Merge branch '3190-offload-rpz-updates' into 'main'

Run the RPZ update as offloaded work

Closes #3190

See merge request isc-projects/bind9!5938

CHANGES

@@ -1,3 +1,6 @@
+5850.	[func]		Run the RPZ update process on the offload threads.
+			[GL #3190]
+
 5849.	[cleanup]	Remove use of exclusive mode in ns_interfacemgr in
 			favor of rwlocked access to localhost and localnets
 			members of dns_aclenv_t structure. [GL #3229]

doc/notes/notes-current.rst

@@ -64,6 +64,11 @@ New Features
   and ``dig``, making it possible to implement Strict and Mutual TLS
   authentication, as described in RFC 9103, Section 9.3. :gl:`#3163`
 
+- Run RPZ updates on the specialized "offload" threads to reduce the amount
+  of time they block query processing on the main networking threads.  This
+  should increase the responsiveness of ``named`` when RPZ updates are being
+  applied after an RPZ zone has been successfully transfered.  :gl:`#3190`
+
 Removed Features
 ~~~~~~~~~~~~~~~~
 

lib/dns/include/dns/rpz.h

@@ -144,25 +144,21 @@ struct dns_rpz_zone {
 	dns_ttl_t	 max_policy_ttl;
 	dns_rpz_policy_t policy; /* DNS_RPZ_POLICY_GIVEN or override */
 
-	uint32_t min_update_interval;	 /* minimal interval between
-					  * updates */
-	isc_ht_t	 *nodes;		 /* entries in zone */
-	dns_rpz_zones_t *rpzs;		 /* owner */
-	isc_time_t	 lastupdated;	 /* last time the zone was processed
-					  * */
-	bool updatepending;		 /* there is an update
-					  * pending/waiting */
-	bool		 updaterunning;	 /* there is an update running */
-	dns_db_t	 *db;		 /* zones database */
-	dns_dbversion_t *dbversion;	 /* version we will be updating to */
-	dns_db_t	 *updb;		 /* zones database we're working on */
-	dns_dbversion_t *updbversion;	 /* version we're currently working
-					  * on */
-	dns_dbiterator_t *updbit;	 /* iterator to use when updating */
-	isc_ht_t	 *newnodes;	 /* entries in zone being updated */
-	bool		  db_registered; /* is the notify event
-					  * registered? */
-	bool	     addsoa;		 /* add soa to the additional section */
+	uint32_t min_update_interval;	/* minimal interval between
+					 * updates */
+	isc_ht_t	 *nodes;		/* entries in zone */
+	dns_rpz_zones_t *rpzs;		/* owner */
+	isc_time_t	 lastupdated;	/* last time the zone was processed
+					 * */
+	bool		 updatepending; /* there is an update pending */
+	bool		 updaterunning; /* there is an update running */
+	isc_result_t	 updateresult;	/* result from the offloaded work */
+	dns_db_t	 *db;		/* zones database */
+	dns_dbversion_t *dbversion;	/* version we will be updating to */
+	dns_db_t	 *updb;		/* zones database we're working on */
+	dns_dbversion_t *updbversion;	/* version we're currently working
+					 * on */
+	bool	     addsoa;		/* add soa to the additional section */
 	isc_timer_t *updatetimer;
 	isc_event_t  updateevent;
 };
@@ -405,22 +401,6 @@ dns_rpz_attach_rpzs(dns_rpz_zones_t *source, dns_rpz_zones_t **target);
 void
 dns_rpz_detach_rpzs(dns_rpz_zones_t **rpzsp);
 
-isc_result_t
-dns_rpz_beginload(dns_rpz_zones_t **load_rpzsp, dns_rpz_zones_t *rpzs,
-		  dns_rpz_num_t rpz_num) ISC_DEPRECATED;
-
-isc_result_t
-dns_rpz_ready(dns_rpz_zones_t *rpzs, dns_rpz_zones_t **load_rpzsp,
-	      dns_rpz_num_t rpz_num) ISC_DEPRECATED;
-
-isc_result_t
-dns_rpz_add(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
-	    const dns_name_t *name);
-
-void
-dns_rpz_delete(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
-	       const dns_name_t *name);
-
 dns_rpz_num_t
 dns_rpz_find_ip(dns_rpz_zones_t *rpzs, dns_rpz_type_t rpz_type,
 		dns_rpz_zbits_t zbits, const isc_netaddr_t *netaddr,

lib/isc/include/isc/util.h

@@ -344,3 +344,13 @@ mock_assert(const int result, const char *const expression,
  * Misc
  */
 #include <isc/deprecated.h>
+
+/*%
+ * Swap
+ */
+#define ISC_SWAP(a, b)                    \
+	{                                 \
+		typeof(a) __tmp_swap = a; \
+		a = b;                    \
+		b = __tmp_swap;           \
+	}