[Mud] Some more mudmaker changes
Eliot Lear <lear@cisco.com> Tue, 03 March 2020 20:14 UTC
Return-Path: <lear@cisco.com>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED273A0898 for <mud@ietfa.amsl.com>; Tue, 3 Mar 2020 12:14:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D4rqdPPs1zCz for <mud@ietfa.amsl.com>; Tue, 3 Mar 2020 12:14:35 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA3803A0897 for <mud@ietf.org>; Tue, 3 Mar 2020 12:14:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=210334; q=dns/txt; s=iport; t=1583266473; x=1584476073; h=from:mime-version:subject:message-id:date:to; bh=bFq+tjUw/8mlSH2pNd1COFSOlUcpHys1NkZgBsHX2bM=; b=Tp2ieVT2v2zt0/R6Fq4boPerL2nL+0n2/cOgo0O9/O23sTJWOtkQlFaA ymM+wDGheFgoGOWNwnDe1pZWpeCYE+nk23oWbuydbCCDLxpKROucMSIxe fgPa4fDPHlk/+/TkbBve18ORl8yh74WG3YMCBaFF5CpnZV/VQS2oiKNXz s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BzBAD6uV5e/xbLJq1lHgELHIFwC4MVD0UBIBIqhBSJA4domWgUgWcJAQEBDAEBIwwEAQGGYjYHDgIDDQEBBQEBAQIBBQRthVYMhgQJgSkBCQKEGAGCew+eOo1cNXWBMoVKhHcGgTiMP4IAgTgMFIIgAYNOAoEmg1AygiwEjUkyiHuZJoJGBIJNhQGFTYlHHIJJjEWMI5A/hy+HAIgdgzICBAYFAhWBWQwmgVgzGggbFTsqAYJBPhIYDYEakHaFFIVCQAMwApBmAQE
X-IronPort-AV: E=Sophos; i="5.70,511,1574121600"; d="scan'208,217"; a="23992845"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Mar 2020 20:14:29 +0000
Received: from [10.61.192.149] ([10.61.192.149]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 023KESGR028445 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <mud@ietf.org>; Tue, 3 Mar 2020 20:14:29 GMT
From: Eliot Lear <lear@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4941EA82-5C5A-4CAC-B88C-18F9515D17CF"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Message-Id: <6F769D36-4D6E-4286-9AFE-8AD05F6A1580@cisco.com>
Date: Tue, 03 Mar 2020 21:14:28 +0100
To: mud@ietf.org
X-Mailer: Apple Mail (2.3608.60.0.2.5)
X-Outbound-SMTP-Client: 10.61.192.149, [10.61.192.149]
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/nT-qsZoq2S_HYMS-alTlgTgDLZI>
Subject: [Mud] Some more mudmaker changes
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 20:14:38 -0000
Hi everyone, Following up on my earlier note, I’ve made a few other changes. First, in order to avoid some browser interop issues, I’ve moved some stuff around, as follows: You can still go to https://www.mudmaker.org/mudpp <https://www.mudmaker.org/mudpp> to get a pretty printed version of a MUD file. However, that is just an alias for https://www.mudmaker.org/mudrest/mudpp <https://www.mudmaker.org/mudrest/mudpp>. If you have a MUD file and want to get an HTMLized prettyprinted version in some freeware code, there’s a new project at https://www.github.com/iot-onboarding/mudpp <https://www.github.com/iot-onboarding/mudpp>. That’s the back end of all of this. If you’d rather just run it through a RESTful interface to me, you can do that too, but the endpoint has changed from what I posted earlier: it’s now https://www.mudmaker.org/mudrest/mudpp <https://www.mudmaker.org/mudrest/mudpp>. At the bottom of this page is a curl example you can try. This code is all checked in to GitHub. The prettyprinter can be invoked directly after the MUD file is generated with the click of a button. ToDo: I’d like to combine things a bit when the ACLs are reflexive, so that there are fewer lines. The example below demonstrates what happens when things get a bit long. Eliot curl --location --request POST 'https://www.mudmaker.org/mudrest/mudpp/' \ --header 'Content-Type: application/json' \ --data-raw '{ "ietf-mud:mud": { "mud-version": 1, "mud-url": "https://mud.igor-tech.com/mud/igor-networknode-mudfile-v1.json", "mud-signature": "https://mud.igor-tech.com/mud/igor-networknode-mudfile-v1.p7s", "last-update": "2019-07-30T16:32:28+00:00", "cache-validity": 48, "is-supported": true, "systeminfo": "Network Nodes", "mfg-name": "Igor", "documentation": "https://igor-tech.com", "model-name": "networknodes", "from-device-policy": { "access-lists": { "access-list": [ { "name": "mud-63672-v4fr" } ] } }, "to-device-policy": { "access-lists": { "access-list": [ { "name": "mud-63672-v4to" } ] } } }, "ietf-access-control-list:acls": { "acl": [ { "name": "mud-63672-v4to", "type": "ipv4-acl-type", "aces": { "ace": [ { "name": "myctl0-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "destination-port": { "operator": "eq", "port": 80 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl1-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "destination-port": { "operator": "eq", "port": 88 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl2-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "source-port": { "operator": "eq", "port": 80 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl3-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "source-port": { "operator": "eq", "port": 88 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl4-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 69 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl5-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 1050 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl6-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 5683 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl7-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50195 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl8-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50196 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl9-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50197 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl10-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50198 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl11-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50199 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl12-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 69 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl13-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 1050 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl14-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 5683 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl15-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50195 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl16-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50196 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl17-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50197 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl18-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50198 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl19-todev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50199 } } }, "actions": { "forwarding": "accept" } } ] } }, { "name": "mud-63672-v4fr", "type": "ipv4-acl-type", "aces": { "ace": [ { "name": "myctl0-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "source-port": { "operator": "eq", "port": 80 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl1-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "source-port": { "operator": "eq", "port": 88 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl2-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "destination-port": { "operator": "eq", "port": 80 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl3-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 6 }, "tcp": { "destination-port": { "operator": "eq", "port": 88 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl4-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 69 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl5-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 1050 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl6-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 5683 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl7-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50195 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl8-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50196 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl9-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50197 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl10-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50198 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl11-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "source-port": { "operator": "eq", "port": 50199 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl12-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 69 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl13-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 1050 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl14-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 5683 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl15-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50195 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl16-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50196 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl17-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50197 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl18-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50198 } } }, "actions": { "forwarding": "accept" } }, { "name": "myctl19-frdev", "matches": { "ietf-mud:mud": { "my-controller": [ null ] }, "ipv4": { "protocol": 17 }, "udp": { "destination-port": { "operator": "eq", "port": 50199 } } }, "actions": { "forwarding": "accept" } } ] } } ] } }'
- [Mud] Some more mudmaker changes Eliot Lear
- Re: [Mud] Some more mudmaker changes Michael Richardson
- Re: [Mud] Some more mudmaker changes Eliot Lear
- Re: [Mud] Some more mudmaker changes Eliot Lear
- Re: [Mud] Some more mudmaker changes Michael Richardson