+dnsmasq_ipset_add() {
+ local cfg="$1"
+ local ipsets nftsets domains
+
+ add_ipset() {
+ ipsets="${ipsets:+$ipsets,}$1"
+ }
+
+ add_nftset() {
+ local IFS=,
+ for set in $1; do
+ local fam="$family"
+ [ -n "$fam" ] || fam=$(echo "$set" | sed -nre \
+ 's#^.*[^0-9]([46])$|^.*[-_]([46])[-_].*$|^([46])[^0-9].*$#\1\2\3#p')
+ [ -n "$fam" ] || \
+ fam=$(nft -t list set "$table_family" "$table" "$set" 2>&1 | sed -nre \
+ 's#^\t\ttype .*\bipv([46])_addr\b.*$#\1#p')
+
+ [ -n "$fam" ] || \
+ logger -t dnsmasq "Cannot infer address family from non-existent nftables set '$set'"
+
+ nftsets="${nftsets:+$nftsets,}${fam:+$fam#}$table_family#$table#$set"
+ done
+ }
+
+ add_domain() {
+ # leading '/' is expected
+ domains="$domains/$1"
+ }
+
+ config_get table "$cfg" table 'fw4'
+ config_get table_family "$cfg" table_family 'inet'
+ if [ "$table_family" = "ip" ] ; then
+ family="4"
+ elif [ "$table_family" = "ip6" ] ; then
+ family="6"
+ else
+ config_get family "$cfg" family
+ fi
+
+ config_list_foreach "$cfg" "name" add_ipset
+ config_list_foreach "$cfg" "name" add_nftset
+ config_list_foreach "$cfg" "domain" add_domain
+
+ if [ -z "$ipsets" ] || [ -z "$nftsets" ] || [ -z "$domains" ]; then
+ return 0
+ fi
+
+ xappend "--ipset=$domains/$ipsets"
+ xappend "--nftset=$domains/$nftsets"
+}
+