elear
commented
5 years ago Ranga, we should just verify that this issue is fixed on mudmaker.org. At some point we will merge in the python version. i think @lstn may have fixed this in that code.
Open ranganathanm opened 5 years ago
elear
commented
5 years ago Ranga, we should just verify that this issue is fixed on mudmaker.org. At some point we will merge in the python version. i think @lstn may have fixed this in that code.
lstn
commented
5 years ago It should be fixed in the PHP version: mfg-name should be optional #14 The RFC states that mfg-name should be an optional field, not required.
It's also optional in lstn/muddy
ranganathanm
commented
5 years ago @lstn I think the RFC is talking about the mfg-name in the top of the mud file. This is a descriptive name. In the ACE, the manufacturer name is the "authority" part of the MUD URL. Not sure how to interpret an empty mfg name. Such a manufacturer would have illegal MUD URLS (with an empty authority section). Moreover, how do I interpret an empty Access Control List ? I think this is a bug. Mudmaker (and also muddy) should insist on a manufacturer name.
I entered a null (no value) for the manufacturer when generating a MUD file. I got the following MUD file:
{ "ietf-mud:mud": { "mud-version": 1, "mud-url": "https://sensor.nist.local/foo", "last-update": "2019-07-18T18:01:06+00:00", "cache-validity": 48, "is-supported": true, "systeminfo": "test device", "mfg-name": "NIST", "documentation": "https://www.nist.local", "model-name": "foo", "from-device-policy": { "access-lists": { "access-list": [ { "name": "mud-63570-v4fr" } ] } }, "to-device-policy": { "access-lists": { "access-list": [ { "name": "mud-63570-v4to" } ] } } }, "ietf-access-control-list:acls": { "acl": [ { "name": "mud-63570-v4to", "type": "ipv4-acl-type", "aces": { "ace": [ ] } }, { "name": "mud-63570-v4fr", "type": "ipv4-acl-type", "aces": { "ace": [ ] } } ] } }