diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-03-31 22:57:03 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-03-31 23:35:08 +0300 |
| commit | 5be79196dab7b352998dc6184b56adc0c7e05c66 (patch) | |
| tree | e0fba7f2180f984b229ac1b6f69bb035c434bdd4 /awall-cli | |
| parent | 8dd40541fa82425f89b514ddf89fa0946932cc62 (diff) | |
| download | awall-5be79196dab7b352998dc6184b56adc0c7e05c66.tar.bz2 awall-5be79196dab7b352998dc6184b56adc0c7e05c66.tar.xz | |
'awall diff' command
Diffstat (limited to 'awall-cli')
| -rwxr-xr-x | awall-cli | 54 |
1 files changed, 46 insertions, 8 deletions
@@ -66,6 +66,16 @@ Dump variable and zone definitions: Verbosity level is an integer in range 0-5 and defaults to 0. +Show difference between modified and saved configurations: + awall diff [-o|--output <dir>] + + Displays the difference in the input policy files and generated + output files since the last 'translate' or 'activate' command. + + When the --output option is used, the updated configuration is + compared to the generated files in the specified directory + (generated by the equivalent 'translate' command). + ]]) os.exit(1) end @@ -109,7 +119,8 @@ if not contains( 'enable', 'disable', 'list', - 'dump' + 'dump', + 'diff' }, mode ) then help() end @@ -191,9 +202,7 @@ if not call( end - local iptables = require('awall.iptables') - - if mode == 'dump' then + local function dump(level) local json = require('cjson') local expinput = input:expand() @@ -206,7 +215,7 @@ if not call( {'variable', 'zone'}, cls ) then - if level == 0 then print(capitalize(cls)..'s:') end + if level == 0 then io.write(capitalize(cls)..'s:\n') end local clsdata = input.data[cls] local items = {} @@ -245,17 +254,45 @@ if not call( util.printtabulars( util.map(items, function(x) return x[2] end) ) - print() + io.write('\n') end end end if level > 4 then config:print() end + end + + local function filedump(file) + io.output(file) + dump(5) + end + + local sysdumpfile = '/var/lib/misc/awall' + local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile + + local iptables = require('awall.iptables') + + + if mode == 'dump' then dump(level) + + elseif mode == 'diff' then + local pid, stdin, stdout = lpc.run( + 'diff', '-w', '--', dumpfile, '/proc/self/fd/0' + ) + + filedump(stdin) + stdin:close() + + lpc.wait(pid) + io.stdout:write(stdout:read('*all')) + stdout:close() + elseif mode == 'translate' then if verify then config:test() end - config:dump(outputdir) - + config:dump(outputdir) + filedump(dumpfile) + elseif mode == 'activate' then local lpc = require('lpc') @@ -316,6 +353,7 @@ if not call( end config:dump() + filedump(sysdumpfile) else if not force then kill() end |