1 module ietf-tcp-client {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client";
6 import ietf-inet-types {
9 "RFC 6991: Common YANG Data Types";
12 import ietf-crypto-types {
15 "RFC AAAA: YANG Data Types and Groupings for Cryptography";
18 import ietf-tcp-common {
21 "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
25 "IETF NETCONF (Network Configuration) Working Group and the
26 IETF TCP Maintenance and Minor Extensions (TCPM) Working Group";
29 "WG Web: https://datatracker.ietf.org/wg/netconf
30 https://datatracker.ietf.org/wg/tcpm
31 WG List: NETCONF WG list <mailto:netconf@ietf.org>
32 TCPM WG list <mailto:tcpm@ietf.org>
33 Authors: Kent Watsen <mailto:kent+ietf@watsen.net>
35 <mailto:michael.scharf@hs-esslingen.de>";
38 "This module defines reusable groupings for TCP clients that
39 can be used as a basis for specific TCP client instances.
41 Copyright (c) 2023 IETF Trust and the persons identified
42 as authors of the code. All rights reserved.
44 Redistribution and use in source and binary forms, with
45 or without modification, is permitted pursuant to, and
46 subject to the license terms contained in, the Revised
47 BSD License set forth in Section 4.c of the IETF Trust's
48 Legal Provisions Relating to IETF Documents
49 (https://trustee.ietf.org/license-info).
51 This version of this YANG module is part of RFC DDDD
52 (https://www.rfc-editor.org/info/rfcDDDD); see the RFC
53 itself for full legal notices.
55 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
56 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
57 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
58 are to be interpreted as described in BCP 14 (RFC 2119)
59 (RFC 8174) when, and only when, they appear in all
60 capitals, as shown here.";
66 "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
71 feature local-binding-supported {
73 "Indicates that the server supports configuring local
74 bindings (i.e., the local address and local port) for
78 feature tcp-client-keepalives {
80 "Per socket TCP keepalive parameters are configurable for
81 TCP clients on the server implementing this feature.";
83 "RFC 9293: Transmission Control Protocol (TCP)";
86 feature proxy-connect {
88 "Proxy connection configuration is configurable for
89 TCP clients on the server implementing this feature.
90 Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
93 1992 Usenix Security Symposium.
95 SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
96 https://www.openssh.com/txt/socks4a.protocol
98 SOCKS Protocol Version 5";
101 feature socks5-gss-api {
103 "Indicates that the server, when acting as a TCP-client,
104 supports authenticating to a SOCKS Version 5 proxy server
105 using GSSAPI credentials.";
107 "RFC 1928: SOCKS Protocol Version 5";
110 feature socks5-username-password {
112 "Indicates that the server, when acting as a TCP-client,
113 supports authenticating to a SOCKS Version 5 proxy server
114 using 'username' and 'password' credentials.";
116 "RFC 1928: SOCKS Protocol Version 5";
121 grouping tcp-client-grouping {
123 "A reusable grouping for configuring a TCP client.
125 Note that this grouping uses fairly typical descendant
126 node names such that a stack of 'uses' statements will
127 have name conflicts. It is intended that the consuming
128 data model will resolve the issue (e.g., by wrapping
129 the 'uses' statement in a container called
130 'tcp-client-parameters'). This model purposely does
131 not do this itself so as to provide maximum flexibility
132 to consuming models.";
134 leaf remote-address {
138 "The IP address or hostname of the remote peer to
139 establish a connection with. If a domain name is
140 configured, then the DNS resolution should happen on
141 each connection attempt. If the DNS resolution
142 results in multiple IP addresses, the IP addresses
143 are tried according to local preference order until
144 a connection has been established or until all IP
145 addresses have failed.";
148 type inet:port-number;
151 "The IP port number for the remote peer to establish a
152 connection with. An invalid default value is used
153 so that importing modules may 'refine' it with the
154 appropriate default port number value.";
157 if-feature "local-binding-supported";
158 type inet:ip-address;
160 "The local IP address/interface to bind to for when
161 connecting to the remote peer. INADDR_ANY ('0.0.0.0') or
162 INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
163 explicitly indicate the implicit default, that the server
164 can bind to any IPv4 or IPv6 addresses, respectively.";
167 if-feature "local-binding-supported";
168 type inet:port-number;
171 "The local IP port number to bind to for when connecting
172 to the remote peer. The port number '0', which is the
173 default value, indicates that any available local port
174 number may be used.";
176 container proxy-server {
177 if-feature "proxy-connect";
179 "Indicates that a proxy connection has been configured.
180 Present so that the mandatory descendant nodes do not
181 imply that this node must be configured.";
185 "Selects a proxy connection protocol.";
187 container socks4-parameters {
188 leaf remote-address {
189 type inet:ip-address;
192 "The IP address of the proxy server.";
195 type inet:port-number;
198 "The IP port number for the proxy server.";
201 "Parameters for connecting to a TCP-based proxy
202 server using the SOCKS4 protocol.";
204 "SOCKS, Proceedings: 1992 Usenix Security Symposium.";
208 container socks4a-parameters {
209 leaf remote-address {
213 "The IP address or hostname of the proxy server.";
216 type inet:port-number;
219 "The IP port number for the proxy server.";
222 "Parameters for connecting to a TCP-based proxy
223 server using the SOCKS4a protocol.";
226 1992 Usenix Security Symposium.
228 SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
229 https://www.openssh.com/txt/socks4a.protocol";
233 container socks5-parameters {
234 leaf remote-address {
238 "The IP address or hostname of the proxy server.";
241 type inet:port-number;
244 "The IP port number for the proxy server.";
246 container authentication-parameters {
248 "Indicates that an authentication mechanism
249 has been configured. Present so that the
250 mandatory descendant nodes do not imply that
251 this node must be configured.";
253 "A container for SOCKS Version 5 authentication
256 A complete list of methods is defined at:
257 https://www.iana.org/assignments/socks-methods
258 /socks-methods.xhtml.";
260 "RFC 1928: SOCKS Protocol Version 5";
264 "A choice amongst supported SOCKS Version 5
265 authentication mechanisms.";
267 if-feature "socks5-gss-api";
270 "Contains GSS-API configuration. Defines
271 as an empty container to enable specific
272 GSS-API configuration to be augmented in
275 "RFC 1928: SOCKS Protocol Version 5
276 RFC 2743: Generic Security Service
277 Application Program Interface
278 Version 2, Update 1";
281 case username-password {
282 if-feature "socks5-username-password";
283 container username-password {
288 "The 'username' value to use for client
291 uses ct:password-grouping {
293 "The password to be used for client
297 "Contains Username/Password configuration.";
299 "RFC 1929: Username/Password Authentication
306 "Parameters for connecting to a TCP-based proxy server
307 using the SOCKS5 protocol.";
309 "RFC 1928: SOCKS Protocol Version 5";
314 "Proxy server settings.";
317 uses tcpcmn:tcp-common-grouping {
318 refine "keepalives" {
319 if-feature "tcp-client-keepalives";
321 "Add an if-feature statement so that implementations
322 can choose to support TCP client keepalives.";