What Kristian and I discussed, what Sonal and I had discussed, and what I
thought we had accepted as a proposed change was something like:
choice source-port-range-or-operator {
case range {
leaf source-port-lower {
type inet:port-number;
must ". <= ../source-port-upper" {
error-message
"The source-port-lower must be less than or equal to
source-port-upper";
}
mandatory true;
description
"Lower boundary for port.";
}
leaf source-port-upper {
type inet:port-number;
mandatory true;
description
"Lower boundary for port.";
}
}
case operator {
leaf source-operator {
type operator;
mandatory true;
}
leaf source-port {
type inet:port-number;
mandatory true;
description
"Port value to match.";
}
}
}
…and with the same pattern for the destination. The type “operator” was defined
as:
typedef operator {
type enumeration {
enum lte {
description
"Less than or equal to.";
}
enum gte {
description
"Greater than or equal to.";
}
enum eq {
description
"Equal to.";
}
enum neq {
description
"Not equal to.";
}
}
Cheers,
Einar
On 27 Feb 2018, at 09:20, Eliot Lear <l...@cisco.com<mailto:l...@cisco.com>>
wrote:
This edit doesn't seem correct to me because now we have a choice with a single
case, with range having been removed. Can we please revert and proceed?
On 26.02.18 20:24, Mahesh Jethanandani wrote:
A pull request to address LC, shepherd, this and the other comments, including
derived-from(), can be reviewed here:
https://github.com/netmod-wg/acl-model/pull/24
Thanks.
On Feb 26, 2018, at 12:15 AM, Eliot Lear
<l...@cisco.com<mailto:l...@cisco.com>> wrote:
On 26.02.18 06:55, Mahesh Jethanandani wrote:
PS: And this is not a shepherd directive, but I found the whole
"source-port-range-or-operator" syntax clumsy. I'm surprised
it didn't look something like:
OLD
<source-port-range-or-operator>
<port-range-or-operator>
<range>
<lower-port>16384</lower-port>
<upper-port>65535</upper-port>
</range>
</port-range-or-operator>
</source-port-range-or-operator>
<source-port-range-or-operator>
<port-range-or-operator>
<operator>
<operator>eq</operator>
<port>21</port>
</operator>
</port-range-or-operator>
</source-port-range-or-operator>
NEW
<source-port>
<range>
<lower>16384</lower>
<upper>65535</upper>
</range>
</source-port>
<source-port>
<operator>
<operator>eq</operator>
<port>21</port>
</operator>
</source-port>
Did you try making the change in the model to see if it work? It will complain
that <range> is already used within the container and that it cannot be
repeated (for destination-port).
<KENT> No, I did not, nor do I intend to get that deep into it. But I recall
that Kristian made the same comment before, and was making pull requests
before, so maybe he can suggest something?
Kristian’s suggestion requires changing the module. It is not an editorial
change. And that change will have an impact on the MUD draft, which has been
sent for publication.
As it happens, we found a bug in our augment statements, and so we will need to
rev one more time. If the change can be made quickly, I can live with it.
Eliot
Mahesh Jethanandani
mjethanand...@gmail.com<mailto:mjethanand...@gmail.com>
_______________________________________________
netmod mailing list
netmod@ietf.org<mailto:netmod@ietf.org>
https://www.ietf.org/mailman/listinfo/netmod
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
