'awall diff' command

4 files changed, 52 insertions, 14 deletions

diff --git a/awall-cli b/awall-cli
index 69ab3e9..1c794c7 100755
--- a/awall-cli
+++ b/awall-cli
@@ -66,6 +66,16 @@ Dump variable and zone definitions:
 
     Verbosity level is an integer in range 0-5 and defaults to 0.
 
+Show difference between modified and saved configurations:
+    awall diff [-o|--output <dir>]
+
+    Displays the difference in the input policy files and generated
+    output files since the last 'translate' or 'activate' command.
+
+    When the --output option is used, the updated configuration is
+    compared to the generated files in the specified directory
+    (generated by the equivalent 'translate' command).
+
 ]])
    os.exit(1)
 end
@@ -109,7 +119,8 @@ if not contains(
       'enable',
       'disable',
       'list',
-      'dump'
+      'dump',
+      'diff'
    },
    mode
 ) then help() end
@@ -191,9 +202,7 @@ if not call(
       end
 
 
-      local iptables = require('awall.iptables')
-
-      if mode == 'dump' then
+      local function dump(level)
 	 local json = require('cjson')
 	 local expinput = input:expand()
 
@@ -206,7 +215,7 @@ if not call(
 	       {'variable', 'zone'},
 	       cls
 	    ) then
-	       if level == 0 then print(capitalize(cls)..'s:') end
+	       if level == 0 then io.write(capitalize(cls)..'s:\n') end
 
 	       local clsdata = input.data[cls]
 	       local items = {}
@@ -245,17 +254,45 @@ if not call(
 		  util.printtabulars(
 		     util.map(items, function(x) return x[2] end)
 		  )
-		  print()
+		  io.write('\n')
 	       end
 	    end
 	 end
 
 	 if level > 4 then config:print() end
+      end
+
+      local function filedump(file)
+	 io.output(file)
+	 dump(5)
+      end
+
+      local sysdumpfile = '/var/lib/misc/awall'
+      local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
+
 
+      local iptables = require('awall.iptables')
+
+
+      if mode == 'dump' then dump(level)
+
+      elseif mode == 'diff' then
+	 local pid, stdin, stdout = lpc.run(
+	    'diff', '-w', '--', dumpfile, '/proc/self/fd/0'
+	 )
+
+	 filedump(stdin)
+	 stdin:close()
+
+	 lpc.wait(pid)
+	 io.stdout:write(stdout:read('*all'))
+	 stdout:close()
+   
       elseif mode == 'translate' then
 	 if verify then config:test() end
-	 config:dump(outputdir)
-   
+	 config:dump(outputdir)	 
+	 filedump(dumpfile)
+
       elseif mode == 'activate' then
 
 	 local lpc = require('lpc')
@@ -316,6 +353,7 @@ if not call(
 	    end
 
 	    config:dump()
+	    filedump(sysdumpfile)
 
 	 else
 	    if not force then kill() end
diff --git a/awall/init.lua b/awall/init.lua
index 74bf0ad..42b25e6 100644
--- a/awall/init.lua
+++ b/awall/init.lua
@@ -138,7 +138,7 @@ end
 
 function M.Config:print()
    self.ipset:print()
-   print()
+   io.write('\n')
    self.iptables:print()
 end
 
diff --git a/awall/ipset.lua b/awall/ipset.lua
index 5f4423e..8a3e041 100644
--- a/awall/ipset.lua
+++ b/awall/ipset.lua
@@ -30,8 +30,8 @@ end
 
 function IPSet:print()
    for _, name in sortedkeys(self.config) do
-      self:dumpfile(name, io.stdout)
-      io.stdout:write('\n')
+      self:dumpfile(name, io.output())
+      io.write('\n')
    end
 end
 
diff --git a/awall/iptables.lua b/awall/iptables.lua
index fccdd80..ef53706 100644
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -40,14 +40,14 @@ local BaseIPTables = class()
 
 function BaseIPTables:print()
    for _, family in sortedkeys(families) do
-      self:dumpfile(family, io.stdout)
-      print()
+      self:dumpfile(family, io.output())
+      io.write('\n')
    end
 end
 
 function BaseIPTables:dump(dir)
    for family, tbls in pairs(families) do
-      local file = io.output(dir..'/'..families[family].file)
+      local file = io.open(dir..'/'..families[family].file, 'w')
       self:dumpfile(family, file)
       file:close()
    end