Support 64 RPZ zones by default from 9.13 onwards

2025-08-22 10:10:06 +00:00 · 2018-03-01 22:02:59 +05:30 · 2018-03-01 22:02:59 +05:30 · 0e8907be4d
commit 0e8907be4d
parent 30b0b686ad
4 changed files with 6 additions and 17 deletions
--- a/3
+++ b/3
@ -19,9 +19,6 @@ Setting                   Description
                          named-checkzone
 -DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
                          rather than ${localstatedir}/run/named/
-                          Increase the maximum number of configurable
-DNS_RPZ_MAX_ZONES=64     response policy zones from 32 to 64; this is the
-                          highest possible setting
                          Disable the use of inline functions to implement
 -DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
                          may be useful when debugging
--- a/OPTIONS.md
+++ b/OPTIONS.md
@ -23,6 +23,5 @@ Some of these settings are:
 |`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
 |`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
 |`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
-|`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
 |`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
 |`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|
--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@ -76,15 +76,12 @@ typedef enum {

 typedef isc_uint8_t	    dns_rpz_num_t;

-#define DNS_RPZ_MAX_ZONES   32
-#if DNS_RPZ_MAX_ZONES > 32
-# if DNS_RPZ_MAX_ZONES > 64
-#  error "rpz zone bit masks must fit in a word"
-# endif
+#define DNS_RPZ_MAX_ZONES   64
+/*
+ * Type dns_rpz_zbits_t must be an unsigned int wide enough to contain
+ * at least DNS_RPZ_MAX_ZONES bits.
+ */
 typedef isc_uint64_t	    dns_rpz_zbits_t;
-#else
-typedef isc_uint32_t	    dns_rpz_zbits_t;
-#endif

 #define DNS_RPZ_ALL_ZBITS   ((dns_rpz_zbits_t)-1)

--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@ -283,12 +283,10 @@ zbit_to_num(dns_rpz_zbits_t zbit) {

 	REQUIRE(zbit != 0);
 	rpz_num = 0;
-#if DNS_RPZ_MAX_ZONES > 32
-	if ((zbit & 0xffffffff00000000L) != 0) {
+	if ((zbit & 0xffffffff00000000ULL) != 0) {
 		zbit >>= 32;
 		rpz_num += 32;
 	}
-#endif
 	if ((zbit & 0xffff0000) != 0) {
 		zbit >>= 16;
 		rpz_num += 16;
@ -505,9 +503,7 @@ fix_qname_skip_recurse(dns_rpz_zones_t *rpzs) {
 		req_mask |= req_mask >> 4;
 		req_mask |= req_mask >> 8;
 		req_mask |= req_mask >> 16;
-#if DNS_RPZ_MAX_ZONES > 32
 		req_mask |= req_mask >> 32;
-#endif

 		/*
 		 * There's no point in skipping recursion for a later