Provided by: netconfd_2.13-1_amd64 bug

NAME

       netconfd - YANG-based NETCONF-over-SSH server

SYNOPSIS

          netconfd [parameter=value...]

          netconfd --help [brief | normal | full]

          netconfd --version

DESCRIPTION

       netconfd  is  a  YANG-based  NETCONF  server, which can be used with an SSH server such as
       OpenSSH.  This version of netconfd supports the YANG data modeling language defined in RFC
       6020.

USAGE

       Parameters can be entered in any order, and have the form:

          [start] name [separator [value]]

       where:

           start == 0, 1, or 2 dashes (foo, -foo, --foo)

           name == parameter name

                Parameter name completion will be attempted
                if a partial name is entered.

           separator == whitespace or equals sign (foo=bar, foo bar)

           value == string value for the parameter.

                Strings with whitespace need to be double quoted
                (--foo="some string")

       Some examples of valid command line parameters:

          foo=3
          -foo=3
          --foo=3
          foo 3
          foo=fred
          --foo "fred flintstone"

       Partial parameter names can be entered if they are unique.

OPTIONS

       --access-control=enum
              Controls  how  the  ietf-netconf-acm  access  control model will be enforced during
              server operation.
               Enum values:
                  enforcing:
                    All configured access control rules will be
                    enforced.
                  permissive:
                    All configured access control rules will be
                    enforced for write and execute requests.
                    All read requests will be allowed, unless
                    the requested object contains the
                    'nacm:very-secure' extension.  In that case,
                    all configured access control rules will
                    be enforced.
                 disabled:
                    All read, write, and execute requests will be
                    allowed, unless the object contains the
                    'nacm:secure' or 'nacm:very-secure' extension.
                    If the 'nacm:secure' extension is in effect,
                    then all configured access control rules
                    will be enforced for write and execute requests.
                    If the 'nacm:very-secure' extension is in effect,
                    then all configured access control rules
                    will be enforced for all requests.
                    Use this mode with caution.
                 off:
                    All access control enforcement is disabled.
                    Use this mode with extreme caution.

       --audit-log=filespec
              Filespec for the server audit log file to use in addition to the normal log file or
              STDOUT.

       --audit-log-append
              If present, the audit log will be appended not over-written.  If not, the audit log
              will be over-written.   Only  meaningful  if  the  'audit-log'  parameter  is  also
              present.

       --config=filespec
              The  name  of  the configuration file to use.  Any parameter except this one can be
              set in the config file.  The default config file /etc/yuma/netconfd.conf  will  not
              be checked if this parameter is present.

       --datapath=list
              Internal   file   search   path   for  configuration  data  files.   Overrides  the
              YUMA_DATAPATH environment variable.  This parameter  affects  the  search  for  the
              startup configuration file (default: startup-cfg.xml).

       --default-style=enum
              Selects  the  type  of  filtering behavior the server will advertise as the 'basic'
              behavior in the 'with-defaults' capability.   The  server  will  use  this  default
              handling behavior if the 'with-defaults' parameter is not explicitly set.

              Also,  when  saving  a  configuration  to  NV-storage,  this value will be used for
              filtering defaults from the saved configuration.
                Enum values:
                   report-all: report all values
                   trim: remove leafs containing the YANG
                      default value
                   explicit: report only the nodes that have
                      been created by the client or the server.
                      This is the default value.

       --delete-empty-npcontainers=boolean
              Selects whether the server will keep or delete empty non-presence containers in the
              running  and  startup  configurations.  Set to true to delete these containers, and
              false to keep them.  Default: false.  This parameter is deprecated!  It is  ignored
              by the server!

       --deviation=string
               This  parameter identifies a YANG module that should only be checked for deviation
              statements for external modules.  These will be collected and applied to  the  real
              module(s) being processed.

              Deviations  are  applied  as  patches  to  the  target  module.  Since they are not
              identified in the target module at all (ala imports), they  have  to  be  specified
              explicitly,  so  they  will be correctly processed.  Zero or more instances of this
              parameter are allowed.

       --eventlog-size=number
              Specifies the maximum number of notification events  that  will  be  saved  in  the
              notification replay buffer.  The oldest entries will be deleted first.  The default
              value is  1000.

       --feature-disable=module:feature
              Identifies a feature which should be considered disabled.  Zero or more entries are
              allowed.

       --feature-enable-default=boolean
              If  true  (the  default), then features will be enabled by default.  If false, then
              features will be disabled by default.

       --feature-enable=module:feature
              Identifies a feature which should be considered enabled.  Zero or more entries  are
              allowed.

       --hello-timeout=number
              Specifies  the  number  of seconds that a session may exist before the hello PDU is
              received.  A seesion will be dropped if no hello PDU is received before this number
              of seconds elapses.

              If  this  parameter  is  set to zero, then the server will wait forever for a hello
              message, and not drop any sessions stuck in 'hello-wait' state.

              Setting this parameter to zero may permit denial of service attacks, since  only  a
              limited number of concurrent sessions are supported by the server. (range 0 | 10 ..
              3600).  The default value is 600 seconds (10 minutes).

       --help Print this help text and exit.  The help-mode choice (--brief, --normal, or --full)
              may also be present to control the amount of help text printed.

       --home=dirspec
              Directory specification for the home directory to use instead of HOME.

       --idle-timeout=number
              Specifies  the number of seconds that a session may remain idle without issuing any
              RPC requests.  A seesion will be dropped if it is idle for an interval longer  than
              this number of seconds.

              Sessions that have a notification subscription active are never dropped.

              If this parameter is set to zero, then the server will never drop a session because
              it is idle.  (range 0 | 10 .. 360000).  The default value is 3600 seconds (1 hour).

       --indent=number
              Number of spaces to indent (0..9) in formatted output.  The default is 2 spaces.

       --log=filespec
              Filespec for the log file to use instead of STDOUT.  If this string begins  with  a
              '~'  character,  then  a  username  is  expected to follow or a directory separator
              character.  If it begins with a '$' character, then an environment variable name is
              expected to follow.

       --log-append
              If  present,  the  log  will be appended not over-written.  If not, the log will be
              over-written.  Only meaningful if the log parameter is also present.

       --log-level=enum
              Sets the debug logging level for the program.

       --max-burst=number
              Specifies the maximum number of notifications that should be sent to  one  session,
              within  a  one  second time interval.  The value 0 indicates that the server should
              not limit notification bursts at all.  The default value is 10.

       --modpath=list
              Directory  search  path  for  YANG  and  YIN  files.   Overrides  the  YUMA_MODPATH
              environment variable.

       --module=string
              YANG or YIN source module name to load at startup.  The server will attempt to load
              the specified module and its corresponding server instrumentation library (SIL) .

              If this string represents a filespec, ending with the .yang or .yin extension, then
              only that file location will be checked.

              If  this  string  represents  a  module  name,  then the module search path will be
              checked for a file the .yang or .yin extension.

              If this string begins with a '~' character, then a username is expected  to  follow
              or  a  directory  separator  character.  If it begins with a '$' character, then an
              environment variable name is expected to follow.

                    ~/some/path ==> <my-home-dir>/some/path

                    ~fred/some/path ==> <fred-home-dir>/some/path

                    $workdir/some/path ==> <workdir-env-var>/some/path

       --ncxserver-sockname=path
              Overrides the default /tmp/ncxserver.sock UNIX socket name netconfd listens on  for
              incoming  connections.  You have to add corresponding entry to /etc/ssh/sshd_config
              e.g.:
              ...
              Port 1830
              Subsystem netconf
              ...

       --port=number
              Specifies the TCP ports that the server will accept connections from.  These  ports
              must  also be configured in the /etc/ssh/sshd_config file for the SSH master server
              to accept the connection and invoke the netconf subsystem.

              Up to 4 port numbers can be configured.

              If any ports are configured, then only those values will be accepted by the server.

              If no ports are configured, then the server will accept connections on the netconf-
              ssh port (tcp/830).

       --protocols=bits
              Specifies which NETCONF protocol versions the server will attempt to use. The empty
              set is not allowed.  The values 'netconf1.0' and 'netconf1.1' are  supported.   The
              default is to enable both NETCONF protocol versions.

       --runpath=pathlist
              Internal  file  search  path  for  executable  modules.  Overrides the YUMA_RUNPATH
              environment variable.

       --running-error=enum
              If 'stop', then errors in the  running  configuration  will  be  treated  as  fatal
              errors.   If  'continue',  the  server  will attempt to continue if any validataion
              errors are found in the running configuration at startup.  The default is 'stop'.

       --startup=filespec
              The full or relative filespec of the startup  config  file  to  use.   If  present,
              overrides  the  default startup config file name 'startup-cfg.xml',  This will also
              override the YUMA_DATAPATH environment variable and the datapath CLI parameter,  if
              the first character is the forward slash '/', indicating an absolute file path.  If
              this parameter is present, then the --no-startup and  --factory-startup  parameters
              cannot  be  present.   This  is the default, which will cause startup-cfg.xml to be
              used if not present.

       --no-startup
              If present, do not load the startup config file.  Use only factory  default  values
              instead.   Does  not affect the startup.cfg file, if present.  If this parameter is
              present, then the --startup or --factory-startup parameter cannot be present.

       --factory-startup
              Force the system to use the factory configuration and  delete  the  startup  config
              file  if  it  exists.   Force the NV-storage startup to contain the factory default
              configuration.  If this parameter is present, then the --no-startup  and  --startup
              parameters cannot be present.

       --startup-error=enum
              If  'stop',  then  any errors in the startup configuration will be treated as fatal
              errors.  If 'continue', the server will attempt to continue if any errors are found
              in  the  database  loaded  from  NV-storage to running at boot-time. The default is
              'stop'.

       --subdirs=boolean
              If false, the file search paths for modules,  scripts,  and  data  files  will  not
              include sub-directories if they exist in the specified path.

              If  true,  then  these  file search paths will include sub-directories, if present.
              Any directory name beginning with a dot  (.)  character,  or  named  CVS,  will  be
              ignored.  This is the default mode.

       --superuser=string
              The  user  name  to use as the superuser account.  Any session associated with this
              user name will bypass all access control  enforcement.   See  ietf-netconf-acm.yang
              for more details.  There is no default value.

       --system-sorted=boolean
              Indicates  whether  ordered-by  system  leaf-lists and lists will be kept in sorted
              order.  The default is true.

       --target=enum
              Specifies the database to use as the target of edit-config operations.
                Enum values:
                  running:
                    Write to the running config and support the
                    :writable-running capability.
                  candidate:
                    Write to the candidate config and support the
                    :candidate and :confirmed-commit capabilities.

       --usexmlorder
              If present, then XML element order will be enforced.  Otherwise, XML element  order
              errors  will  not be generated if possible. Default is no enforcement of strict XML
              order.

       --version
              Print the program version string and exit.

       --validate-config-only
              If present, netconfd acts as command line YANG configuration  validator.  Load  the
              YANG  schema  modules,  validate the startup configuration and exit without opening
              socket and listening for incoming sessions.

       --warn-idlen=number
               Control whether identifier length warnings will  be  generated.   The  value  zero
              disables  all  identifier  length  checking.   If  non-zero, then a warning will be
              generated if an identifier is defined which has  a  length  is  greater  than  this
              amount.  range: 0 | 8 .. 1023.  The default value is 64.

       --warn-linelen=number
              Control  whether  line  length warnings will be generated.  The value zero disables
              all line length checking.  If non-zero, then a warning will  be  generated  if  the
              line  length  is greater than this amount.  Tab characters are counted as 8 spaces.
              range: 0 | 40 .. 4095.  The default value is 72.

       --warn-off=number
              Control whether the specified warning number will be generated and counted  in  the
              warning  total for the module being parsed.  range: 400 .. 899.  This parameter may
              be entered zero or more times.

       --with-startup=boolean
              If set to 'true', then the :startup capability  will  be  enabled.  Otherwise,  the
              :startup  capability  will  not  be  enabled.   This  capability  makes the NV-save
              operation an explicit operation instead of an automatic save.  The default value is
              false.

       --with-url=boolean
              If  set  to 'false', then the :url capability will be disabled. Otherwise, the :url
              capability will be enabled.  This capability allows local files  to  be  stored  as
              backups on the server.  The default value is true.

       --with-validate=boolean
              If  set  to  'true',  then the :validate capability will be enabled. Otherwise, the
              :validate capability will not  be  enabled.   This  capability  requires  extensive
              memory resources.  The default value is true.

       --yuma-home=string
              Directory  for  the  yuma project root to use.  If present, this directory location
              will override the YUMA_HOME environment variable, if it is  present.   If  a  zero-
              length string is entered, then the YUMA_HOME environment variable will be ignored.

INPUT FILES

       YANG  modules  can be loaded at startup with the '--module' command, or loaded at run-time
       with the 'load' operation.

SEARCH PATH

       When a module name is entered as input, or when a module or submodule name is specified in
       an  import or include statement within the file, the following search algorithm is used to
       find the file:

         1) file is in the current directory
         2) YUMA_MODPATH environment var (or set by modpath parameter)
         3) $HOME/modules directory
         4) $YUMA_HOME/modules directory
         5) $YUMA_INSTALL/modules directory OR
            default install module location, '/usr/share/yuma/modules'

       By default, the entire directory tree for all locations (except step 1) will be  searched,
       not  just  the  specified  directory.   The  subdirs parameter can be used to prevent sub-
       directories from being searched.

       Any directory name beginning with a  dot  character  (.)   will  be  skipped.   Also,  any
       directory named CVS will be skipped in directory searches.

ERROR LOGGING

       By default, warnings and errors are sent to STDOUT.

       A log file can be specified instead with the log' parameter.

       Existing  log  files can be reused with the 'logappend' parameter, otherwise log files are
       overwritten.

       The logging level can be controlled with the log-level parameter.

       The default log level is 'info'.  The log-levels are additive:

            off:    suppress all errors (not recommended!)
                    A program return code of '1' indicates some error.
            error:  print errors
            warn:   print warnings
            info:   print generally interesting trace info
            debug:  print general debugging trace info
            debug2: print verbose debugging trace info
            debug3: print very verbose debugging trace info
            debug4: print maximum debugging trace info

ENVIRONMENT

       The following optional  environment  variables  can  be  used  to  control  module  search
       behavior:

       HOME   The user's home directory  (e.g., /home/andy)

       YUMA_HOME
              The root of the user's Yuma work directory (e.g., /home/andy/swdev/netconf)

       YUMA_INSTALL
              The  root  of  the directory that yangdump is installed on this system (default is,
              /usr/share/yuma)

       YUMA_DATAPATH
              Colon-separated  list  of  directories  to   search   for   data   files.    (e.g.:
              './workdir/data-files:/home/andy/data')  The  datapath parameter will override this
              environment variable, if both are present.

       YUMA_MODPATH
              Colon-separated list of directories to search for modules and  submodules.   (e.g.:
              './workdir/modules:/home/andy/test-modules')  The  modpath  parameter will override
              this environment variable, if both are present.

CONFIGURATION FILES

       netconfd.conf
              YANG config file The default is: /etc/yuma/netconfd.conf

              An ASCII configuration file format is supported to store command line parameters.

              The config parameter is used to specify  a  specific  config  file,  otherwise  the
              default config file will be checked.

                 - A hash mark until EOLN is treated as a comment
                 - All text is case-sensitive
                 - Whitespace within a line is not significant
                 - Whitespace to end a line is significant/
                   Unless the line starts a multi-line string,
                   an escaped EOLN (backslash EOLN) is needed
                   to enter a leaf on multiple lines.
                 - For parameters that define lists, the key components
                   are listed just after the parameter name, without
                   any name,  e.g.,

                          interface eth0 {
                            # name = eth0 is not listed inside the braces
                            ifMtu 1500
                            ifName mySystem
                          }

              A config file can contain any number of parameter sets for different programs.

              Each program must have its own section, identifies by its name:

                   # this is a comment
                   yangdump {
                      log-level debug
                      output "~/swdev/testfiles"
                   }

                   netconfd {
                      ...
                   }

FILES

       The  following  data  files  must  be  present in the module search path in order for this
       program to function:

         * YANG module library
           default: /usr/share/yuma/modules/

DIAGNOSTICS

       Internal diagnostics may generate the following type of message if any bugs  are  detected
       at runtime:

           [E0]
                filename.c:linenum error-number (error-msg)

AUTHORS

       Andy Bierman, <andy at netconfcentral dot org>

       Vladimir Vassilev, <vladimir at lightside-instruments dot com>

SEE ALSO

       netconf-subsystem(1) pyang(1) yangcli(1)