wgctl/commands/activity/show.sh
Nuno Duque Nunes f61bc59446 feat: block/unblock migration, help.sh optimization
- commands/block/: block.sh, show.sh, helpers.sh
- commands/unblock/: unblock.sh, show.sh, helpers.sh
- flag::define array type: --ip[], --subnet[], --port[], --service[]
- help.sh: use pre-cached _FLAG_C_* arrays instead of flag::_parse_constraints
- remove flag::_parse_constraints/flag::_constraint_get calls from help.sh
- adopt local var; var=value pattern for safe assignment
2026-05-30 12:31:41 +00:00

71 lines
No EOL
2.9 KiB
Bash

#!/usr/bin/env bash
# commands/activity/show.sh
function cmd::activity::show::on_load() {
command::mixin json_output [section="Output"]
help::section "Filters"
flag::define --peer value "Filter by peer name" [label="name", section="Filters"]
flag::define --type value "Filter by device type" [label="type", section="Filters"]
flag::define --service value "Filter by service" [label="service", section="Filters"]
flag::define --ip value "Filter by destination IP" [label="ip", section="Filters"]
flag::define --hours value "Hours to look back" [default=24, type=int, min=0, section="Filters"]
flag::define --exclude-service[] "Exclude service from output" [label="service", section="Filters"]
flag::define --include-service[] "Override excluded service" [label="service", section="Filters"]
help::section "Display"
flag::define --accept bool "Show only accepted traffic" [section="Display"]
flag::define --drop bool "Show only firewall drops" [section="Display"]
flag::define --external bool "Show only external traffic" [section="Display"]
flag::define --ports bool "Show raw IP:port annotations" [section="Display"]
flag::exclusive --accept --drop
}
function cmd::activity::show::run() {
flag::parse "$@" || return 1
local filter_peer; filter_peer=$(flag::value --peer)
local filter_service; filter_service=$(flag::value --service)
local filter_ip; filter_ip=$(flag::value --ip)
local filter_type; filter_type=$(flag::value --type)
local hours; hours=$(flag::value --hours)
local accept_only=false drop_only=false external_only=false show_ports=false
flag::bool --accept && accept_only=true
flag::bool --drop && drop_only=true
flag::bool --external && external_only=true
flag::bool --ports && show_ports=true
# Build exclusion list — remove any --include-service entries
local -a exclude_services=() include_services=()
while IFS= read -r svc; do
[[ -n "$svc" ]] && exclude_services+=("$svc")
done < <(flag::array --exclude-service)
while IFS= read -r svc; do
[[ -n "$svc" ]] && include_services+=("$svc")
done < <(flag::array --include-service)
local -a final_excludes=()
for svc in "${exclude_services[@]:-}"; do
local included=false
for inc in "${include_services[@]:-}"; do
[[ "$svc" == "$inc" ]] && included=true && break
done
$included || final_excludes+=("$svc")
done
local exclude_str=""
[[ ${#final_excludes[@]} -gt 0 ]] && \
exclude_str=$(IFS=' '; echo "${final_excludes[*]}")
if command::json; then
cmd::activity::_output_json "$hours"
return 0
fi
cmd::activity::_impl \
"$filter_peer" "$filter_service" "$filter_ip" "$filter_type" \
"$hours" "$accept_only" "$drop_only" "$external_only" \
"$show_ports" "$exclude_str"
}