IP::client_addr / netmask addresses in Class (Data Group) - syntax problem

this is mine.

[root@iris:Active] config  b class test list
class test {
   {
      host 1.1.1.1
      network 2.2.2.0/24
   }
}
[root@iris:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
        log local0. "\[class match -- 1.1.1.1 equals test\]: [class match -- 1.1.1.1 equals test]"
        log local0. "\[class match -- 2.2.2.2 equals test\]: [class match -- 2.2.2.2 equals test]"
        log local0. "\[class match -- 3.3.3.3 equals test\]: [class match -- 3.3.3.3 equals test]"        if {![class match -- 1.1.1.1 equals test]} {
                log local0. "!\[class match -- 1.1.1.1 equals test\]: 1"
        } else {
                log local0. "!\[class match -- 1.1.1.1 equals test\]: 0"
        }        if {![class match -- 2.2.2.2 equals test]} {
                log local0. "!\[class match -- 2.2.2.2 equals test\]: 1"
        } else {
                log local0. "!\[class match -- 2.2.2.2 equals test\]: 0"
        }        if {![class match -- 3.3.3.3 equals test]} {
                log local0. "!\[class match -- 3.3.3.3 equals test\]: 1"
        } else {
                log local0. "!\[class match -- 3.3.3.3 equals test\]: 0"
        }
}
}
[root@iris:Active] config  cat /var/log/ltm
Nov  5 08:58:43 local/iris err mcpd[32723]: 01020066:3: The requested rule (myrule) already exists in partition Common.
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : [class match -- 1.1.1.1 equals test]: 1
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : [class match -- 2.2.2.2 equals test]: 1
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : [class match -- 3.3.3.3 equals test]: 0
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : ![class match -- 1.1.1.1 equals test]: 0
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : ![class match -- 2.2.2.2 equals test]: 0
Nov  5 08:58:43 local/tmm info tmm[1609]: Rule myrule : ![class match -- 3.3.3.3 equals test]: 1

Are you saying that it is possible to simply use

[class match ...]

as long as the value in the Class has the prefix "network"?

Hi Arie,

 

 

I have a class that contains a list of IP addresses with a netmask (/x). Initially I tried:

 

 

if { !( [ class match [IP::client_addr] equals class_CampusIPaddresses ] ) } {

 

 

However, that seems to work for 'straight' addresses only (i.e. without netmasks).

 

 

 

You are going to want to use your first working example because it takes the Client IP Address and determines if it would be contained in one of the networks within your subnets listed in "class_CampusIPaddresses".

 

 

It would be a huge assumption to guess the Subnet Mask of an incoming Client IP Address and make an exact match in a Data Group. It's easier to just see if it would be contained in one of the subnets in the Data Group (If so, do this....If not, do something else).

 

 

The reason your second example failed is due to the missing argument (the Client IP Subnet Mask): IP::addr

 

Hope this helps.

 

Are you saying that it is possible to simply use

 

[class match ...]as long as the value in the Class has the prefix "network"?yes, i think so.

can you put some log command in the irule and post the irule along with log here?

As Nitass said the class commands will do a bitwise comparison of a host or network against a datagroup. You just need to specify a type of "address" for the datagroup.

 

 

Aaron