📚 API Documentation & Navigation
📋 Module Metadata
Namespace: http://cisco.com/ns/yang/Cisco-IOS-XE-crypto-oper
Prefix: crypto_oper
Related Modules:
Cisco-IOS-XE-aaa-oper
Cisco-IOS-XE-acl-oper
Cisco-IOS-XE-app-cflowd-oper
Cisco-IOS-XE-app-hosting-oper
Cisco-IOS-XE-appqoe-http-oper
💡 Example Usage
# GET operational data curl -X GET \ -H "Accept: application/yang-data+json" \ -u admin:password \ --insecure \ https://device-ip/restconf/data/Cisco-IOS-XE-crypto-oper
📚 External Documentation
module: Cisco-IOS-XE-crypto-oper
+--ro crypto-oper-data
+--ro crypto-ipsec-ident* [interface]
| +--ro interface string
| +--ro ident-data
| +--ro protected-vrf? uint32
| +--ro local-ident-addr? inet:ip-address
| +--ro local-ident-mask? inet:ip-address
| +--ro local-ident-protocol? uint32
| +--ro remote-ident-addr? inet:ip-address
| +--ro remote-ident-mask? inet:ip-address
| +--ro remote-ident-protocol? uint32
| +--ro plaintext-mtu? uint16
| +--ro local-endpt-addr? inet:ip-address
| +--ro remote-endpt-addr? inet:ip-address
| +--ro dh-group? crypto-ios-xe-oper:crypto-dh-group-type
| +--ro inbound-esp-sa
| | +--ro spi? uint32
| | +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| | +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| | +--ro flow-id? uint32
| | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
| +--ro inbound-ah-sa
| | +--ro spi? uint32
| | +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| | +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| | +--ro flow-id? uint32
| | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
| +--ro inbound-pcp-sa
| | +--ro spi? uint32
| | +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| | +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| | +--ro flow-id? uint32
| | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
| +--ro outbound-esp-sa
| | +--ro spi? uint32
| | +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| | +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| | +--ro flow-id? uint32
| | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
| +--ro outbound-ah-sa
| | +--ro spi? uint32
| | +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| | +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| | +--ro flow-id? uint32
| | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
| +--ro outbound-pcp-sa
| +--ro spi? uint32
| +--ro dir? crypto-ios-xe-oper:crypto-dir-type
| +--ro protocol? crypto-ios-xe-oper:crypto-prot-type
| +--ro flow-id? uint32
| +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| +--ro transform-set? crypto-ios-xe-oper:crypto-transform-options
+--ro crypto-ikev2-sa* [sa-id]
| +--ro sa-id uint32
| +--ro sa-data
| +--ro sa-id? uint32
| +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| +--ro local-ip-addr? inet:ip-address
| +--ro local-port? uint16
| +--ro remote-ip-addr? inet:ip-address
| +--ro remote-port? uint16
| +--ro dh-group? crypto-ios-xe-oper:crypto-dh-group-type
| +--ro init-spi? binary
| +--ro resp-spi? binary
| +--ro ivrf? string
| +--ro fvrf? string
| +--ro lifetime? uint32
| +--ro hash-algo? crypto-ios-xe-oper:crypto-hash-alg
| +--ro encr-alg? crypto-ios-xe-oper:crypto-encryption-alg
| +--ro my-auth-method? crypto-ios-xe-oper:crypto-auth-method
| +--ro peer-auth-method? crypto-ios-xe-oper:crypto-auth-method
+--ro crypto-ikev2-stats!
| +--ro sys-res-limit? uint32
| +--ro sa-limit? uint32
| +--ro sa-in-nego-limit? uint32
| +--ro sa-out-nego-limit? uint32
| +--ro cur-in-sa? uint64
| +--ro cur-in-sa-active? uint64
| +--ro cur-in-sa-nego? uint64
| +--ro cur-out-sa? uint64
| +--ro cur-out-sa-active? uint64
| +--ro cur-out-sa-nego? uint64
| +--ro tot-in-req? uint64
| +--ro tot-in-req-acpt? uint64
| +--ro tot-in-req-rej? uint64
| +--ro tot-out-req? uint64
| +--ro tot-out-req-acpt? uint64
| +--ro tot-out-req-rej? uint64
| +--ro tot-req-rej? uint64
| +--ro tot-req-rej-resource? uint64
| +--ro tot-req-rej-sa-limit? uint64
| +--ro tot-pkt-drop? uint64
| +--ro tot-req-drop-queue-limit? uint64
| +--ro tot-in-cookie-req? uint64
| +--ro tot-in-cookie-req-acpt? uint64
| +--ro tot-in-cookie-req-rej? uint64
| +--ro tot-req-rej-no-cookie? uint64
| +--ro tot-del-sess-cert-revoke? uint64
| +--ro tot-quantum-res-sess? uint64
| +--ro tot-quantum-res-sess-man? uint64
| +--ro tot-quantum-res-sess-dyn? uint64
| +--ro tot-ppk-ident-mismatch? uint64
| +--ro tot-ppk-retr-fail? uint64
| +--ro tot-ppk-retr-fail-mand? uint64
| +--ro tot-ppk-auth-fail? uint64
| +--ro tot-ppk-auth-fail-mand? uint64
+--ro crypto-ikev2-stats-resp!
| +--ro max-cac-incoming? uint32
| +--ro cur-in-sa? uint64
| +--ro cur-in-sa-active? uint64
| +--ro cur-in-sa-nego? uint64
| +--ro cur-active-peer-ios-xe? uint32
| +--ro cur-active-peer-anyconnect? uint32
| +--ro cur-active-peer-other? uint32
+--ro crypto-ikev2-sess-brief* [sess-id]
| +--ro sess-id uint32
| +--ro sess
| | +--ro id? uint32
| | +--ro sess-status? crypto-ios-xe-oper:crypto-ikev2-sess-status
| | +--ro ike-count? uint32
| | +--ro child-count? uint32
| +--ro sa* []
| +--ro sa-id? uint32
| +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| +--ro local-ip-addr? inet:ip-address
| +--ro local-port? uint16
| +--ro remote-ip-addr? inet:ip-address
| +--ro remote-port? uint16
| +--ro dh-group? crypto-ios-xe-oper:crypto-dh-group-type
| +--ro init-spi? binary
| +--ro resp-spi? binary
| +--ro ivrf? string
| +--ro fvrf? string
| +--ro lifetime? uint32
| +--ro hash-algo? crypto-ios-xe-oper:crypto-hash-alg
| +--ro encr-alg? crypto-ios-xe-oper:crypto-encryption-alg
| +--ro my-auth-method? crypto-ios-xe-oper:crypto-auth-method
| +--ro peer-auth-method? crypto-ios-xe-oper:crypto-auth-method
+--ro crypto-ikev2-sess-detail* [sess-id]
| +--ro sess-id uint32
| +--ro sess
| | +--ro id? uint32
| | +--ro sess-status? crypto-ios-xe-oper:crypto-ikev2-sess-status
| | +--ro ike-count? uint32
| | +--ro child-count? uint32
| +--ro sa* []
| | +--ro sa-data
| | | +--ro sa-id? uint32
| | | +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| | | +--ro local-ip-addr? inet:ip-address
| | | +--ro local-port? uint16
| | | +--ro remote-ip-addr? inet:ip-address
| | | +--ro remote-port? uint16
| | | +--ro dh-group? crypto-ios-xe-oper:crypto-dh-group-type
| | | +--ro init-spi? binary
| | | +--ro resp-spi? binary
| | | +--ro ivrf? string
| | | +--ro fvrf? string
| | | +--ro lifetime? uint32
| | | +--ro hash-algo? crypto-ios-xe-oper:crypto-hash-alg
| | | +--ro encr-alg? crypto-ios-xe-oper:crypto-encryption-alg
| | | +--ro my-auth-method? crypto-ios-xe-oper:crypto-auth-method
| | | +--ro peer-auth-method? crypto-ios-xe-oper:crypto-auth-method
| | +--ro status-desc? string
| | +--ro local-id? string
| | +--ro remote-id? string
| | +--ro init-spi? string
| | +--ro remote-spi? string
| | +--ro curr-req-msg-id? uint32
| | +--ro next-req-msg-id? uint32
| | +--ro req-msg-queue-size? uint32
| | +--ro window-size? uint32
| | +--ro peer-curr-req-msg-id? uint32
| | +--ro peer-next-req-msg-id? uint32
| | +--ro peer-req-msg-queue-size? uint32
| | +--ro peer-window-size? uint32
| | +--ro dpd-interval? uint16
| | +--ro dpd-retry? uint16
| | +--ro ietf-frag-support? crypto-ios-xe-oper:crypto-ike-ietf-frag
| | +--ro ietf-frag-mtu? uint32
| | +--ro dru-enabled? boolean
| | +--ro extend-auth-configured? boolean
| | +--ro nat? crypto-ios-xe-oper:crypto-ike-nat-discovery
| | +--ro nat-encap-forced? boolean
| | +--ro cisco-trust-sgt-enabled? boolean
| | +--ro disc-revoke-peer-enabled? boolean
| +--ro sa-child* []
| +--ro local* []
| | +--ro start-addr? inet:ip-address
| | +--ro start-port? uint16
| | +--ro end-addr? inet:ip-address
| | +--ro end-port? uint16
| +--ro remote* []
| | +--ro start-addr? inet:ip-address
| | +--ro start-port? uint16
| | +--ro end-addr? inet:ip-address
| | +--ro end-port? uint16
| +--ro esp-spi-in? uint32
| +--ro esp-spi-out? uint32
| +--ro ah-spi-in? uint32
| +--ro ah-spi-out? uint32
| +--ro cpi-in? uint32
| +--ro cpi-out? uint32
| +--ro encr-algo? crypto-ios-xe-oper:crypto-encryption-alg
| +--ro keysize? uint32
| +--ro esp-hmac? crypto-ios-xe-oper:crypto-hash-alg
| +--ro ah-hmac? crypto-ios-xe-oper:crypto-hash-alg
| +--ro encap-type? crypto-ios-xe-oper:crypto-encap-type
+--ro crypto-ikev1-sa* [sa-id]
| +--ro sa-id uint32
| +--ro sa-data
| +--ro sa-id? uint32
| +--ro sa-status? crypto-ios-xe-oper:crypto-sa-status
| +--ro local-ip-addr? inet:ip-address
| +--ro local-port? uint16
| +--ro remote-ip-addr? inet:ip-address
| +--ro remote-port? uint16
| +--ro dh-group? crypto-ios-xe-oper:crypto-dh-group-type
| +--ro init-spi? binary
| +--ro resp-spi? binary
| +--ro ivrf? string
| +--ro fvrf? string
| +--ro lifetime? uint32
| +--ro hash-algo? crypto-ios-xe-oper:crypto-hash-alg
| +--ro encr-alg? crypto-ios-xe-oper:crypto-encryption-alg
| +--ro my-auth-method? crypto-ios-xe-oper:crypto-auth-method
| +--ro peer-auth-method? crypto-ios-xe-oper:crypto-auth-method
+--ro crypto-cerm-info!
| +--ro enabled? boolean
| +--ro resource-info
| | +--ro ipsec-tunnels
| | | +--ro maximum? uint32
| | | +--ro available? uint32
| | +--ro tls-sessions
| | +--ro maximum? uint32
| | +--ro available? uint32
| +--ro resv-info
| | +--ro voice
| | | +--ro tunnels? uint32
| | | +--ro tls-sessions? uint32
| | +--ro ipsec
| | | +--ro tunnels? uint32
| | | +--ro tls-sessions? uint32
| | +--ro sslvpn
| | +--ro tunnels? uint32
| | +--ro tls-sessions? uint32
| +--ro stats-info
| +--ro failed-tunnels? uint32
| +--ro failed-sessions? uint32
+--ro crypto-ipsec-policy-stats!
| +--ro notify-stats* []
| | +--ro notification-type? crypto-ios-xe-oper:crypto-policy-notify-type
| | +--ro num-received? uint32
| | +--ro num-completed? uint32
| | +--ro num-rcv-error? uint32
| | +--ro num-rcv-ignore? uint32
| +--ro cmd-stats* []
| | +--ro cmd-type? crypto-ios-xe-oper:crypto-policy-cmd-type
| | +--ro num-request? uint32
| | +--ro num-reply-ok? uint32
| | +--ro num-reply-error? uint32
| | +--ro num-abort? uint32
| | +--ro total-time? uint64
| +--ro dbase-stats* []
| +--ro dbase-type? crypto-ios-xe-oper:crypto-policy-dbase-type
| +--ro num-add? uint32
| +--ro num-delete? uint32
| +--ro num-abort? uint32
+--ro gdoi-gm* [group-name]
| +--ro group-name string
| +--ro sa-dir? crypto-ios-xe-oper:crypto-ipsec-sa-direction
| +--ro acl-rcvd? string
| +--ro gm-entry* []
| +--ro group-name? string
| +--ro local-addr? inet:ip-address
| +--ro remote-addr? inet:ip-address
| +--ro vrf-enabled? boolean
| +--ro vrf-name? string
| +--ro gm-ver? string
| +--ro gm-state? crypto-ios-xe-oper:crypto-gdoi-gm-state
| +--ro prev-reg-time? yang:date-and-time
| +--ro secs-to-re-reg? uint32
| +--ro succ-reg? uint32
| +--ro att-reg? uint32
| +--ro last-rekey-from-ks? inet:ip-address
| +--ro last-rekey-seq-num? uint32
| +--ro last-rekey-time? yang:date-and-time
| +--ro rekeys-rcvd? uint32
| +--ro rekey-acks-sent? uint32
| +--ro pfs-rekeys? uint32
| +--ro dp-error? boolean
| +--ro dp-interval? uint32
| +--ro dp-reg? uint32
| +--ro num-ipsec-init-reg-exec? uint32
| +--ro num-ipsec-init-reg-ppnd? uint32
| +--ro active-tek-count? uint8
| +--ro sa-track? boolean
| +--ro sa-track-oid? uint32
| +--ro sa-track-is-up? boolean
| +--ro fail-close-revert? boolean
| +--ro ks-policy-removal-time? yang:date-and-time
+--ro gdoi-gm-acl* [group-name]
| +--ro group-name string
| +--ro dwnld-acl-entry* [rule-name]
| | +--ro rule-name uint32
| | +--ro ace-data
| | | +--ro match-counter? yang:counter64
| | +--ro acl-rules
| | +--ro v4-ext-ace-rule
| | +--ro action? crypto-ios-xe-oper:crypto-acl-action-type
| | +--ro proto
| | | +--ro (proto-choice)?
| | | +--:(proto-any)
| | | | +--ro any? empty
| | | +--:(proto-number)
| | | | +--ro number? uint8
| | | +--:(proto-object-group)
| | | +--ro object-group? string
| | +--ro src-addr
| | | +--ro (v4-address-choice)?
| | | +--:(v4-addr-wildcard)
| | | | +--ro addr-wcard
| | | | +--ro address? inet:ipv4-address
| | | | +--ro wildcard? inet:ipv4-address
| | | +--:(v4-host)
| | | | +--ro host? inet:ipv4-address
| | | +--:(v4-object-group)
| | | | +--ro object-group? string
| | | +--:(v4-fqdn-group)
| | | | +--ro fqdn-group? string
| | | +--:(v4-any)
| | | | +--ro any? empty
| | | +--:(v4-geo-group)
| | | +--ro geo-group? string
| | +--ro src-port
| | | +--ro (port-option-choice)?
| | | +--:(port-any)
| | | | +--ro any? empty
| | | +--:(port-conf)
| | | +--ro port-data
| | | +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| | | +--ro port* uint16
| | +--ro dest-addr
| | | +--ro (v4-address-choice)?
| | | +--:(v4-addr-wildcard)
| | | | +--ro addr-wcard
| | | | +--ro address? inet:ipv4-address
| | | | +--ro wildcard? inet:ipv4-address
| | | +--:(v4-host)
| | | | +--ro host? inet:ipv4-address
| | | +--:(v4-object-group)
| | | | +--ro object-group? string
| | | +--:(v4-fqdn-group)
| | | | +--ro fqdn-group? string
| | | +--:(v4-any)
| | | | +--ro any? empty
| | | +--:(v4-geo-group)
| | | +--ro geo-group? string
| | +--ro dest-port
| | +--ro (port-option-choice)?
| | +--:(port-any)
| | | +--ro any? empty
| | +--:(port-conf)
| | +--ro port-data
| | +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| | +--ro port* uint16
| +--ro local-acl-entry* [rule-name]
| +--ro rule-name uint32
| +--ro ace-data
| | +--ro match-counter? yang:counter64
| +--ro acl-rules
| +--ro v4-ext-ace-rule
| +--ro action? crypto-ios-xe-oper:crypto-acl-action-type
| +--ro proto
| | +--ro (proto-choice)?
| | +--:(proto-any)
| | | +--ro any? empty
| | +--:(proto-number)
| | | +--ro number? uint8
| | +--:(proto-object-group)
| | +--ro object-group? string
| +--ro src-addr
| | +--ro (v4-address-choice)?
| | +--:(v4-addr-wildcard)
| | | +--ro addr-wcard
| | | +--ro address? inet:ipv4-address
| | | +--ro wildcard? inet:ipv4-address
| | +--:(v4-host)
| | | +--ro host? inet:ipv4-address
| | +--:(v4-object-group)
| | | +--ro object-group? string
| | +--:(v4-fqdn-group)
| | | +--ro fqdn-group? string
| | +--:(v4-any)
| | | +--ro any? empty
| | +--:(v4-geo-group)
| | +--ro geo-group? string
| +--ro src-port
| | +--ro (port-option-choice)?
| | +--:(port-any)
| | | +--ro any? empty
| | +--:(port-conf)
| | +--ro port-data
| | +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| | +--ro port* uint16
| +--ro dest-addr
| | +--ro (v4-address-choice)?
| | +--:(v4-addr-wildcard)
| | | +--ro addr-wcard
| | | +--ro address? inet:ipv4-address
| | | +--ro wildcard? inet:ipv4-address
| | +--:(v4-host)
| | | +--ro host? inet:ipv4-address
| | +--:(v4-object-group)
| | | +--ro object-group? string
| | +--:(v4-fqdn-group)
| | | +--ro fqdn-group? string
| | +--:(v4-any)
| | | +--ro any? empty
| | +--:(v4-geo-group)
| | +--ro geo-group? string
| +--ro dest-port
| +--ro (port-option-choice)?
| +--:(port-any)
| | +--ro any? empty
| +--:(port-conf)
| +--ro port-data
| +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| +--ro port* uint16
+--ro gdoi-ks-acl* [group-name]
| +--ro group-name string
| +--ro ks-acl-entry* [rule-name]
| +--ro rule-name uint32
| +--ro ace-data
| | +--ro match-counter? yang:counter64
| +--ro acl-rules
| +--ro v4-ext-ace-rule
| +--ro action? crypto-ios-xe-oper:crypto-acl-action-type
| +--ro proto
| | +--ro (proto-choice)?
| | +--:(proto-any)
| | | +--ro any? empty
| | +--:(proto-number)
| | | +--ro number? uint8
| | +--:(proto-object-group)
| | +--ro object-group? string
| +--ro src-addr
| | +--ro (v4-address-choice)?
| | +--:(v4-addr-wildcard)
| | | +--ro addr-wcard
| | | +--ro address? inet:ipv4-address
| | | +--ro wildcard? inet:ipv4-address
| | +--:(v4-host)
| | | +--ro host? inet:ipv4-address
| | +--:(v4-object-group)
| | | +--ro object-group? string
| | +--:(v4-fqdn-group)
| | | +--ro fqdn-group? string
| | +--:(v4-any)
| | | +--ro any? empty
| | +--:(v4-geo-group)
| | +--ro geo-group? string
| +--ro src-port
| | +--ro (port-option-choice)?
| | +--:(port-any)
| | | +--ro any? empty
| | +--:(port-conf)
| | +--ro port-data
| | +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| | +--ro port* uint16
| +--ro dest-addr
| | +--ro (v4-address-choice)?
| | +--:(v4-addr-wildcard)
| | | +--ro addr-wcard
| | | +--ro address? inet:ipv4-address
| | | +--ro wildcard? inet:ipv4-address
| | +--:(v4-host)
| | | +--ro host? inet:ipv4-address
| | +--:(v4-object-group)
| | | +--ro object-group? string
| | +--:(v4-fqdn-group)
| | | +--ro fqdn-group? string
| | +--:(v4-any)
| | | +--ro any? empty
| | +--:(v4-geo-group)
| | +--ro geo-group? string
| +--ro dest-port
| +--ro (port-option-choice)?
| +--:(port-any)
| | +--ro any? empty
| +--:(port-conf)
| +--ro port-data
| +--ro port-oper? crypto-ios-xe-oper:crypto-acl-port-operator-type
| +--ro port* uint16
+--ro gdoi-gm-dp-counters* [group-name]
| +--ro group-name string
| +--ro pkts-encrypt? uint32
| +--ro pkts-decrypt? uint32
| +--ro pkts-tagged? uint32
| +--ro pkts-untagged? uint32
| +--ro pkts-no-sa? uint32
| +--ro pkts-invalid-sa? uint32
| +--ro pkts-encaps-fail? uint32
| +--ro pkts-decap-fail? uint32
| +--ro pkts-invalid-prot? uint32
| +--ro pkts-verify-fail? uint32
| +--ro pkts-not-tagged? uint32
| +--ro pkts-not-untagged? uint32
| +--ro pkts-internal-err-send? uint32
| +--ro pkts-internal-err-rcv? uint32
+--ro gdoi-gm-rekey* [group-name]
| +--ro group-name string
| +--ro transport-type? crypto-ios-xe-oper:crypto-rekey-trans-type
| +--ro total-rekeys-rcv? uint32
| +--ro rekeys-rcv-after-reg? uint32
| +--ro rekey-acks-sent? uint32
| +--ro detail? boolean
| +--ro kek-sa* []
| +--ro kek-sa-type? crypto-ios-xe-oper:crypto-gdoi-kek-sa-type
| +--ro dst-ip? inet:ip-address
| +--ro src-ip? inet:ip-address
| +--ro conn-id? uint16
| +--ro my-cookie? uint32
| +--ro his-cookie? uint32
+--ro gdoi-gm-rekey-detail* [group-name]
| +--ro group-name string
| +--ro transport-type? crypto-ios-xe-oper:crypto-rekey-trans-type
| +--ro total-rekeys-rcv? uint32
| +--ro rekeys-rcv-after-reg? uint32
| +--ro rekey-acks-sent? uint32
| +--ro detail? boolean
| +--ro kek-sa* []
| +--ro kek-sa-type? crypto-ios-xe-oper:crypto-gdoi-kek-sa-type
| +--ro dst-ip? inet:ip-address
| +--ro src-ip? inet:ip-address
| +--ro conn-id? uint16
| +--ro my-cookie? uint32
| +--ro his-cookie? uint32
+--ro gdoi-gm-replay* [group-name]
| +--ro group-name string
| +--ro time-based-replay? boolean
| +--ro replay-value? uint32
| +--ro input-pkts? uint32
| +--ro output-pkts? uint32
| +--ro input-error-pkts? uint32
| +--ro output-error-pkts? uint32
| +--ro time-sync-error? uint32
| +--ro max-time-delta? uint32
+--ro gdoi-ks* [group-name]
| +--ro group-name string
| +--ro group-id? uint32
| +--ro re-auth? boolean
| +--ro group-type? crypto-ios-xe-oper:crypto-gdoi-group-type
| +--ro gikev2-prof? string
| +--ro total-mem? uint16
| +--ro gdoi-mem? uint16
| +--ro gikev2-mem? uint16
| +--ro rekey-ack? crypto-ios-xe-oper:crypto-rekey-ack-type
| +--ro sa-dir? crypto-ios-xe-oper:crypto-ipsec-sa-direction
| +--ro ipd3p-window? uint32
| +--ro pfs? boolean
| +--ro sp-resil-factor? uint16
| +--ro redundancy? boolean
| +--ro ks-addr? inet:ip-address
| +--ro priority? uint8
| +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| +--ro version? string
| +--ro coop-version? string
| +--ro acl* string
+--ro gdoi-ks-coop* [group-name]
| +--ro group-name string
| +--ro redundancy? boolean
| +--ro local-ks
| | +--ro ks-addr? inet:ip-address
| | +--ro priority? uint8
| | +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| | +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| | +--ro version? string
| | +--ro coop-version? string
| | +--ro coop-refresh-time? uint8
| | +--ro anti-replay-seq-num? uint16
| | +--ro sec-refresh-time? uint8
| | +--ro ks-timers
| | +--ro sync-time? yang:date-and-time
| | +--ro retries? uint8
| | +--ro invalid-msgs? uint8
| | +--ro reg-blocked? boolean
| | +--ro per-user-enabled? boolean
| | +--ro per-user-time? yang:date-and-time
| +--ro peer-ks* []
| +--ro ks-addr? inet:ip-address
| +--ro priority? uint8
| +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| +--ro version? string
| +--ro coop-version? string
| +--ro anti-replay-seq-num? uint16
| +--ro ike-status? crypto-ios-xe-oper:coop-ike-status
| +--ro ann-msgs-sent? uint16
| +--ro reply-req-sent? uint16
| +--ro ann-msgs-rcv? uint16
| +--ro reply-req-rcv? uint16
| +--ro pkts-sent-drops? uint32
| +--ro pkts-rcv-drops? uint32
| +--ro bytes-sent? uint32
| +--ro bytes-rcv? uint32
| +--ro protocol? crypto-ios-xe-oper:crypto-gdoi-coop-ks-protocol
+--ro gdoi-ks-coop-ident* [group-name]
| +--ro group-name string
| +--ro local-ks
| | +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| | +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| | +--ro local-addr? inet:ip-address
| | +--ro next-sid-operation? crypto-ios-xe-oper:coop-ks-next-sid-operation
| | +--ro re-init? boolean
| | +--ro kssid-overlap? boolean
| | +--ro cfg-sid-len? uint8
| | +--ro used-sid-len? uint8
| | +--ro cfg-group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro used-group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro curr-kssid? uint8
| | +--ro kssid-assigned
| | | +--ro (discrim-choice)?
| | | +--:(crypto-kssid-string)
| | | | +--ro kssid? string
| | | +--:(crypto-kssid-bitlist)
| | | | +--ro kssid-bitlist? uint32
| | | +--:(crypto-kssid-limit)
| | | +--ro ks-sender-id
| | | +--ro ks-sender-id* []
| | | +--ro lower? uint32
| | | +--ro upper? uint32
| | +--ro kssid-used
| | | +--ro (discrim-choice)?
| | | +--:(crypto-kssid-string)
| | | | +--ro kssid? string
| | | +--:(crypto-kssid-bitlist)
| | | | +--ro kssid-bitlist? uint32
| | | +--:(crypto-kssid-limit)
| | | +--ro ks-sender-id
| | | +--ro ks-sender-id* []
| | | +--ro lower? uint32
| | | +--ro upper? uint32
| | +--ro old-kssid-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro redundancy? boolean
| +--ro detail? boolean
| +--ro peer-ks* []
| +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| +--ro local-addr? inet:ip-address
| +--ro next-sid-operation? crypto-ios-xe-oper:coop-ks-next-sid-operation
| +--ro re-init? boolean
| +--ro kssid-overlap? boolean
| +--ro cfg-sid-len? uint8
| +--ro used-sid-len? uint8
| +--ro cfg-group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro used-group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro curr-kssid? uint8
| +--ro kssid-assigned
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssid-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro old-kssid-used
| +--ro (discrim-choice)?
| +--:(crypto-kssid-string)
| | +--ro kssid? string
| +--:(crypto-kssid-bitlist)
| | +--ro kssid-bitlist? uint32
| +--:(crypto-kssid-limit)
| +--ro ks-sender-id
| +--ro ks-sender-id* []
| +--ro lower? uint32
| +--ro upper? uint32
+--ro gdoi-ks-coop-ident-detail* [group-name]
| +--ro group-name string
| +--ro local-ks
| | +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| | +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| | +--ro local-addr? inet:ip-address
| | +--ro next-sid-operation? crypto-ios-xe-oper:coop-ks-next-sid-operation
| | +--ro re-init? boolean
| | +--ro kssid-overlap? boolean
| | +--ro cfg-sid-len? uint8
| | +--ro used-sid-len? uint8
| | +--ro cfg-group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro used-group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro curr-kssid? uint8
| | +--ro kssid-assigned
| | | +--ro (discrim-choice)?
| | | +--:(crypto-kssid-string)
| | | | +--ro kssid? string
| | | +--:(crypto-kssid-bitlist)
| | | | +--ro kssid-bitlist? uint32
| | | +--:(crypto-kssid-limit)
| | | +--ro ks-sender-id
| | | +--ro ks-sender-id* []
| | | +--ro lower? uint32
| | | +--ro upper? uint32
| | +--ro kssid-used
| | | +--ro (discrim-choice)?
| | | +--:(crypto-kssid-string)
| | | | +--ro kssid? string
| | | +--:(crypto-kssid-bitlist)
| | | | +--ro kssid-bitlist? uint32
| | | +--:(crypto-kssid-limit)
| | | +--ro ks-sender-id
| | | +--ro ks-sender-id* []
| | | +--ro lower? uint32
| | | +--ro upper? uint32
| | +--ro old-kssid-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro redundancy? boolean
| +--ro detail? boolean
| +--ro peer-ks* []
| +--ro role? crypto-ios-xe-oper:crypto-gdoi-coop-ks-role
| +--ro status? crypto-ios-xe-oper:crypto-gdoi-coop-ks-status
| +--ro local-addr? inet:ip-address
| +--ro next-sid-operation? crypto-ios-xe-oper:coop-ks-next-sid-operation
| +--ro re-init? boolean
| +--ro kssid-overlap? boolean
| +--ro cfg-sid-len? uint8
| +--ro used-sid-len? uint8
| +--ro cfg-group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro used-group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro curr-kssid? uint8
| +--ro kssid-assigned
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssid-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro old-kssid-used
| +--ro (discrim-choice)?
| +--:(crypto-kssid-string)
| | +--ro kssid? string
| +--:(crypto-kssid-bitlist)
| | +--ro kssid-bitlist? uint32
| +--:(crypto-kssid-limit)
| +--ro ks-sender-id
| +--ro ks-sender-id* []
| +--ro lower? uint32
| +--ro upper? uint32
+--ro gdoi-ks-mem* [group-name]
| +--ro group-name string
| +--ro group-id? uint32
| +--ro tot-group-mem? uint32
| +--ro num-rekeys-sent? uint32
| +--ro num-rexmit? uint32
| +--ro duration? uint32
| +--ro ks-entry* []
| | +--ro ks-ip? inet:ip-address
| | +--ro gmdb-state? crypto-ios-xe-oper:coop-ks-gmdb-state
| | +--ro group-mem? uint32
| +--ro gm-entry* [gm-number]
| +--ro gm-number uint32
| +--ro gm-id? inet:ip-address
| +--ro gm-ver? string
| +--ro group-type? crypto-ios-xe-oper:crypto-gdoi-group-type
| +--ro gm-state? crypto-ios-xe-oper:crypto-gdoi-gm-state
| +--ro ks-id? inet:ip-address
| +--ro rekeys-sent? uint32
| +--ro rekey-retries? uint32
| +--ro rekey-acks-rcvd? uint32
| +--ro rekey-acks-missed? uint32
+--ro gdoi-ks-policy* [group-name]
| +--ro group-name string
| +--ro ks-entry* []
| +--ro ks-ip? inet:ip-address
| +--ro total-tek? uint8
| +--ro seq-num? uint32
| +--ro valid-kek? boolean
| +--ro kek
| | +--ro rekey-transport-type? crypto-ios-xe-oper:crypto-rekey-trans-type
| | +--ro kek-spi? string
| | +--ro mgmt-alg? boolean
| | +--ro encr-alg? crypto-ios-xe-oper:crypto-rekey-encr-alg
| | +--ro crypto-iv-len? uint8
| | +--ro key-size? uint8
| | +--ro orig-life? uint32
| | +--ro kek-birth-time? yang:date-and-time
| | +--ro rem-life? uint32
| | +--ro time-to-rekey? uint32
| | +--ro sig-hash-alg? boolean
| | +--ro sig-key-len? uint16
| | +--ro sig-size? uint16
| | +--ro sig-key-name? string
| | +--ro rekey-ack-type? crypto-ios-xe-oper:crypto-rekey-ack-type
| +--ro tek* []
| +--ro encaps-mode? crypto-ios-xe-oper:crypto-encaps-mode
| +--ro tek-spi? string
| +--ro acl? string
| +--ro transform-mode? crypto-ios-xe-oper:crypto-transform-options
| +--ro alg-key-size? uint8
| +--ro sig-key-size? uint8
| +--ro orig-life? uint32
| +--ro tek-birth-time? yang:date-and-time
| +--ro rem-life? uint32
| +--ro override-life? uint32
| +--ro anti-replay-window? uint8
| +--ro time-to-rekey? uint32
+--ro gdoi-ks-rekey* [group-name]
| +--ro group-name string
| +--ro rekey-ack? crypto-ios-xe-oper:crypto-rekey-ack-type
| +--ro rekey-in-progress? boolean
| +--ro rekeys-sent? uint32
| +--ro rekeys-rexmit? uint32
| +--ro kek-lifetime? uint32
| +--ro kek-birth-time? yang:date-and-time
| +--ro kek-rem-life? uint32
| +--ro rem-time-kek-rekey? uint32
| +--ro rexmit-period? uint32
| +--ro num-rexmit? uint32
| +--ro cur-rexmit? uint32
| +--ro ipsec-sa* []
| | +--ro ipsec-sa-num? uint16
| | +--ro tek-birth-time? yang:date-and-time
| | +--ro tek-lifetime? uint32
| | +--ro rem-tek-lifetime? uint32
| | +--ro rem-time-tek-rekey? uint32
| +--ro delete-in-progress? boolean
+--ro gdoi-ks-coop-version!
| +--ro coop-ks-infra-version? string
| +--ro coop-ks-version* []
| +--ro client-name? crypto-ios-xe-oper:crypto-client-name
| +--ro client-version? string
+--ro gdoi-ks-replay* [group-name]
| +--ro group-name string
| +--ro time-based-replay? boolean
| +--ro replay-value? uint32
| +--ro rem-sync-time? uint32
| +--ro last-sync-timestamp? yang:date-and-time
+--ro gdoi-ks-ident* [group-name]
| +--ro group-name string
| +--ro transform-mode? crypto-ios-xe-oper:crypto-gdoi-transform-mode
| +--ro suite-b-mode? boolean
| +--ro re-init? boolean
| +--ro sid-len? uint8
| +--ro group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro curr-kssid? uint8
| +--ro last-gmsid? uint32
| +--ro detail? boolean
| x--ro kssid-assigned? uint32
| x--ro kssid-used? uint32
| x--ro old-kssid-used? uint32
| x--ro kssid-available? uint32
| +--ro kssid-re-init? uint8
| +--ro gmsid-re-init? uint32
| +--ro num-kssid-remain? uint32
| +--ro num-kssid-re-init? uint32
| +--ro kssids-assigned
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssids-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro old-kssids-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssids-available
| +--ro (discrim-choice)?
| +--:(crypto-kssid-string)
| | +--ro kssid? string
| +--:(crypto-kssid-bitlist)
| | +--ro kssid-bitlist? uint32
| +--:(crypto-kssid-limit)
| +--ro ks-sender-id
| +--ro ks-sender-id* []
| +--ro lower? uint32
| +--ro upper? uint32
+--ro gdoi-ks-ident-detail* [group-name]
| +--ro group-name string
| +--ro transform-mode? crypto-ios-xe-oper:crypto-gdoi-transform-mode
| +--ro suite-b-mode? boolean
| +--ro re-init? boolean
| +--ro sid-len? uint8
| +--ro group-size? crypto-ios-xe-oper:coop-ks-group-size
| +--ro curr-kssid? uint8
| +--ro last-gmsid? uint32
| +--ro detail? boolean
| x--ro kssid-assigned? uint32
| x--ro kssid-used? uint32
| x--ro old-kssid-used? uint32
| x--ro kssid-available? uint32
| +--ro kssid-re-init? uint8
| +--ro gmsid-re-init? uint32
| +--ro num-kssid-remain? uint32
| +--ro num-kssid-re-init? uint32
| +--ro kssids-assigned
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssids-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro old-kssids-used
| | +--ro (discrim-choice)?
| | +--:(crypto-kssid-string)
| | | +--ro kssid? string
| | +--:(crypto-kssid-bitlist)
| | | +--ro kssid-bitlist? uint32
| | +--:(crypto-kssid-limit)
| | +--ro ks-sender-id
| | +--ro ks-sender-id* []
| | +--ro lower? uint32
| | +--ro upper? uint32
| +--ro kssids-available
| +--ro (discrim-choice)?
| +--:(crypto-kssid-string)
| | +--ro kssid? string
| +--:(crypto-kssid-bitlist)
| | +--ro kssid-bitlist? uint32
| +--:(crypto-kssid-limit)
| +--ro ks-sender-id
| +--ro ks-sender-id* []
| +--ro lower? uint32
| +--ro upper? uint32
+--ro gdoi-gm-pubkey* [group-name]
| +--ro group-name string
| +--ro public-key-entry* []
| +--ro kek-sa-type? crypto-ios-xe-oper:crypto-gdoi-kek-sa-type
| +--ro ks-ip? inet:ip-address
| +--ro conn-id? uint16
| +--ro my-cookie? uint32
| +--ro his-cookie? uint32
| +--ro key-data? binary
+--ro gdoi-gm-ident* [group-name]
| +--ro group-name string
| +--ro gm-entry* []
| +--ro gm-ip? inet:ip-address
| +--ro vrf-name? string
| +--ro transform-mode? crypto-ios-xe-oper:crypto-gdoi-transform-mode
| +--ro sid-last-req? uint8
| +--ro suite-b-mode? boolean
| +--ro detail? boolean
| +--ro sid-current
| | +--ro shared-across-interface? boolean
| | +--ro sid-len? uint8
| | +--ro group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro num-sid-dwnld? uint8
| | +--ro first-sid-dwnld? uint32
| | +--ro last-sid-dwnld? uint32
| | +--ro if-entry* []
| | +--ro if-name? string
| | +--ro pkts-per-sec? uint32
| | +--ro req? uint32
| | +--ro recv? uint32
| | +--ro low-sid-range? uint32
| | +--ro high-sid-range? uint32
| +--ro next-sid-tek-lifetime? uint32
| +--ro next-sid-sid-len? uint8
| +--ro next-sid-group-size? crypto-ios-xe-oper:coop-ks-group-size
+--ro gdoi-gm-ident-detail* [group-name]
| +--ro group-name string
| +--ro gm-entry* []
| +--ro gm-ip? inet:ip-address
| +--ro vrf-name? string
| +--ro transform-mode? crypto-ios-xe-oper:crypto-gdoi-transform-mode
| +--ro sid-last-req? uint8
| +--ro suite-b-mode? boolean
| +--ro detail? boolean
| +--ro sid-current
| | +--ro shared-across-interface? boolean
| | +--ro sid-len? uint8
| | +--ro group-size? crypto-ios-xe-oper:coop-ks-group-size
| | +--ro num-sid-dwnld? uint8
| | +--ro first-sid-dwnld? uint32
| | +--ro last-sid-dwnld? uint32
| | +--ro if-entry* []
| | +--ro if-name? string
| | +--ro pkts-per-sec? uint32
| | +--ro req? uint32
| | +--ro recv? uint32
| | +--ro low-sid-range? uint32
| | +--ro high-sid-range? uint32
| +--ro next-sid-tek-lifetime? uint32
| +--ro next-sid-sid-len? uint8
| +--ro next-sid-group-size? crypto-ios-xe-oper:coop-ks-group-size
+--ro gdoi-rekey-sa-info* [group-name]
| +--ro group-name string
| +--ro kek-rekey-info* []
| +--ro dst-ip? inet:ip-address
| +--ro src-ip? inet:ip-address
| +--ro conn-id? uint16
| +--ro active-status? boolean
+--ro gdoi-rekey-sa* [group-name]
| +--ro group-name string
| +--ro kek-db-stats
| | +--ro num-active? uint32
| | +--ro num-malloc? uint32
| | +--ro num-free? uint32
| +--ro kek-entry* []
| +--ro transport-type? crypto-ios-xe-oper:crypto-rekey-trans-type
| +--ro local-addr? inet:ip-address
| +--ro remote-addr? inet:ip-address
| +--ro kek-spi? string
| +--ro mgmt-alg? boolean
| +--ro encr-alg? crypto-ios-xe-oper:crypto-rekey-encr-alg
| +--ro crypto-iv-len? uint8
| +--ro key-size? uint8
| +--ro birth-time? yang:date-and-time
| +--ro orig-life? uint32
| +--ro sig-hash-alg? boolean
| +--ro sig-key-len? uint16
| +--ro sig-size? uint16
| +--ro rekey-ack-type? crypto-ios-xe-oper:crypto-rekey-ack-type
| +--ro ikev1-conn-id? uint16
| +--ro ikev2-conn-id? uint16
| +--ro seq-num? uint32
| +--ro prev-seq-num? uint32
| +--ro ike-handle? string
| +--ro gm-mode? boolean
| +--ro if-name? string
+--ro gdoi-feature* [group-name feature-id]
+--ro group-name string
+--ro feature-id crypto-ios-xe-oper:crypto-gdoi-feature-options
+--ro is-ks? boolean
+--ro ks-entry* []
| +--ro ip-addr? inet:ip-address
| +--ro gdoi-version? string
| +--ro feature-supported? boolean
+--ro gm-entry* []
+--ro ip-addr? inet:ip-address
+--ro gdoi-version? string
+--ro feature-supported? boolean