#!/usr/bin/python

# ferm rule:
#    daddr 172.22.118.10
#            proto tcp dport 22 tcp-flags (SYN ACK FIN RST) SYN
#            mod state state NEW
#            mod limit limit 1/minute limit-burst 1
#            NFLOG nflog-group 1371 nflog-prefix "ssh to valiant";

import dpkt, nflog, socket, subprocess, sys, time
import optparse

NFLOG_GROUP = 1371

def cb(payload):
	#print payload
	#print payload.__dict__

	#print "payload len ", payload.get_length()
	data = payload.get_data()
	pkt = dpkt.ip.IP(data)
	#print "proto:", pkt.p
	#print "source: %s" % socket.inet_ntoa(pkt.src)
	#print "dest: %s" % socket.inet_ntoa(pkt.dst)
	#if pkt.p == dpkt.ip.IP_PROTO_TCP:
	# 	print "  sport: %s" % pkt.tcp.sport
	# 	print "  dport: %s" % pkt.tcp.dport

	#return 1
	print "[%s] python callback called because of %s!"%(time.strftime("%Y-%m-%d %H:%M:%S"), socket.inet_ntoa(pkt.src))
	subprocess.call(['wakeonlan', MAC])
	subprocess.call(['ip', 'neigh', 'replace', IPADDR, 'lladdr', MAC, 'nud', 'stale', 'dev', INTERFACE])
	sys.stdout.flush()

parser = optparse.OptionParser()
parser.set_usage("%prog <mac addr> <ip addr> <interface>")
(options, args) = parser.parse_args()

if len(args) != 3:
    parser.print_help()
    sys.exit(1)
MAC = args[0]
IPADDR = args[1]
INTERFACE = args[2]


l = nflog.log()

print "setting callback"
l.set_callback(cb)

print "open"
l.fast_open(NFLOG_GROUP, socket.AF_INET)

print "trying to run"
try:
	l.try_run()
except KeyboardInterrupt, e:
	print "interrupted"


print "unbind"
l.unbind(socket.AF_INET)

print "close"
l.close()