From d501e183bd392e04b6ad338b49e7b8b33a4dcb96 Mon Sep 17 00:00:00 2001
From: Mathias Kresin <dev@kresin.me>
Date: Wed, 4 May 2022 21:50:41 +0200
Subject: [PATCH] dnsmasq: add uci-defaults script for ipset migration

When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to server ipset as well as nftable sets from the same configuration.

Signed-off-by: Mathias Kresin <dev@kresin.me>
---
 package/network/services/dnsmasq/Makefile     |  1 +
 .../dnsmasq/files/50-dnsmasq-migrate-ipset.sh | 32 +++++++++++++++++++
 .../services/dnsmasq/files/dnsmasq.init       |  5 ---
 3 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100755 package/network/services/dnsmasq/files/50-dnsmasq-migrate-ipset.sh

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index c5a8930ea7..2d3ac95a38 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -182,6 +182,7 @@ define Package/dnsmasq/install
 	$(INSTALL_DATA) ./files/dnsmasq_acl.json $(1)/usr/share/acl.d/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) ./files/50-dnsmasq-migrate-resolv-conf-auto.sh $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/50-dnsmasq-migrate-ipset.sh $(1)/etc/uci-defaults
 endef
 
 Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install)
diff --git a/package/network/services/dnsmasq/files/50-dnsmasq-migrate-ipset.sh b/package/network/services/dnsmasq/files/50-dnsmasq-migrate-ipset.sh
new file mode 100755
index 0000000000..aba73e7dd4
--- /dev/null
+++ b/package/network/services/dnsmasq/files/50-dnsmasq-migrate-ipset.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+ipsets=$(uci -q get dhcp.@dnsmasq[0].ipset)
+[ -z "$ipsets" ] && exit 0
+
+for ipset in $ipsets; do
+	names=${ipset##*/}
+	domains=${ipset%/*}
+
+	[ -z "$names" ] || [ -z "$domains" ] && continue
+
+	uci add dhcp ipset
+
+	OLDIFS="$IFS"
+
+	IFS=","
+	for name in $names; do
+		uci add_list dhcp.@ipset[-1].name="$name"
+	done
+
+	IFS="/"
+	for domain in ${domains:1}; do
+		uci add_list dhcp.@ipset[-1].domain="$domain"
+	done
+
+	IFS="$OLDIFS"
+
+	uci del_list dhcp.@dnsmasq[0].ipset="$ipset"
+done
+
+uci commit dhcp
+exit 0
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index c4ca3eb2db..755168d840 100755
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -169,10 +169,6 @@ append_address() {
 	xappend "--address=$1"
 }
 
-append_ipset() {
-	xappend "--ipset=$1"
-}
-
 append_connmark_allowlist() {
 	xappend "--connmark-allowlist=$1"
 }
@@ -948,7 +944,6 @@ dnsmasq_start()
 	config_list_foreach "$cfg" "server" append_server
 	config_list_foreach "$cfg" "rev_server" append_rev_server
 	config_list_foreach "$cfg" "address" append_address
-	config_list_foreach "$cfg" "ipset" append_ipset
 
 	local connmark_allowlist_enable
 	config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
-- 
2.30.2