[Dnsmasq-discuss] dnsmasq Debian 10 ipset nftables
Qi-An Fu
fugoes.qa at gmail.com
Mon Jul 20 15:13:48 BST 2020
Hi,
I implemented this feature with libnftables at
https://github.com/Fugoes/dnsmasq.
It works for ipv4 & ipv6 nftables set, though I haven't done much test.
Here are some notes for this patch:
- libnftables is based on nft's cli protocol:
int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf);
This API does not invoke fork(). The overhead here is just parsing
the command.
libnftables is based on libnftnl, which is based on libmnl. However,
There aren't
many documents for libnftnl.
- It uses a radix-tree-like data structure to search nftables set's
name of a domain.
For more information, check the src/dntree.h file and the src/dntree.c file.
Cheers,
Qi-An Fu
More information about the Dnsmasq-discuss
mailing list