326 lines
11 KiB
YANG
326 lines
11 KiB
YANG
module ietf-tcp-client {
|
|
yang-version 1.1;
|
|
namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client";
|
|
prefix tcpc;
|
|
|
|
import ietf-inet-types {
|
|
prefix inet;
|
|
reference
|
|
"RFC 6991: Common YANG Data Types";
|
|
}
|
|
|
|
import ietf-crypto-types {
|
|
prefix ct;
|
|
reference
|
|
"RFC AAAA: YANG Data Types and Groupings for Cryptography";
|
|
}
|
|
|
|
import ietf-tcp-common {
|
|
prefix tcpcmn;
|
|
reference
|
|
"RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
|
|
}
|
|
|
|
organization
|
|
"IETF NETCONF (Network Configuration) Working Group and the
|
|
IETF TCP Maintenance and Minor Extensions (TCPM) Working Group";
|
|
|
|
contact
|
|
"WG Web: https://datatracker.ietf.org/wg/netconf
|
|
https://datatracker.ietf.org/wg/tcpm
|
|
WG List: NETCONF WG list <mailto:netconf@ietf.org>
|
|
TCPM WG list <mailto:tcpm@ietf.org>
|
|
Authors: Kent Watsen <mailto:kent+ietf@watsen.net>
|
|
Michael Scharf
|
|
<mailto:michael.scharf@hs-esslingen.de>";
|
|
|
|
description
|
|
"This module defines reusable groupings for TCP clients that
|
|
can be used as a basis for specific TCP client instances.
|
|
|
|
Copyright (c) 2023 IETF Trust and the persons identified
|
|
as authors of the code. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with
|
|
or without modification, is permitted pursuant to, and
|
|
subject to the license terms contained in, the Revised
|
|
BSD License set forth in Section 4.c of the IETF Trust's
|
|
Legal Provisions Relating to IETF Documents
|
|
(https://trustee.ietf.org/license-info).
|
|
|
|
This version of this YANG module is part of RFC DDDD
|
|
(https://www.rfc-editor.org/info/rfcDDDD); see the RFC
|
|
itself for full legal notices.
|
|
|
|
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
|
|
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
|
|
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
|
|
are to be interpreted as described in BCP 14 (RFC 2119)
|
|
(RFC 8174) when, and only when, they appear in all
|
|
capitals, as shown here.";
|
|
|
|
revision 2023-12-28 {
|
|
description
|
|
"Initial version";
|
|
reference
|
|
"RFC DDDD: YANG Groupings for TCP Clients and TCP Servers";
|
|
}
|
|
|
|
// Features
|
|
|
|
feature local-binding-supported {
|
|
description
|
|
"Indicates that the server supports configuring local
|
|
bindings (i.e., the local address and local port) for
|
|
TCP clients.";
|
|
}
|
|
|
|
feature tcp-client-keepalives {
|
|
description
|
|
"Per socket TCP keepalive parameters are configurable for
|
|
TCP clients on the server implementing this feature.";
|
|
reference
|
|
"RFC 9293: Transmission Control Protocol (TCP)";
|
|
}
|
|
|
|
feature proxy-connect {
|
|
description
|
|
"Proxy connection configuration is configurable for
|
|
TCP clients on the server implementing this feature.
|
|
Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
|
|
reference
|
|
"SOCKS Proceedings:
|
|
1992 Usenix Security Symposium.
|
|
OpenSSH message:
|
|
SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
|
|
https://www.openssh.com/txt/socks4a.protocol
|
|
RFC 1928:
|
|
SOCKS Protocol Version 5";
|
|
}
|
|
|
|
feature socks5-gss-api {
|
|
description
|
|
"Indicates that the server, when acting as a TCP-client,
|
|
supports authenticating to a SOCKS Version 5 proxy server
|
|
using GSSAPI credentials.";
|
|
reference
|
|
"RFC 1928: SOCKS Protocol Version 5";
|
|
}
|
|
|
|
feature socks5-username-password {
|
|
description
|
|
"Indicates that the server, when acting as a TCP-client,
|
|
supports authenticating to a SOCKS Version 5 proxy server
|
|
using 'username' and 'password' credentials.";
|
|
reference
|
|
"RFC 1928: SOCKS Protocol Version 5";
|
|
}
|
|
|
|
// Groupings
|
|
|
|
grouping tcp-client-grouping {
|
|
description
|
|
"A reusable grouping for configuring a TCP client.
|
|
|
|
Note that this grouping uses fairly typical descendant
|
|
node names such that a stack of 'uses' statements will
|
|
have name conflicts. It is intended that the consuming
|
|
data model will resolve the issue (e.g., by wrapping
|
|
the 'uses' statement in a container called
|
|
'tcp-client-parameters'). This model purposely does
|
|
not do this itself so as to provide maximum flexibility
|
|
to consuming models.";
|
|
|
|
leaf remote-address {
|
|
type inet:host;
|
|
mandatory true;
|
|
description
|
|
"The IP address or hostname of the remote peer to
|
|
establish a connection with. If a domain name is
|
|
configured, then the DNS resolution should happen on
|
|
each connection attempt. If the DNS resolution
|
|
results in multiple IP addresses, the IP addresses
|
|
are tried according to local preference order until
|
|
a connection has been established or until all IP
|
|
addresses have failed.";
|
|
}
|
|
leaf remote-port {
|
|
type inet:port-number;
|
|
default "0";
|
|
description
|
|
"The IP port number for the remote peer to establish a
|
|
connection with. An invalid default value is used
|
|
so that importing modules may 'refine' it with the
|
|
appropriate default port number value.";
|
|
}
|
|
leaf local-address {
|
|
if-feature "local-binding-supported";
|
|
type inet:ip-address;
|
|
description
|
|
"The local IP address/interface to bind to for when
|
|
connecting to the remote peer. INADDR_ANY ('0.0.0.0') or
|
|
INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
|
|
explicitly indicate the implicit default, that the server
|
|
can bind to any IPv4 or IPv6 addresses, respectively.";
|
|
}
|
|
leaf local-port {
|
|
if-feature "local-binding-supported";
|
|
type inet:port-number;
|
|
default "0";
|
|
description
|
|
"The local IP port number to bind to for when connecting
|
|
to the remote peer. The port number '0', which is the
|
|
default value, indicates that any available local port
|
|
number may be used.";
|
|
}
|
|
container proxy-server {
|
|
if-feature "proxy-connect";
|
|
presence
|
|
"Indicates that a proxy connection has been configured.
|
|
Present so that the mandatory descendant nodes do not
|
|
imply that this node must be configured.";
|
|
choice proxy-type {
|
|
mandatory true;
|
|
description
|
|
"Selects a proxy connection protocol.";
|
|
case socks4 {
|
|
container socks4-parameters {
|
|
leaf remote-address {
|
|
type inet:ip-address;
|
|
mandatory true;
|
|
description
|
|
"The IP address of the proxy server.";
|
|
}
|
|
leaf remote-port {
|
|
type inet:port-number;
|
|
default "1080";
|
|
description
|
|
"The IP port number for the proxy server.";
|
|
}
|
|
description
|
|
"Parameters for connecting to a TCP-based proxy
|
|
server using the SOCKS4 protocol.";
|
|
reference
|
|
"SOCKS, Proceedings: 1992 Usenix Security Symposium.";
|
|
}
|
|
}
|
|
case socks4a {
|
|
container socks4a-parameters {
|
|
leaf remote-address {
|
|
type inet:host;
|
|
mandatory true;
|
|
description
|
|
"The IP address or hostname of the proxy server.";
|
|
}
|
|
leaf remote-port {
|
|
type inet:port-number;
|
|
default "1080";
|
|
description
|
|
"The IP port number for the proxy server.";
|
|
}
|
|
description
|
|
"Parameters for connecting to a TCP-based proxy
|
|
server using the SOCKS4a protocol.";
|
|
reference
|
|
"SOCKS Proceedings:
|
|
1992 Usenix Security Symposium.
|
|
OpenSSH message:
|
|
SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
|
|
https://www.openssh.com/txt/socks4a.protocol";
|
|
}
|
|
}
|
|
case socks5 {
|
|
container socks5-parameters {
|
|
leaf remote-address {
|
|
type inet:host;
|
|
mandatory true;
|
|
description
|
|
"The IP address or hostname of the proxy server.";
|
|
}
|
|
leaf remote-port {
|
|
type inet:port-number;
|
|
default "1080";
|
|
description
|
|
"The IP port number for the proxy server.";
|
|
}
|
|
container authentication-parameters {
|
|
presence
|
|
"Indicates that an authentication mechanism
|
|
has been configured. Present so that the
|
|
mandatory descendant nodes do not imply that
|
|
this node must be configured.";
|
|
description
|
|
"A container for SOCKS Version 5 authentication
|
|
mechanisms.
|
|
|
|
A complete list of methods is defined at:
|
|
https://www.iana.org/assignments/socks-methods
|
|
/socks-methods.xhtml.";
|
|
reference
|
|
"RFC 1928: SOCKS Protocol Version 5";
|
|
choice auth-type {
|
|
mandatory true;
|
|
description
|
|
"A choice amongst supported SOCKS Version 5
|
|
authentication mechanisms.";
|
|
case gss-api {
|
|
if-feature "socks5-gss-api";
|
|
container gss-api {
|
|
description
|
|
"Contains GSS-API configuration. Defines
|
|
as an empty container to enable specific
|
|
GSS-API configuration to be augmented in
|
|
by future modules.";
|
|
reference
|
|
"RFC 1928: SOCKS Protocol Version 5
|
|
RFC 2743: Generic Security Service
|
|
Application Program Interface
|
|
Version 2, Update 1";
|
|
}
|
|
}
|
|
case username-password {
|
|
if-feature "socks5-username-password";
|
|
container username-password {
|
|
leaf username {
|
|
type string;
|
|
mandatory true;
|
|
description
|
|
"The 'username' value to use for client
|
|
identification.";
|
|
}
|
|
uses ct:password-grouping {
|
|
description
|
|
"The password to be used for client
|
|
authentication.";
|
|
}
|
|
description
|
|
"Contains Username/Password configuration.";
|
|
reference
|
|
"RFC 1929: Username/Password Authentication
|
|
for SOCKS V5";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
description
|
|
"Parameters for connecting to a TCP-based proxy server
|
|
using the SOCKS5 protocol.";
|
|
reference
|
|
"RFC 1928: SOCKS Protocol Version 5";
|
|
}
|
|
}
|
|
}
|
|
description
|
|
"Proxy server settings.";
|
|
}
|
|
|
|
uses tcpcmn:tcp-common-grouping {
|
|
refine "keepalives" {
|
|
if-feature "tcp-client-keepalives";
|
|
description
|
|
"Add an if-feature statement so that implementations
|
|
can choose to support TCP client keepalives.";
|
|
}
|
|
}
|
|
}
|
|
}
|