--- /dev/null
+module ietf-tcp-client {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client";
+ prefix tcpc;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ import ietf-crypto-types {
+ prefix ct;
+ reference
+ "RFC AAAA: YANG Data Types and Groupings for Cryptography";
+ }
+
+ import ietf-tcp-common {
+ prefix tcpcmn;
+ reference
+ "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group and the
+ IETF TCP Maintenance and Minor Extensions (TCPM) Working Group";
+
+ contact
+ "WG Web: https://datatracker.ietf.org/wg/netconf
+ https://datatracker.ietf.org/wg/tcpm
+ WG List: NETCONF WG list <mailto:netconf@ietf.org>
+ TCPM WG list <mailto:tcpm@ietf.org>
+ Authors: Kent Watsen <mailto:kent+ietf@watsen.net>
+ Michael Scharf
+ <mailto:michael.scharf@hs-esslingen.de>";
+
+ description
+ "This module defines reusable groupings for TCP clients that
+ can be used as a basis for specific TCP client instances.
+
+ Copyright (c) 2024 IETF Trust and the persons identified
+ as authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with
+ or without modification, is permitted pursuant to, and
+ subject to the license terms contained in, the Revised
+ BSD License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC DDDD
+ (https://www.rfc-editor.org/info/rfcDDDD); see the RFC
+ itself for full legal notices.
+
+ The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
+ 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
+ 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
+ are to be interpreted as described in BCP 14 (RFC 2119)
+ (RFC 8174) when, and only when, they appear in all
+ capitals, as shown here.";
+
+ revision 2024-02-08 {
+ description
+ "Initial version";
+ reference
+ "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
+ }
+
+ // Features
+
+ feature local-binding-supported {
+ description
+ "Indicates that the server supports configuring local
+ bindings (i.e., the local address and local port) for
+ TCP clients.";
+ }
+
+ feature tcp-client-keepalives {
+ description
+ "Per socket TCP keepalive parameters are configurable for
+ TCP clients on the server implementing this feature.";
+ reference
+ "RFC 9293: Transmission Control Protocol (TCP)";
+ }
+
+ feature proxy-connect {
+ description
+ "Proxy connection configuration is configurable for
+ TCP clients on the server implementing this feature.
+ Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
+ reference
+ "SOCKS Proceedings:
+ 1992 Usenix Security Symposium.
+ OpenSSH message:
+ SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
+ https://www.openssh.com/txt/socks4a.protocol
+ RFC 1928:
+ SOCKS Protocol Version 5";
+ }
+
+ feature socks5-gss-api {
+ description
+ "Indicates that the server, when acting as a TCP-client,
+ supports authenticating to a SOCKS Version 5 proxy server
+ using GSSAPI credentials.";
+ reference
+ "RFC 1928: SOCKS Protocol Version 5";
+ }
+
+ feature socks5-username-password {
+ description
+ "Indicates that the server, when acting as a TCP-client,
+ supports authenticating to a SOCKS Version 5 proxy server
+ using 'username' and 'password' credentials.";
+ reference
+ "RFC 1928: SOCKS Protocol Version 5";
+ }
+
+ // Groupings
+
+ grouping tcp-client-grouping {
+ description
+ "A reusable grouping for configuring a TCP client.
+
+ Note that this grouping uses fairly typical descendant
+ node names such that a stack of 'uses' statements will
+ have name conflicts. It is intended that the consuming
+ data model will resolve the issue (e.g., by wrapping
+ the 'uses' statement in a container called
+ 'tcp-client-parameters'). This model purposely does
+ not do this itself so as to provide maximum flexibility
+ to consuming models.";
+
+ leaf remote-address {
+ type inet:host;
+ mandatory true;
+ description
+ "The IP address or hostname of the remote peer to
+ establish a connection with. If a domain name is
+ configured, then the DNS resolution should happen on
+ each connection attempt. If the DNS resolution
+ results in multiple IP addresses, the IP addresses
+ are tried according to local preference order until
+ a connection has been established or until all IP
+ addresses have failed.";
+ }
+ leaf remote-port {
+ type inet:port-number;
+ default "0";
+ description
+ "The IP port number for the remote peer to establish a
+ connection with. An invalid default value is used
+ so that importing modules may 'refine' it with the
+ appropriate default port number value.";
+ }
+ leaf local-address {
+ if-feature "local-binding-supported";
+ type inet:ip-address;
+ description
+ "The local IP address/interface to bind to for when
+ connecting to the remote peer. INADDR_ANY ('0.0.0.0') or
+ INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
+ explicitly indicate the implicit default, that the server
+ can bind to any IPv4 or IPv6 addresses, respectively.";
+ }
+ leaf local-port {
+ if-feature "local-binding-supported";
+ type inet:port-number;
+ default "0";
+ description
+ "The local IP port number to bind to for when connecting
+ to the remote peer. The port number '0', which is the
+ default value, indicates that any available local port
+ number may be used.";
+ }
+ container proxy-server {
+ if-feature "proxy-connect";
+ presence
+ "Indicates that a proxy connection has been configured.
+ Present so that the mandatory descendant nodes do not
+ imply that this node must be configured.";
+ choice proxy-type {
+ mandatory true;
+ description
+ "Selects a proxy connection protocol.";
+ case socks4 {
+ container socks4-parameters {
+ leaf remote-address {
+ type inet:ip-address;
+ mandatory true;
+ description
+ "The IP address of the proxy server.";
+ }
+ leaf remote-port {
+ type inet:port-number;
+ default "1080";
+ description
+ "The IP port number for the proxy server.";
+ }
+ description
+ "Parameters for connecting to a TCP-based proxy
+ server using the SOCKS4 protocol.";
+ reference
+ "SOCKS, Proceedings: 1992 Usenix Security Symposium.";
+ }
+ }
+ case socks4a {
+ container socks4a-parameters {
+ leaf remote-address {
+ type inet:host;
+ mandatory true;
+ description
+ "The IP address or hostname of the proxy server.";
+ }
+ leaf remote-port {
+ type inet:port-number;
+ default "1080";
+ description
+ "The IP port number for the proxy server.";
+ }
+ description
+ "Parameters for connecting to a TCP-based proxy
+ server using the SOCKS4a protocol.";
+ reference
+ "SOCKS Proceedings:
+ 1992 Usenix Security Symposium.
+ OpenSSH message:
+ SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
+ https://www.openssh.com/txt/socks4a.protocol";
+ }
+ }
+ case socks5 {
+ container socks5-parameters {
+ leaf remote-address {
+ type inet:host;
+ mandatory true;
+ description
+ "The IP address or hostname of the proxy server.";
+ }
+ leaf remote-port {
+ type inet:port-number;
+ default "1080";
+ description
+ "The IP port number for the proxy server.";
+ }
+ container authentication-parameters {
+ presence
+ "Indicates that an authentication mechanism
+ has been configured. Present so that the
+ mandatory descendant nodes do not imply that
+ this node must be configured.";
+ description
+ "A container for SOCKS Version 5 authentication
+ mechanisms.
+
+ A complete list of methods is defined at:
+ https://www.iana.org/assignments/socks-methods
+ /socks-methods.xhtml.";
+ reference
+ "RFC 1928: SOCKS Protocol Version 5";
+ choice auth-type {
+ mandatory true;
+ description
+ "A choice amongst supported SOCKS Version 5
+ authentication mechanisms.";
+ case gss-api {
+ if-feature "socks5-gss-api";
+ container gss-api {
+ description
+ "Contains GSS-API configuration. Defines
+ as an empty container to enable specific
+ GSS-API configuration to be augmented in
+ by future modules.";
+ reference
+ "RFC 1928: SOCKS Protocol Version 5
+ RFC 2743: Generic Security Service
+ Application Program Interface
+ Version 2, Update 1";
+ }
+ }
+ case username-password {
+ if-feature "socks5-username-password";
+ container username-password {
+ leaf username {
+ type string;
+ mandatory true;
+ description
+ "The 'username' value to use for client
+ identification.";
+ }
+ uses ct:password-grouping {
+ description
+ "The password to be used for client
+ authentication.";
+ }
+ description
+ "Contains Username/Password configuration.";
+ reference
+ "RFC 1929: Username/Password Authentication
+ for SOCKS V5";
+ }
+ }
+ }
+ }
+ description
+ "Parameters for connecting to a TCP-based proxy server
+ using the SOCKS5 protocol.";
+ reference
+ "RFC 1928: SOCKS Protocol Version 5";
+ }
+ }
+ }
+ description
+ "Proxy server settings.";
+ }
+
+ uses tcpcmn:tcp-common-grouping {
+ refine "keepalives" {
+ if-feature "tcp-client-keepalives";
+ description
+ "An if-feature statement so that implementations
+ can choose to support TCP client keepalives.";
+ }
+ }
+ }
+}
Code Review / netconf.git / blobdiff