Re: [netmod] Unintended when-expression semantics in many IETF YANG modules

tom petch <ietfc@btconnect.com> Fri, 10 June 2022 10:14 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB325C157B58 for <netmod@ietfa.amsl.com>; Fri, 10 Jun 2022 03:14:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id loHTjrxYmTM1 for <netmod@ietfa.amsl.com>; Fri, 10 Jun 2022 03:14:01 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20712.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::712]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07CA7C15948E for <netmod@ietf.org>; Fri, 10 Jun 2022 03:13:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=itg/kNokg5nVYCQpaDKRRjTvj3S06kpFX9iDNX43Gt2n6vNxo6irUBsQ1ZfNXhjVi+N6Tbmk/pS4FoQODroMlxoCfH6RPm2fATR+eCYE8T7NYSacrL93YtdysEaCECnSEkP03dbraINTBziwaPagz+hFFa5bvmlLDYKNfXFeIvQi1RGoiu1jDtuOBAmXXYvfJk7j/novhXk5Ho2k6YycpNagkZvuiKu5XBckau5N+XBUV1IA2uHJ6hyAmu84/ee2Fq30atrcPgxU8wFcAXiZvMp2Fn/uHo4fMHgxU37eZYbktvQnVpmWFSQtK6HxDht8C6DDrNKwQdovA5kcFHCYpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9HDBnCcHYG7rMLyQ4KFERkieNPcmENEYXH9Ji7tQl1o=; b=OIB4YAiBCBpcq1XEvymyKuT+6R3xr6xccJUkbwl7Nq/v7ltX7t0fwaFmKUcySLokH/cOQDwBQgoLMG57qU4/SG9CqD40QITq2JZE+NNGQYaKIjNZMTf9q8DuDJUYG0KYU02V8BgIPxH5ly/huUmMqOkkBcQCWq6inzhOO31nBIQicwMcniaGxVzfHkQ7Lpl8jdqUMdKmy7J3/YbEcVHAL0OwzuDkHlOOi7THhtlWjbAFJ7UtE0jRscWAluHbBeFIk0daohuGe59vW/RbXkAT/F3wQC+P3FtYaJp2ny0CMCju7GCys8nA4lYaBV++NfSuyvBQaIUj+V6yjP1y1iGAtw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9HDBnCcHYG7rMLyQ4KFERkieNPcmENEYXH9Ji7tQl1o=; b=MEbU4PDMmAG2c47yR81ayLux1QbB+0OkaiAe2qKD9PalkkiKNhPiYh4pabt/mhjHb4mxfjJiMhObKGPRAelwnkumHRTdo3walpmNVPzDpA/GnUia51r7E3IrShVFXpyu5VEF5VJnry5ETYhEgf42S+R8KHRavKNjPzTH/Ty07JE=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by PR1PR07MB4844.eurprd07.prod.outlook.com (2603:10a6:102:3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.5; Fri, 10 Jun 2022 10:13:51 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::4960:6f2d:2a52:fde9]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::4960:6f2d:2a52:fde9%6]) with mapi id 15.20.5353.005; Fri, 10 Jun 2022 10:13:51 +0000
From: tom petch <ietfc@btconnect.com>
To: Ladislav Lhotka <ladislav.lhotka=40nic.cz@dmarc.ietf.org>, "Jan Lindblad (jlindbla)" <jlindbla=40cisco.com@dmarc.ietf.org>, NetMod WG <netmod@ietf.org>
Thread-Topic: [netmod] Unintended when-expression semantics in many IETF YANG modules
Thread-Index: AQHYe958bO1d7y02QUiFErG8DGpg3a1G0MkAgAGbpcE=
Date: Fri, 10 Jun 2022 10:13:51 +0000
Message-ID: <AM7PR07MB62489F8D46FD38478D0CB429A0A69@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <CB435963-D6DA-4F11-9E13-FC7B98933167@cisco.com> <87mtemxjq3.fsf@nic.cz>
In-Reply-To: <87mtemxjq3.fsf@nic.cz>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5a30549b-d5a4-4c01-2b61-08da4ac9eafc
x-ms-traffictypediagnostic: PR1PR07MB4844:EE_
x-microsoft-antispam-prvs: <PR1PR07MB4844DDAD4F541CFD9C272A79A0A69@PR1PR07MB4844.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RqdvqtG0adUUqaxA+9dzuDOCv+3cegABvhZ6KSIUc39DutHo6+VYI2pxBGaOM72LzZrmQpzraU/2+rn428nEVsALdR4D36r2oAKT+WsS23tM8e9YNBgrd5e6vhm+opSOOzARUoOOvxNH2KGdXrpIRtD5nAZcZrbJW72llrrhdJL7cRxEsbn1Nt41Sv9e93kEYF0VmVH1x1vOSF9gmP6CgrBiOagF+IHlPseR8WIF8FXsTZngczM3/JxSZQU4h4pVIFsp18cxrGmElMi8LdmEXucmNAyX1HJZBgrhVba5qRwDGYqZXrFwxMNqGyu6T8/f3mH5qvLO3CadKZrKJX3yEP1NFjIbL/BxX767O0HZoCMeKMRxzQY7+RERUoLMX1JeoklVPzYQOtlR3cC9nzIDMujWRKD5LcuNU6IaTbP7cX+pWGlIeDYSfPeQWFt5TTIo6rJ2lCMlecTD76/UZ9BNX8CRCcLZxieY/Dwpt/MgoCQs1PAzTE+Lsfmr/R7/Sk3pBxSwcX2RWjhMjj0Shd4ldJjeqYro8+xLMxWkDclm+637hAuuwjtcFAzRKkKpOVVgMtcy+gcZrA77d3mODkpmgWc/ud5k/0XiKz9cba8lPsh9mtwH95M7PbFPkDstu324J9L+TyL0XhRsH+VBcSy5lRz9jbg7UBY7poP+4V3NH3qtYK0QBa1zCbr0K1WSRd+7AX2o5BlRon+Db8AJkhdSh1g70X3g3YlTCwNCzadzpqKLR7R6X3Kf9U+70/7nqnh28jmDx29eTdPAD2jO95IoOyThdAqZQ7f+ElT4chWgBFSuvLIgCv1d9w9ej3lNFqJh8nbT1eOUE3HdhSFDRqnMpQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(110136005)(316002)(66556008)(66946007)(76116006)(64756008)(66446008)(33656002)(55016003)(66476007)(8676002)(966005)(91956017)(38100700002)(7696005)(6506007)(9686003)(26005)(8936002)(186003)(38070700005)(5660300002)(82960400001)(52536014)(2906002)(508600001)(86362001)(83380400001)(71200400001)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?uMuRMcwi0R+M07zRqQ5q1Ry8TmInbWtrCzORNKStmboxRxqrbHjpIsXY93?= =?iso-8859-1?Q?8LYYB9BnYLdQ3olT3jK7Ab1JhL5U31DqSIrB0+CfbZY0Px433+gS3DyUPE?= =?iso-8859-1?Q?/bOelF/GNryV7jOcV3dNWRiual/PE09ObUfCGrgLBBw8OcvhYbd9wNmmPp?= =?iso-8859-1?Q?MSP3rfzuVRca0QiG6e7ADZO8Gz7CIYUncjThmE6Z9lbe+S+RbtyvgQ248/?= =?iso-8859-1?Q?pP8E8WsnQpv5QQ2Z5bHhtZOXnnnERO4rOiFm6BQrVOh+8bz2KKQ3b+U3+j?= =?iso-8859-1?Q?+v+sAIWcO9AkLoTa/rem6kKCpyf6cLlPHZNgShTOTKl7Sw0HdclxS0/R/v?= =?iso-8859-1?Q?E+/UeWJwmo5awkZKiNxRlEPrz6R84a6HLK5aQbNoW/DWpzYVi0GQUYjRcp?= =?iso-8859-1?Q?V9Evb4XotI/JU7Ea/21xU+dY/EsCQy4BYdwpwQoe7sM2Pq6cUHsWGMKE3K?= =?iso-8859-1?Q?fYrs59DiWKnXgyAz+gqE2q1fKjksx2p8SZ18qmcAIEfp6amqu9q4vuksNX?= =?iso-8859-1?Q?nXGQBSGTvxf4/gsIOLbt5oH9+h/Zo4nmXh7r+3snrnCKMO32Ps9KaJObrV?= =?iso-8859-1?Q?WYV8J5w1OWTGEsKx5yzhnBlon1YwtG9s++z+BpHyxr17jjUhrYMn2X+PbA?= =?iso-8859-1?Q?FRwspJu52abPlEA/BoBoZF8wxklZacATNkmXURXAxzhxyMXwBozGzKcQaT?= =?iso-8859-1?Q?35nWuGmcxG1/Cj3kfSD4O4p1pXIHdK/k6DuUvGQciCO50/MsPMWhOm69lz?= =?iso-8859-1?Q?ZLWXPrvK+G7n0W5kHF8dy0IXlMD5erFbihPeLo1sqQP1RoaCesVB1qJ5er?= =?iso-8859-1?Q?FDVeTMM5mmulNgN5dzOGiDPKa4TVWWsm/DySg9wK8HiIjBXu4MdHvUYxqV?= =?iso-8859-1?Q?vDRG14u49fdAP6RLSZMD3Z8oqTwJAtYsv5WXFJNqCd8JmOD7UI5y/QiHaU?= =?iso-8859-1?Q?xiw2kGVwwI6pCrz+71STL+HEd9it4EwXEkgxZlpZtFyekV7HqEgHA925+E?= =?iso-8859-1?Q?18h2FygHvaWBdBoZ3WEXmXb3PnBX1G5rYEF/1PvfAEbZLYEMYmzWTxa1B1?= =?iso-8859-1?Q?MQCTwl5u+lRePL1odseOPiE6HIfKI0vfsejNkY7EZABWKmkBtkQep6sKBM?= =?iso-8859-1?Q?2VgBTfdAREXgmTOJ9DEcvjlBfh3UPX49UoXWP9eonbJHsFjrQdIkrB0jRm?= =?iso-8859-1?Q?v2NxR67B+JjIr+DqY/LhWN2Zrt48AOKFUjpk7nGF5Gec2T6A1/52rBVBrn?= =?iso-8859-1?Q?jcBcooPch/U+FuPZbgTbRQuWJsrYhSz+7CHxmjJJgmBwdutM2dZJKqsTuw?= =?iso-8859-1?Q?gf8qj7D7IXHaScDUGUsuUqGoRbEM8A7vVKG2bImOBeAoA2DhW0SkzZSBCB?= =?iso-8859-1?Q?y7wozdFIRCSIZDjT7QK8wJNzva7WWmFd2IoxPh5o3UHXF1feGEkQxlz19x?= =?iso-8859-1?Q?ul99MxRJdLfSSaslD1nRkjD5Kmr8TfYxIHr5LSY6syDpAMJ+DrSj30HnA0?= =?iso-8859-1?Q?AgrdzxH+rcqNjd2Xwaw2Qr5KCjAHQip4vdHUI1JdEE/2wzxvMhyxZOVIf8?= =?iso-8859-1?Q?EzjnPefD533Kwnw8Mop3G27nvTARXORvLuwDr9mIQJuEO1sE9vBtRwCC9S?= =?iso-8859-1?Q?3BrKRZcuYKWP/aMGV/nnCIF2cz0MZdb0qhB0AzMahCxacgRh9eIr6i72vJ?= =?iso-8859-1?Q?LaY/bk7Eq8RmoP5zgoJi4k8yQAuZtfAqkTYBTTpZmzaZDUBuAItTI5ZsxU?= =?iso-8859-1?Q?vVrQ4mVzAS6mzFyhhTZp8kEJjuzXYo3VhCz+faOyi3rkV9pgay4KZ/ohfM?= =?iso-8859-1?Q?v6bsyfUMuw=3D=3D?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a30549b-d5a4-4c01-2b61-08da4ac9eafc
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2022 10:13:51.7154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0cSdfDRkSGG16YwJ/EC5lhmWmSvW5PrkO4ZnJZGOc72EG4gR/JkX7sQQMJoYAs6f8p4+G+GuuRLKgS2PjrlxCA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1PR07MB4844
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/xpGbNLuJdn9tv3_mzJpjKyaKv1Q>
Subject: Re: [netmod] Unintended when-expression semantics in many IETF YANG modules
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 10:14:03 -0000

From: netmod <netmod-bounces@ietf.org> on behalf of Ladislav Lhotka <ladislav.lhotka=40nic.cz@dmarc.ietf.org>
Sent: 09 June 2022 10:35

"Jan Lindblad \(jlindbla\)" <jlindbla=40cisco.com@dmarc.ietf.org> writes:

> Hi NETMOD,
>
> A few days ago, as I was looking for examples of when-expressions in standard modules, I stumbled over this in RFC 8944:
>
>      augment "/nw:networks/nw:network" {
>        when '/nw:networks/nw:network/nw:network-types/l2t:l2-topology' {
>          description
>            "Augmentation parameters apply only for networks
>             with L2 topology.";
>        }
>        description
>          "Configuration parameters for the L2 network
>           as a whole.";
>        uses l2-topology-attributes;
>      }
>
> ... and a few other similar constructs in there.
>
> As you can see the when expression is unconstrained when it comes to which network it refers to, which changes the semantics from "Augmentation parameters apply only for networks with L2 topology" as the authors are wishing for to "Augmentation parameters apply to all networks as soon as there is at least one with L2 topology".
>
> Aside from RFC 8944, I also noticed very similar problems in RFC 9094, RFC 8542, RFC 8294, RFC 8513 and RFC 8782. The list may be incomplete.

Yes, I remember flagging this issue in at least one of my YD reviews. I think this also led to the myth that YANG Doctors prefer relative paths to absolute. :-)

>
> What do we do with the broken YANGs modules in these RFCs?

A bis is needed in each case, errata unfortunately won't work.

>
> Since this seems to be a rather frequently occurring issue, are there any mitigation steps we should take in NETMOD, apart from strengthening the YANG Doctor review process?

Hardly anything. It is IMO too late to part with XPath 1.0. On the one hand, it is a complicated beast, unnecessarily for YANG purposes. On the other hand, many YANG module authors don't bother to learn even the basics.

>
> What can we reasonably do to ensure all YANG Doctor reviews catch these valid, but unintended XPath expressions before publication?

Tools cannot help much with "false positive" results of XPath evaluation, we just have to be careful and double-check especially absolute paths.

<tp>

I have had similar issues when commenting on YANG modules such as 'augment' with no 'when' or the 'when' placed too low in the tree and the authors are often not interested.  Their view seems to be that if the server supports the module, then it does not matter in how many places an irrelevant augment may happen. As long as the augment happens where it is needed, what is wrong with a few hundred or few thousand additional ones:-(

Tom Petch

Lada

>
> Best Regards,
> /Jan Lindblad
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

--
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod