CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset \
+ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc \
define Package/dnsmasq-full
$(call Package/dnsmasq/Default)
- TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Conntrack, NO_ID enabled by default)
+ TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, Nftset, Conntrack, NO_ID enabled by default)
DEPENDS+=+PACKAGE_dnsmasq_full_dnssec:libnettle \
+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset \
- +PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack
+ +PACKAGE_dnsmasq_full_conntrack:libnetfilter-conntrack \
+ +PACKAGE_dnsmasq_full_nftset:nftables-json
VARIANT:=full
PROVIDES:=dnsmasq
endef
config PACKAGE_dnsmasq_full_ipset
bool "Build with IPset support."
default y
+ config PACKAGE_dnsmasq_full_nftset
+ bool "Build with Nftset support."
+ default y
config PACKAGE_dnsmasq_full_conntrack
bool "Build with Conntrack support."
default y
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) \
+ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_nftset),-DHAVE_NFTSET,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_conntrack),-DHAVE_CONNTRACK,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_broken_rtc),-DHAVE_BROKEN_RTC) \
[ "${dnsmasq_features#* DNSSEC }" = "$dnsmasq_features" ] || dnsmasq_has_dnssec=1
[ "${dnsmasq_features#* TFTP }" = "$dnsmasq_features" ] || dnsmasq_has_tftp=1
[ "${dnsmasq_features#* ipset }" = "$dnsmasq_features" ] || dnsmasq_has_ipset=1
+ [ "${dnsmasq_features#* nftset }" = "$dnsmasq_features" ] || dnsmasq_has_nftset=1
fi
case "$opt" in
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
[ -z "$dnsmasq_has_ipset" ] ;;
+ nftset)
+ [ -z "$dnsmasq_has_nftset" ] ;;
*)
return 1
esac
xappend "--address=$1"
}
+append_nftset() {
+ xappend "--nftset=$1"
+}
+
append_connmark_allowlist() {
xappend "--connmark-allowlist=$1"
}
xappend "--ipset=$domains/$ipsets"
}
+dnsmasq_nftset_add() {
+ local cfg="$1"
+ local nftsets domains
+
+ add_nftset() {
+ nftsets="${nftsets:+$nftsets,}$1"
+ }
+
+ add_domain() {
+ # leading '/' is expected
+ domains="$domains/$1"
+ }
+
+ config_list_foreach "$cfg" "name" add_nftset
+ config_list_foreach "$cfg" "domain" add_domain
+
+ if [ -z "$nftsets" ] || [ -z "$domains" ]; then
+ return 0
+ fi
+
+ xappend "--nftset=$domains/$nftsets"
+}
+
dnsmasq_start()
{
local cfg="$1"
config_list_foreach "$cfg" "server" append_server
config_list_foreach "$cfg" "rev_server" append_rev_server
config_list_foreach "$cfg" "address" append_address
+ config_list_foreach "$cfg" "nftset" append_nftset
local connmark_allowlist_enable
config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
echo >> $CONFIGFILE_TMP
+ echo >> $CONFIGFILE_TMP
+ config_foreach filter_dnsmasq nftset dnsmasq_nftset_add "$cfg"
+ echo >> $CONFIGFILE_TMP
+
echo >> $CONFIGFILE_TMP
mv -f $CONFIGFILE_TMP $CONFIGFILE
mv -f $HOSTFILE_TMP $HOSTFILE