Re: [netmod] ACL draft issues found during shepherd writeup

Mahesh Jethanandani <mjethanandani@gmail.com> Mon, 26 February 2018 19:18 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 668541270A7; Mon, 26 Feb 2018 11:18:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sttsxZZ0PCnb; Mon, 26 Feb 2018 11:18:35 -0800 (PST)
Received: from mail-pl0-x232.google.com (mail-pl0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F47126C26; Mon, 26 Feb 2018 11:18:35 -0800 (PST)
Received: by mail-pl0-x232.google.com with SMTP id w21so9836133plp.11; Mon, 26 Feb 2018 11:18:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=CL5b0C4wq1iQoK4LEmfKw81IJRqeLfsUEFrJZno9OZE=; b=Dy9UDfRtas/olw/+tLhRArMHzYUuc27qH9jwFqRR1q1hUzZmiroi+y9X57tZ9/uL7l 0amHnKXVpbAphm/KTX+A8Cwtvqd5ooFTOuuiX1HYWZh235D0RLAVDloQNFe7n1vbEsER E2Mx4DCSw8ebt8elL61dq00pX7OPfWrU9aUQo+w0kkkhZInEiPT6A1+liV/MDiPx3onm 3J9jK8Y3VoWbHMce+MIb4cI87hiWW3sapbsWQr6VWXQ/iFgNTGxG83sOdYV81mv0Crct oMPa+4AgeFx2PLym9jzpucvXXPHLyBgK9yvLfjQlrwxROnQIr4obYkNcjnaWSBMYt+gR wEtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=CL5b0C4wq1iQoK4LEmfKw81IJRqeLfsUEFrJZno9OZE=; b=DL1wdunzrqkznRhUg+TVaXi6g+Dgm/IaUe031Eo6KaJshUO5NgnFqco+152U6BJKn1 0c8hiOfmhaywdClP8hmF8Y150M0svFUVYOApeXQNbaoOeCnpi69EOrkz6V8jdySldpzZ H65HoP2dS6xhSD8+wJOE8mmMg0iVHe9Ij5ob/N5hjMBiDWhAYjK4lyY4xwX6bPBnWRM0 bquQfNvj1y6HDMC45MHDbH9zqta0znVRu8ENvntBplC2hVwVHLxWRY8HCkxoEkDw55U0 jH4FlB2lQyNAl3cg3nUVZFn9g6oWOfkp90lufRMXbfnL07VrFukk01/liEe8uMaKHoVQ 4Fzw==
X-Gm-Message-State: APf1xPC8+8czuuIf6H2qKjHdK7Cilz8ISSabntCAc/GAa7h41WKJHaIA V7N/2XFINTLWdopWBppMb04=
X-Google-Smtp-Source: AH8x224dRU/yh1rqH1C4OK6ar1Hcfhc44j9W6St4SHHa0xTgoC3XLzJiPvq9iNUioegpyDj1KE2/1w==
X-Received: by 2002:a17:902:42a3:: with SMTP id h32-v6mr11868776pld.231.1519672714688; Mon, 26 Feb 2018 11:18:34 -0800 (PST)
Received: from ?IPv6:2601:647:4700:1280:59d9:6f72:9685:4ce6? ([2601:647:4700:1280:59d9:6f72:9685:4ce6]) by smtp.gmail.com with ESMTPSA id q66sm18864584pfi.95.2018.02.26.11.18.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Feb 2018 11:18:34 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <DD6A8E90-53DE-422F-AB91-A3547298A135@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_94D63B92-91CA-4AA6-A8B1-47C0A2D058F4"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Mon, 26 Feb 2018 11:24:22 -0800
In-Reply-To: <1a4a3f5d-5211-8b13-308e-3b124c836135@cisco.com>
Cc: Kent Watsen <kwatsen@juniper.net>, "draft-ietf-netmod-acl-model@ietf.org" <draft-ietf-netmod-acl-model@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, Warren Kumari <warren@kumari.net>, "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Eliot Lear <lear@cisco.com>
References: <14BA9086-69D4-4BAF-A7C7-0EB1F3F400BB@juniper.net> <2864E0CF-D038-4FDA-B69C-FD43F486BF17@gmail.com> <8D3773A8-ECA6-406A-B28D-6DD44F951F10@juniper.net> <02D4541E-FF83-41AD-A026-A1AB857E0A62@gmail.com> <1a4a3f5d-5211-8b13-308e-3b124c836135@cisco.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Z2OcF45wq9I9IKHjd6MvADIFCS4>
Subject: Re: [netmod] ACL draft issues found during shepherd writeup
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 19:18:37 -0000

A pull request to address LC, shepherd, this and the other comments, including derived-from(), can be reviewed here:

https://github.com/netmod-wg/acl-model/pull/24 <https://github.com/netmod-wg/acl-model/pull/24>

Thanks.

> On Feb 26, 2018, at 12:15 AM, Eliot Lear <lear@cisco.com> wrote:
> 
> 
> 
> On 26.02.18 06:55, Mahesh Jethanandani wrote:
>>> 
>>>> 
>>>> 
>>>>  PS: And this is not a shepherd directive, but I found the whole 
>>>>      "source-port-range-or-operator" syntax clumsy.  I'm surprised
>>>>      it didn't look something like:
>>>> 
>>>>          OLD
>>>>                <source-port-range-or-operator>
>>>>                   <port-range-or-operator>
>>>>                     <range>
>>>>                       <lower-port>16384</lower-port>
>>>>                       <upper-port>65535</upper-port>
>>>>                     </range>
>>>>                   </port-range-or-operator>
>>>>                </source-port-range-or-operator>
>>>> 
>>>>                <source-port-range-or-operator>
>>>>                  <port-range-or-operator>
>>>>                    <operator>
>>>>                      <operator>eq</operator>
>>>>                      <port>21</port>
>>>>                    </operator>
>>>>                  </port-range-or-operator>
>>>>                </source-port-range-or-operator>
>>>> 
>>>>          NEW
>>>> 
>>>>                <source-port>
>>>>                  <range>
>>>>                    <lower>16384</lower>
>>>>                    <upper>65535</upper>
>>>>                  </range>
>>>>                </source-port>
>>>> 
>>>>                <source-port>
>>>>                  <operator>
>>>>                    <operator>eq</operator>
>>>>                    <port>21</port>
>>>>                  </operator>
>>>>                </source-port>
>>>> 
>>>  
>>> Did you try making the change in the model to see if it work? It will complain that <range> is already used within the container and that it cannot be repeated (for destination-port).
>>> 
>>> <KENT> No, I did not, nor do I intend to get that deep into it.  But I recall that Kristian made the same comment before, and was making pull requests before, so maybe he can suggest something?
>> 
>> Kristian’s suggestion requires changing the module. It is not an editorial change. And that change will have an impact on the MUD draft, which has been sent for publication. 
>> 
> 
> As it happens, we found a bug in our augment statements, and so we will need to rev one more time.  If the change can be made quickly, I can live with it.
> 
> Eliot

Mahesh Jethanandani
mjethanandani@gmail.com