From e4df90e614b9ecb9d3dc312c95238dc38b2f775d Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 13 Jul 2012 13:20:16 +0000
Subject: show generated rules per configuration object in level 4 dump ordered
 rules shown at level 5

---
 awall-cli       | 55 +++++++++++++++++++++++++++++++------------------------
 awall/model.lua | 10 ++++++++++
 2 files changed, 41 insertions(+), 24 deletions(-)

diff --git a/awall-cli b/awall-cli
index 16d565c..ec3a7c9 100755
--- a/awall-cli
+++ b/awall-cli
@@ -60,7 +60,7 @@ List optional policies:
 Dump variable and zone definitions:
     awall dump [level]
 
-    Verbosity level is an integer in range 0-4 and defaults to 0.
+    Verbosity level is an integer in range 0-5 and defaults to 0.
 
 ]])
    os.exit()
@@ -128,19 +128,27 @@ if util.contains({'disable', 'enable'}, mode) then
 end
 
 
-config = policyset:load()
+input = policyset:load()
 
-if mode == 'dump' then
-   level = 0 + (arg[opind] or 0)
+if mode == 'dump' then level = 0 + (arg[opind] or 0) end
+
+if mode ~= 'dump' or level > 3 then
+   awall.loadmodules(basedir)
+   config = awall.Config.new(input)
+end
 
+
+require 'awall.iptables'
+
+if mode == 'dump' then
    require 'json'
-   expconfig = config:expand()
+   expinput = input:expand()
 
    function capitalize(cls)
       return string.upper(string.sub(cls, 1, 1))..string.sub(cls, 2, -1)
    end
 
-   for cls, objs in pairs(config.data) do
+   for cls, objs in pairs(input.data) do
       if level > 2 or (level == 2 and cls ~= 'service') or util.contains({'variable',
 									  'zone'},
 									 cls) then
@@ -148,15 +156,25 @@ if mode == 'dump' then
 	 
 	 items = {}
 	 for k, v in pairs(objs) do
-	    exp = expconfig[cls][k]
+	    exp = expinput[cls][k]
 	    expj = json.encode(exp)
-	    src = config.source[cls][k]
+	    src = input.source[cls][k]
+
 	    if level == 0 then table.insert(items, {k, expj, src})
+
 	    else
-	       table.insert(items,
-			    {k, {{capitalize(cls)..' '..k, json.encode(v)},
-				 {'('..src..')',
-				  util.compare(exp, v) and '' or '-> '..expj}}})
+	       data = {{capitalize(cls)..' '..k, json.encode(v)},
+		       {'('..src..')',
+			util.compare(exp, v) and '' or '-> '..expj}}
+
+	       if level > 3 then
+		  obj = config.objects[cls][k]
+		  if type(obj) == 'table' and obj.info then
+		     util.extend(data, obj:info())
+		  end
+	       end
+
+	       table.insert(items, {k, data})
 	    end
 	 end
 	 table.sort(items, function(a, b) return a[1] < b[1] end)
@@ -170,18 +188,7 @@ if mode == 'dump' then
       end
    end
 
-   if level < 4 then os.exit() end
-end
-
-
-require 'awall.iptables'
-awall.loadmodules(basedir)
-
-config = awall.Config.new(config)
-
-
-if mode == 'dump' then
-   config:print()
+   if level > 4 then config:print() end
 
 elseif mode == 'translate' then
    if verify then config:test() end
diff --git a/awall/model.lua b/awall/model.lua
index 6f08409..2813d8b 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -37,6 +37,16 @@ function ConfigObject:error(msg) error(self.location..': '..msg) end
 
 function ConfigObject:trules() return {} end
 
+function ConfigObject:info()
+   local res = {}
+   for i, trule in ipairs(self:trules()) do
+      table.insert(res,
+		   {'  '..trule.family..'/'..trule.table..'/'..trule.chain,
+		    trule.opts})
+   end
+   return res
+end
+
 
 Zone = class(ConfigObject)
 
-- 
cgit v1.2.3