netopeer2 UPDATE support for new ln2 version

Roytak · Roytak · commit fba7ed6f2fa6 · 2025-11-17T12:30:55.000+09:00
diff --git a/scripts/common.sh b/scripts/common.sh
@@ -18,25 +18,25 @@ NP2_MODULES=(
 )
 
 LN2_MODULES=(
-"iana-ssh-encryption-algs@2022-06-16.yang"
-"iana-ssh-key-exchange-algs@2022-06-16.yang"
-"iana-ssh-mac-algs@2022-06-16.yang"
-"iana-ssh-public-key-algs@2022-06-16.yang"
-"iana-tls-cipher-suite-algs@2022-06-16.yang"
+"iana-ssh-encryption-algs@2024-10-16.yang"
+"iana-ssh-key-exchange-algs@2024-10-16.yang"
+"iana-ssh-mac-algs@2024-10-16.yang"
+"iana-ssh-public-key-algs@2024-10-16.yang"
+"iana-tls-cipher-suite-algs@2024-10-16.yang"
 "ietf-x509-cert-to-name@2014-12-10.yang"
 "iana-crypt-hash@2014-04-04.yang -e crypt-hash-md5 -e crypt-hash-sha-256 -e crypt-hash-sha-512"
-"ietf-crypto-types@2023-12-28.yang -e cleartext-passwords -e cleartext-private-keys"
-"ietf-keystore@2023-12-28.yang -e central-keystore-supported -e inline-definitions-supported -e asymmetric-keys"
-"ietf-truststore@2023-12-28.yang -e central-truststore-supported -e inline-definitions-supported -e certificates -e public-keys"
-"ietf-tcp-common@2023-12-28.yang -e keepalives-supported"
-"ietf-tcp-server@2023-12-28.yang -e tcp-server-keepalives"
-"ietf-tcp-client@2023-12-28.yang -e local-binding-supported -e tcp-client-keepalives"
-"ietf-ssh-common@2023-12-28.yang -e transport-params"
-"ietf-ssh-server@2023-12-28.yang -e local-users-supported -e local-user-auth-publickey -e local-user-auth-password -e local-user-auth-none"
-"ietf-tls-common@2023-12-28.yang -e tls10 -e tls11 -e tls12 -e tls13 -e hello-params"
-"ietf-tls-server@2023-12-28.yang -e server-ident-x509-cert -e client-auth-supported -e client-auth-x509-cert"
-"ietf-netconf-server@2023-12-28.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home -e central-netconf-server-supported"
-"libnetconf2-netconf-server@2025-08-01.yang"
+"ietf-crypto-types@2024-10-10.yang -e cleartext-passwords -e cleartext-private-keys"
+"ietf-keystore@2024-10-10.yang -e central-keystore-supported -e inline-definitions-supported -e asymmetric-keys"
+"ietf-truststore@2024-10-10.yang -e central-truststore-supported -e inline-definitions-supported -e certificates -e public-keys"
+"ietf-tcp-common@2024-10-10.yang -e keepalives-supported"
+"ietf-tcp-server@2024-10-10.yang -e tcp-server-keepalives"
+"ietf-tcp-client@2024-10-10.yang -e local-binding-supported -e tcp-client-keepalives"
+"ietf-ssh-common@2024-10-10.yang -e algorithm-discovery -e transport-params"
+"ietf-ssh-server@2024-10-10.yang -e local-users-supported -e local-user-auth-publickey -e local-user-auth-password -e local-user-auth-none"
+"ietf-tls-common@2024-10-10.yang -e algorithm-discovery -e tls12 -e tls13 -e hello-params"
+"ietf-tls-server@2024-10-10.yang -e server-ident-x509-cert -e client-auth-supported -e client-auth-x509-cert"
+"ietf-netconf-server@2025-04-24.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home -e central-netconf-server-supported"
+"libnetconf2-netconf-server@2025-11-11.yang"
 )
 
 # get path to the sysrepocfg executable
diff --git a/scripts/merge_config.sh b/scripts/merge_config.sh
@@ -83,7 +83,9 @@ CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\
                 <name>default-ssh</name>
                 <ssh>
                     <tcp-server-parameters>
-                        <local-address>0.0.0.0</local-address>
+                        <local-bind>
+                            <local-address>0.0.0.0</local-address>
+                        </local-bind>
                     </tcp-server-parameters>
                     <ssh-server-parameters>
                         <server-identity>
diff --git a/src/main.c b/src/main.c
@@ -1041,34 +1041,46 @@ np2srv_ssh_algs_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), cons
         const char *UNUSED(request_xpath), uint32_t UNUSED(request_id), struct lyd_node **parent,
         void *UNUSED(private_data))
 {
-    int ret = 0;
     const struct ly_ctx *ly_ctx;
 
-    (void) path;
-
     /* context is locked by the callback anyway */
     ly_ctx = sr_session_acquire_context(session);
     sr_session_release_context(session);
 
     /* get oper data based on the module */
-    if (!strcmp(module_name, "iana-ssh-public-key-algs")) {
-        assert(!strcmp(path, "/iana-ssh-public-key-algs:supported-algorithms"));
-        ret = nc_server_config_oper_get_hostkey_algs(ly_ctx, parent);
-    } else if (!strcmp(module_name, "iana-ssh-key-exchange-algs")) {
-        assert(!strcmp(path, "/iana-ssh-key-exchange-algs:supported-algorithms"));
-        ret = nc_server_config_oper_get_kex_algs(ly_ctx, parent);
-    } else if (!strcmp(module_name, "iana-ssh-encryption-algs")) {
-        assert(!strcmp(path, "/iana-ssh-encryption-algs:supported-algorithms"));
-        ret = nc_server_config_oper_get_encryption_algs(ly_ctx, parent);
-    } else if (!strcmp(module_name, "iana-ssh-mac-algs")) {
-        assert(!strcmp(path, "/iana-ssh-mac-algs:supported-algorithms"));
-        ret = nc_server_config_oper_get_mac_algs(ly_ctx, parent);
+    if (!strcmp(module_name, "ietf-ssh-common") && !strcmp(path, "/ietf-ssh-common:supported-algorithms")) {
+        if (nc_server_config_oper_get_supported_ssh_algs(ly_ctx, parent)) {
+            return SR_ERR_INTERNAL;
+        }
     } else {
-        ERR("Unable to get supported SSH algorithms (module %s not supported).", module_name);
+        ERR("Unable to get supported SSH algorithms for unknown module \"%s\" and path \"%s\".", module_name, path);
         return SR_ERR_INTERNAL;
     }
-    if (ret) {
-        ERR("Getting supported SSH algorithms failed.");
+
+    return SR_ERR_OK;
+}
+
+/**
+ * @brief Callback for providing TLS cipher suites operational data.
+ */
+static int
+np2srv_tls_algs_oper_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), const char *module_name, const char *path,
+        const char *UNUSED(request_xpath), uint32_t UNUSED(request_id), struct lyd_node **parent,
+        void *UNUSED(private_data))
+{
+    const struct ly_ctx *ly_ctx;
+
+    /* context is locked by the callback anyway */
+    ly_ctx = sr_session_acquire_context(session);
+    sr_session_release_context(session);
+
+    /* get oper data based on the module */
+    if (!strcmp(module_name, "ietf-tls-common") && !strcmp(path, "/ietf-tls-common:supported-algorithms")) {
+        if (nc_server_config_oper_get_supported_tls_algs(ly_ctx, parent)) {
+            return SR_ERR_INTERNAL;
+        }
+    } else {
+        ERR("Unable to get supported TLS cipher suites for unknown module \"%s\" and path \"%s\".", module_name, path);
         return SR_ERR_INTERNAL;
     }
 
@@ -1126,18 +1138,12 @@ server_data_subscribe(void)
     }
 
 #ifdef NC_ENABLED_SSH_TLS
-    /* set callbacks for supported algorithms oper data */
-    mod_name = "iana-ssh-public-key-algs";
-    SR_OPER_SUBSCR(mod_name, "/iana-ssh-public-key-algs:supported-algorithms", np2srv_ssh_algs_oper_cb);
-
-    mod_name = "iana-ssh-key-exchange-algs";
-    SR_OPER_SUBSCR(mod_name, "/iana-ssh-key-exchange-algs:supported-algorithms", np2srv_ssh_algs_oper_cb);
-
-    mod_name = "iana-ssh-encryption-algs";
-    SR_OPER_SUBSCR(mod_name, "/iana-ssh-encryption-algs:supported-algorithms", np2srv_ssh_algs_oper_cb);
+    /* set callbacks for supported SSH algorithms and TLS cipher suites oper data */
+    mod_name = "ietf-ssh-common";
+    SR_OPER_SUBSCR(mod_name, "/ietf-ssh-common:supported-algorithms", np2srv_ssh_algs_oper_cb);
 
-    mod_name = "iana-ssh-mac-algs";
-    SR_OPER_SUBSCR(mod_name, "/iana-ssh-mac-algs:supported-algorithms", np2srv_ssh_algs_oper_cb);
+    mod_name = "ietf-tls-common";
+    SR_OPER_SUBSCR(mod_name, "/ietf-tls-common:supported-algorithms", np2srv_tls_algs_oper_cb);
 #endif /* NC_ENABLED_SSH_TLS */
 
     /* subscriptions to running DS */
