roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 1 | module ietf-tcp-client { |
| 2 | yang-version 1.1; |
| 3 | namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client"; |
| 4 | prefix tcpc; |
| 5 | |
| 6 | import ietf-inet-types { |
| 7 | prefix inet; |
| 8 | reference |
| 9 | "RFC 6991: Common YANG Data Types"; |
| 10 | } |
| 11 | |
| 12 | import ietf-crypto-types { |
| 13 | prefix ct; |
| 14 | reference |
| 15 | "RFC AAAA: YANG Data Types and Groupings for Cryptography"; |
| 16 | } |
| 17 | |
| 18 | import ietf-tcp-common { |
| 19 | prefix tcpcmn; |
| 20 | reference |
| 21 | "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers"; |
| 22 | } |
| 23 | |
| 24 | organization |
| 25 | "IETF NETCONF (Network Configuration) Working Group and the |
| 26 | IETF TCP Maintenance and Minor Extensions (TCPM) Working Group"; |
| 27 | |
| 28 | contact |
| 29 | "WG Web: https://datatracker.ietf.org/wg/netconf |
| 30 | https://datatracker.ietf.org/wg/tcpm |
| 31 | WG List: NETCONF WG list <mailto:netconf@ietf.org> |
| 32 | TCPM WG list <mailto:tcpm@ietf.org> |
| 33 | Authors: Kent Watsen <mailto:kent+ietf@watsen.net> |
| 34 | Michael Scharf |
| 35 | <mailto:michael.scharf@hs-esslingen.de>"; |
| 36 | |
| 37 | description |
| 38 | "This module defines reusable groupings for TCP clients that |
| 39 | can be used as a basis for specific TCP client instances. |
| 40 | |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 41 | Copyright (c) 2023 IETF Trust and the persons identified |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 42 | as authors of the code. All rights reserved. |
| 43 | |
| 44 | Redistribution and use in source and binary forms, with |
| 45 | or without modification, is permitted pursuant to, and |
| 46 | subject to the license terms contained in, the Revised |
| 47 | BSD License set forth in Section 4.c of the IETF Trust's |
| 48 | Legal Provisions Relating to IETF Documents |
| 49 | (https://trustee.ietf.org/license-info). |
| 50 | |
| 51 | This version of this YANG module is part of RFC DDDD |
| 52 | (https://www.rfc-editor.org/info/rfcDDDD); see the RFC |
| 53 | itself for full legal notices. |
| 54 | |
| 55 | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', |
| 56 | 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', |
| 57 | 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document |
| 58 | are to be interpreted as described in BCP 14 (RFC 2119) |
| 59 | (RFC 8174) when, and only when, they appear in all |
| 60 | capitals, as shown here."; |
| 61 | |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 62 | revision 2023-04-17 { |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 63 | description |
| 64 | "Initial version"; |
| 65 | reference |
| 66 | "RFC DDDD: YANG Groupings for TCP Clients and TCP Servers"; |
| 67 | } |
| 68 | |
| 69 | // Features |
| 70 | |
| 71 | feature local-binding-supported { |
| 72 | description |
| 73 | "Indicates that the server supports configuring local |
| 74 | bindings (i.e., the local address and local port) for |
| 75 | TCP clients."; |
| 76 | } |
| 77 | |
| 78 | feature tcp-client-keepalives { |
| 79 | description |
| 80 | "Per socket TCP keepalive parameters are configurable for |
| 81 | TCP clients on the server implementing this feature."; |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 82 | reference |
| 83 | "RFC 9293: Transmission Control Protocol (TCP)"; |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 84 | } |
| 85 | |
| 86 | feature proxy-connect { |
| 87 | description |
| 88 | "Proxy connection configuration is configurable for |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 89 | TCP clients on the server implementing this feature. |
| 90 | Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5."; |
| 91 | reference |
| 92 | "SOCKS Proceedings: |
| 93 | 1992 Usenix Security Symposium. |
| 94 | OpenSSH message: |
| 95 | SOCKS 4A: A Simple Extension to SOCKS 4 Protocol |
| 96 | https://www.openssh.com/txt/socks4a.protocol |
| 97 | RFC 1928: |
| 98 | SOCKS Protocol Version 5"; |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 99 | } |
| 100 | |
| 101 | feature socks5-gss-api { |
| 102 | description |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 103 | "Indicates that the server, when acting as a TCP-client, |
| 104 | supports authenticating to a SOCKS Version 5 proxy server |
| 105 | using GSSAPI credentials."; |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 106 | reference |
| 107 | "RFC 1928: SOCKS Protocol Version 5"; |
| 108 | } |
| 109 | |
| 110 | feature socks5-username-password { |
| 111 | description |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 112 | "Indicates that the server, when acting as a TCP-client, |
| 113 | supports authenticating to a SOCKS Version 5 proxy server |
| 114 | using 'username' and 'password' credentials."; |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 115 | reference |
| 116 | "RFC 1928: SOCKS Protocol Version 5"; |
| 117 | } |
| 118 | |
| 119 | // Groupings |
| 120 | |
| 121 | grouping tcp-client-grouping { |
| 122 | description |
| 123 | "A reusable grouping for configuring a TCP client. |
| 124 | |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 125 | Note that this grouping uses fairly typical descendant |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 126 | node names such that a stack of 'uses' statements will |
| 127 | have name conflicts. It is intended that the consuming |
| 128 | data model will resolve the issue (e.g., by wrapping |
| 129 | the 'uses' statement in a container called |
| 130 | 'tcp-client-parameters'). This model purposely does |
| 131 | not do this itself so as to provide maximum flexibility |
| 132 | to consuming models."; |
| 133 | |
| 134 | leaf remote-address { |
| 135 | type inet:host; |
| 136 | mandatory true; |
| 137 | description |
| 138 | "The IP address or hostname of the remote peer to |
| 139 | establish a connection with. If a domain name is |
| 140 | configured, then the DNS resolution should happen on |
| 141 | each connection attempt. If the DNS resolution |
| 142 | results in multiple IP addresses, the IP addresses |
| 143 | are tried according to local preference order until |
| 144 | a connection has been established or until all IP |
| 145 | addresses have failed."; |
| 146 | } |
| 147 | leaf remote-port { |
| 148 | type inet:port-number; |
| 149 | default "0"; |
| 150 | description |
| 151 | "The IP port number for the remote peer to establish a |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 152 | connection with. An invalid default value is used |
| 153 | so that importing modules may 'refine' it with the |
| 154 | appropriate default port number value."; |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 155 | } |
| 156 | leaf local-address { |
| 157 | if-feature "local-binding-supported"; |
| 158 | type inet:ip-address; |
| 159 | description |
roman | 7fdc84d | 2023-06-06 13:14:53 +0200 | [diff] [blame] | 160 | "The local IP address/interface to bind to for when |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 161 | connecting to the remote peer. INADDR_ANY ('0.0.0.0') or |
| 162 | INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to |
| 163 | explicitly indicate the implicit default, that the server |
| 164 | can bind to any IPv4 or IPv6 addresses, respectively."; |
| 165 | } |
| 166 | leaf local-port { |
| 167 | if-feature "local-binding-supported"; |
| 168 | type inet:port-number; |
| 169 | default "0"; |
| 170 | description |
| 171 | "The local IP port number to bind to for when connecting |
| 172 | to the remote peer. The port number '0', which is the |
| 173 | default value, indicates that any available local port |
| 174 | number may be used."; |
| 175 | } |
| 176 | container proxy-server { |
| 177 | if-feature "proxy-connect"; |
| 178 | presence |
| 179 | "Indicates that a proxy connection has been configured. |
| 180 | Present so that the mandatory descendant nodes do not |
| 181 | imply that this node must be configured."; |
| 182 | choice proxy-type { |
| 183 | mandatory true; |
| 184 | description |
| 185 | "Selects a proxy connection protocol."; |
| 186 | case socks4 { |
| 187 | container socks4-parameters { |
| 188 | leaf remote-address { |
| 189 | type inet:ip-address; |
| 190 | mandatory true; |
| 191 | description |
| 192 | "The IP address of the proxy server."; |
| 193 | } |
| 194 | leaf remote-port { |
| 195 | type inet:port-number; |
| 196 | default "1080"; |
| 197 | description |
| 198 | "The IP port number for the proxy server."; |
| 199 | } |
| 200 | description |
| 201 | "Parameters for connecting to a TCP-based proxy |
| 202 | server using the SOCKS4 protocol."; |
| 203 | reference |
| 204 | "SOCKS, Proceedings: 1992 Usenix Security Symposium."; |
| 205 | } |
| 206 | } |
| 207 | case socks4a { |
| 208 | container socks4a-parameters { |
| 209 | leaf remote-address { |
| 210 | type inet:host; |
| 211 | mandatory true; |
| 212 | description |
| 213 | "The IP address or hostname of the proxy server."; |
| 214 | } |
| 215 | leaf remote-port { |
| 216 | type inet:port-number; |
| 217 | default "1080"; |
| 218 | description |
| 219 | "The IP port number for the proxy server."; |
| 220 | } |
| 221 | description |
| 222 | "Parameters for connecting to a TCP-based proxy |
| 223 | server using the SOCKS4a protocol."; |
| 224 | reference |
| 225 | "SOCKS Proceedings: |
| 226 | 1992 Usenix Security Symposium. |
| 227 | OpenSSH message: |
| 228 | SOCKS 4A: A Simple Extension to SOCKS 4 Protocol |
| 229 | https://www.openssh.com/txt/socks4a.protocol"; |
| 230 | } |
| 231 | } |
| 232 | case socks5 { |
| 233 | container socks5-parameters { |
| 234 | leaf remote-address { |
| 235 | type inet:host; |
| 236 | mandatory true; |
| 237 | description |
| 238 | "The IP address or hostname of the proxy server."; |
| 239 | } |
| 240 | leaf remote-port { |
| 241 | type inet:port-number; |
| 242 | default "1080"; |
| 243 | description |
| 244 | "The IP port number for the proxy server."; |
| 245 | } |
| 246 | container authentication-parameters { |
| 247 | presence |
| 248 | "Indicates that an authentication mechanism |
| 249 | has been configured. Present so that the |
| 250 | mandatory descendant nodes do not imply that |
| 251 | this node must be configured."; |
| 252 | description |
| 253 | "A container for SOCKS Version 5 authentication |
| 254 | mechanisms. |
| 255 | |
| 256 | A complete list of methods is defined at: |
| 257 | https://www.iana.org/assignments/socks-methods |
| 258 | /socks-methods.xhtml."; |
| 259 | reference |
| 260 | "RFC 1928: SOCKS Protocol Version 5"; |
| 261 | choice auth-type { |
| 262 | mandatory true; |
| 263 | description |
| 264 | "A choice amongst supported SOCKS Version 5 |
| 265 | authentication mechanisms."; |
| 266 | case gss-api { |
| 267 | if-feature "socks5-gss-api"; |
| 268 | container gss-api { |
| 269 | description |
| 270 | "Contains GSS-API configuration. Defines |
| 271 | as an empty container to enable specific |
| 272 | GSS-API configuration to be augmented in |
| 273 | by future modules."; |
| 274 | reference |
| 275 | "RFC 1928: SOCKS Protocol Version 5 |
| 276 | RFC 2743: Generic Security Service |
| 277 | Application Program Interface |
| 278 | Version 2, Update 1"; |
| 279 | } |
| 280 | } |
| 281 | case username-password { |
| 282 | if-feature "socks5-username-password"; |
| 283 | container username-password { |
| 284 | leaf username { |
| 285 | type string; |
| 286 | mandatory true; |
| 287 | description |
| 288 | "The 'username' value to use for client |
| 289 | identification."; |
| 290 | } |
| 291 | uses ct:password-grouping { |
| 292 | description |
| 293 | "The password to be used for client |
| 294 | authentication."; |
| 295 | } |
| 296 | description |
| 297 | "Contains Username/Password configuration."; |
| 298 | reference |
| 299 | "RFC 1929: Username/Password Authentication |
| 300 | for SOCKS V5"; |
| 301 | } |
| 302 | } |
| 303 | } |
| 304 | } |
| 305 | description |
| 306 | "Parameters for connecting to a TCP-based proxy server |
| 307 | using the SOCKS5 protocol."; |
| 308 | reference |
| 309 | "RFC 1928: SOCKS Protocol Version 5"; |
| 310 | } |
| 311 | } |
| 312 | } |
| 313 | description |
| 314 | "Proxy server settings."; |
| 315 | } |
| 316 | |
| 317 | uses tcpcmn:tcp-common-grouping { |
| 318 | augment "keepalives" { |
| 319 | if-feature "tcp-client-keepalives"; |
| 320 | description |
| 321 | "Add an if-feature statement so that implementations |
| 322 | can choose to support TCP client keepalives."; |
| 323 | } |
| 324 | } |
| 325 | } |
| 326 | } |