#!/usr/bin/env python
# -*- coding: iso-8859-1 -*-

# Dinko Korunic 'kreator', 2006.
# conntrack-killer.py
# script for deleting the given IP in conntrack tables for Linux 2.6

# uses conntrack utility from:
#   http://netfilter.org/projects/conntrack/index.html

"""This program performs a simple search for given IP in Linux kernel's
conntrack tables and removes all such contrack entries.

It uses conntrack utility from Netfilter project available at:
<URL:http://netfilter.org/projects/conntrack/index.html>.
"""

# History:
# 1.0 - Initial release

__copyright__ = """Copyright (C) 2005  Dinko Korunic, InfoMAR d.o.o.

This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
"""

__version__ = '1.0'

import re
import os
import sys


listcmd = ['conntrack -L --orig-src %s', 'conntrack -L --orig-dst %s']
delcmd = 'conntrack -D -p %(proto)s --orig-src %(src)s --orig-dst %(dst)s --orig-port-src %(sport)s --orig-port-dst %(dport)s'
regex = '^(\w+)\s+.*src=(\S+)\s+.*dst=(\S+)\s+.*sport=(\S+)\s+.*dport=(\S+)\s+'

def kill(ip):
    """Performs a simple search for IP in conntrack, destroying every
    found record
    """
    match_re = re.compile(regex, re.IGNORECASE)

    for cmd in listcmd:
        pipeout, pipe = os.popen4(cmd % ip)

        try:
            for line in pipe:
                match = match_re.match(line)
                if match:
                    proto, src, dst, sport, dport = match.groups()
                    os.system(delcmd % locals())
        finally:
            pipe.close()
            pipeout.close()

        try:
            pid, sts = os.wait()
        except OSError:
            pass

def main(argv = None):
    if argv is None:
        argv = sys.argv

    if len(argv) != 2:
        print '%s: Missing one and only argument -- IP to delete from conntrack' % sys.argv[0]
        return 1

    kill(argv[1])
    return 0

if __name__ == '__main__':
    sys.exit(main())