifications for 'config false' nodes for the + relevant scope and subscription type."; + } + } + description + "Type for defining whether 'on-change' or + 'periodic' notifications are supported for all data nodes, + 'config false' data nodes, 'config true' data nodes, or + no data nodes. + + The bits config-changes or state-changes have no effect + when they are set for a datastore or for a set of nodes + that does not contain nodes with the indicated config + value. In those cases, the effect is the same as if no + support was declared. One example of this is indicating + support for state-changes for a candidate datastore that + has no effect."; + } + + leaf max-nodes-per-update { + type uint32 { + range "1..max"; + } + description + "Maximum number of data nodes that can be sent + in an update. The publisher MAY support more data nodes + but SHOULD support at least this number. + + May be used to avoid the 'update-too-big' error + during subscription."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates, the 'update-too-big' error/identity"; + } + leaf periodic-notifications-supported { + type notification-support; + description + "Specifies whether the publisher is capable of + sending 'periodic' notifications for the selected + data nodes, including any subtrees that may exist + below them."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates, 'periodic' subscription concept"; + } + choice update-period { + description + "Supported update period value or values for + 'periodic' subscriptions."; + leaf minimum-update-period { + type uint32; + units "centiseconds"; + description + "Indicates the minimal update period that is + supported for a 'periodic' subscription. + + A subscription request to the selected data nodes with + a smaller period than what this leaf specifies is + likely to result in a 'period-unsupported' error."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates, the period leaf in the ietf-yang-push + YANG module"; + } + leaf-list supported-update-period { + type uint32; + units "centiseconds"; + description + "Supported update period values for a 'periodic' + subscription. + + A subscription request to the selected data nodes with a + period not included in the leaf-list will result in a + 'period-unsupported' error."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates, the period leaf in the ietf-yang-push + YANG module"; + } + } + leaf on-change-supported { + if-feature "yp:on-change"; + type notification-support; + description + "Specifies whether the publisher is capable of + sending 'on-change' notifications for the selected + data nodes and the subtree below them."; + reference + "RFC 8641: Subscription to YANG Notifications for Datastore + Updates, on-change concept"; + } + leaf minimum-dampening-period { + if-feature "yp:on-change"; + type uint32; + units "centiseconds"; + description + "The minimum dampening period supported for 'on-change' + subscriptions for the selected data nodes. + + If this value is present and greater than zero, + that implies dampening is mandatory."; + reference + "RFC 8641: Subscription to YANG Notifications for + Datastore Updates, the dampening-period leaf in the + ietf-yang-push YANG module"; + } + leaf-list supported-excluded-change-type { + if-feature "yp:on-change"; + type union { + type enumeration { + enum none { + value -2; + description + "None of the change types can be excluded."; + } + enum all { + value -1; + description + "Any combination of change types can be excluded."; + } + } + type yp:change-type; + } + description + "The change types that can be excluded in + YANG-Push subscriptions for the selected data nodes."; + reference + "RFC 8641: Subscription to YANG Notifications for Datastore + Updates, the change-type typedef in the ietf-yang-push + YANG module"; + } + } + } + + augment "/sysc:system-capabilities" { + description + "Add system level capabilities"; + uses subscription-capabilities { + refine + "subscription-capabilities/supported-excluded-change-type" { + default "none"; + } + } + } + + augment "/sysc:system-capabilities/sysc:datastore-capabilities" + + "/sysc:per-node-capabilities" { + description + "Add datastore and node-level capabilities"; + uses subscription-capabilities { + refine + "subscription-capabilities/supported-excluded-change-type" { + default "none"; + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-platform-manifest@2025-02-21.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-platform-manifest@2025-02-21.yang new file mode 100644 index 00000000..29c738bc --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-platform-manifest@2025-02-21.yang @@ -0,0 +1,150 @@ +module ietf-platform-manifest { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-platform-manifest"; + prefix p-mf; + + import ietf-yang-library { + prefix yanglib; + reference + "RFC8525: YANG Library"; + } + + organization + "IETF OPSAWG (Operations and Management Area) Working Group"; + contact + "WG Web: + WG List: + Author: Benoit Claise + Author: Jean Quilbeuf + Author: Diego R. Lopez + Author: Ignacio Dominguez + + Author: Thomas Graf "; + description + "This module describes the platform information to be used as + context of data collection from a given network element. The + contents of this model must be streamed along with the data + streamed from the network element so that the platform context + of the data collection can be retrieved later. + + The data content of this model should not change except on + upgrade or patching of the device. + + Copyright (c) 2022 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Revised BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + This version of this YANG module is part of RFC XXXX; see the + RFC itself for full legal notices. "; + + revision 2025-02-21 { + description + "Initial revision"; + reference + "RFC xxxx: A Data Manifest for Contextualized Telemetry Data"; + } + + grouping platform-details { + description + "This grouping contains the information about a particular + platform, as stored in the YANG catalog."; + leaf name { + type string { + length "1..1023"; + } + description + "Model of the platform from which data is collected."; + } + leaf vendor { + type string { + length "1..1023"; + } + description + "Organization that implements that platform."; + } + leaf vendor-pen { + type uint32; + description + "Vendor's registered Private Enterprise Number"; + reference + "RFC9371: Registration Procedures for Private Enterprise + Numbers (PENs)"; + } + leaf software-version { + type string { + length "1..1023"; + } + description + "Name of the version of software. With respect to most + network device appliances, this will be the operating system + version. But for other YANG module implementation, this + would be a version of appliance software. Ultimately, this + should correspond to a version string that will be + recognizable by the consumers of the platform."; + } + leaf software-flavor { + type string { + length "1..1023"; + } + description + "A variation of a specific version where YANG model support + may be different. Depending on the vendor, this could be a + license, additional software component, or a feature set."; + } + leaf os-version { + type string { + length "1..1023"; + } + description + "Version of the operating system using this module. This is + primarily useful if the software implementing the module is + an application that requires a specific operating system + version."; + } + leaf os-type { + type string { + length "1..1023"; + } + description + "Type of the operating system using this module. This is + primarily useful if the software implementing the module is + an application that requires a specific operating system + type."; + } + } + + container platforms { + config false; + description + "Top container including all platforms in scope. If this model + is hosted on a single device, it should contain a single entry + in the list. At the network level, it should contain an entry + for every monitored platform."; + list platform { + key "id"; + description + "Contains information about the platform that allows + identifying and understanding the individual data collection + information."; + leaf id { + type string { + length "1..1023"; + } + description + "Identifies a given platform on the network, for instance + the 'sysName' of the platform. The 'id' has to be unique + within the network scope at every point in time. The same + id can point to different platform if they are not + simultaneously part of the network, e.g., when a device + associated to a particular id is replaced."; + } + uses platform-details; + uses yanglib:yang-library-parameters; + } + } +} \ No newline at end of file diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-restconf@2017-01-26.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-restconf@2017-01-26.yang new file mode 100644 index 00000000..b47455b8 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-restconf@2017-01-26.yang @@ -0,0 +1,278 @@ +module ietf-restconf { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-restconf"; + prefix "rc"; + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + + + Author: Kent Watsen + "; + + description + "This module contains conceptual YANG specifications + for basic RESTCONF media type definitions used in + RESTCONF protocol messages. + + Note that the YANG definitions within this module do not + represent configuration data of any kind. + The 'restconf-media-type' YANG extension statement + provides a normative syntax for XML and JSON + message-encoding purposes. + + Copyright (c) 2017 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8040; see + the RFC itself for full legal notices."; + + revision 2017-01-26 { + description + "Initial revision."; + reference + "RFC 8040: RESTCONF Protocol."; + } + + extension yang-data { + argument name { + yin-element true; + } + description + "This extension is used to specify a YANG data template that + represents conceptual data defined in YANG. It is + intended to describe hierarchical data independent of + protocol context or specific message-encoding format. + Data definition statements within a yang-data extension + specify the generic syntax for the specific YANG data + template, whose name is the argument of the 'yang-data' + extension statement. + + Note that this extension does not define a media type. + A specification using this extension MUST specify the + message-encoding rules, including the content media type. + + The mandatory 'name' parameter value identifies the YANG + data template that is being defined. It contains the + template name. + + This extension is ignored unless it appears as a top-level + statement. It MUST contain data definition statements + that result in exactly one container data node definition. + An instance of a YANG data template can thus be translated + into an XML instance document, whose top-level element + corresponds to the top-level container. + The module name and namespace values for the YANG module using + the extension statement are assigned to instance document data + conforming to the data definition statements within + this extension. + + The substatements of this extension MUST follow the + 'data-def-stmt' rule in the YANG ABNF. + + The XPath document root is the extension statement itself, + such that the child nodes of the document root are + represented by the data-def-stmt substatements within + this extension. This conceptual document is the context + for the following YANG statements: + + - must-stmt + - when-stmt + - path-stmt + - min-elements-stmt + - max-elements-stmt + - mandatory-stmt + - unique-stmt + - ordered-by + - instance-identifier data type + + The following data-def-stmt substatements are constrained + when used within a 'yang-data' extension statement. + + - The list-stmt is not required to have a key-stmt defined. + - The if-feature-stmt is ignored if present. + - The config-stmt is ignored if present. + - The available identity values for any 'identityref' + leaf or leaf-list nodes are limited to the module + containing this extension statement and the modules + imported into that module. + "; + } + + rc:yang-data yang-errors { + uses errors; + } + + rc:yang-data yang-api { + uses restconf; + } + + grouping errors { + description + "A grouping that contains a YANG container + representing the syntax and semantics of a + YANG Patch error report within a response message."; + + container errors { + description + "Represents an error report returned by the server if + a request results in an error."; + + list error { + description + "An entry containing information about one + specific error that occurred while processing + a RESTCONF request."; + reference + "RFC 6241, Section 4.3."; + + leaf error-type { + type enumeration { + enum transport { + description + "The transport layer."; + } + enum rpc { + description + "The rpc or notification layer."; + } + enum protocol { + description + "The protocol operation layer."; + } + enum application { + description + "The server application layer."; + } + } + mandatory true; + description + "The protocol layer where the error occurred."; + } + + leaf error-tag { + type string; + mandatory true; + description + "The enumerated error-tag."; + } + + leaf error-app-tag { + type string; + description + "The application-specific error-tag."; + } + + leaf error-path { + type instance-identifier; + description + "The YANG instance identifier associated + with the error node."; + } + + leaf error-message { + type string; + description + "A message describing the error."; + } + + anydata error-info { + description + "This anydata value MUST represent a container with + zero or more data nodes representing additional + error information."; + } + } + } + } + + grouping restconf { + description + "Conceptual grouping representing the RESTCONF + root resource."; + + container restconf { + description + "Conceptual container representing the RESTCONF + root resource."; + + container data { + description + "Container representing the datastore resource. + Represents the conceptual root of all state data + and configuration data supported by the server. + The child nodes of this container can be any data + resources that are defined as top-level data nodes + from the YANG modules advertised by the server in + the 'ietf-yang-library' module."; + } + + container operations { + description + "Container for all operation resources. + + Each resource is represented as an empty leaf with the + name of the RPC operation from the YANG 'rpc' statement. + + For example, the 'system-restart' RPC operation defined + in the 'ietf-system' module would be represented as + an empty leaf in the 'ietf-system' namespace. This is + a conceptual leaf and will not actually be found in + the module: + + module ietf-system { + leaf system-reset { + type empty; + } + } + + To invoke the 'system-restart' RPC operation: + + POST /restconf/operations/ietf-system:system-restart + + To discover the RPC operations supported by the server: + + GET /restconf/operations + + In XML, the YANG module namespace identifies the module: + + + + In JSON, the YANG module name identifies the module: + + { 'ietf-system:system-restart' : [null] } + "; + } + leaf yang-library-version { + type string { + pattern '\d{4}-\d{2}-\d{2}'; + } + config false; + mandatory true; + description + "Identifies the revision date of the 'ietf-yang-library' + module that is implemented by this RESTCONF server. + Indicates the year, month, and day in YYYY-MM-DD + numeric format."; + } + } + } + +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notif-receivers@2024-02-01.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notif-receivers@2024-02-01.yang new file mode 100644 index 00000000..b3ebb8f9 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notif-receivers@2024-02-01.yang @@ -0,0 +1,110 @@ +module ietf-subscribed-notif-receivers { + yang-version 1.1; + namespace + "urn:ietf:params:xml:ns:yang:ietf-subscribed-notif-receivers"; + prefix "snr"; + + import ietf-subscribed-notifications { + prefix sn; + reference + "RFC 8639: Subscription to YANG Notifications"; + } + + organization + "IETF NETCONF Working Group"; + + contact + "WG Web: + WG List: + + Authors: Mahesh Jethanandani (mjethanandani at gmail dot com) + Kent Watsen (kent plus ietf at watsen dot net)"; + + description + "This YANG module is implemented by Publishers implementing + the 'ietf-subscribed-notifications' module defined in RFC 8639. + + While this module is defined in RFC XXXX, which primarily + defines an HTTPS-based transport for notifications, this module + is not HTTP-specific. It is a generic extension that can be + used by any 'notif' transport. + + This module defines two 'augment' statements. One statement + augments a 'container' statement called 'receiver-instances' + into the top-level 'subscriptions' container. The other + statement, called 'receiver-instance-ref', augments a 'leaf' + statement into each 'receiver' that references one of the + afore mentioned receiver instances. This indirection enables + multiple configured subscriptions to send notifications to + the same receiver instance. + + Copyright (c) 2024 IETF Trust and the persons identified as + authors of the code. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Revised BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here."; + + revision "2024-02-01" { + description + "Initial Version."; + reference + "RFC XXXX: An HTTPS-based Transport for YANG Notifications."; + } + + augment "/sn:subscriptions" { + container receiver-instances { + description + "A container for all instances of receivers."; + + list receiver-instance { + key "name"; + + leaf name { + type string; + description + "An arbitrary but unique name for this receiver + instance."; + } + + choice transport-type { + mandatory true; + description + "Choice of different types of transports used to + send notifications. The 'case' statements must + be augmented in by other modules."; + } + description + "A list of all receiver instances."; + } + } + description + "Augment the subscriptions container to define the + transport type."; + } + augment + "/sn:subscriptions/sn:subscription/sn:receivers/sn:receiver" { + leaf receiver-instance-ref { + type leafref { + path "/sn:subscriptions/snr:receiver-instances/" + + "snr:receiver-instance/snr:name"; + } + description + "Reference to a receiver instance."; + } + description + "Augment the subscriptions container to define an optional + reference to a receiver instance."; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notifications@2019-09-09.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notifications@2019-09-09.yang new file mode 100644 index 00000000..e04593c3 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-subscribed-notifications@2019-09-09.yang @@ -0,0 +1,1350 @@ +module ietf-subscribed-notifications { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"; + prefix sn; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-interfaces { + prefix if; + reference + "RFC 8343: A YANG Data Model for Interface Management"; + } + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-network-instance { + prefix ni; + reference + "RFC 8529: YANG Data Model for Network Instances"; + } + import ietf-restconf { + prefix rc; + reference + "RFC 8040: RESTCONF Protocol"; + } + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Author: Alexander Clemm + + + Author: Eric Voit + + + Author: Alberto Gonzalez Prieto + + + Author: Einar Nilsen-Nygaard + + + Author: Ambika Prasad Tripathy + "; + description + "This module defines a YANG data model for subscribing to event + records and receiving matching content in notification messages. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8639; see the + RFC itself for full legal notices."; + + revision 2019-09-09 { + description + "Initial version."; + reference + "RFC 8639: A YANG Data Model for Subscriptions to + Event Notifications"; + } + + /* + * FEATURES + */ + + feature configured { + description + "This feature indicates that configuration of subscriptions is + supported."; + } + + feature dscp { + description + "This feature indicates that a publisher supports the ability + to set the Differentiated Services Code Point (DSCP) value in + outgoing packets."; + } + + feature encode-json { + description + "This feature indicates that JSON encoding of notification + messages is supported."; + } + + feature encode-xml { + description + "This feature indicates that XML encoding of notification + messages is supported."; + } + + feature interface-designation { + description + "This feature indicates that a publisher supports sourcing all + receiver interactions for a configured subscription from a + single designated egress interface."; + } + + feature qos { + description + "This feature indicates that a publisher supports absolute + dependencies of one subscription's traffic over another + as well as weighted bandwidth sharing between subscriptions. + Both of these are Quality of Service (QoS) features that allow + differentiated treatment of notification messages between a + publisher and a specific receiver."; + } + + feature replay { + description + "This feature indicates that historical event record replay is + supported. With replay, it is possible for past event records + to be streamed in chronological order."; + } + + feature subtree { + description + "This feature indicates support for YANG subtree filtering."; + reference + "RFC 6241: Network Configuration Protocol (NETCONF), + Section 6"; + } + + feature supports-vrf { + description + "This feature indicates that a publisher supports VRF + configuration for configured subscriptions. VRF support for + dynamic subscriptions does not require this feature."; + reference + "RFC 8529: YANG Data Model for Network Instances, + Section 6"; + } + + feature xpath { + description + "This feature indicates support for XPath filtering."; + reference + "XML Path Language (XPath) Version 1.0 + (https://www.w3.org/TR/1999/REC-xpath-19991116)"; + } + + /* + * EXTENSIONS + */ + + extension subscription-state-notification { + description + "This statement applies only to notifications. It indicates + that the notification is a subscription state change + notification. Therefore, it does not participate in a regular + event stream and does not need to be specifically subscribed + to in order to be received. This statement can only occur as + a substatement of the YANG 'notification' statement. This + statement is not for use outside of this YANG module."; + } + + /* + * IDENTITIES + */ + /* Identities for RPC and notification errors */ + + identity delete-subscription-error { + description + "Base identity for the problem found while attempting to + fulfill either a 'delete-subscription' RPC request or a + 'kill-subscription' RPC request."; + } + + identity establish-subscription-error { + description + "Base identity for the problem found while attempting to + fulfill an 'establish-subscription' RPC request."; + } + + identity modify-subscription-error { + description + "Base identity for the problem found while attempting to + fulfill a 'modify-subscription' RPC request."; + } + + identity subscription-suspended-reason { + description + "Base identity for the problem condition communicated to a + receiver as part of a 'subscription-suspended' + notification."; + } + + identity subscription-terminated-reason { + description + "Base identity for the problem condition communicated to a + receiver as part of a 'subscription-terminated' + notification."; + } + + identity dscp-unavailable { + base establish-subscription-error; + if-feature "dscp"; + description + "The publisher is unable to mark notification messages with + prioritization information in a way that will be respected + during network transit."; + } + + identity encoding-unsupported { + base establish-subscription-error; + description + "Unable to encode notification messages in the desired + format."; + } + + identity filter-unavailable { + base subscription-terminated-reason; + description + "Referenced filter does not exist. This means a receiver is + referencing a filter that doesn't exist or to which it + does not have access permissions."; + } + + identity filter-unsupported { + base establish-subscription-error; + base modify-subscription-error; + description + "Cannot parse syntax in the filter. This failure can be from + a syntax error or a syntax too complex to be processed by the + publisher."; + } + + identity insufficient-resources { + base establish-subscription-error; + base modify-subscription-error; + base subscription-suspended-reason; + description + "The publisher does not have sufficient resources to support + the requested subscription. An example might be that + allocated CPU is too limited to generate the desired set of + notification messages."; + } + + identity no-such-subscription { + base modify-subscription-error; + base delete-subscription-error; + base subscription-terminated-reason; + description + "Referenced subscription doesn't exist. This may be as a + result of a nonexistent subscription ID, an ID that belongs to + another subscriber, or an ID for a configured subscription."; + } + + identity replay-unsupported { + base establish-subscription-error; + if-feature "replay"; + description + "Replay cannot be performed for this subscription. This means + the publisher will not provide the requested historic + information from the event stream via replay to this + receiver."; + } + + identity stream-unavailable { + base subscription-terminated-reason; + description + "Not a subscribable event stream. This means the referenced + event stream is not available for subscription by the + receiver."; + } + + identity suspension-timeout { + base subscription-terminated-reason; + description + "Termination of a previously suspended subscription. The + publisher has eliminated the subscription, as it exceeded a + time limit for suspension."; + } + + identity unsupportable-volume { + base subscription-suspended-reason; + description + "The publisher does not have the network bandwidth needed to + get the volume of generated information intended for a + receiver."; + } + + /* Identities for encodings */ + + identity configurable-encoding { + description + "If a transport identity derives from this identity, it means + that it supports configurable encodings. An example of a + configurable encoding might be a new identity such as + 'encode-cbor'. Such an identity could use + 'configurable-encoding' as its base. This would allow a + dynamic subscription encoded in JSON (RFC 8259) to request + that notification messages be encoded via the Concise Binary + Object Representation (CBOR) (RFC 7049). Further details for + any specific configurable encoding would be explored in a + transport document based on this specification."; + reference + "RFC 8259: The JavaScript Object Notation (JSON) Data + Interchange Format + RFC 7049: Concise Binary Object Representation (CBOR)"; + } + + identity encoding { + description + "Base identity to represent data encodings."; + } + + identity encode-xml { + base encoding; + if-feature "encode-xml"; + description + "Encode data using XML as described in RFC 7950."; + reference + "RFC 7950: The YANG 1.1 Data Modeling Language"; + } + + identity encode-json { + base encoding; + if-feature "encode-json"; + description + "Encode data using JSON as described in RFC 7951."; + reference + "RFC 7951: JSON Encoding of Data Modeled with YANG"; + } + + /* Identities for transports */ + + identity transport { + description + "An identity that represents the underlying mechanism for + passing notification messages."; + } + + /* + * TYPEDEFs + */ + + typedef encoding { + type identityref { + base encoding; + } + description + "Specifies a data encoding, e.g., for a data subscription."; + } + + typedef stream-filter-ref { + type leafref { + path "/sn:filters/sn:stream-filter/sn:name"; + } + description + "This type is used to reference an event stream filter."; + } + + typedef stream-ref { + type leafref { + path "/sn:streams/sn:stream/sn:name"; + } + description + "This type is used to reference a system-provided + event stream."; + } + + typedef subscription-id { + type uint32; + description + "A type for subscription identifiers."; + } + + typedef transport { + type identityref { + base transport; + } + description + "Specifies the transport used to send notification messages + to a receiver."; + } + + /* + * GROUPINGS + */ + + grouping stream-filter-elements { + description + "This grouping defines the base for filters applied to event + streams."; + choice filter-spec { + description + "The content filter specification for this request."; + anydata stream-subtree-filter { + if-feature "subtree"; + description + "Event stream evaluation criteria encoded in the syntax of + a subtree filter as defined in RFC 6241, Section 6. + + The subtree filter is applied to the representation of + individual, delineated event records as contained in the + event stream. + + If the subtree filter returns a non-empty node set, the + filter matches the event record, and the event record is + included in the notification message sent to the + receivers."; + reference + "RFC 6241: Network Configuration Protocol (NETCONF), + Section 6"; + } + leaf stream-xpath-filter { + if-feature "xpath"; + type yang:xpath1.0; + description + "Event stream evaluation criteria encoded in the syntax of + an XPath 1.0 expression. + + The XPath expression is evaluated on the representation of + individual, delineated event records as contained in + the event stream. + + The result of the XPath expression is converted to a + boolean value using the standard XPath 1.0 rules. If the + boolean value is 'true', the filter matches the event + record, and the event record is included in the + notification message sent to the receivers. + + The expression is evaluated in the following XPath + context: + + o The set of namespace declarations is the set of + prefix and namespace pairs for all YANG modules + implemented by the server, where the prefix is the + YANG module name and the namespace is as defined by + the 'namespace' statement in the YANG module. + + If the leaf is encoded in XML, all namespace + declarations in scope on the 'stream-xpath-filter' + leaf element are added to the set of namespace + declarations. If a prefix found in the XML is + already present in the set of namespace + declarations, the namespace in the XML is used. + + o The set of variable bindings is empty. + + o The function library is comprised of the core + function library and the XPath functions defined in + Section 10 in RFC 7950. + + o The context node is the root node."; + reference + "XML Path Language (XPath) Version 1.0 + (https://www.w3.org/TR/1999/REC-xpath-19991116) + RFC 7950: The YANG 1.1 Data Modeling Language, + Section 10"; + } + } + } + + grouping update-qos { + description + "This grouping describes QoS information concerning a + subscription. This information is passed to lower layers + for transport prioritization and treatment."; + leaf dscp { + if-feature "dscp"; + type inet:dscp; + default "0"; + description + "The desired network transport priority level. This is the + priority set on notification messages encapsulating the + results of the subscription. This transport priority is + shared for all receivers of a given subscription."; + } + leaf weighting { + if-feature "qos"; + type uint8 { + range "0 .. 255"; + } + description + "Relative weighting for a subscription. Larger weights get + more resources. Allows an underlying transport layer to + perform informed load-balance allocations between various + subscriptions."; + reference + "RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2), + Section 5.3.2"; + } + leaf dependency { + if-feature "qos"; + type subscription-id; + description + "Provides the 'subscription-id' of a parent subscription. + The parent subscription has absolute precedence should + that parent have push updates ready to egress the publisher. + In other words, there should be no streaming of objects from + the current subscription if the parent has something ready + to push. + + If a dependency is asserted via configuration or via an RPC + but the referenced 'subscription-id' does not exist, the + dependency is silently discarded. If a referenced + subscription is deleted, this dependency is removed."; + reference + "RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2), + Section 5.3.1"; + } + } + + grouping subscription-policy-modifiable { + description + "This grouping describes all objects that may be changed + in a subscription."; + choice target { + mandatory true; + description + "Identifies the source of information against which a + subscription is being applied as well as specifics on the + subset of information desired from that source."; + case stream { + choice stream-filter { + description + "An event stream filter can be applied to a subscription. + That filter will either come referenced from a global + list or be provided in the subscription itself."; + case by-reference { + description + "Apply a filter that has been configured separately."; + leaf stream-filter-name { + type stream-filter-ref; + mandatory true; + description + "References an existing event stream filter that is + to be applied to an event stream for the + subscription."; + } + } + case within-subscription { + description + "A local definition allows a filter to have the same + lifecycle as the subscription."; + uses stream-filter-elements; + } + } + } + } + leaf stop-time { + type yang:date-and-time; + description + "Identifies a time after which notification messages for a + subscription should not be sent. If 'stop-time' is not + present, the notification messages will continue until the + subscription is terminated. If 'replay-start-time' exists, + 'stop-time' must be for a subsequent time. If + 'replay-start-time' doesn't exist, 'stop-time', when + established, must be for a future time."; + } + } + + grouping subscription-policy-dynamic { + description + "This grouping describes the only information concerning a + subscription that can be passed over the RPCs defined in this + data model."; + uses subscription-policy-modifiable { + augment "target/stream" { + description + "Adds additional objects that can be modified by an RPC."; + leaf stream { + type stream-ref { + require-instance false; + } + mandatory true; + description + "Indicates the event stream to be considered for + this subscription."; + } + leaf replay-start-time { + if-feature "replay"; + type yang:date-and-time; + config false; + description + "Used to trigger the 'replay' feature for a dynamic + subscription, where event records that are selected + need to be at or after the specified starting time. If + 'replay-start-time' is not present, this is not a replay + subscription and event record push should start + immediately. It is never valid to specify start times + that are later than or equal to the current time."; + } + } + } + uses update-qos; + } + + grouping subscription-policy { + description + "This grouping describes the full set of policy information + concerning both dynamic and configured subscriptions, with the + exclusion of both receivers and networking information + specific to the publisher, such as what interface should be + used to transmit notification messages."; + uses subscription-policy-dynamic; + leaf transport { + if-feature "configured"; + type transport; + description + "For a configured subscription, this leaf specifies the + transport used to deliver messages destined for all + receivers of that subscription."; + } + leaf encoding { + when 'not(../transport) or derived-from(../transport, + "sn:configurable-encoding")'; + type encoding; + description + "The type of encoding for notification messages. For a + dynamic subscription, if not included as part of an + 'establish-subscription' RPC, the encoding will be populated + with the encoding used by that RPC. For a configured + subscription, if not explicitly configured, the encoding + will be the default encoding for an underlying transport."; + } + leaf purpose { + if-feature "configured"; + type string; + description + "Open text allowing a configuring entity to embed the + originator or other specifics of this subscription."; + } + } + + /* + * RPCs + */ + + rpc establish-subscription { + description + "This RPC allows a subscriber to create (and possibly + negotiate) a subscription on its own behalf. If successful, + the subscription remains in effect for the duration of the + subscriber's association with the publisher or until the + subscription is terminated. If an error occurs or the + publisher cannot meet the terms of a subscription, an RPC + error is returned, and the subscription is not created. + In that case, the RPC reply's 'error-info' MAY include + suggested parameter settings that would have a higher + likelihood of succeeding in a subsequent + 'establish-subscription' request."; + input { + uses subscription-policy-dynamic; + leaf encoding { + type encoding; + description + "The type of encoding for the subscribed data. If not + included as part of the RPC, the encoding MUST be set by + the publisher to be the encoding used by this RPC."; + } + } + output { + leaf id { + type subscription-id; + mandatory true; + description + "Identifier used for this subscription."; + } + leaf replay-start-time-revision { + if-feature "replay"; + type yang:date-and-time; + description + "If a replay has been requested, this object represents + the earliest time covered by the event buffer for the + requested event stream. The value of this object is the + 'replay-log-aged-time' if it exists. Otherwise, it is + the 'replay-log-creation-time'. All buffered event + records after this time will be replayed to a receiver. + This object will only be sent if the starting time has + been revised to be later than the time requested by the + subscriber."; + } + } + } + + rc:yang-data establish-subscription-stream-error-info { + container establish-subscription-stream-error-info { + description + "If any 'establish-subscription' RPC parameters are + unsupportable against the event stream, a subscription + is not created and the RPC error response MUST indicate the + reason why the subscription failed to be created. This + yang-data MAY be inserted as structured data in a + subscription's RPC error response to indicate the reason for + the failure. This yang-data MUST be inserted if hints are + to be provided back to the subscriber."; + leaf reason { + type identityref { + base establish-subscription-error; + } + description + "Indicates the reason why the subscription has failed to + be created to a targeted event stream."; + } + leaf filter-failure-hint { + type string; + description + "Information describing where and/or why a provided + filter was unsupportable for a subscription. The + syntax and semantics of this hint are + implementation specific."; + } + } + } + + rpc modify-subscription { + description + "This RPC allows a subscriber to modify a dynamic + subscription's parameters. If successful, the changed + subscription parameters remain in effect for the duration of + the subscription, until the subscription is again modified, or + until the subscription is terminated. In the case of an error + or an inability to meet the modified parameters, the + subscription is not modified and the original subscription + parameters remain in effect. In that case, the RPC error MAY + include 'error-info' suggested parameter hints that would have + a high likelihood of succeeding in a subsequent + 'modify-subscription' request. A successful + 'modify-subscription' will return a suspended subscription to + the 'active' state."; + input { + leaf id { + type subscription-id; + mandatory true; + description + "Identifier to use for this subscription."; + } + uses subscription-policy-modifiable; + } + } + + rc:yang-data modify-subscription-stream-error-info { + container modify-subscription-stream-error-info { + description + "This yang-data MAY be provided as part of a subscription's + RPC error response when there is a failure of a + 'modify-subscription' RPC that has been made against an + event stream. This yang-data MUST be used if hints are to + be provided back to the subscriber."; + leaf reason { + type identityref { + base modify-subscription-error; + } + description + "Information in a 'modify-subscription' RPC error response + that indicates the reason why the subscription to an event + stream has failed to be modified."; + } + leaf filter-failure-hint { + type string; + description + "Information describing where and/or why a provided + filter was unsupportable for a subscription. The syntax + and semantics of this hint are + implementation specific."; + } + } + } + + rpc delete-subscription { + description + "This RPC allows a subscriber to delete a subscription that + was previously created by that same subscriber using the + 'establish-subscription' RPC. + + If an error occurs, the server replies with an 'rpc-error' + where the 'error-info' field MAY contain a + 'delete-subscription-error-info' structure."; + input { + leaf id { + type subscription-id; + mandatory true; + description + "Identifier of the subscription that is to be deleted. + Only subscriptions that were created using + 'establish-subscription' from the same origin as this RPC + can be deleted via this RPC."; + } + } + } + + rpc kill-subscription { + nacm:default-deny-all; + description + "This RPC allows an operator to delete a dynamic subscription + without restrictions on the originating subscriber or + underlying transport session. + + If an error occurs, the server replies with an 'rpc-error' + where the 'error-info' field MAY contain a + 'delete-subscription-error-info' structure."; + input { + leaf id { + type subscription-id; + mandatory true; + description + "Identifier of the subscription that is to be deleted. + Only subscriptions that were created using + 'establish-subscription' can be deleted via this RPC."; + } + } + } + + rc:yang-data delete-subscription-error-info { + container delete-subscription-error-info { + description + "If a 'delete-subscription' RPC or a 'kill-subscription' RPC + fails, the subscription is not deleted and the RPC error + response MUST indicate the reason for this failure. This + yang-data MAY be inserted as structured data in a + subscription's RPC error response to indicate the reason + for the failure."; + leaf reason { + type identityref { + base delete-subscription-error; + } + mandatory true; + description + "Indicates the reason why the subscription has failed to be + deleted."; + } + } + } + + /* + * NOTIFICATIONS + */ + + notification replay-completed { + sn:subscription-state-notification; + if-feature "replay"; + description + "This notification is sent to indicate that all of the replay + notifications have been sent."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + } + + notification subscription-completed { + sn:subscription-state-notification; + if-feature "configured"; + description + "This notification is sent to indicate that a subscription has + finished passing event records, as the 'stop-time' has been + reached."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the gracefully completed subscription."; + } + } + + notification subscription-modified { + sn:subscription-state-notification; + description + "This notification indicates that a subscription has been + modified. Notification messages sent from this point on will + conform to the modified terms of the subscription. For + completeness, this subscription state change notification + includes both modified and unmodified aspects of a + subscription."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + uses subscription-policy { + refine "target/stream/stream-filter/within-subscription" { + description + "Filter applied to the subscription. If the + 'stream-filter-name' is populated, the filter in the + subscription came from the 'filters' container. + Otherwise, it is populated in-line as part of the + subscription."; + } + } + } + + notification subscription-resumed { + sn:subscription-state-notification; + description + "This notification indicates that a subscription that had + previously been suspended has resumed. Notifications will + once again be sent. In addition, a 'subscription-resumed' + indicates that no modification of parameters has occurred + since the last time event records have been sent."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + } + + notification subscription-started { + sn:subscription-state-notification; + if-feature "configured"; + description + "This notification indicates that a subscription has started + and notifications will now be sent."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + uses subscription-policy { + refine "target/stream/replay-start-time" { + description + "Indicates the time that a replay is using for the + streaming of buffered event records. This will be + populated with the most recent of the following: + the event time of the previous event record sent to a + receiver, the 'replay-log-creation-time', the + 'replay-log-aged-time', or the most recent publisher + boot time."; + } + refine "target/stream/stream-filter/within-subscription" { + description + "Filter applied to the subscription. If the + 'stream-filter-name' is populated, the filter in the + subscription came from the 'filters' container. + Otherwise, it is populated in-line as part of the + subscription."; + } + augment "target/stream" { + description + "This augmentation adds additional parameters specific to a + 'subscription-started' notification."; + leaf replay-previous-event-time { + when '../replay-start-time'; + if-feature "replay"; + type yang:date-and-time; + description + "If there is at least one event in the replay buffer + prior to 'replay-start-time', this gives the time of + the event generated immediately prior to the + 'replay-start-time'. + + If a receiver previously received event records for + this configured subscription, it can compare this time + to the last event record previously received. If the + two are not the same (perhaps due to a reboot), then a + dynamic replay can be initiated to acquire any missing + event records."; + } + } + } + } + + notification subscription-suspended { + sn:subscription-state-notification; + description + "This notification indicates that a suspension of the + subscription by the publisher has occurred. No further + notifications will be sent until the subscription resumes. + This notification shall only be sent to receivers of a + subscription; it does not constitute a general-purpose + notification."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + leaf reason { + type identityref { + base subscription-suspended-reason; + } + mandatory true; + description + "Identifies the condition that resulted in the suspension."; + } + } + + notification subscription-terminated { + sn:subscription-state-notification; + description + "This notification indicates that a subscription has been + terminated."; + leaf id { + type subscription-id; + mandatory true; + description + "This references the affected subscription."; + } + leaf reason { + type identityref { + base subscription-terminated-reason; + } + mandatory true; + description + "Identifies the condition that resulted in the termination."; + } + } + + /* + * DATA NODES + */ + + container streams { + config false; + description + "Contains information on the built-in event streams provided by + the publisher."; + list stream { + key "name"; + description + "Identifies the built-in event streams that are supported by + the publisher."; + leaf name { + type string; + description + "A handle for a system-provided event stream made up of a + sequential set of event records, each of which is + characterized by its own domain and semantics."; + } + leaf description { + type string; + description + "A description of the event stream, including such + information as the type of event records that are + available in this event stream."; + } + leaf replay-support { + if-feature "replay"; + type empty; + description + "Indicates that event record replay is available on this + event stream."; + } + leaf replay-log-creation-time { + when '../replay-support'; + if-feature "replay"; + type yang:date-and-time; + mandatory true; + description + "The timestamp of the creation of the log used to support + the replay function on this event stream. This time + might be earlier than the earliest available information + contained in the log. This object is updated if the log + resets for some reason."; + } + leaf replay-log-aged-time { + when '../replay-support'; + if-feature "replay"; + type yang:date-and-time; + description + "The timestamp associated with the last event record that + has been aged out of the log. This timestamp identifies + how far back in history this replay log extends, if it + doesn't extend back to the 'replay-log-creation-time'. + This object MUST be present if replay is supported and any + event records have been aged out of the log."; + } + } + } + container filters { + description + "Contains a list of configurable filters that can be applied to + subscriptions. This facilitates the reuse of complex filters + once defined."; + list stream-filter { + key "name"; + description + "A list of preconfigured filters that can be applied to + subscriptions."; + leaf name { + type string; + description + "A name to differentiate between filters."; + } + uses stream-filter-elements; + } + } + container subscriptions { + description + "Contains the list of currently active subscriptions, i.e., + subscriptions that are currently in effect, used for + subscription management and monitoring purposes. This + includes subscriptions that have been set up via + RPC primitives as well as subscriptions that have been + established via configuration."; + list subscription { + key "id"; + description + "The identity and specific parameters of a subscription. + Subscriptions in this list can be created using a control + channel or RPC or can be established through configuration. + + If the 'kill-subscription' RPC or configuration operations + are used to delete a subscription, a + 'subscription-terminated' message is sent to any active or + suspended receivers."; + leaf id { + type subscription-id; + description + "Identifier of a subscription; unique in a given + publisher."; + } + uses subscription-policy { + refine "target/stream/stream" { + description + "Indicates the event stream to be considered for this + subscription. If an event stream has been removed + and can no longer be referenced by an active + subscription, send a 'subscription-terminated' + notification with 'stream-unavailable' as the reason. + If a configured subscription refers to a nonexistent + event stream, move that subscription to the + 'invalid' state."; + } + refine "transport" { + description + "For a configured subscription, this leaf specifies the + transport used to deliver messages destined for all + receivers of that subscription. This object is + mandatory for subscriptions in the configuration + datastore. This object (1) is not mandatory for dynamic + subscriptions in the operational state datastore and + (2) should not be present for other types of dynamic + subscriptions."; + } + augment "target/stream" { + description + "Enables objects to be added to a configured stream + subscription."; + leaf configured-replay { + if-feature "configured"; + if-feature "replay"; + type empty; + description + "The presence of this leaf indicates that replay for + the configured subscription should start at the + earliest time in the event log or at the publisher + boot time, whichever is later."; + } + } + } + choice notification-message-origin { + if-feature "configured"; + description + "Identifies the egress interface on the publisher + from which notification messages are to be sent."; + case interface-originated { + description + "When notification messages are to egress a specific, + designated interface on the publisher."; + leaf source-interface { + if-feature "interface-designation"; + type if:interface-ref; + description + "References the interface for notification messages."; + } + } + case address-originated { + description + "When notification messages are to depart from a + publisher using a specific originating address and/or + routing context information."; + leaf source-vrf { + if-feature "supports-vrf"; + type leafref { + path "/ni:network-instances/ni:network-instance/ni:name"; + } + description + "VRF from which notification messages should egress a + publisher."; + } + leaf source-address { + type inet:ip-address-no-zone; + description + "The source address for the notification messages. + If a source VRF exists but this object doesn't, a + publisher's default address for that VRF must + be used."; + } + } + } + leaf configured-subscription-state { + if-feature "configured"; + type enumeration { + enum valid { + value 1; + description + "The subscription is supportable with its current + parameters."; + } + enum invalid { + value 2; + description + "The subscription as a whole is unsupportable with its + current parameters."; + } + enum concluded { + value 3; + description + "A subscription is inactive, as it has hit a + stop time. It no longer has receivers in the + 'active' or 'suspended' state, but the subscription + has not yet been removed from configuration."; + } + } + config false; + description + "The presence of this leaf indicates that the subscription + originated from configuration, not through a control + channel or RPC. The value indicates the state of the + subscription as established by the publisher."; + } + container receivers { + description + "Set of receivers in a subscription."; + list receiver { + key "name"; + min-elements 1; + description + "A host intended as a recipient for the notification + messages of a subscription. For configured + subscriptions, transport-specific network parameters + (or a leafref to those parameters) may be augmented to a + specific receiver in this list."; + leaf name { + type string; + description + "Identifies a unique receiver for a subscription."; + } + leaf sent-event-records { + type yang:zero-based-counter64; + config false; + description + "The number of event records sent to the receiver. The + count is initialized when a dynamic subscription is + established or when a configured receiver + transitions to the 'valid' state."; + } + leaf excluded-event-records { + type yang:zero-based-counter64; + config false; + description + "The number of event records explicitly removed via + either an event stream filter or an access control + filter so that they are not passed to a receiver. + This count is set to zero each time + 'sent-event-records' is initialized."; + } + leaf state { + type enumeration { + enum active { + value 1; + description + "The receiver is currently being sent any + applicable notification messages for the + subscription."; + } + enum suspended { + value 2; + description + "The receiver state is 'suspended', so the + publisher is currently unable to provide + notification messages for the subscription."; + } + enum connecting { + value 3; + if-feature "configured"; + description + "A subscription has been configured, but a + 'subscription-started' subscription state change + notification needs to be successfully received + before notification messages are sent. + + If the 'reset' action is invoked for a receiver of + an active configured subscription, the state + must be moved to 'connecting'."; + } + enum disconnected { + value 4; + if-feature "configured"; + description + "A subscription has failed to send a + 'subscription-started' state change to the + receiver. Additional connection attempts are not + currently being made."; + } + } + config false; + mandatory true; + description + "Specifies the state of a subscription from the + perspective of a particular receiver. With this + information, it is possible to determine whether a + publisher is currently generating notification + messages intended for that receiver."; + } + action reset { + if-feature "configured"; + description + "Allows the reset of this configured subscription's + receiver to the 'connecting' state. This enables the + connection process to be reinitiated."; + output { + leaf time { + type yang:date-and-time; + mandatory true; + description + "Time at which a publisher returned the receiver to + the 'connecting' state."; + } + } + } + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-system-capabilities@2022-02-17.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-system-capabilities@2022-02-17.yang new file mode 100644 index 00000000..55f959d8 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-system-capabilities@2022-02-17.yang @@ -0,0 +1,170 @@ +module ietf-system-capabilities { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-system-capabilities"; + prefix sysc; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-yang-library { + prefix yanglib; + description + "This module requires ietf-yang-library to be implemented. + Revision 2019-01-04 or a revision derived from it + is REQUIRED."; + reference + "RFC8525: YANG Library"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Editor: Balazs Lengyel + "; + description + "This module specifies a structure to specify system + capabilities for a server or a publisher. System capabilities + may include capabilities of a NETCONF or RESTCONF server or a + notification publisher. + + This module does not contain any specific capabilities; it only + provides a structure where containers containing the actual + capabilities are augmented in. + + Capability values can be specified at the system level, at the + datastore level (by selecting all nodes in the datastore), or + for specific data nodes of a specific datastore (and their + contained subtrees). + Capability values specified for a specific datastore or + node-set override values specified on the system/publisher + level. + + The same grouping MUST be used to define hierarchical + capabilities supported both at the system level and at the + datastore/data-node level. + + To find a capability value for a specific data node in a + specific datastore, the user SHALL: + + 1) search for a datastore-capabilities list entry for + the specific datastore. When stating a specific capability, the + relative path for any specific capability must be the same + under the system-capabilities container and under the + per-node-capabilities list. + + 2) If the datastore entry is found within that entry, process + all per-node-capabilities entries in the order they appear in + the list. The first entry that specifies the specific + capability and has a node-selector selecting the specific data + node defines the capability value. + + 3) If the capability value is not found above and the specific + capability is specified under the system-capabilities container + (outside the datastore-capabilities list), this value shall be + used. + + 4) If no values are found in the previous steps, the + system/publisher is not capable of providing a value. Possible + reasons are that it is unknown, the capability is changing for + some reason, there is no specified limit, etc. In this case, + the system's behavior is unspecified. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2022 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9196 + (https://www.rfc-editor.org/info/rfc9196); see the RFC itself + for full legal notices."; + + revision 2022-02-17 { + description + "Initial version"; + reference + "RFC 9196: YANG Modules Describing Capabilities for Systems + and Datastore Update Notifications"; + } + + container system-capabilities { + config false; + description + "System capabilities. + Capability values specified here at the system level + are valid for all datastores and are used when the + capability is not specified at the datastore level + or for specific data nodes."; + /* + * "Augmentation point for system-level capabilities." + */ + list datastore-capabilities { + key "datastore"; + description + "Capabilities values per datastore. + + For non-NMDA servers/publishers, 'config false' data is + considered as if it were part of the running datastore."; + leaf datastore { + type leafref { + path + "/yanglib:yang-library/yanglib:datastore/yanglib:name"; + } + description + "The datastore for which capabilities are defined. + Only one specific datastore can be specified, + e.g., ds:conventional must not be used, as it + represents a set of configuration datastores."; + } + list per-node-capabilities { + description + "Each list entry specifies capabilities for the selected + data nodes. The same capabilities apply to the data nodes + in the subtree below the selected nodes. + + The system SHALL order the entries according to their + precedence. The order of the entries MUST NOT change + unless the underlying capabilities also change. + + Note that the longest patch matching can be achieved + by ordering more specific matches before less + specific ones."; + choice node-selection { + description + "A method to select some or all nodes within a + datastore."; + leaf node-selector { + type nacm:node-instance-identifier; + description + "Selects the data nodes for which capabilities are + specified. The special value '/' denotes all data + nodes in the datastore, consistent with the path + leaf node on page 41 of [RFC8341]."; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + } + /* + * "Augmentation point for datastore- or data-node-level + * capabilities." + */ + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-telemetry-message@2025-04-17.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-telemetry-message@2025-04-17.yang new file mode 100644 index 00000000..c8cf359c --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-telemetry-message@2025-04-17.yang @@ -0,0 +1,218 @@ +module ietf-telemetry-message { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-telemetry-message"; + prefix tm; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-inet-types { + prefix inet; + } + import ietf-platform-manifest { + prefix p-mf; + reference + "draft-ietf-opsawg-collected-data-manifest: A Data Manifest for + Contextualized Telemetry Data"; + } + + organization + "IETF Draft"; + contact + "Author: Ahmed Elhassany + + + Thomas Graf + "; + description + "This YANG modules defines a model for a telemetry collector to send + collected YANG data from the network. + + Copyright (c) 2025 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Revised BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see the RFC + itself for full legal notices."; + + revision 2025-04-17 { + description + "Initial revision."; + reference + "RFC XXXX"; + } + + identity session-protocol { + description + "Base identity to represent session protocols."; + } + + identity yp-push { + base session-protocol; + description + "YANG-Push in RFC 8640 or RFC 8641 or RFC 8650."; + reference + "RFC 8640, RFC 8641, RFC 8650: YANG-Push Events and Notifications for Datastores."; + } + + identity netconf { + base session-protocol; + description + "NETCONF RPC as described in RFC 6241."; + reference + "RFC 6241: NETCONF RPC."; + } + + identity restconf { + base session-protocol; + description + "RESTCONF HTTP as described in RFC 8040."; + reference + "RFC 8040."; + } + + typedef telemetry-notification-event-type { + type enumeration { + enum log { + description + "Collector is reporting the event as it arrived from the + network element."; + } + enum update { + description + " + Collector has updated an entry inside its local cache. + This could be triggered by an event from the network for + instance interface operational status changed or an internal + event in the collector, such as a timer triggered to referesh + old enteries."; + } + enum delete { + description + "Collector has deleted an entry from its local cache."; + } + } + description + "Type of event reported by the collector."; + } + + typedef telemetry-session-protocol-type { + type identityref { + base session-protocol; + } + description + "Notification protocol used to deliver the notification to the + data collection."; + } + + container message { + config false; + description + "Telemetry message used in Data Mesh"; + leaf timestamp { + type yang:date-and-time; + mandatory true; + description + "Timestamp when the data collection collected the payload + from the network element or an update or delete event is + triggered."; + } + leaf session-protocol { + type telemetry-session-protocol-type; + mandatory true; + description + "Session protocol used to collect the payload of this message + from the network"; + } + container network-node-manifest { + description + "Address of network element from which the payload is collected."; + uses p-mf:platform-details; + } + container data-collection-manifest { + description + "Address of the telemetry data collection."; + uses p-mf:platform-details; + } + container telemetry-message-metadata { + description + "Extensible message and protocol specific metadata"; + leaf event-time { + type yang:date-and-time; + description + "NETCONF eventTime. Redefined in here since NETCONF header is + XML not YANG."; + } + } + container data-collection-metadata { + description + "Metadata added by data collection."; + leaf remote-address { + type inet:host; + mandatory true; + description + "Network node IP address."; + } + leaf remote-port { + type inet:port-number; + description + "Network node transport port number."; + } + leaf local-address { + type inet:host; + description + "Data collection IP address."; + } + leaf local-port { + type inet:port-number; + description + "Data collection transport port number."; + } + list labels { + key "name"; + description + "Arbiterary labels assinged by the data collection."; + leaf name { + type string { + length "1..max"; + } + description + "Label name."; + } + choice value { + mandatory true; + description + "label value"; + choice string-choice { + description + "String value"; + leaf string-value { + type string; + description + "String value"; + } + } + choice anydata-choice { + description + "YANG anydata value"; + anydata anydata-values { + description + "anydata yang"; + } + } + } + } + } + anydata payload { + description + "Message or notification received from network element."; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-client@2024-10-10.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-client@2024-10-10.yang new file mode 100644 index 00000000..e490640a --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-client@2024-10-10.yang @@ -0,0 +1,516 @@ +module ietf-tls-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client"; + prefix tlsc; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-crypto-types { + prefix ct; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + import ietf-truststore { + prefix ts; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + } + import ietf-keystore { + prefix ks; + reference + "RFC 9642: A YANG Data Model for a Keystore"; + } + import ietf-tls-common { + prefix tlscmn; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG List: NETCONF WG list + WG Web: https://datatracker.ietf.org/wg/netconf + Author: Kent Watsen + Author: Jeff Hartley "; + description + "This module defines reusable groupings for TLS clients that + can be used as a basis for specific TLS client instances. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version"; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls-client-keepalives { + description + "Per-socket TLS keepalive parameters are configurable for + TLS clients on the server implementing this feature."; + } + + feature client-ident-x509-cert { + description + "Indicates that the client supports identifying itself + using X.509 certificates."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile"; + } + + feature client-ident-raw-public-key { + description + "Indicates that the client supports identifying itself + using raw public keys."; + reference + "RFC 7250: + Using Raw Public Keys in Transport Layer Security (TLS) + and Datagram Transport Layer Security (DTLS)"; + } + + feature client-ident-tls12-psk { + if-feature "tlscmn:tls12"; + description + "Indicates that the client supports identifying itself + using TLS 1.2 PSKs (pre-shared or pairwise symmetric keys)."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + + feature client-ident-tls13-epsk { + if-feature "tlscmn:tls13"; + description + "Indicates that the client supports identifying itself + using TLS 1.3 External PSKs (pre-shared keys)."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3"; + } + + feature server-auth-x509-cert { + description + "Indicates that the client supports authenticating servers + using X.509 certificates."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile"; + } + + feature server-auth-raw-public-key { + description + "Indicates that the client supports authenticating servers + using raw public keys."; + reference + "RFC 7250: + Using Raw Public Keys in Transport Layer Security (TLS) + and Datagram Transport Layer Security (DTLS)"; + } + + feature server-auth-tls12-psk { + description + "Indicates that the client supports authenticating servers + using PSKs (pre-shared or pairwise symmetric keys)."; + reference + "RFC 4279: + Pre-Shared Key Ciphersuites for Transport Layer Security + (TLS)"; + } + + feature server-auth-tls13-epsk { + description + "Indicates that the client supports authenticating servers + using TLS 1.3 External PSKs (pre-shared keys)."; + reference + "RFC 8446: + The Transport Layer Security (TLS) Protocol Version 1.3"; + } + + // Groupings + + grouping tls-client-grouping { + description + "A reusable grouping for configuring a TLS client without + any consideration for how an underlying TCP session is + established. + + Note that this grouping uses fairly typical descendant + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tls-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + container client-identity { + nacm:default-deny-write; + presence "Indicates that a TLS-level client identity has been + configured. This statement is present so the + mandatory descendant nodes do not imply that this + node must be configured."; + description + "Identity credentials the TLS client MAY present when + establishing a connection to a TLS server. If not + configured, then client authentication is presumed to + occur in a protocol layer above TLS. When configured, + and requested by the TLS server when establishing a + TLS session, these credentials are passed in the + Certificate message defined in Section 7.4.2 of + RFC 5246 and Section 4.4.2 of RFC 8446."; + reference + "RFC 5246: The Transport Layer Security (TLS) + Protocol Version 1.2 + RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9642: A YANG Data Model for a Keystore"; + choice auth-type { + mandatory true; + description + "A choice amongst authentication types, of which one must + be enabled (via its associated 'feature') and selected."; + case certificate { + if-feature "client-ident-x509-cert"; + container certificate { + description + "Specifies the client identity using a certificate."; + uses "ks:inline-or-keystore-end-entity-cert-with-key-" + + "grouping" { + refine "inline-or-keystore/inline/inline-definition" { + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; + } + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + + 'key-format, "ct:subject-public-key-info-' + + 'format")'; + } + } + } + } + case raw-public-key { + if-feature "client-ident-raw-public-key"; + container raw-private-key { + description + "Specifies the client identity using a raw + private key."; + uses ks:inline-or-keystore-asymmetric-key-grouping { + refine "inline-or-keystore/inline/inline-definition" { + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; + } + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + + 'key-format, "ct:subject-public-key-info-' + + 'format")'; + } + } + } + } + case tls12-psk { + if-feature "client-ident-tls12-psk"; + container tls12-psk { + description + "Specifies the client identity using a PSK (pre-shared + or pairwise symmetric key)."; + uses ks:inline-or-keystore-symmetric-key-grouping; + leaf id { + type string; + description + "The key 'psk_identity' value used in the TLS + 'ClientKeyExchange' message."; + reference + "RFC 4279: Pre-Shared Key Ciphersuites for + Transport Layer Security (TLS)"; + } + } + } + case tls13-epsk { + if-feature "client-ident-tls13-epsk"; + container tls13-epsk { + description + "An External Pre-Shared Key (EPSK) is established + or provisioned out of band, i.e., not from a TLS + connection. An EPSK is a tuple of (Base Key, + External Identity, Hash). EPSKs MUST NOT be + imported for (D)TLS 1.2 or prior versions. When + PSKs are provisioned out of band, the PSK identity + and the Key Derivation Function (KDF) hash algorithm + to be used with the PSK MUST also be provisioned. + + The structure of this container is designed to satisfy + the requirements in Section 4.2.11 of RFC 8446, the + recommendations from Section 6 of RFC 9257, and the + EPSK input fields detailed in Section 5.1 of RFC 9258. + The base-key is based upon + 'ks:inline-or-keystore-symmetric-key-grouping' in + order to provide users with flexible and secure + storage options."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS + RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + uses ks:inline-or-keystore-symmetric-key-grouping; + leaf external-identity { + type string; + mandatory true; + description + "As per Section 4.2.11 of RFC 8446 and Section 4.1 + of RFC 9257, a sequence of bytes used to identify + an EPSK. A label for a pre-shared key established + externally."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3 + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS"; + } + leaf hash { + type tlscmn:epsk-supported-hash; + default "sha-256"; + description + "As per Section 4.2.11 of RFC 8446, for EPSKs, + the hash algorithm MUST be set when the PSK is + established; otherwise, default to SHA-256 if + no such algorithm is defined. The server MUST + ensure that it selects a compatible PSK (if any) + and cipher suite. Each PSK MUST only be used + with a single hash function."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3"; + } + leaf context { + type string; + description + "As per Section 5.1 of RFC 9258, context MUST + include the context used to determine the EPSK, + if any exists. For example, context may include + information about peer roles or identities + to mitigate Selfie-style reflection attacks. + Since the EPSK is a key derived from an external + protocol or a sequence of protocols, context MUST + include a channel binding for the deriving + protocols (see RFC 5056). The details of this + binding are protocol specific and out of scope + for this document."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + leaf target-protocol { + type uint16; + description + "As per Section 3 of RFC 9258, the protocol + for which a PSK is imported for use."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + leaf target-kdf { + type uint16; + description + "As per Section 3 of RFC 9258, the Key Derivation + Function (KDF) for which a PSK is imported for + use."; + reference + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; + } + } + } + } + } // container client-identity + container server-authentication { + nacm:default-deny-write; + must "ca-certs or ee-certs or raw-public-keys or tls12-psks + or tls13-epsks"; + description + "Specifies how the TLS client can authenticate TLS servers. + Any combination of credentials is additive and unordered. + + Note that no configuration is required for authentication + based on PSK (pre-shared or pairwise symmetric key) as + the key is necessarily the same as configured in the + '../client-identity' node."; + container ca-certs { + if-feature "server-auth-x509-cert"; + presence "Indicates that Certification Authority (CA) + certificates have been configured. This + statement is present so the mandatory + descendant nodes do not imply that this + node must be configured."; + description + "A set of CA certificates used by the TLS client to + authenticate TLS server certificates. A server + certificate is authenticated if it has a valid chain of + trust to a configured CA certificate."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-certs-grouping; + } + container ee-certs { + if-feature "server-auth-x509-cert"; + presence "Indicates that End-Entity (EE) certificates have + been configured. This statement is present so + the mandatory descendant nodes do not imply + that this node must be configured."; + description + "A set of server certificates (i.e., EE certificates) used + by the TLS client to authenticate certificates presented + by TLS servers. A server certificate is authenticated if + it is an exact match to a configured server certificate."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-certs-grouping; + } + container raw-public-keys { + if-feature "server-auth-raw-public-key"; + presence "Indicates that raw public keys have been + configured. This statement is present so + the mandatory descendant nodes do not imply + that this node must be configured."; + description + "A set of raw public keys used by the TLS client to + authenticate raw public keys presented by the TLS + server. A raw public key is authenticated if it + is an exact match to a configured raw public key."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + uses ts:inline-or-truststore-public-keys-grouping { + refine "inline-or-truststore/inline/inline-definition/" + + "public-key" { + must 'derived-from-or-self(public-key-format,' + + ' "ct:subject-public-key-info-format")'; + } + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { + must 'not(deref(.)/../ts:public-key/ts:public-key-' + + 'format[not(derived-from-or-self(., "ct:subject-' + + 'public-key-info-format"))])'; + } + } + } + leaf tls12-psks { + if-feature "server-auth-tls12-psk"; + type empty; + description + "Indicates that the TLS client can authenticate TLS servers + using configured PSKs (pre-shared or pairwise symmetric + keys). + + No configuration is required since the PSK value is the + same as the PSK value configured in the 'client-identity' + node."; + } + leaf tls13-epsks { + if-feature "server-auth-tls13-epsk"; + type empty; + description + "Indicates that the TLS client can authenticate TLS servers + using configured External PSKs (pre-shared keys). + + No configuration is required since the PSK value is the + same as the PSK value configured in the 'client-identity' + node."; + } + } // container server-authentication + container hello-params { + nacm:default-deny-write; + if-feature "tlscmn:hello-params"; + uses tlscmn:hello-params-grouping; + description + "Configurable parameters for the TLS hello message."; + } // container hello-params + container keepalives { + nacm:default-deny-write; + if-feature "tls-client-keepalives"; + description + "Configures the keepalive policy for the TLS client."; + leaf peer-allowed-to-send { + type empty; + description + "Indicates that the remote TLS server is allowed to send + HeartbeatRequest messages, as defined by RFC 6520, + to this TLS client."; + reference + "RFC 6520: Transport Layer Security (TLS) and Datagram + Transport Layer Security (DTLS) Heartbeat Extension"; + } + container test-peer-aliveness { + presence "Indicates that the TLS client proactively tests the + aliveness of the remote TLS server."; + description + "Configures the keepalive policy to proactively test + the aliveness of the TLS server. An unresponsive + TLS server is dropped after approximately max-wait + * max-attempts seconds. The TLS client MUST send + HeartbeatRequest messages, as defined in RFC 6520."; + reference + "RFC 6520: Transport Layer Security (TLS) and Datagram + Transport Layer Security (DTLS) Heartbeat Extension"; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds, after which a + TLS-level message will be sent to test the + aliveness of the TLS server if no data has been + received from the TLS server."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keepalive + messages that can fail to obtain a response from + the TLS server before assuming the TLS server is + no longer alive."; + } + } + } + } // grouping tls-client-grouping + +} + diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-common@2024-10-10.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-common@2024-10-10.yang new file mode 100644 index 00000000..a4d5ef3d --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-tls-common@2024-10-10.yang @@ -0,0 +1,314 @@ +module ietf-tls-common { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-common"; + prefix tlscmn; + + import iana-tls-cipher-suite-algs { + prefix tlscsa; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC 9642: A YANG Data Model for a Keystore"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG List: NETCONF WG list + WG Web: https://datatracker.ietf.org/wg/netconf + Author: Kent Watsen + Author: Jeff Hartley + Author: Gary Wu "; + + description + "This module defines common features and groupings for + Transport Layer Security (TLS). + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9645 + (https://www.rfc-editor.org/info/rfc9645); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version."; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls12 { + description + "TLS Protocol Version 1.2 is supported. TLS 1.2 is obsolete, + and thus it is NOT RECOMMENDED to enable this feature."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + feature tls13 { + description + "TLS Protocol Version 1.3 is supported."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3"; + } + + feature hello-params { + description + "TLS hello message parameters are configurable."; + } + + feature algorithm-discovery { + description + "Indicates that the server implements the + 'supported-algorithms' container."; + } + + feature asymmetric-key-pair-generation { + description + "Indicates that the server implements the + 'generate-asymmetric-key-pair' RPC."; + } + + // Identities + + identity tls-version-base { + description + "Base identity used to identify TLS protocol versions."; + } + + identity tls12 { + if-feature "tls12"; + base tls-version-base; + description + "TLS Protocol Version 1.2."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity tls13 { + if-feature "tls13"; + base tls-version-base; + description + "TLS Protocol Version 1.3."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3"; + } + + // Typedefs + + typedef epsk-supported-hash { + type enumeration { + enum sha-256 { + description + "The SHA-256 hash."; + } + enum sha-384 { + description + "The SHA-384 hash."; + } + } + description + "As per Section 4.2.11 of RFC 8446, the hash algorithm + supported by an instance of an External Pre-Shared + Key (EPSK)."; + reference + "RFC 8446: The Transport Layer Security (TLS) + Protocol Version 1.3"; + } + + // Groupings + + grouping hello-params-grouping { + description + "A reusable grouping for TLS hello message parameters."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2 + RFC 8446: The Transport Layer Security (TLS) Protocol + Version 1.3"; + container tls-versions { + description + "Parameters limiting which TLS versions, amongst + those enabled by 'features', are presented during + the TLS handshake."; + leaf min { + type identityref { + base tls-version-base; + } + description + "If not specified, then there is no configured + minimum version."; + } + leaf max { + type identityref { + base tls-version-base; + } + description + "If not specified, then there is no configured + maximum version."; + } + } + container cipher-suites { + description + "Parameters regarding cipher suites."; + leaf-list cipher-suite { + type tlscsa:tls-cipher-suite-algorithm; + ordered-by user; + description + "Acceptable cipher suites in order of descending + preference. The configured host key algorithms should + be compatible with the algorithm used by the configured + private key. Please see Section 5 of RFC 9645 for + valid combinations. + + If this leaf-list is not configured (has zero elements), + the acceptable cipher suites are implementation- + defined."; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + } + } // hello-params-grouping + + // Protocol-accessible Nodes + + container supported-algorithms { + if-feature "algorithm-discovery"; + config false; + description + "A container for a list of cipher suite algorithms supported + by the server."; + leaf-list supported-algorithm { + type tlscsa:tls-cipher-suite-algorithm; + description + "A cipher suite algorithm supported by the server."; + } + } + + rpc generate-asymmetric-key-pair { + if-feature "asymmetric-key-pair-generation"; + description + "Requests the device to generate an 'asymmetric-key-pair' + key using the specified key algorithm."; + input { + leaf algorithm { + type tlscsa:tls-cipher-suite-algorithm; + mandatory true; + description + "The cipher suite algorithm that the generated key + works with. Implementations derive the public key + algorithm from the cipher suite algorithm. For + example, cipher suite + 'tls-rsa-with-aes-256-cbc-sha256' maps to the RSA + public key."; + } + leaf num-bits { + type uint16; + description + "Specifies the number of bits to create in the key. + For RSA keys, the minimum size is 1024 bits, and + the default is 3072 bits. Generally, 3072 bits is + considered sufficient. DSA keys must be exactly + 1024 bits as specified by FIPS 186-2. For + elliptical keys, the 'num-bits' value determines + the key length of the curve (e.g., 256, 384, or 521), + where valid values supported by the server are + conveyed via an unspecified mechanism. For some + public algorithms, the keys have a fixed length, and + thus the 'num-bits' value is not specified."; + } + container private-key-encoding { + description + "Indicates how the private key is to be encoded."; + choice private-key-encoding { + mandatory true; + description + "A choice amongst optional private key handling."; + case cleartext { + if-feature "ct:cleartext-private-keys"; + leaf cleartext { + type empty; + description + "Indicates that the private key is to be returned + as a cleartext value."; + } + } + case encrypted { + if-feature "ct:encrypted-private-keys"; + container encrypted { + description + "Indicates that the key is to be encrypted using + the specified symmetric or asymmetric key."; + uses ks:encrypted-by-grouping; + } + } + case hidden { + if-feature "ct:hidden-private-keys"; + leaf hidden { + type empty; + description + "Indicates that the private key is to be hidden. + + Unlike the 'cleartext' and 'encrypt' options, the + key returned is a placeholder for an internally + stored key. See Section 3 of RFC 9642 ('Support + for Built-In Keys') for information about hidden + keys."; + } + } + } + } + } + output { + choice key-or-hidden { + case key { + uses ct:asymmetric-key-pair-grouping; + } + case hidden { + leaf location { + type instance-identifier; + description + "The location to where a hidden key was created."; + } + } + description + "The output can be either a key (for cleartext and + encrypted keys) or the location to where the key + was created (for hidden keys)."; + } + } + } // end generate-asymmetric-key-pair + +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-truststore@2024-10-10.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-truststore@2024-10-10.yang new file mode 100644 index 00000000..e4eeed2a --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-truststore@2024-10-10.yang @@ -0,0 +1,390 @@ +module ietf-truststore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-truststore"; + prefix ts; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-crypto-types { + prefix ct; + reference + "RFC 9640: YANG Data Types and Groupings for Cryptography"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: https://datatracker.ietf.org/wg/netconf + WG List: NETCONF WG list + Author: Kent Watsen "; + description + "This module defines a 'truststore' to centralize management + of trust anchors, including certificates and public keys. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2024 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Revised + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 9641 + (https://www.rfc-editor.org/info/rfc9641); see the RFC + itself for full legal notices."; + + revision 2024-10-10 { + description + "Initial version."; + reference + "RFC 9641: A YANG Data Model for a Truststore"; + } + + /****************/ + /* Features */ + /****************/ + + feature central-truststore-supported { + description + "The 'central-truststore-supported' feature indicates that + the server supports the truststore (i.e., implements the + 'ietf-truststore' module)."; + } + + feature inline-definitions-supported { + description + "The 'inline-definitions-supported' feature indicates that + the server supports locally defined trust anchors."; + } + + feature certificates { + description + "The 'certificates' feature indicates that the server + implements the /truststore/certificate-bags subtree."; + } + + feature public-keys { + description + "The 'public-keys' feature indicates that the server + implements the /truststore/public-key-bags subtree."; + } + + /****************/ + /* Typedefs */ + /****************/ + + typedef central-certificate-bag-ref { + type leafref { + path "/ts:truststore/ts:certificate-bags/" + + "ts:certificate-bag/ts:name"; + } + description + "This typedef defines a reference to a certificate bag + in the central truststore."; + } + + typedef central-certificate-ref { + type leafref { + path "/ts:truststore/ts:certificate-bags/ts:certificate-bag" + + "[ts:name = current()/../certificate-bag]/" + + "ts:certificate/ts:name"; + } + description + "This typedef defines a reference to a specific certificate + in a certificate bag in the central truststore. This typedef + requires that there exist a sibling 'leaf' node called + 'certificate-bag' that SHOULD have the + 'central-certificate-bag-ref' typedef."; + } + + typedef central-public-key-bag-ref { + type leafref { + path "/ts:truststore/ts:public-key-bags/" + + "ts:public-key-bag/ts:name"; + } + description + "This typedef defines a reference to a public key bag + in the central truststore."; + } + + typedef central-public-key-ref { + type leafref { + path "/ts:truststore/ts:public-key-bags/ts:public-key-bag" + + "[ts:name = current()/../public-key-bag]/" + + "ts:public-key/ts:name"; + } + description + "This typedef defines a reference to a specific public key + in a public key bag in the truststore. This typedef + requires that there exist a sibling 'leaf' node called + 'public-key-bag' SHOULD have the + 'central-public-key-bag-ref' typedef."; + } + + /*****************/ + /* Groupings */ + /*****************/ + // *-ref groupings + + grouping central-certificate-ref-grouping { + description + "Grouping for the reference to a certificate in a + certificate-bag in the central truststore."; + leaf certificate-bag { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "certificates"; + type ts:central-certificate-bag-ref; + must '../certificate'; + description + "Reference to a certificate-bag in the truststore."; + } + leaf certificate { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "certificates"; + type ts:central-certificate-ref; + must '../certificate-bag'; + description + "Reference to a specific certificate in the + referenced certificate-bag."; + } + } + + grouping central-public-key-ref-grouping { + description + "Grouping for the reference to a public key in a + public-key-bag in the central truststore."; + leaf public-key-bag { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "public-keys"; + type ts:central-public-key-bag-ref; + description + "Reference of a public key bag in the truststore, including + the certificate to authenticate the TLS client."; + } + leaf public-key { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "public-keys"; + type ts:central-public-key-ref; + description + "Reference to a specific public key in the + referenced public-key-bag."; + } + } + + // inline-or-truststore-* groupings + + grouping inline-or-truststore-certs-grouping { + description + "A grouping for the configuration of a list of certificates. + The list of certificates may be defined inline or as a + reference to a certificate bag in the central truststore. + + Servers that wish to define alternate truststore locations + MUST augment in custom 'case' statements, enabling + references to those alternate truststore locations."; + choice inline-or-truststore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container for locally configured trust anchor + certificates."; + list certificate { + key "name"; + min-elements 1; + description + "A trust anchor certificate or chain of certificates."; + leaf name { + type string; + description + "An arbitrary name for this certificate."; + } + uses ct:trust-anchor-cert-grouping { + refine "cert-data" { + mandatory true; + } + } + } + } + } + case central-truststore { + if-feature "central-truststore-supported"; + if-feature "certificates"; + leaf central-truststore-reference { + type ts:central-certificate-bag-ref; + description + "A reference to a certificate bag that exists in the + central truststore."; + } + } + } + } + + grouping inline-or-truststore-public-keys-grouping { + description + "A grouping that allows the public keys to either be + configured locally, within the data model being used, or be a + reference to a public key bag stored in the truststore. + + Servers that wish to define alternate truststore locations + SHOULD augment in custom 'case' statement, enabling + references to those alternate truststore locations."; + choice inline-or-truststore { + nacm:default-deny-write; + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + case inline { + if-feature "inline-definitions-supported"; + container inline-definition { + description + "A container to hold local public key definitions."; + list public-key { + key "name"; + description + "A public key definition."; + leaf name { + type string; + description + "An arbitrary name for this public key."; + } + uses ct:public-key-grouping; + } + } + } + case central-truststore { + if-feature "central-truststore-supported"; + if-feature "public-keys"; + leaf central-truststore-reference { + type ts:central-public-key-bag-ref; + description + "A reference to a bag of public keys that exists + in the central truststore."; + } + } + } + } + + // the truststore grouping + + grouping truststore-grouping { + description + "A grouping definition that enables use in other contexts. + Where used, implementations MUST augment new 'case' + statements into the various inline-or-truststore 'choice' + statements to supply leafrefs to the model-specific + location(s)."; + container certificate-bags { + nacm:default-deny-write; + if-feature "certificates"; + description + "A collection of certificate bags."; + list certificate-bag { + key "name"; + description + "A bag of certificates. Each bag of certificates should + be for a specific purpose. For instance, one bag could + be used to authenticate a specific set of servers, while + another could be used to authenticate a specific set of + clients."; + leaf name { + type string; + description + "An arbitrary name for this bag of certificates."; + } + leaf description { + type string; + description + "A description for this bag of certificates. The + intended purpose for the bag SHOULD be described."; + } + list certificate { + key "name"; + description + "A trust anchor certificate or chain of certificates."; + leaf name { + type string; + description + "An arbitrary name for this certificate."; + } + uses ct:trust-anchor-cert-grouping { + refine "cert-data" { + mandatory true; + } + } + } + } + } + container public-key-bags { + nacm:default-deny-write; + if-feature "public-keys"; + description + "A collection of public key bags."; + list public-key-bag { + key "name"; + description + "A bag of public keys. Each bag of keys SHOULD be for + a specific purpose. For instance, one bag could be used + to authenticate a specific set of servers, while another + could be used to authenticate a specific set of clients."; + leaf name { + type string; + description + "An arbitrary name for this bag of public keys."; + } + leaf description { + type string; + description + "A description for this bag of public keys. The + intended purpose for the bag MUST be described."; + } + list public-key { + key "name"; + description + "A public key."; + leaf name { + type string; + description + "An arbitrary name for this public key."; + } + uses ct:public-key-grouping; + } + } + } + } + + /*********************************/ + /* Protocol-accessible nodes */ + /*********************************/ + + container truststore { + if-feature "central-truststore-supported"; + nacm:default-deny-write; + description + "The truststore contains bags of certificates and + public keys."; + uses truststore-grouping; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-client@2025-02-24.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-client@2025-02-24.yang new file mode 100644 index 00000000..cb3c09a6 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-client@2025-02-24.yang @@ -0,0 +1,105 @@ +module ietf-udp-client { + yang-version 1.1; + namespace + "urn:ietf:params:xml:ns:yang:ietf-udp-client"; + prefix udpc; + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + organization "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Authors: Alex Huang Feng + + Pierre Francois + "; + + description + "Defines a generic grouping for UDP-based client applications. + + Copyright (c) 2025 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Revised BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC-to-be; see the RFC + itself for full legal notices."; + + revision 2025-02-24 { + description + "Initial revision"; + reference + "RFC-to-be: YANG Groupings for UDP Clients and UDP Servers"; + } + + feature local-binding { + description + "Indicates that the UDP client supports configuring local + bindings (i.e., the local address and local port number) for + UDP clients."; + } + + grouping udp-client { + description + "A reusable grouping for UDP clients. + + Note that this grouping uses fairly typical descendant + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'udp-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models. An example is shown in section 5 + of RFC6724."; + + leaf remote-address { + type inet:host; + mandatory true; + description + "The IP address or hostname of the remote UDP server. + If a domain name is configured, then the name resolution should + happen on each connection attempt, unless a previously resolved + address is cached and still valid. If the name resolution + results in multiple IP addresses, the IP addresses + are tried until a connection has been established or + until all IP addresses have failed. "; + } + + leaf remote-port { + type inet:port-number; + description + "The port number of the remote UDP server."; + } + + leaf local-address { + if-feature "local-binding"; + type inet:ip-address; + description + "The local IP address to bind to when sending UDP + messages to the remote server. INADDR_ANY ('0.0.0.0') or + INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') may be used + so that the server can bind to any IPv4 or IPv6 address."; + } + + leaf local-port { + if-feature "local-binding"; + type inet:port-number; + default "0"; + description + "The local port number to bind to when sending UDP + datagrams to the remote server. The port number '0', + which is the default value, indicates that any available + local port number may be used."; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-notif-transport@2025-02-14.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-notif-transport@2025-02-14.yang new file mode 100644 index 00000000..2761e802 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-udp-notif-transport@2025-02-14.yang @@ -0,0 +1,186 @@ +module ietf-udp-notif-transport { + yang-version 1.1; + namespace + "urn:ietf:params:xml:ns:yang:ietf-udp-notif-transport"; + prefix unt; + import ietf-subscribed-notifications { + prefix sn; + reference + "RFC 8639: Subscription to YANG Notifications"; + } + import ietf-subscribed-notif-receivers { + prefix snr; + reference + "RFC YYYY: An HTTPS-based Transport for + Configured Subscriptions"; + } + import ietf-udp-client { + prefix udpc; + reference + "RFC ZZZZ: YANG Grouping for UDP Clients and UDP Servers"; + } + import ietf-tls-client { + prefix tlsc; + reference + "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; + } + + organization "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Authors: Guangying Zheng + + Tianran Zhou + + Thomas Graf + + Pierre Francois + + Alex Huang Feng + + Paolo Lucente + "; + + description + "Defines a model for configuring UDP-Notif as a transport + for configured subscriptions [RFC8639]. + + Copyright (c) 2025 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Revised BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself + for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here."; + + revision 2025-02-14 { + description + "Initial revision"; + reference + "RFC XXXX: UDP-based Transport for Configured Subscriptions"; + } + + /* + * FEATURES + */ + feature encode-cbor { + description + "Indicates that CBOR encoding of notification + messages is supported."; + reference + "RFC 9254: CBOR Encoding of Data Modeled with YANG"; + } + feature dtls { + description + "Indicates that DTLS encryption of UDP + packets is supported. UDP-Notif mandates that, in + unsecured networks, DTLS 1.2 or later MUST be supported, + and DTLS 1.3 SHOULD be supported."; + reference + "RFC6347: Datagram Transport Layer Security Version 1.2, + RFC 9147: The Datagram Transport Layer Security (DTLS) + Protocol Version 1.3"; + } + + /* + * IDENTITIES + */ + identity udp-notif { + base sn:transport; + base sn:configurable-encoding; + description + "UDP-Notif is used as transport for notification messages + and state change notifications."; + } + + identity encode-cbor { + base sn:encoding; + description + "Encode data using CBOR."; + reference + "RFC 9254: CBOR Encoding of Data Modeled with YANG"; + } + + identity unsupported-max-segment-size { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + description + "Error triggered when the specified value 'max-segment-size' + is not supported by the publisher. An implementation may + only support a subset of the uint16."; + reference + "RFC XXXX: UDP-based Transport for Configured Subscriptions"; + } + + grouping udp-notif-receiver { + description + "Provides a reusable identification of a UDP-Notif target + receiver."; + + uses udpc:udp-client { + refine remote-port { + mandatory true; + } + } + + container dtls { + if-feature dtls; + presence dtls; + uses tlsc:tls-client-grouping { + // Remove keep-alives for DTLS + refine "keepalives" { + if-feature "not tlsc:tls-client-keepalives"; + } + } + description + "Container for configuring DTLS parameters."; + } + + leaf enable-segmentation { + type boolean; + default true; + description + "When disabled, the publisher will not segment UDP-Notif + messages and large messages may be fragmented at the IP + layer."; + } + + leaf max-segment-size { + type uint16; + description + "UDP-Notif provides a configurable max-segment-size to + control the size of each segment (UDP-Notif header, with + options, included). + The publisher may trigger an 'unsupported-max-segment-size' + error if the publisher does not support the configured + value."; + } + } + + augment "/sn:subscriptions/snr:receiver-instances/" + + "snr:receiver-instance/snr:transport-type" { + case udp-notif { + container udp-notif-receiver { + description + "The UDP-notif receiver to send notifications to."; + uses udp-notif-receiver; + } + } + description + "Augments the transport-type choice to include the 'udp-notif' + transport."; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-library@2019-01-04.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-library@2019-01-04.yang new file mode 100644 index 00000000..dac53a1d --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-library@2019-01-04.yang @@ -0,0 +1,544 @@ +module ietf-yang-library { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-library"; + prefix yanglib; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-datastores { + prefix ds; + reference + "RFC 8342: Network Management Datastore Architecture + (NMDA)"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + + + Author: Juergen Schoenwaelder + + + Author: Kent Watsen + + + Author: Robert Wilton + "; + description + "This module provides information about the YANG modules, + datastores, and datastore schemas used by a network + management server. + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8525; see + the RFC itself for full legal notices."; + + revision 2019-01-04 { + description + "Added support for multiple datastores according to the + Network Management Datastore Architecture (NMDA)."; + reference + "RFC 8525: YANG Library"; + } + revision 2016-04-09 { + description + "Initial revision."; + reference + "RFC 7895: YANG Module Library"; + } + + /* + * Typedefs + */ + + typedef revision-identifier { + type string { + pattern '\d{4}-\d{2}-\d{2}'; + } + description + "Represents a specific date in YYYY-MM-DD format."; + } + + /* + * Groupings + */ + grouping module-identification-leafs { + description + "Parameters for identifying YANG modules and submodules."; + leaf name { + type yang:yang-identifier; + mandatory true; + description + "The YANG module or submodule name."; + } + leaf revision { + type revision-identifier; + description + "The YANG module or submodule revision date. If no revision + statement is present in the YANG module or submodule, this + leaf is not instantiated."; + } + } + + grouping location-leaf-list { + description + "Common leaf-list parameter for the locations of modules and + submodules."; + leaf-list location { + type inet:uri; + description + "Contains a URL that represents the YANG schema + resource for this module or submodule. + + This leaf will only be present if there is a URL + available for retrieval of the schema for this entry."; + } + } + + grouping module-implementation-parameters { + description + "Parameters for describing the implementation of a module."; + leaf-list feature { + type yang:yang-identifier; + description + "List of all YANG feature names from this module that are + supported by the server, regardless whether they are defined + in the module or any included submodule."; + } + leaf-list deviation { + type leafref { + path "../../module/name"; + } + + description + "List of all YANG deviation modules used by this server to + modify the conformance of the module associated with this + entry. Note that the same module can be used for deviations + for multiple modules, so the same entry MAY appear within + multiple 'module' entries. + + This reference MUST NOT (directly or indirectly) + refer to the module being deviated. + + Robust clients may want to make sure that they handle a + situation where a module deviates itself (directly or + indirectly) gracefully."; + } + } + + grouping module-set-parameters { + description + "A set of parameters that describe a module set."; + leaf name { + type string; + description + "An arbitrary name of the module set."; + } + list module { + key "name"; + description + "An entry in this list represents a module implemented by the + server, as per Section 5.6.5 of RFC 7950, with a particular + set of supported features and deviations."; + reference + "RFC 7950: The YANG 1.1 Data Modeling Language"; + uses module-identification-leafs; + leaf namespace { + type inet:uri; + mandatory true; + description + "The XML namespace identifier for this module."; + } + uses location-leaf-list; + list submodule { + key "name"; + description + "Each entry represents one submodule within the + parent module."; + uses module-identification-leafs; + uses location-leaf-list; + } + uses module-implementation-parameters; + } + list import-only-module { + key "name revision"; + description + "An entry in this list indicates that the server imports + reusable definitions from the specified revision of the + module but does not implement any protocol-accessible + objects from this revision. + + Multiple entries for the same module name MAY exist. This + can occur if multiple modules import the same module but + specify different revision dates in the import statements."; + leaf name { + type yang:yang-identifier; + description + "The YANG module name."; + } + leaf revision { + type union { + type revision-identifier; + type string { + length "0"; + } + } + description + "The YANG module revision date. + A zero-length string is used if no revision statement + is present in the YANG module."; + } + leaf namespace { + type inet:uri; + mandatory true; + description + "The XML namespace identifier for this module."; + } + uses location-leaf-list; + list submodule { + key "name"; + description + "Each entry represents one submodule within the + parent module."; + uses module-identification-leafs; + uses location-leaf-list; + } + } + } + + grouping yang-library-parameters { + description + "The YANG library data structure is represented as a grouping + so it can be reused in configuration or another monitoring + data structure."; + list module-set { + key "name"; + description + "A set of modules that may be used by one or more schemas. + + A module set does not have to be referentially complete, + i.e., it may define modules that contain import statements + for other modules not included in the module set."; + uses module-set-parameters; + } + list schema { + key "name"; + description + "A datastore schema that may be used by one or more + datastores. + + The schema must be valid and referentially complete, i.e., + it must contain modules to satisfy all used import + statements for all modules specified in the schema."; + leaf name { + type string; + description + "An arbitrary name of the schema."; + } + leaf-list module-set { + type leafref { + path "../../module-set/name"; + } + description + "A set of module-sets that are included in this schema. + If a non-import-only module appears in multiple module + sets, then the module revision and the associated features + and deviations must be identical."; + } + } + list datastore { + key "name"; + description + "A datastore supported by this server. + + Each datastore indicates which schema it supports. + + The server MUST instantiate one entry in this list per + specific datastore it supports. + Each datastore entry with the same datastore schema SHOULD + reference the same schema."; + leaf name { + type ds:datastore-ref; + description + "The identity of the datastore."; + } + leaf schema { + type leafref { + path "../../schema/name"; + } + mandatory true; + description + "A reference to the schema supported by this datastore. + All non-import-only modules of the schema are implemented + with their associated features and deviations."; + } + } + } + + /* + * Top-level container + */ + + container yang-library { + config false; + description + "Container holding the entire YANG library of this server."; + uses yang-library-parameters; + leaf content-id { + type string; + mandatory true; + description + "A server-generated identifier of the contents of the + '/yang-library' tree. The server MUST change the value of + this leaf if the information represented by the + '/yang-library' tree, except '/yang-library/content-id', has + changed."; + } + } + + /* + * Notifications + */ + + notification yang-library-update { + description + "Generated when any YANG library information on the + server has changed."; + leaf content-id { + type leafref { + path "/yanglib:yang-library/yanglib:content-id"; + } + mandatory true; + description + "Contains the YANG library content identifier for the updated + YANG library at the time the notification is generated."; + } + } + + /* + * Legacy groupings + */ + + grouping module-list { + status deprecated; + description + "The module data structure is represented as a grouping + so it can be reused in configuration or another monitoring + data structure."; + + grouping common-leafs { + status deprecated; + description + "Common parameters for YANG modules and submodules."; + leaf name { + type yang:yang-identifier; + status deprecated; + description + "The YANG module or submodule name."; + } + leaf revision { + type union { + type revision-identifier; + type string { + length "0"; + } + } + status deprecated; + description + "The YANG module or submodule revision date. + A zero-length string is used if no revision statement + is present in the YANG module or submodule."; + } + } + + grouping schema-leaf { + status deprecated; + description + "Common schema leaf parameter for modules and submodules."; + leaf schema { + type inet:uri; + description + "Contains a URL that represents the YANG schema + resource for this module or submodule. + + This leaf will only be present if there is a URL + available for retrieval of the schema for this entry."; + } + } + list module { + key "name revision"; + status deprecated; + description + "Each entry represents one revision of one module + currently supported by the server."; + uses common-leafs { + status deprecated; + } + uses schema-leaf { + status deprecated; + } + leaf namespace { + type inet:uri; + mandatory true; + status deprecated; + description + "The XML namespace identifier for this module."; + } + leaf-list feature { + type yang:yang-identifier; + status deprecated; + description + "List of YANG feature names from this module that are + supported by the server, regardless of whether they are + defined in the module or any included submodule."; + } + list deviation { + key "name revision"; + status deprecated; + + description + "List of YANG deviation module names and revisions + used by this server to modify the conformance of + the module associated with this entry. Note that + the same module can be used for deviations for + multiple modules, so the same entry MAY appear + within multiple 'module' entries. + + The deviation module MUST be present in the 'module' + list, with the same name and revision values. + The 'conformance-type' value will be 'implement' for + the deviation module."; + uses common-leafs { + status deprecated; + } + } + leaf conformance-type { + type enumeration { + enum implement { + description + "Indicates that the server implements one or more + protocol-accessible objects defined in the YANG module + identified in this entry. This includes deviation + statements defined in the module. + + For YANG version 1.1 modules, there is at most one + 'module' entry with conformance type 'implement' for a + particular module name, since YANG 1.1 requires that + at most one revision of a module is implemented. + + For YANG version 1 modules, there SHOULD NOT be more + than one 'module' entry for a particular module + name."; + } + enum import { + description + "Indicates that the server imports reusable definitions + from the specified revision of the module but does + not implement any protocol-accessible objects from + this revision. + + Multiple 'module' entries for the same module name MAY + exist. This can occur if multiple modules import the + same module but specify different revision dates in + the import statements."; + } + } + mandatory true; + status deprecated; + description + "Indicates the type of conformance the server is claiming + for the YANG module identified by this entry."; + } + list submodule { + key "name revision"; + status deprecated; + description + "Each entry represents one submodule within the + parent module."; + uses common-leafs { + status deprecated; + } + uses schema-leaf { + status deprecated; + } + } + } + } + + /* + * Legacy operational state data nodes + */ + + container modules-state { + config false; + status deprecated; + description + "Contains YANG module monitoring information."; + leaf module-set-id { + type string; + mandatory true; + status deprecated; + description + "Contains a server-specific identifier representing + the current set of modules and submodules. The + server MUST change the value of this leaf if the + information represented by the 'module' list instances + has changed."; + } + uses module-list { + status deprecated; + } + } + + /* + * Legacy notifications + */ + + notification yang-library-change { + status deprecated; + description + "Generated when the set of modules and submodules supported + by the server has changed."; + leaf module-set-id { + type leafref { + path "/yanglib:modules-state/yanglib:module-set-id"; + } + mandatory true; + status deprecated; + description + "Contains the module-set-id value representing the + set of modules and submodules supported at the server + at the time the notification is generated."; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-patch@2017-02-22.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-patch@2017-02-22.yang new file mode 100644 index 00000000..d0029ed2 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-patch@2017-02-22.yang @@ -0,0 +1,390 @@ +module ietf-yang-patch { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-patch"; + prefix "ypatch"; + + import ietf-restconf { prefix rc; } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Andy Bierman + + + Author: Martin Bjorklund + + + Author: Kent Watsen + "; + + description + "This module contains conceptual YANG specifications + for the YANG Patch and YANG Patch Status data structures. + + Note that the YANG definitions within this module do not + represent configuration data of any kind. + The YANG grouping statements provide a normative syntax + for XML and JSON message-encoding purposes. + + Copyright (c) 2017 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8072; see + the RFC itself for full legal notices."; + + revision 2017-02-22 { + description + "Initial revision."; + reference + "RFC 8072: YANG Patch Media Type."; + } + + typedef target-resource-offset { + type string; + description + "Contains a data resource identifier string representing + a sub-resource within the target resource. + The document root for this expression is the + target resource that is specified in the + protocol operation (e.g., the URI for the PATCH request). + + This string is encoded according to the same rules as those + for a data resource identifier in a RESTCONF request URI."; + reference + "RFC 8040, Section 3.5.3."; + } + + rc:yang-data "yang-patch" { + uses yang-patch; + } + + rc:yang-data "yang-patch-status" { + uses yang-patch-status; + } + + grouping yang-patch { + + description + "A grouping that contains a YANG container representing the + syntax and semantics of a YANG Patch edit request message."; + + container yang-patch { + description + "Represents a conceptual sequence of datastore edits, + called a patch. Each patch is given a client-assigned + patch identifier. Each edit MUST be applied + in ascending order, and all edits MUST be applied. + If any errors occur, then the target datastore MUST NOT + be changed by the YANG Patch operation. + + It is possible for a datastore constraint violation to occur + due to any node in the datastore, including nodes not + included in the 'edit' list. Any validation errors MUST + be reported in the reply message."; + + reference + "RFC 7950, Section 8.3."; + + leaf patch-id { + type string; + mandatory true; + description + "An arbitrary string provided by the client to identify + the entire patch. Error messages returned by the server + that pertain to this patch will be identified by this + 'patch-id' value. A client SHOULD attempt to generate + unique 'patch-id' values to distinguish between + transactions from multiple clients in any audit logs + maintained by the server."; + } + + leaf comment { + type string; + description + "An arbitrary string provided by the client to describe + the entire patch. This value SHOULD be present in any + audit logging records generated by the server for the + patch."; + } + + list edit { + key edit-id; + ordered-by user; + + description + "Represents one edit within the YANG Patch request message. + The 'edit' list is applied in the following manner: + + - The first edit is conceptually applied to a copy + of the existing target datastore, e.g., the + running configuration datastore. + - Each ascending edit is conceptually applied to + the result of the previous edit(s). + - After all edits have been successfully processed, + the result is validated according to YANG constraints. + - If successful, the server will attempt to apply + the result to the target datastore."; + + leaf edit-id { + type string; + description + "Arbitrary string index for the edit. + Error messages returned by the server that pertain + to a specific edit will be identified by this value."; + } + + leaf operation { + type enumeration { + enum create { + description + "The target data node is created using the supplied + value, only if it does not already exist. The + 'target' leaf identifies the data node to be + created, not the parent data node."; + } + enum delete { + description + "Delete the target node, only if the data resource + currently exists; otherwise, return an error."; + } + + enum insert { + description + "Insert the supplied value into a user-ordered + list or leaf-list entry. The target node must + represent a new data resource. If the 'where' + parameter is set to 'before' or 'after', then + the 'point' parameter identifies the insertion + point for the target node."; + } + enum merge { + description + "The supplied value is merged with the target data + node."; + } + enum move { + description + "Move the target node. Reorder a user-ordered + list or leaf-list. The target node must represent + an existing data resource. If the 'where' parameter + is set to 'before' or 'after', then the 'point' + parameter identifies the insertion point to move + the target node."; + } + enum replace { + description + "The supplied value is used to replace the target + data node."; + } + enum remove { + description + "Delete the target node if it currently exists."; + } + } + mandatory true; + description + "The datastore operation requested for the associated + 'edit' entry."; + } + + leaf target { + type target-resource-offset; + mandatory true; + description + "Identifies the target data node for the edit + operation. If the target has the value '/', then + the target data node is the target resource. + The target node MUST identify a data resource, + not the datastore resource."; + } + + leaf point { + when "(../operation = 'insert' or ../operation = 'move')" + + "and (../where = 'before' or ../where = 'after')" { + description + "This leaf only applies for 'insert' or 'move' + operations, before or after an existing entry."; + } + type target-resource-offset; + description + "The absolute URL path for the data node that is being + used as the insertion point or move point for the + target of this 'edit' entry."; + } + + leaf where { + when "../operation = 'insert' or ../operation = 'move'" { + description + "This leaf only applies for 'insert' or 'move' + operations."; + } + type enumeration { + enum before { + description + "Insert or move a data node before the data resource + identified by the 'point' parameter."; + } + enum after { + description + "Insert or move a data node after the data resource + identified by the 'point' parameter."; + } + + enum first { + description + "Insert or move a data node so it becomes ordered + as the first entry."; + } + enum last { + description + "Insert or move a data node so it becomes ordered + as the last entry."; + } + } + default last; + description + "Identifies where a data resource will be inserted + or moved. YANG only allows these operations for + list and leaf-list data nodes that are + 'ordered-by user'."; + } + + anydata value { + when "../operation = 'create' " + + "or ../operation = 'merge' " + + "or ../operation = 'replace' " + + "or ../operation = 'insert'" { + description + "The anydata 'value' is only used for 'create', + 'merge', 'replace', and 'insert' operations."; + } + description + "Value used for this edit operation. The anydata 'value' + contains the target resource associated with the + 'target' leaf. + + For example, suppose the target node is a YANG container + named foo: + + container foo { + leaf a { type string; } + leaf b { type int32; } + } + + The 'value' node contains one instance of foo: + + + + some value + 42 + + + "; + } + } + } + + } // grouping yang-patch + + grouping yang-patch-status { + + description + "A grouping that contains a YANG container representing the + syntax and semantics of a YANG Patch Status response + message."; + + container yang-patch-status { + description + "A container representing the response message sent by the + server after a YANG Patch edit request message has been + processed."; + + leaf patch-id { + type string; + mandatory true; + description + "The 'patch-id' value used in the request."; + } + + choice global-status { + description + "Report global errors or complete success. + If there is no case selected, then errors + are reported in the 'edit-status' container."; + + case global-errors { + uses rc:errors; + description + "This container will be present if global errors that + are unrelated to a specific edit occurred."; + } + leaf ok { + type empty; + description + "This leaf will be present if the request succeeded + and there are no errors reported in the 'edit-status' + container."; + } + } + + container edit-status { + description + "This container will be present if there are + edit-specific status responses to report. + If all edits succeeded and the 'global-status' + returned is 'ok', then a server MAY omit this + container."; + + list edit { + key edit-id; + + description + "Represents a list of status responses, + corresponding to edits in the YANG Patch + request message. If an 'edit' entry was + skipped or not reached by the server, + then this list will not contain a corresponding + entry for that edit."; + + leaf edit-id { + type string; + description + "Response status is for the 'edit' list entry + with this 'edit-id' value."; + } + + choice edit-status-choice { + description + "A choice between different types of status + responses for each 'edit' entry."; + leaf ok { + type empty; + description + "This 'edit' entry was invoked without any + errors detected by the server associated + with this edit."; + } + case errors { + uses rc:errors; + description + "The server detected errors associated with the + edit identified by the same 'edit-id' value."; + } + } + } + } + } + } // grouping yang-patch-status + +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-revision@2025-04-05.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-revision@2025-04-05.yang new file mode 100644 index 00000000..e5cc7784 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-revision@2025-04-05.yang @@ -0,0 +1,274 @@ +module ietf-yang-push-revision { + yang-version 1.1; + namespace + "urn:ietf:params:xml:ns:yang:ietf-yang-push-revision"; + prefix ypr; + import ietf-subscribed-notifications { + prefix sn; + reference + "RFC 8639: Subscription to YANG Notifications"; + } + import ietf-yang-revisions { + prefix rev; + reference + "RFC YYYY: draft-ietf-netmod-yang-module-versioning-11, + Updated YANG Module Revision Handling"; + } + import ietf-yang-types { + prefix yang; + rev:recommended-min-date "2013-07-15"; + reference + "RFC 6991: Common YANG Data Types."; + } + import ietf-yang-semver { + prefix ysver; + reference + "RFC ZZZZ: draft-ietf-netmod-yang-semver-15, YANG Semantic + Versioning"; + } + import ietf-yang-library { + prefix yanglib; + reference + "RFC 8525: YANG Library"; + } + import ietf-system-capabilities { + prefix sysc; + reference + "RFC 9196: YANG Modules Describing Capabilities for + Systems and Datastore Update Notifications"; + } + import ietf-notification-capabilities { + prefix notc; + reference + "RFC 9196: YANG Modules Describing Capabilities for + Systems and Datastore Update Notifications"; + } + + organization "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Authors: Thomas Graf + + Benoit Claise + + Alex Huang Feng + "; + + description + "Defines YANG-Push event notification header with the revision and + the revision-label. Adds the support of the revision and + revision-label selection in the YANG-Push subscription RPCs. + + Copyright (c) 2025 IETF Trust and the persons + identified as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Revised BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + All revisions of IETF and IANA published modules can be found + at the YANG Parameters registry + (https://www.iana.org/assignments/yang-parameters). + + This version of this YANG module is part of RFC XXXX; see the RFC + itself for full legal notices."; + + revision 2025-04-05 { + description + "First revision"; + reference + "RFC XXXX: Support of Versioning in YANG Notifications + Subscription"; + } + + feature yang-push-revision-supported { + description + "This feature indicates the YANG Subscription Notifications + supports specifying the list of modules, revisions and + revision-label in the YANG subscription."; + } + + // Identities + identity revision-unsupported { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + description + "Revision not supported. This failure can be due to subscribing + to a specific revision not supported by the publisher."; + } + + identity revision-label-unsupported { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + description + "Revision-label not supported. This failure can be due to + subscribing to a specific revision-label not supported by the publisher."; + } + + identity incompatible-revision-and-revision-label { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + description + "The combination of revision and the revision-label are + incompatible. This failure happens when the revision and the + revision-label are both specified in the RPC and the YANG + module supported by the publisher does not support one of the + revision or the revision-label."; + } + + grouping yang-push-module-version-config { + description + "This grouping combines the module name, the revision and + revision-label leaves. This grouping is to be used for + configuration and the leaves are not mandatory."; + leaf module-name { + type yang:yang-identifier; + description + "This references the YANG module name."; + } + leaf revision { + type rev:revision-date; + description + "This references the YANG module revision to be sent in the + subscription."; + } + leaf revision-label { + type ysver:version; + description + "This references the YANG module semantic version to be sent in the + subscription."; + } + } + + grouping yang-push-module-version { + description + "This grouping combines the module name, the revision and + revision-label leaves. This grouping is to be used for + read-only cases such as the content of YANG-Push Notifications. + The module-name and revision are mandatory and MUST be present + in the data."; + leaf module-name { + type yang:yang-identifier; + config false; + mandatory true; + description + "This references the YANG module name."; + } + leaf revision { + type rev:revision-date; + config false; + mandatory true; + description + "This references the YANG module revision of the sent + notification message."; + } + leaf revision-label { + type ysver:version; + description + "This references the YANG module semantic version of the sent + notification message."; + } + } + + grouping yang-push-module-version-list { + description + "This grouping defines a list of yang-push-module-version + grouping."; + list module-version { + key "module-name"; + config false; + description + "List of yang-push-module-version grouping. The revision is + not configurable."; + uses ypr:yang-push-module-version; + } + leaf yang-library-content-id { + config false; + type leafref { + path "/yanglib:yang-library/yanglib:content-id"; + } + description + "Contains the YANG library content identifier RFC 8525 + information."; + } + } + + grouping yang-push-module-version-config-list { + description + "This grouping defines a list of yang-push-module-version-config + grouping."; + list module-version-config { + key "module-name"; + description + "List of yang-push-module-version-config grouping. The revision + is configurable."; + uses ypr:yang-push-module-version-config; + } + } + + // Subscription parameters + augment "/sn:establish-subscription/sn:input" { + if-feature "yang-push-revision-supported"; + description + "Augment the establish-subscription RPC from the + ietf-subscribed-notifications YANG module with the + yang-push-module-version-config-list grouping."; + uses ypr:yang-push-module-version-config-list; + } + augment "/sn:modify-subscription/sn:input" { + if-feature "yang-push-revision-supported"; + description + "Augment the modify-subscription RPC from the + ietf-subscribed-notifications YANG module with the + yang-push-module-version-config-list grouping."; + uses ypr:yang-push-module-version-config-list; + } + + // Subscription notifications + augment "/sn:subscription-started" { + if-feature "yang-push-revision-supported"; + description + "Augment the subscription-started notification from the + ietf-subscribed-notifications YANG module with the + yang-push-module-version-list grouping."; + uses ypr:yang-push-module-version-list; + } + augment "/sn:subscription-modified" { + if-feature "yang-push-revision-supported"; + description + "Augment the subscription-modified notification from the + ietf-subscribed-notifications YANG module with the + yang-push-module-version-list grouping."; + uses ypr:yang-push-module-version-list; + } + + // Subscription container + augment "/sn:subscriptions/sn:subscription" { + if-feature "yang-push-revision-supported"; + description + "Augment the subscriptions RPC container from the + ietf-subscribed-notifications YANG module with the + yang-push-module-version-config-list grouping."; + uses ypr:yang-push-module-version-config-list; + } + + // Event capabilities + augment "/sysc:system-capabilities/notc:subscription-capabilities" { + description + "Add system level capabilities"; + leaf yang-push-module-revision-supported { + type boolean; + description + "Specifies whether the publisher supports exporting + revision and revision-label in YANG-Push subscription state change + notifications."; + reference + "RFC XXXX: Support of Versioning in YANG Notifications Subscription"; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-telemetry-message@2025-04-17.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-telemetry-message@2025-04-17.yang new file mode 100644 index 00000000..464a647f --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push-telemetry-message@2025-04-17.yang @@ -0,0 +1,265 @@ +module ietf-yang-push-telemetry-message { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-push-telemetry-message"; + prefix yptm; + + import ietf-subscribed-notifications { + prefix sn; + reference + "RFC 8639: Subscription to YANG Notifications"; + } + import ietf-telemetry-message { + prefix tm; + reference + "XXX"; + } + import ietf-yang-push { + prefix yp; + reference + "RFC 8641: Subscription to YANG Notifications for Datastore Updates"; + } + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-datastores { + prefix ds; + reference + "RFC 8342: Network Management Datastore Architecture (NMDA)"; + } + import ietf-yang-revisions { + prefix rev; + reference + "RFC YYYY: draft-ietf-netmod-yang-module-versioning-11, + Updated YANG Module Revision Handling"; + } + import ietf-yang-semver { + prefix ysver; + reference + "RFC ZZZZ: draft-ietf-netmod-yang-semver-15, YANG Semantic + Versioning"; + } + + organization + "IETF Draft"; + contact + "Author: Ahmed Elhassany + + + Thomas Graf + "; + description + "Augments the ietf-telemetry-message with YANG Push specific + fields. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here. + + Copyright (c) 2025 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Revised BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see the RFC + itself for full legal notices."; + + revision 2025-04-17 { + description + "Initial revision."; + reference + "RFC XXXX"; + } + + augment "/tm:message/tm:telemetry-message-metadata" { + description + "Augments telemetry-message-metadata with YANG-Push specific metadata"; + container yang-push-subscription { + config false; + description + "YANG-Push specific metadata"; + leaf id { + type sn:subscription-id; + description + "This references the affected subscription."; + } + choice filter-spec { + description + "The content filter specification for this request."; + anydata subtree-filter { + description + "Event stream evaluation criteria or the parameter identifies the port of the target datastore encoded in the syntax of a subtree filter as defined in RFC 6241, Section 6."; + reference + "RFC 6241: Network Configuration Protocol (NETCONF), Section 6."; + } + leaf xpath-filter { + type yang:xpath1.0; + description + "Event stream evaluation criteria or porting of the target datastore encoded in the syntax of an XPath 1.0 expression"; + reference + "XML Path Language (XPath) Version 1.0 + (https://www.w3.org/TR/1999/REC-xpath-19991116) + RFC 7950: The YANG 1.1 Data Modeling Language, + Section 10"; + } + } + choice target { + description + "Identifies the source of information against which a + subscription is being applied as well as specifics on the + subset of information desired from that source."; + case stream { + leaf stream { + type string; + description + "Indicates the event stream to be considered for this subscription."; + } + } + case datastore { + leaf datastore { + type identityref { + base ds:datastore; + } + description + "Datastore from which to retrieve data."; + } + } + } + leaf transport { + type sn:transport; + description + "For a configured subscription, this leaf specifies the + transport used to deliver messages destined for all + receivers of that subscription."; + } + leaf encoding { + type sn:encoding; + description + "The type of encoding for notification messages. For a + dynamic subscription, if not included as part of an + 'establish-subscription' RPC, the encoding will be populated + with the encoding used by that RPC. For a configured + subscription, if not explicitly configured, the encoding + will be the default encoding for an underlying transport."; + } + leaf purpose { + type string; + description + "Open text allowing a configuring entity to embed the + originator or other specifics of this subscription."; + } + choice update-trigger { + description + "Defines necessary conditions for sending an event record to + the subscriber."; + case periodic { + container periodic { + presence "indicates a periodic subscription"; + description + "The publisher is requested to notify periodically the + current values of the datastore as defined by the + selection filter."; + leaf period { + type yp:centiseconds; + description + "Duration of time which should occur between periodic + push updates, in one hundredths of a second."; + } + leaf anchor-time { + type yang:date-and-time; + description + "Designates a timestamp before or after which a series + of periodic push updates are determined. The next + update will take place at a whole multiple interval + from the anchor time. For example, for an anchor time + is set for the top of a particular minute and a period + interval of a minute, updates will be sent at the top + of every minute this subscription is active."; + } + } + } + case on-change { + container on-change { + presence "indicates an on-change subscription"; + description + "The publisher is requested to notify changes in values + in the datastore subset as defined by a selection + filter."; + leaf dampening-period { + type yp:centiseconds; + default "0"; + description + "Specifies the minimum interval between the assembly of + successive update records for a single receiver of a + subscription. Whenever subscribed objects change, and + a dampening period interval (which may be zero) has + elapsed since the previous update record creation for + a receiver, then any subscribed objects and properties + which have changed since the previous update record + will have their current values marshalled and placed + into a new update record."; + } + leaf sync-on-start { + type boolean; + default "true"; + description + "When this object is set to false, it restricts an + on-change subscription from sending push-update + notifications. When false, pushing a full selection per + the terms of the selection filter MUST NOT be done for + this subscription. Only updates about changes, + i.e. only push-change-update notifications are sent. + When true (default behavior), in order to facilitate a + receiver's synchronization, a full update is sent when + the subscription starts using a push-update + notification. After that, push-change-update + notifications are exclusively sent unless the publisher + chooses to resync the subscription via a new push-update + notification."; + } + } + } + } + list module-version { + key "module-name"; + config false; + description + "List of yang-push-module-version grouping. The revision is + not configurable."; + leaf module-name { + type yang:yang-identifier; + config false; + description + "This references the YANG module name."; + } + leaf revision { + type rev:revision-date; + config false; + description + "This references the YANG module revision of the sent + notification message."; + } + leaf revision-label { + type ysver:version; + description + "This references the YANG module semantic version of the syanglibent + notification message."; + } + } + leaf yang-library-content-id { + type string; + config false; + description + "Contains the YANG library content identifier RFC 8525 information."; + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push@2019-09-09.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push@2019-09-09.yang new file mode 100644 index 00000000..ea38fb34 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-push@2019-09-09.yang @@ -0,0 +1,797 @@ +module ietf-yang-push { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-push"; + prefix yp; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-subscribed-notifications { + prefix sn; + reference + "RFC 8639: Subscription to YANG Notifications"; + } + import ietf-datastores { + prefix ds; + reference + "RFC 8342: Network Management Datastore Architecture (NMDA)"; + } + import ietf-restconf { + prefix rc; + reference + "RFC 8040: RESTCONF Protocol"; + } + import ietf-yang-patch { + prefix ypatch; + reference + "RFC 8072: YANG Patch Media Type"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: + WG List: + + Author: Alexander Clemm + + + Author: Eric Voit + "; + + description + "This module contains YANG specifications for YANG-Push. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8641; see the + RFC itself for full legal notices."; + + revision 2019-09-09 { + description + "Initial revision."; + reference + "RFC 8641: Subscriptions to YANG Datastores"; + } + + /* + * FEATURES + */ + + feature on-change { + description + "This feature indicates that on-change triggered subscriptions + are supported."; + } + + /* + * IDENTITIES + */ + + /* Error type identities for datastore subscription */ + + identity resync-subscription-error { + description + "Problem found while attempting to fulfill a + 'resync-subscription' RPC request."; + } + + identity cant-exclude { + base sn:establish-subscription-error; + description + "Unable to remove the set of 'excluded-change' parameters. + This means that the publisher is unable to restrict + 'push-change-update' notifications to just the change types + requested for this subscription."; + } + + identity datastore-not-subscribable { + base sn:establish-subscription-error; + base sn:subscription-terminated-reason; + description + "This is not a subscribable datastore."; + } + + identity no-such-subscription-resync { + base resync-subscription-error; + description + "The referenced subscription doesn't exist. This may be as a + result of a nonexistent subscription ID, an ID that belongs to + another subscriber, or an ID for a configured subscription."; + } + + identity on-change-unsupported { + base sn:establish-subscription-error; + description + "On-change is not supported for any objects that are + selectable by this filter."; + } + + identity on-change-sync-unsupported { + base sn:establish-subscription-error; + description + "Neither 'sync-on-start' nor resynchronization is supported for + this subscription. This error will be used for two reasons: + (1) if an 'establish-subscription' RPC includes + 'sync-on-start' but the publisher can't support sending a + 'push-update' for this subscription for reasons other than + 'on-change-unsupported' or 'sync-too-big' + (2) if the 'resync-subscription' RPC is invoked for either an + existing periodic subscription or an on-change subscription + that can't support resynchronization."; + } + + identity period-unsupported { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-suspended-reason; + description + "The requested time period or 'dampening-period' is too short. + This can be for both periodic and on-change subscriptions + (with or without dampening). Hints suggesting alternative + periods may be returned as supplemental information."; + } + + identity update-too-big { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-suspended-reason; + description + "Periodic or on-change push update data trees exceed a maximum + size limit. Hints on the estimated size of what was too big + may be returned as supplemental information."; + } + + identity sync-too-big { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base resync-subscription-error; + base sn:subscription-suspended-reason; + description + "The 'sync-on-start' or resynchronization data tree exceeds a + maximum size limit. Hints on the estimated size of what was + too big may be returned as supplemental information."; + } + + identity unchanging-selection { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-terminated-reason; + description + "The selection filter is unlikely to ever select data tree + nodes. This means that based on the subscriber's current + access rights, the publisher recognizes that the selection + filter is unlikely to ever select data tree nodes that change. + Examples for this might be that the node or subtree doesn't + exist, read access is not permitted for a receiver, or static + objects that only change at reboot have been chosen."; + } + + /* + * TYPE DEFINITIONS + */ + + typedef change-type { + type enumeration { + enum create { + description + "A change that refers to the creation of a new + datastore node."; + } + enum delete { + description + "A change that refers to the deletion of a + datastore node."; + } + enum insert { + description + "A change that refers to the insertion of a new + user-ordered datastore node."; + } + enum move { + description + "A change that refers to a reordering of the target + datastore node."; + } + enum replace { + description + "A change that refers to a replacement of the target + datastore node's value."; + } + } + description + "Specifies different types of datastore changes. + + This type is based on the edit operations defined for + YANG Patch, with the difference that it is valid for a + receiver to process an update record that performs a + 'create' operation on a datastore node the receiver believes + exists or to process a delete on a datastore node the + receiver believes is missing."; + reference + "RFC 8072: YANG Patch Media Type, Section 2.5"; + } + + typedef selection-filter-ref { + type leafref { + path "/sn:filters/yp:selection-filter/yp:filter-id"; + } + description + "This type is used to reference a selection filter."; + } + + typedef centiseconds { + type uint32; + description + "A period of time, measured in units of 0.01 seconds."; + } + + /* + * GROUP DEFINITIONS + */ + + grouping datastore-criteria { + description + "A grouping to define criteria for which selected objects from + a targeted datastore should be included in push updates."; + leaf datastore { + type identityref { + base ds:datastore; + } + mandatory true; + description + "Datastore from which to retrieve data."; + } + uses selection-filter-objects; + } + + grouping selection-filter-types { + description + "This grouping defines the types of selectors for objects + from a datastore."; + choice filter-spec { + description + "The content filter specification for this request."; + anydata datastore-subtree-filter { + if-feature "sn:subtree"; + description + "This parameter identifies the portions of the + target datastore to retrieve."; + reference + "RFC 6241: Network Configuration Protocol (NETCONF), + Section 6"; + } + leaf datastore-xpath-filter { + if-feature "sn:xpath"; + type yang:xpath1.0; + description + "This parameter contains an XPath expression identifying + the portions of the target datastore to retrieve. + + If the expression returns a node set, all nodes in the + node set are selected by the filter. Otherwise, if the + expression does not return a node set, the filter + doesn't select any nodes. + + The expression is evaluated in the following XPath + context: + + o The set of namespace declarations is the set of prefix + and namespace pairs for all YANG modules implemented + by the server, where the prefix is the YANG module + name and the namespace is as defined by the + 'namespace' statement in the YANG module. + + If the leaf is encoded in XML, all namespace + declarations in scope on the 'stream-xpath-filter' + leaf element are added to the set of namespace + declarations. If a prefix found in the XML is + already present in the set of namespace declarations, + the namespace in the XML is used. + + o The set of variable bindings is empty. + + o The function library is comprised of the core + function library and the XPath functions defined in + Section 10 in RFC 7950. + + o The context node is the root node of the target + datastore."; + reference + "XML Path Language (XPath) Version 1.0 + (https://www.w3.org/TR/1999/REC-xpath-19991116) + RFC 7950: The YANG 1.1 Data Modeling Language, + Section 10"; + } + } + } + + grouping selection-filter-objects { + description + "This grouping defines a selector for objects from a + datastore."; + choice selection-filter { + description + "The source of the selection filter applied to the + subscription. This will either (1) come referenced from a + global list or (2) be provided in the subscription itself."; + case by-reference { + description + "Incorporates a filter that has been configured + separately."; + leaf selection-filter-ref { + type selection-filter-ref; + mandatory true; + description + "References an existing selection filter that is to be + applied to the subscription."; + } + } + case within-subscription { + description + "A local definition allows a filter to have the same + lifecycle as the subscription."; + uses selection-filter-types; + } + } + } + + grouping update-policy-modifiable { + description + "This grouping describes the datastore-specific subscription + conditions that can be changed during the lifetime of the + subscription."; + choice update-trigger { + description + "Defines necessary conditions for sending an event record to + the subscriber."; + case periodic { + container periodic { + presence "indicates a periodic subscription"; + description + "The publisher is requested to periodically notify the + receiver regarding the current values of the datastore + as defined by the selection filter."; + leaf period { + type centiseconds; + mandatory true; + description + "Duration of time that should occur between periodic + push updates, in units of 0.01 seconds."; + } + leaf anchor-time { + type yang:date-and-time; + description + "Designates a timestamp before or after which a series + of periodic push updates are determined. The next + update will take place at a point in time that is a + multiple of a period from the 'anchor-time'. + For example, for an 'anchor-time' that is set for the + top of a particular minute and a period interval of a + minute, updates will be sent at the top of every + minute that this subscription is active."; + } + } + } + case on-change { + if-feature "on-change"; + container on-change { + presence "indicates an on-change subscription"; + description + "The publisher is requested to notify the receiver + regarding changes in values in the datastore subset as + defined by a selection filter."; + leaf dampening-period { + type centiseconds; + default "0"; + description + "Specifies the minimum interval between the assembly of + successive update records for a single receiver of a + subscription. Whenever subscribed objects change and + a dampening-period interval (which may be zero) has + elapsed since the previous update record creation for + a receiver, any subscribed objects and properties + that have changed since the previous update record + will have their current values marshalled and placed + in a new update record."; + } + } + } + } + } + + grouping update-policy { + description + "This grouping describes the datastore-specific subscription + conditions of a subscription."; + uses update-policy-modifiable { + augment "update-trigger/on-change/on-change" { + description + "Includes objects that are not modifiable once a + subscription is established."; + leaf sync-on-start { + type boolean; + default "true"; + description + "When this object is set to 'false', (1) it restricts an + on-change subscription from sending 'push-update' + notifications and (2) pushing a full selection per the + terms of the selection filter MUST NOT be done for + this subscription. Only updates about changes + (i.e., only 'push-change-update' notifications) + are sent. When set to 'true' (the default behavior), + in order to facilitate a receiver's synchronization, + a full update is sent, via a 'push-update' notification, + when the subscription starts. After that, + 'push-change-update' notifications are exclusively sent, + unless the publisher chooses to resync the subscription + via a new 'push-update' notification."; + } + leaf-list excluded-change { + type change-type; + description + "Used to restrict which changes trigger an update. For + example, if a 'replace' operation is excluded, only the + creation and deletion of objects are reported."; + } + } + } + } + + grouping hints { + description + "Parameters associated with an error for a subscription + made upon a datastore."; + leaf period-hint { + type centiseconds; + description + "Returned when the requested time period is too short. This + hint can assert a viable period for either a periodic push + cadence or an on-change dampening interval."; + } + leaf filter-failure-hint { + type string; + description + "Information describing where and/or why a provided filter + was unsupportable for a subscription."; + } + leaf object-count-estimate { + type uint32; + description + "If there are too many objects that could potentially be + returned by the selection filter, this identifies the + estimate of the number of objects that the filter would + potentially pass."; + } + leaf object-count-limit { + type uint32; + description + "If there are too many objects that could be returned by + the selection filter, this identifies the upper limit of + the publisher's ability to service this subscription."; + } + leaf kilobytes-estimate { + type uint32; + description + "If the returned information could be beyond the capacity + of the publisher, this would identify the estimated + data size that could result from this selection filter."; + } + leaf kilobytes-limit { + type uint32; + description + "If the returned information would be beyond the capacity + of the publisher, this identifies the upper limit of the + publisher's ability to service this subscription."; + } + } + + /* + * RPCs + */ + + rpc resync-subscription { + if-feature "on-change"; + description + "This RPC allows a subscriber of an active on-change + subscription to request a full push of objects. + + A successful invocation results in a 'push-update' of all + datastore nodes that the subscriber is permitted to access. + This RPC can only be invoked on the same session on which the + subscription is currently active. In the case of an error, a + 'resync-subscription-error' is sent as part of an error + response."; + input { + leaf id { + type sn:subscription-id; + mandatory true; + description + "Identifier of the subscription that is to be resynced."; + } + } + } + + rc:yang-data resync-subscription-error { + container resync-subscription-error { + description + "If a 'resync-subscription' RPC fails, the subscription is + not resynced and the RPC error response MUST indicate the + reason for this failure. This yang-data MAY be inserted as + structured data in a subscription's RPC error response + to indicate the reason for the failure."; + leaf reason { + type identityref { + base resync-subscription-error; + } + mandatory true; + description + "Indicates the reason why the publisher has declined a + request for subscription resynchronization."; + } + uses hints; + } + } + + augment "/sn:establish-subscription/sn:input" { + description + "This augmentation adds additional subscription parameters + that apply specifically to datastore updates to RPC input."; + uses update-policy; + } + + augment "/sn:establish-subscription/sn:input/sn:target" { + description + "This augmentation adds the datastore as a valid target + for the subscription to RPC input."; + case datastore { + description + "Information specifying the parameters of a request for a + datastore subscription."; + uses datastore-criteria; + } + } + + rc:yang-data establish-subscription-datastore-error-info { + container establish-subscription-datastore-error-info { + description + "If any 'establish-subscription' RPC parameters are + unsupportable against the datastore, a subscription is not + created and the RPC error response MUST indicate the reason + why the subscription failed to be created. This yang-data + MAY be inserted as structured data in a subscription's + RPC error response to indicate the reason for the failure. + This yang-data MUST be inserted if hints are to be provided + back to the subscriber."; + leaf reason { + type identityref { + base sn:establish-subscription-error; + } + description + "Indicates the reason why the subscription has failed to + be created to a targeted datastore."; + } + uses hints; + } + } + + augment "/sn:modify-subscription/sn:input" { + description + "This augmentation adds additional subscription parameters + specific to datastore updates."; + uses update-policy-modifiable; + } + + augment "/sn:modify-subscription/sn:input/sn:target" { + description + "This augmentation adds the datastore as a valid target + for the subscription to RPC input."; + case datastore { + description + "Information specifying the parameters of a request for a + datastore subscription."; + uses datastore-criteria; + } + } + + rc:yang-data modify-subscription-datastore-error-info { + container modify-subscription-datastore-error-info { + description + "This yang-data MAY be provided as part of a subscription's + RPC error response when there is a failure of a + 'modify-subscription' RPC that has been made against a + datastore. This yang-data MUST be used if hints are to be + provided back to the subscriber."; + leaf reason { + type identityref { + base sn:modify-subscription-error; + } + description + "Indicates the reason why the subscription has failed to + be modified."; + } + uses hints; + } + } + + /* + * NOTIFICATIONS + */ + + notification push-update { + description + "This notification contains a push update that in turn contains + data subscribed to via a subscription. In the case of a + periodic subscription, this notification is sent for periodic + updates. It can also be used for synchronization updates of + an on-change subscription. This notification shall only be + sent to receivers of a subscription. It does not constitute + a general-purpose notification that would be subscribable as + part of the NETCONF event stream by any receiver."; + leaf id { + type sn:subscription-id; + description + "This references the subscription that drove the + notification to be sent."; + } + anydata datastore-contents { + description + "This contains the updated data. It constitutes a snapshot + at the time of update of the set of data that has been + subscribed to. The snapshot corresponds to the same + snapshot that would be returned in a corresponding 'get' + operation with the same selection filter parameters + applied."; + } + leaf incomplete-update { + type empty; + description + "This is a flag that indicates that not all datastore + nodes subscribed to are included with this update. In + other words, the publisher has failed to fulfill its full + subscription obligations and, despite its best efforts, is + providing an incomplete set of objects."; + } + } + + notification push-change-update { + if-feature "on-change"; + description + "This notification contains an on-change push update. This + notification shall only be sent to the receivers of a + subscription. It does not constitute a general-purpose + notification that would be subscribable as part of the + NETCONF event stream by any receiver."; + leaf id { + type sn:subscription-id; + description + "This references the subscription that drove the + notification to be sent."; + } + container datastore-changes { + description + "This contains the set of datastore changes of the target + datastore, starting at the time of the previous update, per + the terms of the subscription."; + uses ypatch:yang-patch; + } + leaf incomplete-update { + type empty; + description + "The presence of this object indicates that not all changes + that have occurred since the last update are included with + this update. In other words, the publisher has failed to + fulfill its full subscription obligations -- for example, + in cases where it was not able to keep up with a burst of + changes."; + } + } + + augment "/sn:subscription-started" { + description + "This augmentation adds datastore-specific objects to + the notification that a subscription has started."; + uses update-policy; + } + + augment "/sn:subscription-started/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the notification that a subscription has started."; + case datastore { + uses datastore-criteria { + refine "selection-filter/within-subscription" { + description + "Specifies the selection filter and where it originated + from. If the 'selection-filter-ref' is populated, the + filter in the subscription came from the 'filters' + container. Otherwise, it is populated in-line as part + of the subscription itself."; + } + } + } + } + + augment "/sn:subscription-modified" { + description + "This augmentation adds datastore-specific objects to + the notification that a subscription has been modified."; + uses update-policy; + } + + augment "/sn:subscription-modified/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the notification that a subscription has been + modified."; + case datastore { + uses datastore-criteria { + refine "selection-filter/within-subscription" { + description + "Specifies the selection filter and where it originated + from. If the 'selection-filter-ref' is populated, the + filter in the subscription came from the 'filters' + container. Otherwise, it is populated in-line as part + of the subscription itself."; + } + } + } + } + + /* + * DATA NODES + */ + + augment "/sn:filters" { + description + "This augmentation allows the datastore to be included as part + of the selection-filtering criteria for a subscription."; + list selection-filter { + key "filter-id"; + description + "A list of preconfigured filters that can be applied + to datastore subscriptions."; + leaf filter-id { + type string; + description + "An identifier to differentiate between selection + filters."; + } + uses selection-filter-types; + } + } + + augment "/sn:subscriptions/sn:subscription" { + when 'yp:datastore'; + description + "This augmentation adds objects to a subscription that are + specific to a datastore subscription, i.e., a subscription to + a stream of datastore node updates."; + uses update-policy; + } + + augment "/sn:subscriptions/sn:subscription/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the selection-filtering criteria for a subscription."; + case datastore { + uses datastore-criteria; + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-revisions@2024-06-04.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-revisions@2024-06-04.yang new file mode 100644 index 00000000..4e451fcb --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-revisions@2024-06-04.yang @@ -0,0 +1,140 @@ +module ietf-yang-revisions { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-revisions"; + prefix rev; + + organization + "IETF NETMOD (Network Modeling) Working Group"; + contact + "WG Web: + WG List: + + Author: Joe Clarke + + + Author: Reshad Rahman + + + Author: Robert Wilton + + + Author: Balazs Lengyel + + + Author: Jason Sterne + "; + description + "This YANG 1.1 module contains definitions and extensions to + support updated YANG revision handling. + + Copyright (c) 2024 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Revised BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here."; + // RFC Ed.: update the date below with the date of RFC publication + // and remove this note. + // RFC Ed.: replace XXXX (inc above) with actual RFC number and + // remove this note. + + revision 2024-06-04 { + description + "Initial version."; + reference + "XXXX: Updated YANG Module Revision Handling"; + } + + typedef revision-date { + type string { + pattern '[0-9]{4}-(1[0-2]|0[1-9])-(0[1-9]|[1-2][0-9]|3[0-1])'; + } + description + "A date associated with a YANG revision. + + Matches dates formatted as YYYY-MM-DD."; + reference + "RFC 7950: The YANG 1.1 Data Modeling Language"; + } + + extension non-backwards-compatible { + description + "This statement is used to indicate YANG module revisions that + contain non-backwards-compatible changes. + + The statement MUST only be a substatement of the 'revision' + statement. Zero or one 'non-backwards-compatible' statements + per parent statement is allowed. No substatements for this + extension have been standardized. + + If a revision of a YANG module contains changes, relative to + the preceding revision in the revision history, that do not + conform to the backwards-compatible module update rules + defined in RFC-XXX, then the 'non-backwards-compatible' + statement MUST be added as a substatement to the revision + statement. + + Conversely, if a revision does not contain a + 'non-backwards-compatible' statement then all changes, + relative to the preceding revision in the revision history, + MUST be backwards-compatible. + + A new module revision that only contains changes that are + backwards-compatible SHOULD NOT include the + 'non-backwards-compatible' statement. An example of when an + author might add the 'non-backwards-compatible' statement is + if they believe a change could negatively impact clients even + though the backwards compatibility rules defined in RFC-XXXX + classify it as a backwards-compatible change. + + Add, removing, or changing a 'non-backwards-compatible' + statement is a backwards-compatible version change."; + reference + "XXXX: Updated YANG Module Revision Handling; + Section 3.2, + non-backwards-compatible extension statement"; + } + + extension recommended-min-date { + argument revision-date; + description + "Recommends the revision of the module that may be imported to + one whose revision date matches or is after the specified + revision-date. + + The argument value MUST conform to the 'revision-date' defined + type. + + The statement MUST only be a substatement of the import + statement. Zero, one or more 'recommended-min-date' + statements per parent statement are allowed. No substatements + for this extension have been standardized. + + Zero or one 'recommended-min-date' extension statement is + allowed for each parent 'import' statement. + + A particular revision of an imported module adheres to an + import's 'recommended-min-date' extension statement if the + imported module's revision date is equal to or later than + the revision date argument of the 'recommended-min-date' + extension statement in the importing module. + + Adding, removing or updating a 'recommended-min-date' + statement to an import is a backwards-compatible change."; + reference + "XXXX: Updated YANG Module Revision Handling; Section 4, + Guidance for revision selection on imports"; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-schema-mount@2019-01-14.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-schema-mount@2019-01-14.yang new file mode 100644 index 00000000..c49458a1 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-schema-mount@2019-01-14.yang @@ -0,0 +1,224 @@ +module ietf-yang-schema-mount { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-schema-mount"; + prefix yangmnt; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Martin Bjorklund + + + Editor: Ladislav Lhotka + "; + + description + "This module defines a YANG extension statement that can be used + to incorporate data models defined in other YANG modules in a + module. It also defines operational state data that specify the + overall structure of the data model. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 8528; + see the RFC itself for full legal notices."; + + revision 2019-01-14 { + description + "Initial revision."; + reference + "RFC 8528: YANG Schema Mount"; + } + + /* + * Extensions + */ + + extension mount-point { + argument label; + description + "The argument 'label' is a YANG identifier, i.e., it is of the + type 'yang:yang-identifier'. + + The 'mount-point' statement MUST NOT be used in a YANG + version 1 module, neither explicitly nor via a 'uses' + statement. + The 'mount-point' statement MAY be present as a substatement + of 'container' and 'list' and MUST NOT be present elsewhere. + There MUST NOT be more than one 'mount-point' statement in a + given 'container' or 'list' statement. + + If a mount point is defined within a grouping, its label is + bound to the module where the grouping is used. + + A mount point defines a place in the node hierarchy where + other data models may be attached. A server that implements a + module with a mount point populates the + '/schema-mounts/mount-point' list with detailed information on + which data models are mounted at each mount point. + + Note that the 'mount-point' statement does not define a new + data node."; + } + + /* + * State data nodes + */ + + container schema-mounts { + config false; + description + "Contains information about the structure of the overall + mounted data model implemented in the server."; + list namespace { + key "prefix"; + description + "This list provides a mapping of namespace prefixes that are + used in XPath expressions of 'parent-reference' leafs to the + corresponding namespace URI references."; + leaf prefix { + type yang:yang-identifier; + description + "Namespace prefix."; + } + leaf uri { + type inet:uri; + description + "Namespace URI reference."; + } + } + list mount-point { + key "module label"; + + description + "Each entry of this list specifies a schema for a particular + mount point. + + Each mount point MUST be defined using the 'mount-point' + extension in one of the modules listed in the server's + YANG library instance with conformance type 'implement'."; + leaf module { + type yang:yang-identifier; + description + "Name of a module containing the mount point."; + } + leaf label { + type yang:yang-identifier; + description + "Label of the mount point defined using the 'mount-point' + extension."; + } + leaf config { + type boolean; + default "true"; + description + "If this leaf is set to 'false', then all data nodes in the + mounted schema are read-only ('config false'), regardless + of their 'config' property."; + } + choice schema-ref { + mandatory true; + description + "Alternatives for specifying the schema."; + container inline { + presence + "A complete self-contained schema is mounted at the + mount point."; + description + "This node indicates that the server has mounted at least + the module 'ietf-yang-library' at the mount point, and + its instantiation provides the information about the + mounted schema. + + Different instances of the mount point may have + different schemas mounted."; + } + container shared-schema { + presence + "The mounted schema together with the 'parent-reference' + make up the schema for this mount point."; + + description + "This node indicates that the server has mounted at least + the module 'ietf-yang-library' at the mount point, and + its instantiation provides the information about the + mounted schema. When XPath expressions in the mounted + schema are evaluated, the 'parent-reference' leaf-list + is taken into account. + + Different instances of the mount point MUST have the + same schema mounted."; + leaf-list parent-reference { + type yang:xpath1.0; + description + "Entries of this leaf-list are XPath 1.0 expressions + that are evaluated in the following context: + + - The context node is the node in the parent data tree + where the mount-point is defined. + + - The accessible tree is the parent data tree + *without* any nodes defined in modules that are + mounted inside the parent schema. + + - The context position and context size are both equal + to 1. + + - The set of variable bindings is empty. + + - The function library is the core function library + defined in the W3C XPath 1.0 document + (http://www.w3.org/TR/1999/REC-xpath-19991116) and + the functions defined in Section 10 of RFC 7950. + + - The set of namespace declarations is defined by the + 'namespace' list under 'schema-mounts'. + + Each XPath expression MUST evaluate to a node-set + (possibly empty). For the purposes of evaluating + XPath expressions whose context nodes are defined in + the mounted schema, the union of all these node-sets + together with ancestor nodes are added to the + accessible data tree. + + Note that in the case 'ietf-yang-schema-mount' is + itself mounted, a 'parent-reference' in the mounted + module may refer to nodes that were brought into the + accessible tree through a 'parent-reference' in the + parent schema."; + } + } + } + } + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-semver@2024-07-02.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-semver@2024-07-02.yang new file mode 100644 index 00000000..35ed7785 --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-semver@2024-07-02.yang @@ -0,0 +1,153 @@ +module ietf-yang-semver { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-semver"; + prefix ys; + + organization + "IETF NETMOD (Network Modeling) Working Group"; + contact + "WG Web: + WG List: + + Author: Joe Clarke + + Author: Robert Wilton + + Author: Reshad Rahman + + Author: Balazs Lengyel + + Author: Jason Sterne + + Author: Benoit Claise + "; + description + "This module provides type and grouping definitions for YANG + packages. + + Copyright (c) 2024 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Revised BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + // RFC Ed.: update the date below with the date of RFC publication + // and remove this note. + // RFC Ed.: replace XXXX with actual RFC number and remove this + // note. + // RFC Ed. update the ys:version to "1.0.0". + + revision 2024-07-02 { + ys:version "1.0.0-draft-ietf-netmod-yang-semver-17"; + description + "Initial revision"; + reference + "RFC XXXX: YANG Semantic Versioning."; + } + + /* + * Extensions + */ + + extension version { + argument yang-semantic-version; + description + "The version extension can be used to provide an additional + identifier associated with a module or submodule + revision. + + The format of the version extension argument MUST conform + to the 'version' typedef defined in this module. + + The statement MUST only be a substatement of the revision + statement. Zero or one version statements per parent + statement are allowed. No substatements for this extension + have been standardized. + + Versions MUST be unique amongst all revisions of a + module or submodule. + + Adding a version is a backwards-compatible + change. Changing or removing an existing version in + the revision history is a non-backwards-compatible + change, because it could impact any references to that + version."; + reference + "XXXX: YANG Semantic Versioning; + Section 3.2, YANG Semantic Version Extension"; + } + + extension recommended-min-version { + argument yang-semantic-version; + description + "Recommends the versions of the module that may be imported to + one that is greater than or equal to the specified version. + + The format of the recommended-min-version extension argument + MUST conform to the 'version' typedef defined in this module. + + The statement MUST only be a substatement of the import + statement. Zero, one or more 'recommended-min-version' + statements per parent statement are allowed. No + substatements for this extension have been + standardized. + + If specified multiple times, then any module revision that + satisfies at least one of the 'recommended-min-version' + statements is an acceptable recommended version for + import. + + A module to be imported is considered as meeting the + recommended minimum version criteria if it meets one of + the following conditions: + + * Has the exact MAJOR, MINOR, PATCH and '_compatible' or + '_non_compatible' modifiers as in the + recommend-min-version value. + * Has the same MAJOR and MINOR version numbers and a + greater PATCH number. In this case, '_compatible' and + '_non_compatible modifiers' are ignored. + * Has the same MAJOR version number and greater MINOR number. + In this case the PATCH number and the '_compatible' and + '_non_compatible' modifiers are ignored. + * Has a greater MAJOR version number. In this case MINOR + and PATCH numbers and '_compatible' and '_non_compatible' + modifiers are ignored. + + Adding, removing or updating a 'recommended-min-version' + statement to an import is a backwards-compatible change."; + reference + "XXXX: YANG Semantic Versioning; Section 4, + Import Module by Semantic Version"; + } + + /* + * Typedefs + */ + + typedef version { + type string { + pattern '[0-9]+[.][0-9]+[.][0-9]+(_(non_)?compatible)?' + + '(-[A-Za-z0-9.-]+[.-][0-9]+)?([+][A-Za-z0-9.-]+)?'; + } + description + "Represents a YANG semantic version. The rules governing the + use of this version identifier are defined in the + reference for this typedef."; + reference + "RFC XXXX: YANG Semantic Versioning."; + } +} diff --git a/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-types@2013-07-15.yang b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-types@2013-07-15.yang new file mode 100644 index 00000000..ee58fa3a --- /dev/null +++ b/yangkit-examples/src/main/resources/App6/yangs/ietf-yang-types@2013-07-15.yang @@ -0,0 +1,474 @@ +module ietf-yang-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types"; + prefix "yang"; + + organization + "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; + + contact + "WG Web: + WG List: + + WG Chair: David Kessens + + + WG Chair: Juergen Schoenwaelder + + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types. + + Copyright (c) 2013 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC 6991; see + the RFC itself for full legal notices."; + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - yang-identifier + - hex-string + - uuid + - dotted-quad"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of counter and gauge types ***/ + + typedef counter32 { + type uint32; + description + "The counter32 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter32 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter32 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter32. + + In the value set and its semantics, this type is equivalent + to the Counter32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter32 { + type yang:counter32; + default "0"; + description + "The zero-based-counter32 type represents a counter32 + that has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter32 textual convention of the SMIv2."; + reference + "RFC 4502: Remote Network Monitoring Management Information + Base Version 2"; + } + + typedef counter64 { + type uint64; + description + "The counter64 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the creation of + a schema node of type counter64 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter64 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter64. + + In the value set and its semantics, this type is equivalent + to the Counter64 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter64 { + type yang:counter64; + default "0"; + description + "The zero-based-counter64 type represents a counter64 that + has the defined 'initial' value zero. + + A schema node of this type will be set to zero (0) on creation + and will thereafter increase monotonically until it reaches + a maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + of this type within the minimum time to wrap, it can use the + 'initial' value as a delta. It is important for a management + station to be aware of this minimum time and the actual time + between polls, and to discard data if the actual time is too + long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter64 textual convention of the SMIv2."; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + typedef gauge32 { + type uint32; + description + "The gauge32 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^32-1 (4294967295 decimal), and + the minimum value cannot be smaller than 0. The value of + a gauge32 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge32 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the Gauge32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef gauge64 { + type uint64; + description + "The gauge64 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^64-1 (18446744073709551615), and + the minimum value cannot be smaller than 0. The value of + a gauge64 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge64 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the CounterBasedGauge64 SMIv2 textual convention defined + in RFC 2856"; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + /*** collection of identifier-related types ***/ + + typedef object-identifier { + type string { + pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))' + + '(\.(0|([1-9]\d*)))*'; + } + description + "The object-identifier type represents administratively + assigned names in a registration-hierarchical-name tree. + + Values of this type are denoted as a sequence of numerical + non-negative sub-identifier values. Each sub-identifier + value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers + are separated by single dots and without any intermediate + whitespace. + + The ASN.1 standard restricts the value space of the first + sub-identifier to 0, 1, or 2. Furthermore, the value space + of the second sub-identifier is restricted to the range + 0 to 39 if the first sub-identifier is 0 or 1. Finally, + the ASN.1 standard requires that an object identifier + has always at least two sub-identifiers. The pattern + captures these restrictions. + + Although the number of sub-identifiers is not limited, + module designers should realize that there may be + implementations that stick with the SMIv2 limit of 128 + sub-identifiers. + + This type is a superset of the SMIv2 OBJECT IDENTIFIER type + since it is not restricted to 128 sub-identifiers. Hence, + this type SHOULD NOT be used to represent the SMIv2 OBJECT + IDENTIFIER type; the object-identifier-128 type SHOULD be + used instead."; + reference + "ISO9834-1: Information technology -- Open Systems + Interconnection -- Procedures for the operation of OSI + Registration Authorities: General procedures and top + arcs of the ASN.1 Object Identifier tree"; + } + + typedef object-identifier-128 { + type object-identifier { + pattern '\d*(\.\d*){1,127}'; + } + description + "This type represents object-identifiers restricted to 128 + sub-identifiers. + + In the value set and its semantics, this type is equivalent + to the OBJECT IDENTIFIER type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef yang-identifier { + type string { + length "1..max"; + pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*'; + pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*'; + } + description + "A YANG identifier string as defined by the 'identifier' + rule in Section 12 of RFC 6020. An identifier must + start with an alphabetic character or an underscore + followed by an arbitrary sequence of alphabetic or + numeric characters, underscores, hyphens, or dots. + + A YANG identifier MUST NOT start with any possible + combination of the lowercase or uppercase character + sequence 'xml'."; + reference + "RFC 6020: YANG - A Data Modeling Language for the Network + Configuration Protocol (NETCONF)"; + } + + /*** collection of types related to date and time***/ + + typedef date-and-time { + type string { + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date-and-time type is a profile of the ISO 8601 + standard for representation of dates and times using the + Gregorian calendar. The profile is defined by the + date-time production in Section 5.6 of RFC 3339. + + The date-and-time type is compatible with the dateTime XML + schema type with the following notable exceptions: + + (a) The date-and-time type does not allow negative years. + + (b) The date-and-time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in dateTime. + + (c) The canonical format (see below) of data-and-time values + differs from the canonical format used by the dateTime XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + This type is not equivalent to the DateAndTime textual + convention of the SMIv2 since RFC 3339 uses a different + separator between full-date and full-time and provides + higher resolution of time-secfrac. + + The canonical format for date-and-time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date-and-time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date-and-time values with an unknown time zone (usually + referring to the notion of local time) uses the time-offset + -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + RFC 2579: Textual Conventions for SMIv2 + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef timeticks { + type uint32; + description + "The timeticks type represents a non-negative integer that + represents the time, modulo 2^32 (4294967296 decimal), in + hundredths of a second between two epochs. When a schema + node is defined that uses this type, the description of + the schema node identifies both of the reference epochs. + + In the value set and its semantics, this type is equivalent + to the TimeTicks type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef timestamp { + type yang:timeticks; + description + "The timestamp type represents the value of an associated + timeticks schema node at which a specific occurrence + happened. The specific occurrence must be defined in the + description of any schema node defined using this type. When + the specific occurrence occurred prior to the last time the + associated timeticks attribute was zero, then the timestamp + value is zero. Note that this requires all timestamp values + to be reset to zero when the value of the associated timeticks + attribute reaches 497+ days and wraps around to zero. + + The associated timeticks schema node must be specified + in the description of any schema node using this type. + + In the value set and its semantics, this type is equivalent + to the TimeStamp textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of generic address types ***/ + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + + description + "Represents media- or physical-level addresses represented + as a sequence octets, each octet represented by two hexadecimal + numbers. Octets are separated by colons. The canonical + representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the PhysAddress textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + } + description + "The mac-address type represents an IEEE 802 MAC address. + The canonical representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the MacAddress textual convention of the SMIv2."; + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture + RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of XML-specific types ***/ + + typedef xpath1.0 { + type string; + description + "This type represents an XPATH 1.0 expression. + + When a schema node is defined that uses this type, the + description of the schema node MUST specify the XPath + context in which the XPath expression is evaluated."; + reference + "XPATH: XML Path Language (XPath) Version 1.0"; + } + + /*** collection of string types ***/ + + typedef hex-string { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "A hexadecimal string with octets represented as hex digits + separated by colons. The canonical representation uses + lowercase characters."; + } + + typedef uuid { + type string { + pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' + + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'; + } + description + "A Universally Unique IDentifier in the string representation + defined in RFC 4122. The canonical representation uses + lowercase characters. + + The following is an example of a UUID in string representation: + f81d4fae-7dec-11d0-a765-00a0c91e6bf6 + "; + reference + "RFC 4122: A Universally Unique IDentifier (UUID) URN + Namespace"; + } + + typedef dotted-quad { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'; + } + description + "An unsigned 32-bit number expressed in the dotted-quad + notation, i.e., four octets written as decimal numbers + and separated with the '.' (full stop) character."; + } +} diff --git a/yangkit-examples/src/test/java/IETFCasesTest.java b/yangkit-examples/src/test/java/IETFCasesTest.java new file mode 100644 index 00000000..e004089a --- /dev/null +++ b/yangkit-examples/src/test/java/IETFCasesTest.java @@ -0,0 +1,157 @@ +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.io.IOUtils; +import org.dom4j.DocumentException; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.yangcentral.yangkit.base.YangElement; +import org.yangcentral.yangkit.common.api.validate.ValidatorResult; +import org.yangcentral.yangkit.common.api.validate.ValidatorResultBuilder; +import org.yangcentral.yangkit.data.api.model.YangDataDocument; +import org.yangcentral.yangkit.data.codec.json.YangDataDocumentJsonParser; +import org.yangcentral.yangkit.examples.App1; +import org.yangcentral.yangkit.examples.App4; +import org.yangcentral.yangkit.examples.App5; +import org.yangcentral.yangkit.examples.App6; +import org.yangcentral.yangkit.model.api.schema.YangSchemaContext; +import org.yangcentral.yangkit.model.api.stmt.Module; +import org.yangcentral.yangkit.model.api.stmt.YangStatement; +import org.yangcentral.yangkit.parser.YangParser; +import org.yangcentral.yangkit.parser.YangParserEnv; +import org.yangcentral.yangkit.parser.YangParserException; +import org.yangcentral.yangkit.parser.YangYinParser; +import org.yangcentral.yangkit.register.YangStatementImplRegister; +import org.yangcentral.yangkit.register.YangStatementRegister; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.List; + +import static org.junit.jupiter.api.Assertions.*; + +public class IETFCasesTest { + + /** + * Validates custom insa-test.yang + */ + @Test + public void validateApp1Example() throws IOException { + InputStream inputStream = App1.class.getClassLoader().getResourceAsStream("App1/insa-test.yang"); + assertNotNull(inputStream); + String yang = new String(IOUtils.toByteArray(inputStream)); + inputStream.close(); + + YangStatementImplRegister.registerImpl(); + YangParser yangParser = new YangParser(); + YangParserEnv yangParserEnv = new YangParserEnv(); + yangParserEnv.setYangStr(yang); + yangParserEnv.setFilename("insa-test"); + yangParserEnv.setCurPos(0); + List yangElements; + try { + yangElements = yangParser.parseYang(yang, yangParserEnv); + } catch (YangParserException e) { + throw new RuntimeException(e); + } + + assertEquals(yangElements.size(), 1); + YangSchemaContext context = YangStatementRegister.getInstance().getSchemeContextInstance(); + // Add the yang module to the context; + for (YangElement element : yangElements) { + if (element instanceof YangStatement) { + context.addModule((Module) element); + } + } + ValidatorResult validatorResult = context.validate(); + assertTrue(validatorResult.isOk()); + } + + /** + * Validates ietf-notification message (from ietf-yang-push.yang) + */ + @Test + @Disabled + public void validateApp4Example() throws IOException, DocumentException, YangParserException { + URL yangUrl = App4.class.getClassLoader().getResource("App4/yang"); + String yangDir = yangUrl.getFile(); + + // Parsing module + YangSchemaContext schemaContext = YangYinParser.parse(yangDir); + ValidatorResult result = schemaContext.validate(); + assertTrue(result.isOk()); + assertEquals(schemaContext.getModules().size(), 15); + + // Validating valid notification + InputStream jsonInputStream = App4.class.getClassLoader().getResourceAsStream("App4/json/valid_notification.json"); + ObjectMapper objectMapper = new ObjectMapper(); + JsonNode jsonElement = objectMapper.readTree(jsonInputStream); + + ValidatorResultBuilder validatorResultBuilder = new ValidatorResultBuilder(); + YangDataDocument doc = new YangDataDocumentJsonParser(schemaContext).parse(jsonElement, validatorResultBuilder); + doc.update(); + ValidatorResult validatorResult = validatorResultBuilder.build(); + + System.out.println(validatorResult.getRecords()); + assertTrue(validatorResult.isOk()); + doc.validate(); + assertTrue(validatorResult.isOk()); + } + + /** + * Validates ietf-interfaces.yang and JSON encoded message + */ + @Test + public void validateApp5Example() throws IOException, DocumentException, YangParserException { + URL yangUrl = App5.class.getClassLoader().getResource("App5/interfaces"); + String yangDir = yangUrl.getFile(); + + // Parsing module + YangSchemaContext schemaContext = YangYinParser.parse(yangDir); + ValidatorResult result = schemaContext.validate(); + assertTrue(result.isOk()); + assertEquals(schemaContext.getModules().size(), 3); + + InputStream jsonInputStream = App5.class.getClassLoader().getResourceAsStream("App5/json/interface.json"); + ObjectMapper objectMapper = new ObjectMapper(); + JsonNode jsonElement = objectMapper.readTree(jsonInputStream); + + // Validating + ValidatorResultBuilder validatorResultBuilder = new ValidatorResultBuilder(); + YangDataDocument doc = new YangDataDocumentJsonParser(schemaContext).parse(jsonElement, validatorResultBuilder); + doc.update(); + ValidatorResult validatorResult = validatorResultBuilder.build(); + assertTrue(validatorResult.isOk()); + doc.validate(); + assertTrue(validatorResult.isOk()); + } + + /** + * Validates ietf-telemetry-message.yang and JSON encoded message + */ + @Test + public void validateApp6Example() throws IOException, DocumentException, YangParserException { + URL yangUrl = App6.class.getClassLoader().getResource("App6/yangs"); + String yangDir = yangUrl.getFile(); + + // Parsing module + YangSchemaContext schemaContext = YangYinParser.parse(yangDir); + ValidatorResult result = schemaContext.validate(); + assertTrue(result.isOk()); + assertEquals(schemaContext.getModules().size(), 30); + + InputStream jsonInputStream = App6.class.getClassLoader().getResourceAsStream("App6/json/telemetry-msg.json"); + ObjectMapper objectMapper = new ObjectMapper(); + JsonNode jsonElement = objectMapper.readTree(jsonInputStream); + + // Validating + ValidatorResultBuilder validatorResultBuilder = new ValidatorResultBuilder(); + YangDataDocument doc = new YangDataDocumentJsonParser(schemaContext).parse(jsonElement, validatorResultBuilder); + doc.update(); + ValidatorResult validatorResult = validatorResultBuilder.build(); + assertTrue(validatorResult.isOk()); + doc.validate(); + assertTrue(validatorResult.isOk()); + } + +} diff --git a/yangkit-model-impl/src/main/java/org/yangcentral/yangkit/model/impl/stmt/AugmentImpl.java b/yangkit-model-impl/src/main/java/org/yangcentral/yangkit/model/impl/stmt/AugmentImpl.java index 9b09cbfd..abdd80fe 100644 --- a/yangkit-model-impl/src/main/java/org/yangcentral/yangkit/model/impl/stmt/AugmentImpl.java +++ b/yangkit-model-impl/src/main/java/org/yangcentral/yangkit/model/impl/stmt/AugmentImpl.java @@ -336,9 +336,12 @@ protected ValidatorResult validateSelf() { if(this.getWhen() != null){ severity = Severity.WARNING; } - validatorResultBuilder.addRecord( - ModelUtil.reportError(mandatoryDescendant,severity, ErrorTag.BAD_ELEMENT, - ErrorCode.AUGMENT_MANDATORY_NODE.getFieldName())); + // If augmentation is in different module than the target + if (!mandatoryDescendant.getContext().getCurModule().equals(this.target.getContext().getCurModule())) { + validatorResultBuilder.addRecord( + ModelUtil.reportError(mandatoryDescendant,severity, ErrorTag.BAD_ELEMENT, + ErrorCode.AUGMENT_MANDATORY_NODE.getFieldName())); + } }