- flag::define: variadic constraint args (key:value) instead of bracket string - flag::_parse_constraints_from_args: replaces flag::_parse_and_cache - flag::set_constraint: Option B syntax for post-definition constraints - choices separator: comma (choices:split,full) — no quoting needed - guard against empty _CURRENT_COMMAND in exclusive groups lookup - migrate all commands to new constraint syntax - add helpful error for unknown constraint args
71 lines
No EOL
2.9 KiB
Bash
71 lines
No EOL
2.9 KiB
Bash
#!/usr/bin/env bash
|
|
# commands/activity/show.sh
|
|
|
|
function cmd::activity::show::on_load() {
|
|
command::mixin json_output [section="Output"]
|
|
|
|
help::section "Filters"
|
|
flag::define --peer value "Filter by peer name" label:name section:Filters
|
|
flag::define --type value "Filter by device type" label:type section:Filters
|
|
flag::define --service value "Filter by service" label:service section:Filters
|
|
flag::define --ip value "Filter by destination IP" label:ip section:Filters
|
|
flag::define --hours value "Hours to look back" default:24 type:int min:0 section:Filters
|
|
flag::define --exclude-service[] "Exclude service from output" label:service section:Filters
|
|
flag::define --include-service[] "Override excluded service" label:service section:Filters
|
|
|
|
help::section "Display"
|
|
flag::define --accept bool "Show only accepted traffic" section:Display
|
|
flag::define --drop bool "Show only firewall drops" section:Display
|
|
flag::define --external bool "Show only external traffic" section:Display
|
|
flag::define --ports bool "Show raw IP:port annotations" section:Display
|
|
|
|
flag::exclusive --accept --drop
|
|
}
|
|
|
|
function cmd::activity::show::run() {
|
|
flag::parse "$@" || return 1
|
|
|
|
local filter_peer; filter_peer=$(flag::value --peer)
|
|
local filter_service; filter_service=$(flag::value --service)
|
|
local filter_ip; filter_ip=$(flag::value --ip)
|
|
local filter_type; filter_type=$(flag::value --type)
|
|
local hours; hours=$(flag::value --hours)
|
|
local accept_only=false drop_only=false external_only=false show_ports=false
|
|
|
|
flag::bool --accept && accept_only=true
|
|
flag::bool --drop && drop_only=true
|
|
flag::bool --external && external_only=true
|
|
flag::bool --ports && show_ports=true
|
|
|
|
# Build exclusion list — remove any --include-service entries
|
|
local -a exclude_services=() include_services=()
|
|
while IFS= read -r svc; do
|
|
[[ -n "$svc" ]] && exclude_services+=("$svc")
|
|
done < <(flag::array --exclude-service)
|
|
while IFS= read -r svc; do
|
|
[[ -n "$svc" ]] && include_services+=("$svc")
|
|
done < <(flag::array --include-service)
|
|
|
|
local -a final_excludes=()
|
|
for svc in "${exclude_services[@]:-}"; do
|
|
local included=false
|
|
for inc in "${include_services[@]:-}"; do
|
|
[[ "$svc" == "$inc" ]] && included=true && break
|
|
done
|
|
$included || final_excludes+=("$svc")
|
|
done
|
|
|
|
local exclude_str=""
|
|
[[ ${#final_excludes[@]} -gt 0 ]] && \
|
|
exclude_str=$(IFS=' '; echo "${final_excludes[*]}")
|
|
|
|
if command::json; then
|
|
cmd::activity::_output_json "$hours"
|
|
return 0
|
|
fi
|
|
|
|
cmd::activity::_impl \
|
|
"$filter_peer" "$filter_service" "$filter_ip" "$filter_type" \
|
|
"$hours" "$accept_only" "$drop_only" "$external_only" \
|
|
"$show_ports" "$exclude_str"
|
|
} |