Commit 5be79196 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

'awall diff' command

parent 8dd40541
......@@ -66,6 +66,16 @@ Dump variable and zone definitions:
Verbosity level is an integer in range 0-5 and defaults to 0.
Show difference between modified and saved configurations:
awall diff [-o|--output <dir>]
Displays the difference in the input policy files and generated
output files since the last 'translate' or 'activate' command.
When the --output option is used, the updated configuration is
compared to the generated files in the specified directory
(generated by the equivalent 'translate' command).
]])
os.exit(1)
end
......@@ -109,7 +119,8 @@ if not contains(
'enable',
'disable',
'list',
'dump'
'dump',
'diff'
},
mode
) then help() end
......@@ -191,9 +202,7 @@ if not call(
end
local iptables = require('awall.iptables')
if mode == 'dump' then
local function dump(level)
local json = require('cjson')
local expinput = input:expand()
......@@ -206,7 +215,7 @@ if not call(
{'variable', 'zone'},
cls
) then
if level == 0 then print(capitalize(cls)..'s:') end
if level == 0 then io.write(capitalize(cls)..'s:\n') end
local clsdata = input.data[cls]
local items = {}
......@@ -245,17 +254,45 @@ if not call(
util.printtabulars(
util.map(items, function(x) return x[2] end)
)
print()
io.write('\n')
end
end
end
if level > 4 then config:print() end
end
local function filedump(file)
io.output(file)
dump(5)
end
local sysdumpfile = '/var/lib/misc/awall'
local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
local iptables = require('awall.iptables')
if mode == 'dump' then dump(level)
elseif mode == 'diff' then
local pid, stdin, stdout = lpc.run(
'diff', '-w', '--', dumpfile, '/proc/self/fd/0'
)
filedump(stdin)
stdin:close()
lpc.wait(pid)
io.stdout:write(stdout:read('*all'))
stdout:close()
elseif mode == 'translate' then
if verify then config:test() end
config:dump(outputdir)
config:dump(outputdir)
filedump(dumpfile)
elseif mode == 'activate' then
local lpc = require('lpc')
......@@ -316,6 +353,7 @@ if not call(
end
config:dump()
filedump(sysdumpfile)
else
if not force then kill() end
......
......@@ -138,7 +138,7 @@ end
function M.Config:print()
self.ipset:print()
print()
io.write('\n')
self.iptables:print()
end
......
......@@ -30,8 +30,8 @@ end
function IPSet:print()
for _, name in sortedkeys(self.config) do
self:dumpfile(name, io.stdout)
io.stdout:write('\n')
self:dumpfile(name, io.output())
io.write('\n')
end
end
......
......@@ -40,14 +40,14 @@ local BaseIPTables = class()
function BaseIPTables:print()
for _, family in sortedkeys(families) do
self:dumpfile(family, io.stdout)
print()
self:dumpfile(family, io.output())
io.write('\n')
end
end
function BaseIPTables:dump(dir)
for family, tbls in pairs(families) do
local file = io.output(dir..'/'..families[family].file)
local file = io.open(dir..'/'..families[family].file, 'w')
self:dumpfile(family, file)
file:close()
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment