Can you add a class match with omshell?

David W. Hankins David_Hankins at
Wed Jan 7 23:25:10 UTC 2009

On Thu, Jan 08, 2009 at 12:54:44AM +0200, Oleg Gawriloff wrote:
> Thats very bad. In our case, we plan to use isc-dhcp to satisfy address 
> requests from about 10 000 customers. For each customers separate address 
> space (/30) reserved, depending on customer switch port option 82. Without 
> any way to control dhcp config from other sources that its config file 
> (omapi or abandoned isc-dhcp ldap patch) it would be almost impossible. Do 
> you have any suggestions how we could do this?

I think 'permit members of' does try to take a reference of the class,
so the class name has to be valid at config time, or else it's a parse
error.  This can and should be trivially tested by trying it.  Either
it will parse error out, or it will work.

The dhcpd.leases file (that contains OMAPI-inserted classes) is read
after dhcpd.conf.  So the dynamic classes do not exist until after
the config is read, and I think it won't work.

You could pre-engineer the config file in advance of customers being
assigned to option-82 identified switch ports, but you probably would
already have thought of that if it was an option.

One potential workaround may be to use a series of pre-named, "static"
class statements with subclass matching clauses, and pre-assigned
pools (with 'match members of' the class names), and then add dynamic
subclass members via OMAPI.  I don't even know if that's possible
either, like I said the OMAPI class stuff is pretty hazy in my mind.

The problem with this workaround is that subclasses allocate a hash
table to hold the subclass lookups in, into which you're only going
to place one element per class.  It will use an extraordinary amount
of memory unless you alter the sources (look in includes, there are a
series of default hash sizing #defines).

Note that you're already chasing a performance spectre because you're
supposing a large number of class statements.  The classes are
searched linearly (linear search on subclasses, hash search on a
per-class-basis for subclass matches).  So you're looking at an O(n)
scaling CPU sponge at the very start of all DHCP packet processing.

David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <>

More information about the dhcp-users mailing list