• IPAM
  • DNS
  • DHCP
  • Resources
  • About

ISC DHCP - Matching Expressions

Expressions may be defined within the ISC DHCP configuration file to enable the assignment of IP addresses and associated parameters based on evaluation of information within the DHCP message from the client or relay agent. These conditions are generally tested by using if-else or if-elsif-else logic. The basic syntax for if statements is:

Simple if

If-else

If-elsif-else

if match-condition {

if match-condition {

if match-condition1 {

statements;

statements;

statements;

}

} else {

} elsif match-condition2 {

statements;

statements;

}

} elsif match-condition3 {

statements;

} else {

statements;

}

Note there are no parentheses surrounding the match-condition unlike some expression languages. The statements may consist of one or more statements, such as setting option values. In the if-elsif-else case, one or more elsif match conditions are possible, with two shown in the above example; the use of else to capture remaining cases is also optional and can be omitted.

Match Condition Testing

Each occurrence of a match-condition described above may be defined using any of the following expressions. The expressions may be built up using server defined functions to analyze portions of the DHCP packet incoming to the server. The result of the function analysis can be considered a data expression which may be evaluated or compared with a fixed value or another expression. This resulting comparison can be considered a boolean expression which can then be compared with another boolean expression. Clearly, the server provides powerful parsing and comparison functionality. We'll start by looking at the functions available to analyze portions of the packet.

  • option option-name '“ returns the value of the specified option within the packet. The option-name corresponds to those specified in the DHCP and DHCPv6 option tables earlier in this chapter.
  • config-option option-name '“ returns the value of the specified option which the server is configured to send.
  • hardware - returns two parameters: hardware type and hardware address from the packet. Valid hardware types are ethernet (1), token-ring (6) and fddi (8).
  • leased-address '“ returns the IP address leased to the client for the packet under consideration, if it has a leased address.
  • lease-time '“ returns the remaining time on the lease associated with the client corresponding to the packet under consideration.
  • host-decl-name '“ returns the name of the host declaration matching the client corresponding to the packet under analysis.
  • substring ( data-expression, offset, length ) '“ returns the value of the data-expression, starting offset bytes from the beginning of the result and including length bytes
    • The term data-expression refers to the output of these functions, or may be a colon-separated byte string in hexadecimal or an ASCII text string (with special backslash characters: \t = tab, \r = carriage return, \n = newline, and \b = bell).

For example let's say the expression evaluates to ABCDEFGH (in ASCII), offset is 3, and length is 4 the result of the substring function would be DEFG.

substring ( 'ABCDEFGH' 3, 4) => 'DEFG'

· suffix ( data-expression, length) '“ returns the last length bytes of the evaluated data-expression.

suffix ('ABCDEFGH', 5) => 'DEFGH'

  • packet (offset, length ) '“ returns the portion of the packet being processing, starting offset bytes from the beginning of the packet and including length bytes, much like the substring function.
  • concat ( data-expression1, '¦ , data-expressionN ) '“ returns a concatenation of the N data-expressions specified or evaluated. If any data-experession evaluates to null, the output of the function is null.
  • reverse ( numeric-expression, data-expression) '“ evaluates the data-expression, then reverses this result in quantities of bytes determined by the evaluation of the numeric-expression. For example, reverse ( 3, 'ABCDEFGH') => 'FGHCDEAB'.
  • binary-to-ascii (numeric-expression1, numeric-expression2, data-expression1, data-expression2) '“ evaluates data-expression2, converts this result into an ASCII text string of numbers of base numeric-expression1 by evaluating numeric-expression2 bits of the evaluated data-expression2, then separates each number with data-expression1. A key application of this function is to convert a binary IP address (e.g., leased-address) into the familiar dotted decimal format. For example if leased-address is [00001010 00011110 00000000 00000101], then

binary-to-ascii (10 8, '.', leased-address) yields 10.30.0.5

numeric-expression1 must evaluate to values between 2-16 inclusive and numeric-expression2 must evaluate to either 8, 16, or 32.

  • encode-int ( numeric-expression, width ) '“ evaluates the numeric-expression and encodes the result as a hexadecimal data string of length width.
  • pick-first-value ( data-expression1 [, '¦ , data-expressionN ) '“ returns the first evaluated data-expression that returns a non-null value. If for example, data-expression1 evaluates to a non-null value, it is returned and the remaining data-expressions are ignored. If data-expression1 evaluates to null, data-expression2 is evaluated if present; if it too evaluates to null, data-expression3 is evaluated if present and so on.
  • extract-int ( data-expression, width ) '“ returns an integer value of width bits from the evaluation of data-expression. The width parameter may have values 8, 16, or 32.
  • client-state '“ returns the state of the client corresponding to the packet under consideration. Valid values include:
    • Booting
    • Reboot
    • Select
    • Request
    • Bound
    • Renew
    • Rebind

Logical Operations

The evaluation result of any of these functions would comprise a data expression which may be an integer, set of bytes or option parameter value. These may be used for further processing, including comparison with another data expression, fixed value or performance of logical operations.

  • Data equality: data-expression1 = data-expression2 returns true if these data expressions are equal.

Example: if option dhcp-user-class = 'operations' { }

  • Boolean AND: boolean-expression1 and boolean-expression2 returns true if both boolean expressions are true, false if either or both are false, and null if either or both are null.

Example: if option dhcp-user-class = 'operations' and option dhcp-vendor-class = 'voip' { }

  • Boolean OR: boolean-expression1 or boolean-expression2 returns true if either expression is true, false if both expressions are false or both are true, or null either either or both are null.

Example: if option dhcp-user-class = 'operations' or option dhcp-vendor-class = 'voip' { }

  • Boolean NOT: not boolean-expression returns true if the expression is false and false if the expression evaluates to true.

Example: if not option domain-name = 'ipamworldwide.com' { }

  • Exists: exists option-name returns true if the specified option exists in the DHCP packet being processed.

Example: if exists option www-server { }

  • Known: known returns true if the client for which the DHCP packet being processed has a host declaration.

Example: if known { }

  • Static: static returns true if the lease corresponding to the client for which the DHCP packet being processed has a host declaration with a fixed address(es); i.e, a M-DHCP or bootp client.

Example if static { }

Back to client class declarations