| module ietf-tcp-client { |
| yang-version 1.1; |
| namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client"; |
| prefix tcpc; |
| |
| import ietf-inet-types { |
| prefix inet; |
| reference |
| "RFC 6991: Common YANG Data Types"; |
| } |
| |
| import ietf-crypto-types { |
| prefix ct; |
| reference |
| "RFC AAAA: YANG Data Types and Groupings for Cryptography"; |
| } |
| |
| import ietf-tcp-common { |
| prefix tcpcmn; |
| reference |
| "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers"; |
| } |
| |
| organization |
| "IETF NETCONF (Network Configuration) Working Group and the |
| IETF TCP Maintenance and Minor Extensions (TCPM) Working Group"; |
| |
| contact |
| "WG Web: https://datatracker.ietf.org/wg/netconf |
| https://datatracker.ietf.org/wg/tcpm |
| WG List: NETCONF WG list <mailto:netconf@ietf.org> |
| TCPM WG list <mailto:tcpm@ietf.org> |
| Authors: Kent Watsen <mailto:kent+ietf@watsen.net> |
| Michael Scharf |
| <mailto:michael.scharf@hs-esslingen.de>"; |
| |
| description |
| "This module defines reusable groupings for TCP clients that |
| can be used as a basis for specific TCP client instances. |
| |
| Copyright (c) 2023 IETF Trust and the persons identified |
| as authors of the code. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with |
| or without modification, is permitted pursuant to, and |
| subject to the license terms contained in, the Revised |
| BSD License set forth in Section 4.c of the IETF Trust's |
| Legal Provisions Relating to IETF Documents |
| (https://trustee.ietf.org/license-info). |
| |
| This version of this YANG module is part of RFC DDDD |
| (https://www.rfc-editor.org/info/rfcDDDD); see the RFC |
| itself for full legal notices. |
| |
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', |
| 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', |
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document |
| are to be interpreted as described in BCP 14 (RFC 2119) |
| (RFC 8174) when, and only when, they appear in all |
| capitals, as shown here."; |
| |
| revision 2023-04-17 { |
| description |
| "Initial version"; |
| reference |
| "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers"; |
| } |
| |
| // Features |
| |
| feature local-binding-supported { |
| description |
| "Indicates that the server supports configuring local |
| bindings (i.e., the local address and local port) for |
| TCP clients."; |
| } |
| |
| feature tcp-client-keepalives { |
| description |
| "Per socket TCP keepalive parameters are configurable for |
| TCP clients on the server implementing this feature."; |
| reference |
| "RFC 9293: Transmission Control Protocol (TCP)"; |
| } |
| |
| feature proxy-connect { |
| description |
| "Proxy connection configuration is configurable for |
| TCP clients on the server implementing this feature. |
| Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5."; |
| reference |
| "SOCKS Proceedings: |
| 1992 Usenix Security Symposium. |
| OpenSSH message: |
| SOCKS 4A: A Simple Extension to SOCKS 4 Protocol |
| https://www.openssh.com/txt/socks4a.protocol |
| RFC 1928: |
| SOCKS Protocol Version 5"; |
| } |
| |
| feature socks5-gss-api { |
| description |
| "Indicates that the server, when acting as a TCP-client, |
| supports authenticating to a SOCKS Version 5 proxy server |
| using GSSAPI credentials."; |
| reference |
| "RFC 1928: SOCKS Protocol Version 5"; |
| } |
| |
| feature socks5-username-password { |
| description |
| "Indicates that the server, when acting as a TCP-client, |
| supports authenticating to a SOCKS Version 5 proxy server |
| using 'username' and 'password' credentials."; |
| reference |
| "RFC 1928: SOCKS Protocol Version 5"; |
| } |
| |
| // Groupings |
| |
| grouping tcp-client-grouping { |
| description |
| "A reusable grouping for configuring a TCP client. |
| |
| Note that this grouping uses fairly typical descendant |
| node names such that a stack of 'uses' statements will |
| have name conflicts. It is intended that the consuming |
| data model will resolve the issue (e.g., by wrapping |
| the 'uses' statement in a container called |
| 'tcp-client-parameters'). This model purposely does |
| not do this itself so as to provide maximum flexibility |
| to consuming models."; |
| |
| leaf remote-address { |
| type inet:host; |
| mandatory true; |
| description |
| "The IP address or hostname of the remote peer to |
| establish a connection with. If a domain name is |
| configured, then the DNS resolution should happen on |
| each connection attempt. If the DNS resolution |
| results in multiple IP addresses, the IP addresses |
| are tried according to local preference order until |
| a connection has been established or until all IP |
| addresses have failed."; |
| } |
| leaf remote-port { |
| type inet:port-number; |
| default "0"; |
| description |
| "The IP port number for the remote peer to establish a |
| connection with. An invalid default value is used |
| so that importing modules may 'refine' it with the |
| appropriate default port number value."; |
| } |
| leaf local-address { |
| if-feature "local-binding-supported"; |
| type inet:ip-address; |
| description |
| "The local IP address/interface to bind to for when |
| connecting to the remote peer. INADDR_ANY ('0.0.0.0') or |
| INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to |
| explicitly indicate the implicit default, that the server |
| can bind to any IPv4 or IPv6 addresses, respectively."; |
| } |
| leaf local-port { |
| if-feature "local-binding-supported"; |
| type inet:port-number; |
| default "0"; |
| description |
| "The local IP port number to bind to for when connecting |
| to the remote peer. The port number '0', which is the |
| default value, indicates that any available local port |
| number may be used."; |
| } |
| container proxy-server { |
| if-feature "proxy-connect"; |
| presence |
| "Indicates that a proxy connection has been configured. |
| Present so that the mandatory descendant nodes do not |
| imply that this node must be configured."; |
| choice proxy-type { |
| mandatory true; |
| description |
| "Selects a proxy connection protocol."; |
| case socks4 { |
| container socks4-parameters { |
| leaf remote-address { |
| type inet:ip-address; |
| mandatory true; |
| description |
| "The IP address of the proxy server."; |
| } |
| leaf remote-port { |
| type inet:port-number; |
| default "1080"; |
| description |
| "The IP port number for the proxy server."; |
| } |
| description |
| "Parameters for connecting to a TCP-based proxy |
| server using the SOCKS4 protocol."; |
| reference |
| "SOCKS, Proceedings: 1992 Usenix Security Symposium."; |
| } |
| } |
| case socks4a { |
| container socks4a-parameters { |
| leaf remote-address { |
| type inet:host; |
| mandatory true; |
| description |
| "The IP address or hostname of the proxy server."; |
| } |
| leaf remote-port { |
| type inet:port-number; |
| default "1080"; |
| description |
| "The IP port number for the proxy server."; |
| } |
| description |
| "Parameters for connecting to a TCP-based proxy |
| server using the SOCKS4a protocol."; |
| reference |
| "SOCKS Proceedings: |
| 1992 Usenix Security Symposium. |
| OpenSSH message: |
| SOCKS 4A: A Simple Extension to SOCKS 4 Protocol |
| https://www.openssh.com/txt/socks4a.protocol"; |
| } |
| } |
| case socks5 { |
| container socks5-parameters { |
| leaf remote-address { |
| type inet:host; |
| mandatory true; |
| description |
| "The IP address or hostname of the proxy server."; |
| } |
| leaf remote-port { |
| type inet:port-number; |
| default "1080"; |
| description |
| "The IP port number for the proxy server."; |
| } |
| container authentication-parameters { |
| presence |
| "Indicates that an authentication mechanism |
| has been configured. Present so that the |
| mandatory descendant nodes do not imply that |
| this node must be configured."; |
| description |
| "A container for SOCKS Version 5 authentication |
| mechanisms. |
| |
| A complete list of methods is defined at: |
| https://www.iana.org/assignments/socks-methods |
| /socks-methods.xhtml."; |
| reference |
| "RFC 1928: SOCKS Protocol Version 5"; |
| choice auth-type { |
| mandatory true; |
| description |
| "A choice amongst supported SOCKS Version 5 |
| authentication mechanisms."; |
| case gss-api { |
| if-feature "socks5-gss-api"; |
| container gss-api { |
| description |
| "Contains GSS-API configuration. Defines |
| as an empty container to enable specific |
| GSS-API configuration to be augmented in |
| by future modules."; |
| reference |
| "RFC 1928: SOCKS Protocol Version 5 |
| RFC 2743: Generic Security Service |
| Application Program Interface |
| Version 2, Update 1"; |
| } |
| } |
| case username-password { |
| if-feature "socks5-username-password"; |
| container username-password { |
| leaf username { |
| type string; |
| mandatory true; |
| description |
| "The 'username' value to use for client |
| identification."; |
| } |
| uses ct:password-grouping { |
| description |
| "The password to be used for client |
| authentication."; |
| } |
| description |
| "Contains Username/Password configuration."; |
| reference |
| "RFC 1929: Username/Password Authentication |
| for SOCKS V5"; |
| } |
| } |
| } |
| } |
| description |
| "Parameters for connecting to a TCP-based proxy server |
| using the SOCKS5 protocol."; |
| reference |
| "RFC 1928: SOCKS Protocol Version 5"; |
| } |
| } |
| } |
| description |
| "Proxy server settings."; |
| } |
| |
| uses tcpcmn:tcp-common-grouping { |
| augment "keepalives" { |
| if-feature "tcp-client-keepalives"; |
| description |
| "Add an if-feature statement so that implementations |
| can choose to support TCP client keepalives."; |
| } |
| } |
| } |
| } |