| Gaurav Agrawal | 28920d8 | 2017-10-06 17:39:42 +0530 | [diff] [blame] | 1 | submodule ietf-snmp-tls { |
| 2 | |
| 3 | belongs-to ietf-snmp { |
| 4 | prefix snmp; |
| 5 | } |
| 6 | |
| 7 | import ietf-inet-types { |
| 8 | prefix inet; |
| 9 | } |
| 10 | import ietf-x509-cert-to-name { |
| 11 | prefix x509c2n; |
| 12 | } |
| 13 | |
| 14 | include ietf-snmp-common; |
| 15 | include ietf-snmp-engine; |
| 16 | include ietf-snmp-target; |
| 17 | |
| 18 | organization |
| 19 | "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; |
| 20 | |
| 21 | contact |
| 22 | "WG Web: <http://tools.ietf.org/wg/netmod/> |
| 23 | WG List: <mailto:netmod@ietf.org> |
| 24 | |
| 25 | WG Chair: Thomas Nadeau |
| 26 | <mailto:tnadeau@lucidvision.com> |
| 27 | |
| 28 | WG Chair: Juergen Schoenwaelder |
| 29 | <mailto:j.schoenwaelder@jacobs-university.de> |
| 30 | |
| 31 | Editor: Martin Bjorklund |
| 32 | <mailto:mbj@tail-f.com> |
| 33 | |
| 34 | Editor: Juergen Schoenwaelder |
| 35 | <mailto:j.schoenwaelder@jacobs-university.de>"; |
| 36 | |
| 37 | description |
| 38 | "This submodule contains a collection of YANG definitions for |
| 39 | configuring the Transport Layer Security Transport Model (TLSTM) |
| 40 | of SNMP. |
| 41 | |
| 42 | Copyright (c) 2014 IETF Trust and the persons identified as |
| 43 | authors of the code. All rights reserved. |
| 44 | |
| 45 | Redistribution and use in source and binary forms, with or |
| 46 | without modification, is permitted pursuant to, and subject |
| 47 | to the license terms contained in, the Simplified BSD License |
| 48 | set forth in Section 4.c of the IETF Trust's Legal Provisions |
| 49 | Relating to IETF Documents |
| 50 | (http://trustee.ietf.org/license-info). |
| 51 | |
| 52 | This version of this YANG module is part of RFC 7407; see |
| 53 | the RFC itself for full legal notices."; |
| 54 | |
| 55 | reference |
| 56 | "RFC 6353: Transport Layer Security (TLS) Transport Model for |
| 57 | the Simple Network Management Protocol (SNMP)"; |
| 58 | |
| 59 | revision 2014-12-10 { |
| 60 | description |
| 61 | "Initial revision."; |
| 62 | reference |
| 63 | "RFC 7407: A YANG Data Model for SNMP Configuration"; |
| 64 | } |
| 65 | |
| 66 | feature tlstm { |
| 67 | description |
| 68 | "A server implements this feature if it supports the |
| 69 | Transport Layer Security Transport Model for SNMP."; |
| 70 | reference |
| 71 | "RFC 6353: Transport Layer Security (TLS) Transport Model for |
| 72 | the Simple Network Management Protocol (SNMP)"; |
| 73 | } |
| 74 | |
| 75 | augment /snmp:snmp/snmp:engine/snmp:listen/snmp:transport { |
| 76 | if-feature tlstm; |
| 77 | case tls { |
| 78 | container tls { |
| 79 | description |
| 80 | "A list of IPv4 and IPv6 addresses and ports to which the |
| 81 | engine listens for SNMP messages over TLS."; |
| 82 | |
| 83 | leaf ip { |
| 84 | type inet:ip-address; |
| 85 | mandatory true; |
| 86 | description |
| 87 | "The IPv4 or IPv6 address on which the engine listens |
| 88 | for SNMP messages over TLS."; |
| 89 | } |
| 90 | leaf port { |
| 91 | type inet:port-number; |
| 92 | description |
| 93 | "The TCP port on which the engine listens for SNMP |
| 94 | messages over TLS. |
| 95 | |
| 96 | If the port is not configured, an engine that |
| 97 | acts as a Command Responder uses port 10161, and |
| 98 | an engine that acts as a Notification Receiver |
| 99 | uses port 10162."; |
| 100 | } |
| 101 | } |
| 102 | } |
| 103 | case dtls { |
| 104 | container dtls { |
| 105 | description |
| 106 | "A list of IPv4 and IPv6 addresses and ports to which the |
| 107 | engine listens for SNMP messages over DTLS."; |
| 108 | |
| 109 | leaf ip { |
| 110 | type inet:ip-address; |
| 111 | mandatory true; |
| 112 | description |
| 113 | "The IPv4 or IPv6 address on which the engine listens |
| 114 | for SNMP messages over DTLS."; |
| 115 | } |
| 116 | leaf port { |
| 117 | type inet:port-number; |
| 118 | description |
| 119 | "The UDP port on which the engine listens for SNMP |
| 120 | messages over DTLS. |
| 121 | |
| 122 | If the port is not configured, an engine that |
| 123 | acts as a Command Responder uses port 10161, and |
| 124 | an engine that acts as a Notification Receiver |
| 125 | uses port 10162."; |
| 126 | } |
| 127 | } |
| 128 | } |
| 129 | } |
| 130 | |
| 131 | augment /snmp:snmp { |
| 132 | if-feature tlstm; |
| 133 | container tlstm { |
| 134 | uses x509c2n:cert-to-name { |
| 135 | description |
| 136 | "Defines how certificates are mapped to names. The |
| 137 | resulting name is used as a security name."; |
| 138 | refine cert-to-name/map-type { |
| 139 | description |
| 140 | "Mappings that use the snmpTlstmCertToTSNData column |
| 141 | need to augment the cert-to-name list with |
| 142 | additional configuration objects corresponding |
| 143 | to the snmpTlstmCertToTSNData value. Such objects |
| 144 | should use the 'when' statement to make them |
| 145 | conditional based on the map-type."; |
| 146 | } |
| 147 | } |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | grouping tls-transport { |
| 152 | leaf ip { |
| 153 | type inet:host; |
| 154 | mandatory true; |
| 155 | reference |
| 156 | "RFC 3413: Simple Network Management Protocol (SNMP). |
| 157 | Applications. |
| 158 | SNMP-TARGET-MIB.snmpTargetAddrTAddress |
| 159 | RFC 6353: Transport Layer Security (TLS) Transport Model |
| 160 | for the Simple Network Management Protocol (SNMP). |
| 161 | SNMP-TLS-TM-MIB.SnmpTLSAddress"; |
| 162 | } |
| 163 | leaf port { |
| 164 | type inet:port-number; |
| 165 | default 10161; |
| 166 | reference |
| 167 | "RFC 3413: Simple Network Management Protocol (SNMP). |
| 168 | Applications. |
| 169 | SNMP-TARGET-MIB.snmpTargetAddrTAddress |
| 170 | RFC 6353: Transport Layer Security (TLS) Transport Model |
| 171 | for the Simple Network Management Protocol (SNMP). |
| 172 | SNMP-TLS-TM-MIB.SnmpTLSAddress"; |
| 173 | } |
| 174 | leaf client-fingerprint { |
| 175 | type x509c2n:tls-fingerprint; |
| 176 | reference |
| 177 | "RFC 6353: Transport Layer Security (TLS) Transport Model |
| 178 | for the Simple Network Management Protocol (SNMP). |
| 179 | SNMP-TLS-TM-MIB.snmpTlstmParamsClientFingerprint"; |
| 180 | } |
| 181 | leaf server-fingerprint { |
| 182 | type x509c2n:tls-fingerprint; |
| 183 | reference |
| 184 | "RFC 6353: Transport Layer Security (TLS) Transport Model |
| 185 | for the Simple Network Management Protocol (SNMP). |
| 186 | SNMP-TLS-TM-MIB.snmpTlstmAddrServerFingerprint"; |
| 187 | } |
| 188 | leaf server-identity { |
| 189 | type snmp:admin-string; |
| 190 | reference |
| 191 | "RFC 6353: Transport Layer Security (TLS) Transport Model |
| 192 | for the Simple Network Management Protocol (SNMP). |
| 193 | SNMP-TLS-TM-MIB.snmpTlstmAddrServerIdentity"; |
| 194 | } |
| 195 | } |
| 196 | |
| 197 | augment /snmp:snmp/snmp:target/snmp:transport { |
| 198 | if-feature tlstm; |
| 199 | case tls { |
| 200 | reference |
| 201 | "RFC 6353: Transport Layer Security (TLS) Transport Model |
| 202 | for the Simple Network Management Protocol (SNMP). |
| 203 | SNMP-TLS-TM-MIB.snmpTLSTCPDomain"; |
| 204 | container tls { |
| 205 | uses tls-transport; |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | |
| 210 | augment /snmp:snmp/snmp:target/snmp:transport { |
| 211 | if-feature tlstm; |
| 212 | case dtls { |
| 213 | reference |
| 214 | "RFC 6353: Transport Layer Security (TLS) Transport Model |
| 215 | for the Simple Network Management Protocol (SNMP). |
| 216 | SNMP-TLS-TM-MIB.snmpDTLSUDPDomain"; |
| 217 | container dtls { |
| 218 | uses tls-transport; |
| 219 | } |
| 220 | } |
| 221 | } |
| 222 | } |