Baseline Syntax and Policy Checking

This appendix describes the syntax and policy checks performed by the Connectivity Tools parser on the router configuration files when a baseline is created.

Syntax Checks

Following is a list and brief description (where needed) of the syntax checks performed by the Connectivity Tools's parser. The checks are divided into AppleTalk, Frame-Relay, IP, Novell/IPX, SRB, SNA, DLSW, and general categories.

Policy Checking

This section describes the policy checking performed by the Connectivity Tools' parser.

You can have the Connectivity Tools parser program perform additional customized checking on the router configuration files by creating a template file in which you specify an action to be taken when the parser either encounters or does not encounter the command(s) you specify. You should name the template file default.router_template and place it in the data directory where you have placed your baseline(s).

The action specified in the file is taken on the first match. The entries you specify are case insensitive.

To specify the action to be taken when a command is encountered in the router configuration files, you create an entry in a template file using one of the following formats:


`ACTION = warn_if_found or ACTION = warning`

Note Currently, the only action supported is to print a warning message displaying the complete command as it appears in the router configuration file (including its parameters), the router configuration file name, and the line number where the match occurred.

To specify the action to be taken when a command is not encountered in the router configuration files, you create an entry in a template file using the following format:


`action = warn_if_not_found`

Note Currently, the only action supported is to print a warning message displaying the name of the command you specified and the name of the router configuration file(s) where a match did not occur.

Following an action entry in the template file you must specify commands using their entire names, each on a separate line, followed by the parameters, if any, you wish to specify. The parser expects to find a command keyword as the first word in an entry, otherwise the entry is flagged as having an error and the template file is not loaded. A default list of command keywords is located in the $ECSP_HOME/resources/configkeyword file. You can make additional command keywords available to the parser by including them in a file you create. The parser first checks to see if the ECSP_CONFIGKEYWORD environment variable contains a pointer to this file. If it does and the file is readable, the additional command keywords are used by the parser when doing the customized checking. If this environment variable is not set, the parser checks to see if the $HOME/ecsp_configkeyword file exists and is readable. If so, the additional command keywords contained in this file are used by the parser when doing the customized checking.

You can construct regular expressions (RE) when specifying the parameter values to be used during the parser's searching of the router configuration files. The RE is constructed as follows:

any character that is not a special character (see below) matches itself
a backslash (\) character followed by any special character matches the literal character itself
the special characters are:
- plus sign (+)
- asterisk (*)
- question mark (?)
- period (.)
- left bracket ([)
- right bracket (])
- caret (^)
- dollar sign ($)
the period (.) matches any character except the newline
a set of characters enclosed in brackets ([]) is a one-character RE that matches any of the characters within the brackets. A range of characters can be indicated with a dash (-) within the brackets. For example, [1-4] matches any number from one through four. If a caret (^) is the first character specified within the brackets, the RE matches any character except those characters in the set. For example, [^1-4] matches any number other than one through four.

The following rules are used to build a multi-character RE:

a one-character RE followed by an asterisk (*) matches zero or more occurrences of the RE
a one-character RE followed by a plus (+) matches one or more occurrences of the RE
a question mark (?) is an optional element. The preceding RE can occur zero or once in the string, no more
the concatenation of REs is a RE that matches the corresponding concatenation of strings.

As with access lists, the order of the commands listed in the template file is important. You are able to specify multiple commands, each on a separate line, in the file.

Following is a sample from a template file that prints a warning message whenever the two commands are encountered in the router configuration files:


`action = warn_if_found ip helper-address novell routing`

Following is a sample from a template file that prints a warning message whenever the specified command is not encountered in the router configuration files:


`ACTION = warn_if_not_found no ip source-route`

The Connectivity Tools parser places the output from the policy checks you specified in the default.router_template file you created into the $ECSP_HOME/baseline_directory/default.template_warnings file.

For example, if you specified the following action commands in your default.router_template file,


`action = warning ip helper-address action = warn_if_not_found ip source-route action = warn_if_found novell routing`

the format of the information produced by the parser and stored in the default.template_warnings file is as follows:


* List of template constraint violation messages. WARNING Command: ip helper-address 132.108.1.255 found on line: 68 in config file: netsys1 WARNING Command: ip helper-address 132.108.22.172 found on line: 74 in config file: netsys1 WARNING Command: ip helper-address 132.108.1.255 found on line: 28 in config file: netsys4 ... WARNING Command: ip source-route NOT found in config file: netsys1 WARNING Command: ip source-route NOT found in config file: netsys2 ... WARNING Command: novell routing 0000.0c08.94dd found on line: 18 in config file: netsys1 WARNING Command: novell routing 0000.0c04.3a3e found on line: 20 in config file: netsys3 WARNING ** Command: novell routing aa00.0400.0134 found on line: 17 in config file: netsys4

Table of Contents

Baseline Syntax and Policy Checking