[ "${dnsmasq_features#* DNSSEC }" = "$dnsmasq_features" ] || dnsmasq_has_dnssec=1
[ "${dnsmasq_features#* TFTP }" = "$dnsmasq_features" ] || dnsmasq_has_tftp=1
[ "${dnsmasq_features#* ipset }" = "$dnsmasq_features" ] || dnsmasq_has_ipset=1
+ [ "${dnsmasq_features#* nftset }" = "$dnsmasq_features" ] || dnsmasq_has_nftset=1
fi
case "$opt" in
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
[ -z "$dnsmasq_has_ipset" ] ;;
+ nftset)
+ [ -z "$dnsmasq_has_nftset" ] ;;
*)
return 1
esac
xappend "--address=$1"
}
+append_nftset() {
+ xappend "--nftset=$1"
+}
+
append_connmark_allowlist() {
xappend "--connmark-allowlist=$1"
}
xappend "--ipset=$domains/$ipsets"
}
+dnsmasq_nftset_add() {
+ local cfg="$1"
+ local nftsets domains
+
+ add_nftset() {
+ nftsets="${nftsets:+$nftsets,}$1"
+ }
+
+ add_domain() {
+ # leading '/' is expected
+ domains="$domains/$1"
+ }
+
+ config_list_foreach "$cfg" "name" add_nftset
+ config_list_foreach "$cfg" "domain" add_domain
+
+ if [ -z "$nftsets" ] || [ -z "$domains" ]; then
+ return 0
+ fi
+
+ xappend "--nftset=$domains/$nftsets"
+}
+
dnsmasq_start()
{
local cfg="$1"
config_list_foreach "$cfg" "server" append_server
config_list_foreach "$cfg" "rev_server" append_rev_server
config_list_foreach "$cfg" "address" append_address
+ config_list_foreach "$cfg" "nftset" append_nftset
local connmark_allowlist_enable
config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
echo >> $CONFIGFILE_TMP
+ echo >> $CONFIGFILE_TMP
+ config_foreach filter_dnsmasq nftset dnsmasq_nftset_add "$cfg"
+ echo >> $CONFIGFILE_TMP
+
echo >> $CONFIGFILE_TMP
mv -f $CONFIGFILE_TMP $CONFIGFILE
mv -f $HOSTFILE_TMP $HOSTFILE