Data group list checks in v11

Try something like this (untested):

    set lookupname [class lookup [IP::client_addr] sample_list]
    if { $lookupname eq "" } {
         ip address not in list
    } else {
       if { $lookupname eq $username } {
          Do something
       } else {
           wrong ip for this user
       }
    }
 

You might be asking for trouble doing this though. You are limiting each ip address to one user, so if you have two users behind a proxy you're stuck. Reversing the class and test doesn't help much, as a client may be behind a pool of proxies, multiple gateways, or have a dynamically assigned address.

Hi

 

 

I have noticed that there is also a restriction on the data you can put in a data group list (as you cant have the same address/string (IP) twice):

 

 

“192.168.1.1” := "fred_jones"

 

"192.168.1.1" := "Paul_jones"

 

"192.168.1.2" := "fred_jones"

 

 

The requested string class member (/Common/sample_list 192.168.1.1) already exists in partition Common.

 

 

So this only allows a 1 to 1 relationship. So i don't think this can be done using the same data group list. Possibly with two data group lists.

I'd have thought two would do it but it's a shame, I was unaware that duplicates were not possible, thanks for the info.

You can add the two values for the same IP to one entry:

"192.168.1.1" := "fred_jones|Paul_jones"

When you do the lookup, you can split the value on the delimiter and check each sub-value:

http://www.tcl.tk/man/tcl8.4/TclCmd/split.htm

foreach name [split $value "|"] {
   if {$name eq $user_name}{
       ...
   }
}

Aaron

Thanks hoolio

If you're using values that contain no spaces then you can just use space as the separator and gain direct list functions:

 

 

 

when RULE_INIT {

 

set lookupname [class lookup 192.168.1.1 test]

 

log local0. "lookupname $lookupname"

 

foreach name $lookupname {

 

log local0. "name $name"

 

}

 

log local0. "james_a [lsearch $lookupname "james_a"]"

 

log local0. "john_b [lsearch $lookupname "john_b"]"

 

log local0. "george_k [lsearch $lookupname "george_k"]"

 

log local0. "james_a [lsearch [class lookup 192.168.1.1 test] "james_a"]"

 

if { [expr {[lsearch [class lookup 192.168.1.1 test] "james_a"] + 1}] } {

 

log local0. "james_a exists"

 

} else {

 

log local0. "james_a does not exist"

 

}

 

if { [expr {[lsearch [class lookup 192.168.1.1 test] "george_k"] + 1}] } {

 

log local0. "george_k exists"

 

} else {

 

log local0. "george_k does not exist"

 

}

 

}

 

 

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : lookupname james_a john_b fred_c

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : name james_a

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : name john_b

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : name fred_c

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : james_a 0

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : john_b 1

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : george_k -1

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : james_a 0

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : james_a exists

 

Nov 20 21:20:18 bigip1 info tmm[29813]: Rule /Common/test_r : george_k does not exist

 

That's a handy option James. Nice work!

 

 

Aaron

You could probably also use matchclass and findclass against the result if it's space delimited to check for a match or get the match value.

 

 

Aaron

for the instruction:

 

 

set lookupname [class lookup $user sample_list]

 

 

how can i make this find partial values? i.e. if i was looking for just "_jones"

 

 

"fred_jones" := “192.168.1.1|192.168.1.2”

 

"Paul_jones" := "192.168.1.2"

 

 

thanks