1dhcp-eval(5) File Formats Manual dhcp-eval(5)
2
6 dhcp-eval - ISC DHCP conditional evaluation
7
9 The Internet Systems Consortium DHCP client and server both provide the
10 ability to perform conditional behavior depending on the contents of
11 packets they receive. The syntax for specifying this conditional be‐
12 haviour is documented here.
13
15 Conditional behaviour is specified using the if statement and the else
16 or elsif statements. A conditional statement can appear anywhere that
17 a regular statement (e.g., an option statement) can appear, and can
18 enclose one or more such statements. A typical conditional statement
19 in a server might be:
20 if option dhcp-user-class = "accounting" {
22 max-lease-time 17600;
23 option domain-name "accounting.example.org";
24 option domain-name-servers ns1.accounting.example.org,
25 ns2.accounting.example.org;
26 } elsif option dhcp-user-class = "sales" {
27 max-lease-time 17600;
28 option domain-name "sales.example.org";
29 option domain-name-servers ns1.sales.example.org,
30 ns2.sales.example.org;
31 } elsif option dhcp-user-class = "engineering" {
32 max-lease-time 17600;
33 option domain-name "engineering.example.org";
34 option domain-name-servers ns1.engineering.example.org,
35 ns2.engineering.example.org;
36 } else {
37 max-lease-time 600;
38 option domain-name "misc.example.org";
39 option domain-name-servers ns1.misc.example.org,
40 ns2.misc.example.org;
41 }
42 On the client side, an example of conditional evaluation might be:
44 # example.org filters DNS at its firewall, so we have to use their DNS
46 # servers when we connect to their network. If we are not at
47 # example.org, prefer our own DNS server.
48 if not option domain-name = "example.org" {
49 prepend domain-name-servers 127.0.0.1;
50 }
51 The if statement and the elsif continuation statement both take boolean
53 expressions as their arguments. That is, they take expressions that,
54 when evaluated, produce a boolean result. If the expression evaluates
55 to true, then the statements enclosed in braces following the if state‐
56 ment are executed, and all subsequent elsif and else clauses are
57 skipped. Otherwise, each subsequent elsif clause's expression is
58 checked, until an elsif clause is encountered whose test evaluates to
59 true. If such a clause is found, the statements in braces following it
60 are executed, and then any subsequent elsif and else clauses are
61 skipped. If all the if and elsif clauses are checked but none of their
62 expressions evaluate true, then if there is an else clause, the state‐
63 ments enclosed in braces following the else are evaluated. Boolean
64 expressions that evaluate to null are treated as false in conditionals.
65
67 The following is the current list of boolean expressions that are sup‐
68 ported by the DHCP distribution.
69 data-expression-1 = data-expression-2
71 The = operator compares the values of two data expressions, returning
73 true if they are the same, false if they are not. If either the
74 left-hand side or the right-hand side are null, the result is also
75 null.
76 data-expression-1 ~= data-expression-2 data-expression-1 ~~ data-
78 expression-2
79 The ~= and ~~ operators (not available on all systems) perform
81 extended regex(7) matching of the values of two data expressions,
82 returning true if data-expression-1 matches against the regular
83 expression evaluated by data-expression-2, or false if it does not
84 match or encounters some error. If either the left-hand side or the
85 right-hand side are null or empty strings, the result is also false.
86 The ~~ operator differs from the ~= operator in that it is case-
87 insensitive.
88 boolean-expression-1 and boolean-expression-2
90 The and operator evaluates to true if the boolean expression on the
92 left-hand side and the boolean expression on the right-hand side both
93 evaluate to true. Otherwise, it evaluates to false. If either the
94 expression on the left-hand side or the expression on the right-hand
95 side are null, the result is null.
96 boolean-expression-1 or boolean-expression-2
98 The or operator evaluates to true if either the boolean expression on
100 the left-hand side or the boolean expression on the right-hand side
101 evaluate to true. Otherwise, it evaluates to false. If either the
102 expression on the left-hand side or the expression on the right-hand
103 side are null, the result is null.
104 not boolean-expression
106 The not operator evaluates to true if boolean-expression evaluates to
108 false, and returns false if boolean-expression evaluates to true. If
109 boolean-expression evaluates to null, the result is also null.
110 exists option-name
112 The exists expression returns true if the specified option exists in
114 the incoming DHCP packet being processed.
115 known
116 The known expression returns true if the client whose request is cur‐
118 rently being processed is known - that is, if there's a host declara‐
119 tion for it.
120 static
121 The static expression returns true if the lease assigned to the
123 client whose request is currently being processed is derived from a
124 static address assignment.
125
127 Several of the boolean expressions above depend on the results of eval‐
128 uating data expressions. A list of these expressions is provided here.
129 substring (data-expr, offset, length)
131 The substring operator evaluates the data expression and returns the
133 substring of the result of that evaluation that starts offset bytes
134 from the beginning, continuing for length bytes. Offset and length
135 are both numeric expressions. If data-expr, offset or length evalu‐
136 ate to null, then the result is also null. If offset is greater than
137 or equal to the length of the evaluated data, then a zero-length data
138 string is returned. If length is greater then the remaining length
139 of the evaluated data after offset, then a data string containing all
140 data from offset to the end of the evaluated data is returned.
141 suffix (data-expr, length)
143 The suffix operator evaluates data-expr and returns the last length
145 bytes of the result of that evaluation. Length is a numeric expres‐
146 sion. If data-expr or length evaluate to null, then the result is
147 also null. If suffix evaluates to a number greater than the length
148 of the evaluated data, then the evaluated data is returned.
149 lcase (data-expr)
151 The lcase function returns the result of evaluating data-expr con‐
153 verted to lower case. If data-expr evaluates to null, then the
154 result is also null.
155 ucase (data-expr)
157 The ucase function returns the result of evaluating data-expr con‐
159 verted to upper case. If data-expr evaluates to null, then the
160 result is also null.
161 option option-name
163 The option operator returns the contents of the specified option in
165 the packet to which the server is responding.
166 config-option option-name
168 The config-option operator returns the value for the specified option
170 that the DHCP client or server has been configured to send.
171 gethostname()
173 The gethostname() function returns a data string whose contents are a
175 character string, the results of calling gethostname() on the local
176 system with a size limit of 255 bytes (not including NULL termina‐
177 tor). This can be used for example to configure dhclient to send the
178 local hostname without knowing the local hostname at the time
179 dhclient.conf is written.
180 hardware
182 The hardware operator returns a data string whose first element is
184 the type of network interface indicated in packet being considered,
185 and whose subsequent elements are client's link-layer address. If
186 there is no packet, or if the RFC2131 hlen field is invalid, then the
187 result is null. Hardware types include ethernet (1), token-ring (6),
188 and fddi (8). Hardware types are specified by the IETF, and details
189 on how the type numbers are defined can be found in RFC2131 (in the
190 ISC DHCP distribution, this is included in the doc/ subdirectory).
191 packet (offset, length)
193 The packet operator returns the specified portion of the packet being
195 considered, or null in contexts where no packet is being considered.
196 Offset and length are applied to the contents packet as in the sub‐
197 string operator.
198 string
200 A string, enclosed in quotes, may be specified as a data expression,
202 and returns the text between the quotes, encoded in ASCII. The back‐
203 slash ('\') character is treated specially, as in C programming: '\t'
204 means TAB, '\r' means carriage return, '\n' means newline, and '\b'
205 means bell. Any octal value can be specified with '\nnn', where nnn
206 is any positive octal number less than 0400. Any hexadecimal value
207 can be specified with '\xnn', where nn is any positive hexadecimal
208 number less than or equal to 0xff.
209 colon-separated hexadecimal list
211 A list of hexadecimal octet values, separated by colons, may be spec‐
213 ified as a data expression.
214 concat (data-expr1, ..., data-exprN)
216 The expressions are evaluated, and the results of each evaluation are
217 concatenated in the sequence that the subexpressions are listed. If
218 any subexpression evaluates to null, the result of the concatenation
219 is null.
220 reverse (numeric-expr1, data-expr2)
222 The two expressions are evaluated, and then the result of evaluating
223 the data expression is reversed in place, using hunks of the size
224 specified in the numeric expression. For example, if the numeric
225 expression evaluates to four, and the data expression evaluates to
226 twelve bytes of data, then the reverse expression will evaluate to
227 twelve bytes of data, consisting of the last four bytes of the the
228 input data, followed by the middle four bytes, followed by the first
229 four bytes.
230 leased-address
232 In any context where the client whose request is being processed has
233 been assigned an IP address, this data expression returns that IP
234 address. In any context where the client whose request is being pro‐
235 cessed has not been assigned an ip address, if this data expression
236 is found in executable statements executed on that client's behalf, a
237 log message indicating "there is no lease associated with this
238 client" is syslogged to the debug level (this is considered
239 dhcpd.conf debugging information).
240 binary-to-ascii (numeric-expr1, numeric-expr2, data-expr1, data-expr2)
242 Converts the result of evaluating data-expr2 into a text string con‐
243 taining one number for each element of the result of evaluating data-
244 expr2. Each number is separated from the other by the result of
245 evaluating data-expr1. The result of evaluating numeric-expr1 speci‐
246 fies the base (2 through 16) into which the numbers should be con‐
247 verted. The result of evaluating numeric-expr2 specifies the width
248 in bits of each number, which may be either 8, 16 or 32.
249 As an example of the preceding three types of expressions, to produce
251 the name of a PTR record for the IP address being assigned to a
252 client, one could write the following expression:
253 concat (binary-to-ascii (10, 8, ".",
255 reverse (1, leased-address)),
256 ".in-addr.arpa.");
257 encode-int (numeric-expr, width)
260 Numeric-expr is evaluated and encoded as a data string of the speci‐
261 fied width, in network byte order (most significant byte first). If
262 the numeric expression evaluates to the null value, the result is
263 also null.
264 pick-first-value (data-expr1 [ ... exprn ] )
266 The pick-first-value function takes any number of data expressions as
267 its arguments. Each expression is evaluated, starting with the first
268 in the list, until an expression is found that does not evaluate to a
269 null value. That expression is returned, and none of the subsequent
270 expressions are evaluated. If all expressions evaluate to a null
271 value, the null value is returned.
272 host-decl-name
274 The host-decl-name function returns the name of the host declaration
275 that matched the client whose request is currently being processed,
276 if any. If no host declaration matched, the result is the null
277 value.
278
280 Numeric expressions are expressions that evaluate to an integer. In
281 general, the maximum size of such an integer should not be assumed to
282 be representable in fewer than 32 bits, but the precision of such inte‐
283 gers may be more than 32 bits.
284 extract-int (data-expr, width)
286 The extract-int operator extracts an integer value in network byte
288 order from the result of evaluating the specified data expression.
289 Width is the width in bits of the integer to extract. Currently, the
290 only supported widths are 8, 16 and 32. If the evaluation of the
291 data expression doesn't provide sufficient bits to extract an integer
292 of the specified size, the null value is returned.
293 lease-time
295 The duration of the current lease - that is, the difference between
297 the current time and the time that the lease expires.
298 number
300 Any number between zero and the maximum representable size may be
302 specified as a numeric expression.
303 client-state
305 The current state of the client instance being processed. This is
307 only useful in DHCP client configuration files. Possible values are:
308 · Booting - DHCP client is in the INIT state, and does not yet have
310 an IP address. The next message transmitted will be a DHCPDIS‐
311 COVER, which will be broadcast.
312 · Reboot - DHCP client is in the INIT-REBOOT state. It has an IP
314 address, but is not yet using it. The next message to be transmit‐
315 ted will be a DHCPREQUEST, which will be broadcast. If no response
316 is heard, the client will bind to its address and move to the BOUND
317 state.
318 · Select - DHCP client is in the SELECTING state - it has received at
320 least one DHCPOFFER message, but is waiting to see if it may
321 receive other DHCPOFFER messages from other servers. No messages
322 are sent in the SELECTING state.
323 · Request - DHCP client is in the REQUESTING state - it has received
325 at least one DHCPOFFER message, and has chosen which one it will
326 request. The next message to be sent will be a DHCPREQUEST mes‐
327 sage, which will be broadcast.
328 · Bound - DHCP client is in the BOUND state - it has an IP address.
330 No messages are transmitted in this state.
331 · Renew - DHCP client is in the RENEWING state - it has an IP
333 address, and is trying to contact the server to renew it. The next
334 message to be sent will be a DHCPREQUEST message, which will be
335 unicast directly to the server.
336 · Rebind - DHCP client is in the REBINDING state - it has an IP
338 address, and is trying to contact any server to renew it. The next
339 message to be sent will be a DHCPREQUEST, which will be broadcast.
340
342 log (priority, data-expr)
343 Logging statements may be used to send information to the standard
345 logging channels. A logging statement includes an optional priority
346 (fatal, error, info, or debug), and a data expression.
347 Logging statements take only a single data expression argument, so if
349 you want to output multiple data values, you will need to use the
350 concat operator to concatenate them.
351 execute (command-path [, data-expr1, ... data-exprN]);
353 The execute statement runs an external command. The first argument
355 is a string literal containing the name or path of the command to
356 run. The other arguments, if present, are either string literals or
357 data- expressions which evaluate to text strings, to be passed as
358 command-line arguments to the command.
359 execute is synchronous; the program will block until the external
361 command being run has finished. Please note that lengthy program
362 execution (for example, in an "on commit" in dhcpd.conf) may result
363 in bad performance and timeouts. Only external applications with
364 very short execution times are suitable for use.
365 Passing user-supplied data to an external application might be dan‐
367 gerous. Make sure the external application checks input buffers for
368 validity. Non-printable ASCII characters will be converted into
369 dhcpd.conf language octal escapes ("\nnn"), make sure your external
370 command handles them as such.
371 It is possible to use the execute statement in any context, not only
373 on events. If you put it in a regular scope in the configuration
374 file you will execute that command every time a scope is evaluated.
375
377 See the dhcpd.conf and dhclient.conf man pages for more information
378 about DDNS.
379
381 dhcpd.conf(5), dhcpd.leases(5), dhclient.conf(5), dhcp-options(5),
382 dhcpd(8), dhclient(8), RFC2132, RFC2131.
383
385 The Internet Systems Consortium DHCP Distribution was written by Ted
386 Lemon under a contract with Vixie Labs. Funding for this project was
387 provided through Internet Systems Consortium. Information about Inter‐
388 net Systems Consortium can be found at https://www.isc.org.
389 dhcp-eval(5)