#! /usr/bin/perl

# reads in list of ip address and makes iptables rules to drop ecn from packets
# destined for those hosts.

use strict;
use warnings;
use LWP;

my $enc_ip_list_url = "http://urchin.earth.li/cgi-bin/ecn.pl?output=ip";

if($#ARGV != 0 || ($ARGV[0] ne "start" && $ARGV[0] ne "stop"))
{
	my $basename = $0;
	$basename =~ s/.+\///g;
	die "usage: $basename {start|stop}\n";
}
my $arg = $ARGV[0] eq "start" ? "-A" : "-D";


my $agent = new LWP::UserAgent;
my $request = HTTP::Request->new(GET => $enc_ip_list_url);
my $response = $agent->request($request);
die "error getting enc ip list: $enc_ip_list_url\n" unless $response->is_success;

my $ip;
foreach $ip (split('\n', $response->content))
{
	die "malformed ip: $ip\n" unless $ip =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/;
	system( "iptables -t mangle $arg POSTROUTING -p tcp -d $ip -j ECN --ecn-tcp-remove");
}

# schallee/at/darkmist_net