#!/usr/bin/env ruby

# -------------------------------------------------------------------------- #
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org)             #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

#------------------------------------------------------------------------------
# Configuration Options for the script. Change it to fit your installation
#------------------------------------------------------------------------------
CONF = {
  :ebtables => "sudo /sbin/ebtables",
  :brctl => "/usr/sbin/brctl"
}
#------------------------------------------------------------------------------

RULE_TYPES=[
    /-i ([\w\.\-]+) /,
    /-o ([\w\.\-]+) /
]

#------------------------------------------------------------------------------
# Applies a given rule to the ebtables
#------------------------------------------------------------------------------
def deactivate(rule)
    system "#{CONF[:ebtables]} -D #{rule}"
end
#------------------------------------------------------------------------------

#------------------------------------------------------------------------------
# Gets the interfaces attached to a given bridge
#------------------------------------------------------------------------------
def get_interfaces
    brctl_exit =`#{CONF[:brctl]} show`
    brctl_exit.split("\n")[1..-1].collect{|l| l.split.last }
end
#------------------------------------------------------------------------------

#------------------------------------------------------------------------------
# Gets the interfaces attached to a given bridge
#------------------------------------------------------------------------------
def get_rules
    rules = Array.new

    RULE_TYPES.each do |reg|
        ebtables_exit = `#{CONF[:ebtables]} -L FORWARD`

        rules << ebtables_exit.split("\n")[3..-1].collect do |l|
            line = l.strip
            m    = line.match(reg)

            if m
                interface=m[1]
                {
                    :interface  => interface, 
                    :rule       => line
                }
            else
                nil
            end
        end.compact
    end

    rules.flatten
end

###############################################################################
# Main
###############################################################################

# on "done", it waits a bit until the tap is detached from the bridge
sleep 1

interfaces = get_interfaces
all_rules  = get_rules

all_rules.each do |rule|
    if !interfaces.include?(rule[:interface])
        deactivate("FORWARD #{rule[:rule]}") 
    end
end

