Manual Chapter :
Tcl Usage
Applies To:
Show Versions
BIG-IP APM
- 17.0.0, 16.1.5, 16.1.2, 16.1.1, 16.1.0
Tcl Usage
About Tcl usage in APM
The Tcl programming language can be used for writing advanced branch rules in the visual policy
editor, and for assigning variables to custom expressions in the Variable Assign action.
Use of Tcl is optional; it provides an alternative to using the expression builder (in the
visual policy editor), and to using other options provided by the Variable Assign action.
Tcl syntax notes
Access Policy Manager (APM) supports standard Tcl
syntax and additional commands and operators listed in the table.
Standard Tcl Syntax
APM supports the various facilities provided by the
Tcl language; for example, loops (while
, foreach
, and so
on), conditions (ifelse
, switch
, and so on), functions
(proc
), and built-in Tcl commands (strings
,
split
, and so on), as well as various Tcl operators.Additional commands and operators
In addition to standard Tcl syntax, APM supports these commands and operators:
- mcgetcommand
- Rule operators: A rule operator compares two operands in an expression.
- Logical operators: A logical operator compares two values in an expression.
iRules on the BIG-IP system
can provide functionality to the BIG-IP system components. However, Tcl commands that are
specific to iRules are not available in access policy rules.
Command or Operator |
Type |
Description |
|---|---|---|
mcget |
Command |
mcget is an abbreviation for: get the session variable from the
memory cache. Access Policy Manager (APM)
stores all session variables generated in a session in its memory cache. When evaluating a
branch rule, APM accesses session variables from system memory using the Tcl command
mcget . |
contains |
Rule operator |
Tests whether one string contains another string. |
ends _with |
Rule operator |
Tests whether one string ends with another string. |
equals |
Rule operator |
Tests whether one string equals another string. |
matches |
Rule operator |
Tests whether one string matches another string. |
matches_regex |
Rule operator |
Tests whether one string matches a regular expression. |
starts_with |
Rule operator |
Tests whether one string starts_with another string. |
switch |
Rule operator |
Evaluates one of several scripts, depending on a given value. |
and |
Logical operator |
Performs a logical and comparison between two values. |
not |
Logical operator |
Performs a logical not action on a value. |
or |
Logical operator |
Performs a logical or comparison between two values. |
Tcl examples
These tables describe the syntax elements for the Tcl examples.
Using mcget
[
mcget
{
session.ssl.cert.cn
} ]
Syntax element |
Value |
Description |
|---|---|---|
Brackets |
[ ] |
The brackets [ ] that enclose the entire command are the Tcl notation for command
evaluation. |
Command name |
mcget |
This command gets the session variable from the memory cache. |
Braces |
{ } |
Braces enclose the session variable. |
Session variable name |
session.ssl.cert.cn |
Session variables that are generated during a session are stored in memory
cache. |
Checking a certificate field
expr
{ [
mcget
{
session.ssl.cert.OU
} ]contains "PD" }
This expression checks whether the Organizational Unit (OU) field of a user certificate
contains the text PD.
Syntax element |
Value |
Description |
|---|---|---|
Command name |
expr |
The Tcl language specifies that an expression begin with the syntax
expr . |
Rule operator |
contains |
This operator checks for the string PD. |
Return values |
0 or 1 |
0 usually indicates failure, while 1 usually indicates success. |
