matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9b59ee0e79
sonic-buildimage/src/sonic-yang-models/yang-models/sonic-macsec.yang
Ze Gan a1494577d9
[yang]: Add yang model for MACsec (#10559) 
Add Yang model to constrain the configuration of MACsec
2022-04-18 10:34:52 +08:00

117 lines
3.1 KiB
YANG
Raw Blame History

module sonic-macsec {
yang-version 1.1;
namespace "http://github.com/Azure/sonic-macsec";
prefix macsec;
import sonic-types {
prefix stypes;
}
description "MACsec yang Module for SONiC OS";
revision 2022-04-12 {
description "First Revision";
}
container sonic-macsec {
container MACSEC_PROFILE {
description "MACsec profile of config_db.json";
list MACSEC_PROFILE_LIST {
key "name";
leaf name {
type string {
length 1..128;
}
}
leaf priority {
type uint8;
default 255;
}
leaf cipher_suite {
type string {
pattern "GCM-AES-128|GCM-AES-256|GCM-AES-XPN-128|GCM-AES-XPN-256";
}
default "GCM-AES-128";
}
leaf primary_cak {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
}
mandatory true;
}
leaf primary_ckn {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
}
mandatory true;
}
leaf fallback_cak {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
}
}
leaf fallback_ckn {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
}
}
must "string-length(primary_cak) = string-length(primary_ckn)";
must "string-length(fallback_cak) = string-length(fallback_ckn)";
must "string-length(fallback_cak) = string-length(primary_cak)";
must "primary_ckn != fallback_ckn";
leaf policy {
type string {
pattern "integrity_only|security";
}
default "security";
}
leaf enable_replay_protect {
type stypes:boolean_type;
default "false";
}
leaf replay_window {
when "current()/../enable_replay_protect = 'true'";
type uint32;
}
leaf send_sci {
type stypes:boolean_type;
default "true";
}
leaf rekey_period {
description "The period of proactively refresh (Unit second).
If the value is 0, which means never proactive refresh SAK.";
type uint32;
default 0;
}
} /* end of list MACSEC_PROFILE_LIST */
} /* end of container MACSEC_PROFILE */
} /* end of container sonic-macsec */
} /* end of module sonic-macsec */
Reference in New Issue View Git Blame Copy Permalink