module ietf-dots-call-home {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-dots-call-home";

    prefix dots-call-home;

    import ietf-inet-types {
      prefix inet;
      reference
        "Section 4 of RFC 6991";


    }
    import ietf-dots-signal-channel {
      prefix dots-signal;
      reference
        "RFC 9132: Distributed Denial-of-Service Open Threat
        	  Signaling (DOTS) Signal Channel Specification";


    }
    import ietf-yang-structure-ext {
      prefix sx;
      reference
        "RFC 8791: YANG Data Structure Extensions";


    }

    organization
      "IETF DDoS Open Threat Signaling (DOTS) Working Group";

    contact
      "WG Web:   <https://datatracker.ietf.org/wg/dots/>
     WG List:  <mailto:dots@ietf.org>

     Author:  Konda, Tirumaleswar Reddy
              <mailto:kondtir@gmail.com>;

     Author:  Mohamed Boucadair
              <mailto:mohamed.boucadair@orange.com>;

     Author:  Jon Shallow
              <mailto:ietf-supjps@jpshallow.com>";

    description
      "This module contains YANG definitions for the signaling
     messages exchanged between a DOTS client and a DOTS server
     for the Call Home deployment scenario.

     Copyright (c) 2021 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC 9066; see
     the RFC itself for full legal notices.";

    revision "2021-12-09" {
      description "Initial revision.";
      reference
        "RFC 9066: Distributed Denial-of-Service Open Threat
        	  Signaling (DOTS) Signal Channel Call Home";

    }

    sx:augment-structure "/dots-signal:dots-signal/dots-signal:message-type/dots-signal:mitigation-scope/dots-signal:scope";
    sx:augment-structure "/dots-signal:dots-signal/dots-signal:message-type/dots-signal:redirected-signal";

    augment /dots-signal:dots-signal/dots-signal:message-type/dots-signal:mitigation-scope/dots-signal:scope {
      description "Attack source details.";
      leaf-list source-prefix {
        type inet:ip-prefix;
        description
          "IPv4 or IPv6 prefix identifying the attack source(s).";
      }

      list source-port-range {
        key "lower-port";
        description
          "Port range. When only lower-port is
         present, it represents a single port number.";
        leaf lower-port {
          type inet:port-number;
          description
            "Lower port number of the port range.";
        }

        leaf upper-port {
          type inet:port-number;
          must '. >= ../lower-port' {
            error-message
              "The upper port number must be greater than
             or equal to the lower port number.";
          }
          description
            "Upper port number of the port range.";
        }
      }  // list source-port-range

      list source-icmp-type-range {
        key "lower-type";
        description
          "ICMP/ICMPv6 type range. When only lower-type is
         present, it represents a single ICMP/ICMPv6 type.

         The address family of the target-prefix is used
         to determine whether ICMP or ICMPv6 is used.";
        leaf lower-type {
          type uint8;
          description
            "Lower ICMP/ICMPv6 type of the ICMP type range.";
          reference
            "RFC 792: Internet Control Message Protocol
             RFC 4443: Internet Control Message Protocol (ICMPv6)
            	  for the Internet Protocol Version 6 (IPv6)
            	  Specification.";

        }

        leaf upper-type {
          type uint8;
          must '. >= ../lower-type' {
            error-message
              "The upper ICMP/ICMPv6 type must be greater than
             or equal to the lower ICMP type.";
          }
          description
            "Upper type of the ICMP type range.";
          reference
            "RFC 792: Internet Control Message Protocol
             RFC 4443: Internet Control Message Protocol (ICMPv6)
            	  for the Internet Protocol Version 6 (IPv6)
            	  Specification.";

        }
      }  // list source-icmp-type-range
    }

    augment /dots-signal:dots-signal/dots-signal:message-type/dots-signal:redirected-signal {
      description
        "Augments the redirected signal to communicate an
       alternate Call Home DOTS client.";
      choice type {
        description
          "Indicates the type of the DOTS session (e.g., base
         DOTS signal channel, DOTS Call Home).";
        case call-home-only {
          description
            "These attributes appear only in a signal Call Home
           channel message from a Call Home DOTS client
           to a Call Home DOTS server.";
          leaf alt-ch-client {
            type inet:domain-name;
            mandatory true;
            description
              "FQDN of an alternate Call Home DOTS client.

             This name is also presented as a reference
             identifier for authentication purposes.";
          }

          leaf-list alt-ch-client-record {
            type inet:ip-address;
            description
              "List of IP addresses for the alternate Call
             Home DOTS client.

             If this data node is not present, a Call Home
             DOTS server resolves the alt-ch-client into
             one or more IP addresses.";
          }

          leaf ttl {
            type uint32;
            units "seconds";
            description
              "The Time To Live (TTL) of the alternate Call Home
             DOTS client.";
            reference
              "Section 4.6 of RFC 9132";

          }
        }  // case call-home-only
      }  // choice type
    }
  }  // module ietf-dots-call-home