lhs OP rhsConditional Comparisons
Syntax
The most common use-case for conditions is to perform comparisons.
The comparisons are composed of three pieces. First, the lhs is the
left-hand side of the comparison. This can be an
&Attribute-Name or data. Second, the
OP is an operator, commonly == or <=. It is used to control
how the two other portions of the condition are compared. Finally,
the rhs is the right-hand side of the comparison. It can be an
&Attribute-Name, data, or
(depending on OP) a regular expression.
The Left Side of a Comparison
The left side of a comparison can be an
&Attribute-Name or data. The data
type of the left side determines how the OP operator performs its
comparison.
Casting
In some situations, it is useful to force the left side to be interpreted as a particular data type.
|
Note
|
The data types used by the cast must be a type taken from the RADIUS
dictionaries, e.g., ipaddr, integer, etc. These types are not the
same as the data types used in the
configuration files.
|
Syntax
lhs OP rhs The cast text can be any one of the standard RADIUS dictionary data
types, as with the following example:
Example
&Class == 127.0.0.1 In this example, the Class attribute is treated as if it was an IPv4
address and is compared to the address 127.0.0.1
Casting is most useful when the left side of a comparison is a dynamically expanded string. The cast ensures that the comparison is done in a type-safe manner, instead of performing a string comparison.
Example
`/bin/echo 00` == 0 In this example, the output of the echo program is interpreted as an
integer. It is then compared to the right side via integer
comparisons. Since the integer 00 is equivalent to the integer 0,
the comparison will match. If the comparison had been performed via
string equality checks, then because the strings 00 and 0 are different, the comparison would not match.
A cast can only appear on the left side of a comparison expression. Casts cannot be used on the right side of comparison expressions.
The Comparison Operators
The comparison operators are given below.
| Operator | Description |
|---|---|
< |
less than |
<= |
less than or equals |
== |
equals |
!= |
not equals |
>= |
greater than or equals |
> |
greater than |
regular expression matches |
|
regular expression does not match |
The comparison operators perform type-specific comparisons. The only exceptions are the regular expression operators, which interpret the left side as a printable string.
The type-specific comparisons operate as expected for most data types. The only exception is data types that are IP addresses or IP address prefixes. For those data types, the comparisons are done via the following rules:
-
Any unqualified IP address is assumed to have a /32 prefix (IPv4) or a /128 prefix (IPv6).
-
If the prefixes of the left and right sides are equal, then the comparisons are performed on the IP address portion.
-
If the prefixes of the left and right sides are not equal, then the comparisons are performed as set membership checks.
These rules allow conditions such as 192.0.2.1 < 192.0.2/24. This
condition will return true, as the IP address 192.0.2.1' is within
the network `192.0.2/24.
The Right Side of a Comparison
The right side of a comparison can be an &Attribute-Name or data.