Addition of common model.
Change-Id: If5fd6bae01a59ebf9d27f8369ac3403c83f70fad
diff --git a/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang b/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang
new file mode 100644
index 0000000..e8ed5f7
--- /dev/null
+++ b/models/common/src/main/yang/ietf-snmp-tls@2014-12-10.yang
@@ -0,0 +1,222 @@
+submodule ietf-snmp-tls {
+
+ belongs-to ietf-snmp {
+ prefix snmp;
+ }
+
+ import ietf-inet-types {
+ prefix inet;
+ }
+ import ietf-x509-cert-to-name {
+ prefix x509c2n;
+ }
+
+ include ietf-snmp-common;
+ include ietf-snmp-engine;
+ include ietf-snmp-target;
+
+ organization
+ "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: Thomas Nadeau
+ <mailto:tnadeau@lucidvision.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This submodule contains a collection of YANG definitions for
+ configuring the Transport Layer Security Transport Model (TLSTM)
+ of SNMP.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC 7407; see
+ the RFC itself for full legal notices.";
+
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+
+ revision 2014-12-10 {
+ description
+ "Initial revision.";
+ reference
+ "RFC 7407: A YANG Data Model for SNMP Configuration";
+ }
+
+ feature tlstm {
+ description
+ "A server implements this feature if it supports the
+ Transport Layer Security Transport Model for SNMP.";
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+ }
+
+ augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport {
+ if-feature tlstm;
+ case tls {
+ container tls {
+ description
+ "A list of IPv4 and IPv6 addresses and ports to which the
+ engine listens for SNMP messages over TLS.";
+
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine listens
+ for SNMP messages over TLS.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The TCP port on which the engine listens for SNMP
+ messages over TLS.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 10161, and
+ an engine that acts as a Notification Receiver
+ uses port 10162.";
+ }
+ }
+ }
+ case dtls {
+ container dtls {
+ description
+ "A list of IPv4 and IPv6 addresses and ports to which the
+ engine listens for SNMP messages over DTLS.";
+
+ leaf ip {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IPv4 or IPv6 address on which the engine listens
+ for SNMP messages over DTLS.";
+ }
+ leaf port {
+ type inet:port-number;
+ description
+ "The UDP port on which the engine listens for SNMP
+ messages over DTLS.
+
+ If the port is not configured, an engine that
+ acts as a Command Responder uses port 10161, and
+ an engine that acts as a Notification Receiver
+ uses port 10162.";
+ }
+ }
+ }
+ }
+
+ augment /snmp:snmp {
+ if-feature tlstm;
+ container tlstm {
+ uses x509c2n:cert-to-name {
+ description
+ "Defines how certificates are mapped to names. The
+ resulting name is used as a security name.";
+ refine cert-to-name/map-type {
+ description
+ "Mappings that use the snmpTlstmCertToTSNData column
+ need to augment the cert-to-name list with
+ additional configuration objects corresponding
+ to the snmpTlstmCertToTSNData value. Such objects
+ should use the 'when' statement to make them
+ conditional based on the map-type.";
+ }
+ }
+ }
+ }
+
+ grouping tls-transport {
+ leaf ip {
+ type inet:host;
+ mandatory true;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.SnmpTLSAddress";
+ }
+ leaf port {
+ type inet:port-number;
+ default 10161;
+ reference
+ "RFC 3413: Simple Network Management Protocol (SNMP).
+ Applications.
+ SNMP-TARGET-MIB.snmpTargetAddrTAddress
+ RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.SnmpTLSAddress";
+ }
+ leaf client-fingerprint {
+ type x509c2n:tls-fingerprint;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint";
+ }
+ leaf server-fingerprint {
+ type x509c2n:tls-fingerprint;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint";
+ }
+ leaf server-identity {
+ type snmp:admin-string;
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity";
+ }
+ }
+
+ augment /snmp:snmp/snmp:target/snmp:transport {
+ if-feature tlstm;
+ case tls {
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpTLSTCPDomain";
+ container tls {
+ uses tls-transport;
+ }
+ }
+ }
+
+ augment /snmp:snmp/snmp:target/snmp:transport {
+ if-feature tlstm;
+ case dtls {
+ reference
+ "RFC 6353: Transport Layer Security (TLS) Transport Model
+ for the Simple Network Management Protocol (SNMP).
+ SNMP-TLS-TM-MIB.snmpDTLSUDPDomain";
+ container dtls {
+ uses tls-transport;
+ }
+ }
+ }
+}