Mukund Sivaraman · Mukund Sivaraman · cde5857f · cde5857f · cde5857f · cde5857f
7 changed files
--- a/OPTIONS
+++ b/OPTIONS
@@ -19,9 +19,6 @@ Setting                   Description
                          named-checkzone
 -DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
                          rather than ${localstatedir}/run/named/
-                          Increase the maximum number of configurable
-DNS_RPZ_MAX_ZONES=64     response policy zones from 32 to 64; this is the
-                          highest possible setting
                          Disable the use of inline functions to implement
 -DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
                          may be useful when debugging

--- a/OPTIONS.md
+++ b/OPTIONS.md
@@ -23,6 +23,5 @@ Some of these settings are:
 |`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
 |`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
 |`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
-|`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
 |`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
 |`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|
--- a/bin/tests/system/rpzrecurse/ns2/named.max.conf
+++ b/bin/tests/system/rpzrecurse/ns2/named.max.conf
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+    zone "." {
+	type hint;
+	file "root.hint";
+    };
+
+    # policy configuration to be tested
+    response-policy {
+	zone "max1";
+	zone "max2";
+	zone "max3";
+	zone "max4";
+	zone "max5";
+	zone "max6";
+	zone "max7";
+	zone "max8";
+	zone "max9";
+	zone "max10";
+	zone "max11";
+	zone "max12";
+	zone "max13";
+	zone "max14";
+	zone "max15";
+	zone "max16";
+	zone "max17";
+	zone "max18";
+	zone "max19";
+	zone "max20";
+	zone "max21";
+	zone "max22";
+	zone "max23";
+	zone "max24";
+	zone "max25";
+	zone "max26";
+	zone "max27";
+	zone "max28";
+	zone "max29";
+	zone "max30";
+	zone "max31";
+	zone "max32";
+	zone "max33";
+	zone "max34";
+	zone "max35";
+	zone "max36";
+	zone "max37";
+	zone "max38";
+	zone "max39";
+	zone "max40";
+	zone "max41";
+	zone "max42";
+	zone "max43";
+	zone "max44";
+	zone "max45";
+	zone "max46";
+	zone "max47";
+	zone "max48";
+	zone "max49";
+	zone "max50";
+	zone "max51";
+	zone "max52";
+	zone "max53";
+	zone "max54";
+	zone "max55";
+	zone "max56";
+	zone "max57";
+	zone "max58";
+	zone "max59";
+	zone "max60";
+	zone "max61";
+	zone "max62";
+	zone "max63";
+	zone "max64";
+    } qname-wait-recurse no
+	nsdname-enable yes
+	nsip-enable yes;
+
+    # policy zones to be tested
+    zone "max1" { type master; file "db.max1.local"; };
+    zone "max2" { type master; file "db.max2.local"; };
+    zone "max3" { type master; file "db.max3.local"; };
+    zone "max4" { type master; file "db.max4.local"; };
+    zone "max5" { type master; file "db.max5.local"; };
+    zone "max6" { type master; file "db.max6.local"; };
+    zone "max7" { type master; file "db.max7.local"; };
+    zone "max8" { type master; file "db.max8.local"; };
+    zone "max9" { type master; file "db.max9.local"; };
+    zone "max10" { type master; file "db.max10.local"; };
+    zone "max11" { type master; file "db.max11.local"; };
+    zone "max12" { type master; file "db.max12.local"; };
+    zone "max13" { type master; file "db.max13.local"; };
+    zone "max14" { type master; file "db.max14.local"; };
+    zone "max15" { type master; file "db.max15.local"; };
+    zone "max16" { type master; file "db.max16.local"; };
+    zone "max17" { type master; file "db.max17.local"; };
+    zone "max18" { type master; file "db.max18.local"; };
+    zone "max19" { type master; file "db.max19.local"; };
+    zone "max20" { type master; file "db.max20.local"; };
+    zone "max21" { type master; file "db.max21.local"; };
+    zone "max22" { type master; file "db.max22.local"; };
+    zone "max23" { type master; file "db.max23.local"; };
+    zone "max24" { type master; file "db.max24.local"; };
+    zone "max25" { type master; file "db.max25.local"; };
+    zone "max26" { type master; file "db.max26.local"; };
+    zone "max27" { type master; file "db.max27.local"; };
+    zone "max28" { type master; file "db.max28.local"; };
+    zone "max29" { type master; file "db.max29.local"; };
+    zone "max30" { type master; file "db.max30.local"; };
+    zone "max31" { type master; file "db.max31.local"; };
+    zone "max32" { type master; file "db.max32.local"; };
+    zone "max33" { type master; file "db.max33.local"; };
+    zone "max34" { type master; file "db.max34.local"; };
+    zone "max35" { type master; file "db.max35.local"; };
+    zone "max36" { type master; file "db.max36.local"; };
+    zone "max37" { type master; file "db.max37.local"; };
+    zone "max38" { type master; file "db.max38.local"; };
+    zone "max39" { type master; file "db.max39.local"; };
+    zone "max40" { type master; file "db.max40.local"; };
+    zone "max41" { type master; file "db.max41.local"; };
+    zone "max42" { type master; file "db.max42.local"; };
+    zone "max43" { type master; file "db.max43.local"; };
+    zone "max44" { type master; file "db.max44.local"; };
+    zone "max45" { type master; file "db.max45.local"; };
+    zone "max46" { type master; file "db.max46.local"; };
+    zone "max47" { type master; file "db.max47.local"; };
+    zone "max48" { type master; file "db.max48.local"; };
+    zone "max49" { type master; file "db.max49.local"; };
+    zone "max50" { type master; file "db.max50.local"; };
+    zone "max51" { type master; file "db.max51.local"; };
+    zone "max52" { type master; file "db.max52.local"; };
+    zone "max53" { type master; file "db.max53.local"; };
+    zone "max54" { type master; file "db.max54.local"; };
+    zone "max55" { type master; file "db.max55.local"; };
+    zone "max56" { type master; file "db.max56.local"; };
+    zone "max57" { type master; file "db.max57.local"; };
+    zone "max58" { type master; file "db.max58.local"; };
+    zone "max59" { type master; file "db.max59.local"; };
+    zone "max60" { type master; file "db.max60.local"; };
+    zone "max61" { type master; file "db.max61.local"; };
+    zone "max62" { type master; file "db.max62.local"; };
+    zone "max63" { type master; file "db.max63.local"; };
+    zone "max64" { type master; file "db.max64.local"; };
+};
--- a/bin/tests/system/rpzrecurse/setup.sh
+++ b/bin/tests/system/rpzrecurse/setup.sh
@@ -47,6 +47,24 @@ copy_setports ns3/named2.conf.in ns3/named2.conf

 copy_setports ns4/named.conf.in ns4/named.conf

+# setup policy zones for a 64-zone test
+i=1
+while test $i -le 64
+do
+    echo "\$TTL 60" > ns2/db.max$i.local
+    echo "@ IN SOA root.ns ns 1996072700 3600 1800 86400 60" >> ns2/db.max$i.local
+    echo "     NS ns" >> ns2/db.max$i.local
+    echo "ns   A 127.0.0.1" >> ns2/db.max$i.local
+
+    j=1
+    while test $j -le $i
+    do
+	echo "name$j A 10.53.0.$i" >> ns2/db.max$i.local
+	j=`expr $j + 1`
+    done
+    i=`expr $i + 1`
+done
+
 # decide whether to test DNSRPS
 $SHELL ../rpz/ckdnsrps.sh $TEST_DNSRPS $DEBUG
 test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=

--- a/bin/tests/system/rpzrecurse/tests.sh
+++ b/bin/tests/system/rpzrecurse/tests.sh
@@ -346,6 +346,22 @@ do
    }
  fi

+  # Check maximum number of RPZ zones (64)
+  t=`expr $t + 1`
+  echo_i "testing maximum number of RPZ zones (${t})"
+  add_test_marker 10.53.0.2
+  run_server max
+  i=1
+  while test $i -le 64
+  do
+      $DIG $DIGOPTS name$i a @10.53.0.2 -p ${PORT} -b 10.53.0.1 > dig.out.${t}.${i}
+      grep "^name$i.[ 	]*[0-9]*[ 	]*IN[ 	]*A[ 	]*10.53.0.$i" dig.out.${t}.${i} > /dev/null 2>&1 || {
+	  echo_i "test $t failed: didn't get expected answer from policy zone $i"
+	  status=1
+      }
+      i=`expr $i + 1`
+  done
+
  # Check CLIENT-IP behavior
  t=`expr $t + 1`
  echo_i "testing CLIENT-IP behavior (${t})"

--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@@ -76,15 +76,12 @@ typedef enum {

 typedef isc_uint8_t	    dns_rpz_num_t;

-#define DNS_RPZ_MAX_ZONES   32
-#if DNS_RPZ_MAX_ZONES > 32
-# if DNS_RPZ_MAX_ZONES > 64
-#  error "rpz zone bit masks must fit in a word"
-# endif
+#define DNS_RPZ_MAX_ZONES   64
+/*
+ * Type dns_rpz_zbits_t must be an unsigned int wide enough to contain
+ * at least DNS_RPZ_MAX_ZONES bits.
+ */
 typedef isc_uint64_t	    dns_rpz_zbits_t;
-#else
-typedef isc_uint32_t	    dns_rpz_zbits_t;
-#endif

 #define DNS_RPZ_ALL_ZBITS   ((dns_rpz_zbits_t)-1)


--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -283,12 +283,10 @@ zbit_to_num(dns_rpz_zbits_t zbit) {

 	REQUIRE(zbit != 0);
 	rpz_num = 0;
-#if DNS_RPZ_MAX_ZONES > 32
-	if ((zbit & 0xffffffff00000000L) != 0) {
+	if ((zbit & 0xffffffff00000000ULL) != 0) {
 		zbit >>= 32;
 		rpz_num += 32;
 	}
-#endif
 	if ((zbit & 0xffff0000) != 0) {
 		zbit >>= 16;
 		rpz_num += 16;
@@ -505,9 +503,7 @@ fix_qname_skip_recurse(dns_rpz_zones_t *rpzs) {
 		req_mask |= req_mask >> 4;
 		req_mask |= req_mask >> 8;
 		req_mask |= req_mask >> 16;
-#if DNS_RPZ_MAX_ZONES > 32
 		req_mask |= req_mask >> 32;
-#endif

 		/*
 		 * There's no point in skipping recursion for a later