Blame - modules/ietf-tcp-client@2023-12-28.yang - github/CESNET/libnetconf2

blob: 567fb5d7cface590c961d1077b191a55108dc314 [file] [log] [blame]

roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	1	module ietf-tcp-client {
				2	yang-version 1.1;
				3	namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client";
				4	prefix tcpc;
				5
				6	import ietf-inet-types {
				7	prefix inet;
				8	reference
				9	"RFC 6991: Common YANG Data Types";
				10	}
				11
				12	import ietf-crypto-types {
				13	prefix ct;
				14	reference
				15	"RFC AAAA: YANG Data Types and Groupings for Cryptography";
				16	}
				17
				18	import ietf-tcp-common {
				19	prefix tcpcmn;
				20	reference
				21	"RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
				22	}
				23
				24	organization
				25	"IETF NETCONF (Network Configuration) Working Group and the
				26	IETF TCP Maintenance and Minor Extensions (TCPM) Working Group";
				27
				28	contact
				29	"WG Web: https://datatracker.ietf.org/wg/netconf
				30	https://datatracker.ietf.org/wg/tcpm
				31	WG List: NETCONF WG list <mailto:netconf@ietf.org>
				32	TCPM WG list <mailto:tcpm@ietf.org>
				33	Authors: Kent Watsen <mailto:kent+ietf@watsen.net>
				34	Michael Scharf
				35	<mailto:michael.scharf@hs-esslingen.de>";
				36
				37	description
				38	"This module defines reusable groupings for TCP clients that
				39	can be used as a basis for specific TCP client instances.
				40
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	41	Copyright (c) 2023 IETF Trust and the persons identified
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	42	as authors of the code. All rights reserved.
				43
				44	Redistribution and use in source and binary forms, with
				45	or without modification, is permitted pursuant to, and
				46	subject to the license terms contained in, the Revised
				47	BSD License set forth in Section 4.c of the IETF Trust's
				48	Legal Provisions Relating to IETF Documents
				49	(https://trustee.ietf.org/license-info).
				50
				51	This version of this YANG module is part of RFC DDDD
				52	(https://www.rfc-editor.org/info/rfcDDDD); see the RFC
				53	itself for full legal notices.
				54
				55	The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
				56	'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
				57	'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
				58	are to be interpreted as described in BCP 14 (RFC 2119)
				59	(RFC 8174) when, and only when, they appear in all
				60	capitals, as shown here.";
				61
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	62	revision 2023-12-28 {
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	63	description
				64	"Initial version";
				65	reference
				66	"RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
				67	}
				68
				69	// Features
				70
				71	feature local-binding-supported {
				72	description
				73	"Indicates that the server supports configuring local
				74	bindings (i.e., the local address and local port) for
				75	TCP clients.";
				76	}
				77
				78	feature tcp-client-keepalives {
				79	description
				80	"Per socket TCP keepalive parameters are configurable for
				81	TCP clients on the server implementing this feature.";
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	82	reference
				83	"RFC 9293: Transmission Control Protocol (TCP)";
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	84	}
				85
				86	feature proxy-connect {
				87	description
				88	"Proxy connection configuration is configurable for
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	89	TCP clients on the server implementing this feature.
				90	Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
				91	reference
				92	"SOCKS Proceedings:
				93	1992 Usenix Security Symposium.
				94	OpenSSH message:
				95	SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
				96	https://www.openssh.com/txt/socks4a.protocol
				97	RFC 1928:
				98	SOCKS Protocol Version 5";
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	99	}
				100
				101	feature socks5-gss-api {
				102	description
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	103	"Indicates that the server, when acting as a TCP-client,
				104	supports authenticating to a SOCKS Version 5 proxy server
				105	using GSSAPI credentials.";
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	106	reference
				107	"RFC 1928: SOCKS Protocol Version 5";
				108	}
				109
				110	feature socks5-username-password {
				111	description
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	112	"Indicates that the server, when acting as a TCP-client,
				113	supports authenticating to a SOCKS Version 5 proxy server
				114	using 'username' and 'password' credentials.";
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	115	reference
				116	"RFC 1928: SOCKS Protocol Version 5";
				117	}
				118
				119	// Groupings
				120
				121	grouping tcp-client-grouping {
				122	description
				123	"A reusable grouping for configuring a TCP client.
				124
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	125	Note that this grouping uses fairly typical descendant
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	126	node names such that a stack of 'uses' statements will
				127	have name conflicts. It is intended that the consuming
				128	data model will resolve the issue (e.g., by wrapping
				129	the 'uses' statement in a container called
				130	'tcp-client-parameters'). This model purposely does
				131	not do this itself so as to provide maximum flexibility
				132	to consuming models.";
				133
				134	leaf remote-address {
				135	type inet:host;
				136	mandatory true;
				137	description
				138	"The IP address or hostname of the remote peer to
				139	establish a connection with. If a domain name is
				140	configured, then the DNS resolution should happen on
				141	each connection attempt. If the DNS resolution
				142	results in multiple IP addresses, the IP addresses
				143	are tried according to local preference order until
				144	a connection has been established or until all IP
				145	addresses have failed.";
				146	}
				147	leaf remote-port {
				148	type inet:port-number;
				149	default "0";
				150	description
				151	"The IP port number for the remote peer to establish a
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	152	connection with. An invalid default value is used
				153	so that importing modules may 'refine' it with the
				154	appropriate default port number value.";
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	155	}
				156	leaf local-address {
				157	if-feature "local-binding-supported";
				158	type inet:ip-address;
				159	description
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	160	"The local IP address/interface to bind to for when
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	161	connecting to the remote peer. INADDR_ANY ('0.0.0.0') or
				162	INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
				163	explicitly indicate the implicit default, that the server
				164	can bind to any IPv4 or IPv6 addresses, respectively.";
				165	}
				166	leaf local-port {
				167	if-feature "local-binding-supported";
				168	type inet:port-number;
				169	default "0";
				170	description
				171	"The local IP port number to bind to for when connecting
				172	to the remote peer. The port number '0', which is the
				173	default value, indicates that any available local port
				174	number may be used.";
				175	}
				176	container proxy-server {
				177	if-feature "proxy-connect";
				178	presence
				179	"Indicates that a proxy connection has been configured.
				180	Present so that the mandatory descendant nodes do not
				181	imply that this node must be configured.";
				182	choice proxy-type {
				183	mandatory true;
				184	description
				185	"Selects a proxy connection protocol.";
				186	case socks4 {
				187	container socks4-parameters {
				188	leaf remote-address {
				189	type inet:ip-address;
				190	mandatory true;
				191	description
				192	"The IP address of the proxy server.";
				193	}
				194	leaf remote-port {
				195	type inet:port-number;
				196	default "1080";
				197	description
				198	"The IP port number for the proxy server.";
				199	}
				200	description
				201	"Parameters for connecting to a TCP-based proxy
				202	server using the SOCKS4 protocol.";
				203	reference
				204	"SOCKS, Proceedings: 1992 Usenix Security Symposium.";
				205	}
				206	}
				207	case socks4a {
				208	container socks4a-parameters {
				209	leaf remote-address {
				210	type inet:host;
				211	mandatory true;
				212	description
				213	"The IP address or hostname of the proxy server.";
				214	}
				215	leaf remote-port {
				216	type inet:port-number;
				217	default "1080";
				218	description
				219	"The IP port number for the proxy server.";
				220	}
				221	description
				222	"Parameters for connecting to a TCP-based proxy
				223	server using the SOCKS4a protocol.";
				224	reference
				225	"SOCKS Proceedings:
				226	1992 Usenix Security Symposium.
				227	OpenSSH message:
				228	SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
				229	https://www.openssh.com/txt/socks4a.protocol";
				230	}
				231	}
				232	case socks5 {
				233	container socks5-parameters {
				234	leaf remote-address {
				235	type inet:host;
				236	mandatory true;
				237	description
				238	"The IP address or hostname of the proxy server.";
				239	}
				240	leaf remote-port {
				241	type inet:port-number;
				242	default "1080";
				243	description
				244	"The IP port number for the proxy server.";
				245	}
				246	container authentication-parameters {
				247	presence
				248	"Indicates that an authentication mechanism
				249	has been configured. Present so that the
				250	mandatory descendant nodes do not imply that
				251	this node must be configured.";
				252	description
				253	"A container for SOCKS Version 5 authentication
				254	mechanisms.
				255
				256	A complete list of methods is defined at:
				257	https://www.iana.org/assignments/socks-methods
				258	/socks-methods.xhtml.";
				259	reference
				260	"RFC 1928: SOCKS Protocol Version 5";
				261	choice auth-type {
				262	mandatory true;
				263	description
				264	"A choice amongst supported SOCKS Version 5
				265	authentication mechanisms.";
				266	case gss-api {
				267	if-feature "socks5-gss-api";
				268	container gss-api {
				269	description
				270	"Contains GSS-API configuration. Defines
				271	as an empty container to enable specific
				272	GSS-API configuration to be augmented in
				273	by future modules.";
				274	reference
				275	"RFC 1928: SOCKS Protocol Version 5
				276	RFC 2743: Generic Security Service
				277	Application Program Interface
				278	Version 2, Update 1";
				279	}
				280	}
				281	case username-password {
				282	if-feature "socks5-username-password";
				283	container username-password {
				284	leaf username {
				285	type string;
				286	mandatory true;
				287	description
				288	"The 'username' value to use for client
				289	identification.";
				290	}
				291	uses ct:password-grouping {
				292	description
				293	"The password to be used for client
				294	authentication.";
				295	}
				296	description
				297	"Contains Username/Password configuration.";
				298	reference
				299	"RFC 1929: Username/Password Authentication
				300	for SOCKS V5";
				301	}
				302	}
				303	}
				304	}
				305	description
				306	"Parameters for connecting to a TCP-based proxy server
				307	using the SOCKS5 protocol.";
				308	reference
				309	"RFC 1928: SOCKS Protocol Version 5";
				310	}
				311	}
				312	}
				313	description
				314	"Proxy server settings.";
				315	}
				316
				317	uses tcpcmn:tcp-common-grouping {
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	318	refine "keepalives" {
roman	c1d2b09	2023-02-02 08:58:27 +0100	[diff] [blame]	319	if-feature "tcp-client-keepalives";
				320	description
				321	"Add an if-feature statement so that implementations
				322	can choose to support TCP client keepalives.";
				323	}
				324	}
				325	}
				326	}