Merge branch '3676-remove-operating-system-resource-limits' into 'main'

Mark setting operating system limits from named.conf as ancient

Closes #3676

See merge request isc-projects/bind9!7079

CHANGES

@@ -1,3 +1,7 @@
+6041.	[func]		Set the RLIMIT_NOFILE to rlim_max returned from
+			getrlimit() instead of trying to guess the maximum
+			allowed value. [GL #3676]
+
 6040.	[bug]		Speed up the named shutdown time by explicitly
 			canceling all recursing ns_client objects for
 			each ns_clientmgr. [GL #3183]

bin/named/config.c

@@ -50,16 +50,12 @@ options {\n\
 	answer-cookie true;\n\
 	automatic-interface-scan yes;\n\
 	bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
-#	blackhole {none;};\n"
-			    "	cookie-algorithm siphash24;\n"
-			    "	coresize default;\n\
-	datasize default;\n"
-			    "\
+#	blackhole {none;};\n\
+	cookie-algorithm siphash24;\n\
 #	directory <none>\n\
 	dnssec-policy \"none\";\n\
 	dump-file \"named_dump.db\";\n\
-	edns-udp-size 1232;\n\
-	files unlimited;\n"
+	edns-udp-size 1232;\n"
 #if defined(HAVE_GEOIP2)
 			    "\
 	geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n"
@@ -115,7 +111,6 @@ options {\n\
 	session-keyalg hmac-sha256;\n\
 #	session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\
 	session-keyname local-ddns;\n\
-	stacksize default;\n\
 	startup-notify-rate 20;\n\
 	statistics-file \"named.stats\";\n\
 	tcp-advertised-timeout 300;\n\

bin/named/include/named/globals.h

@@ -106,14 +106,6 @@ EXTERN dns_name_t			    named_g_sessionkeyname;
 EXTERN bool named_g_conffileset		    INIT(false);
 EXTERN cfg_aclconfctx_t *named_g_aclconfctx INIT(NULL);
 
-/*
- * Initial resource limits.
- */
-EXTERN isc_resourcevalue_t named_g_initstacksize INIT(0);
-EXTERN isc_resourcevalue_t named_g_initdatasize	 INIT(0);
-EXTERN isc_resourcevalue_t named_g_initcoresize	 INIT(0);
-EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0);
-
 /*
  * Misc.
  */

bin/named/main.c

@@ -35,7 +35,6 @@
 #include <isc/netmgr.h>
 #include <isc/os.h>
 #include <isc/print.h>
-#include <isc/resource.h>
 #include <isc/result.h>
 #include <isc/signal.h>
 #include <isc/stdio.h>
@@ -1043,7 +1042,6 @@ create_managers(void) {
 static void
 setup(void) {
 	isc_result_t result;
-	isc_resourcevalue_t old_openfiles;
 	ns_server_t *sctx;
 #ifdef HAVE_LIBSCF
 	char *instance = NULL;
@@ -1216,39 +1214,11 @@ setup(void) {
 		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
 		      "----------------------------------------------------");
 
-	/*
-	 * Get the initial resource limits.
-	 */
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_stacksize,
-					    &named_g_initstacksize) ==
-		      ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_datasize,
-					    &named_g_initdatasize) ==
-		      ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_coresize,
-					    &named_g_initcoresize) ==
-		      ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles,
-					    &named_g_initopenfiles) ==
-		      ISC_R_SUCCESS);
-
 	/*
 	 * System resources cannot effectively be tuned on some systems.
 	 * Raise the limit in such cases for safety.
 	 */
-	old_openfiles = named_g_initopenfiles;
 	named_os_adjustnofile();
-	RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles,
-					    &named_g_initopenfiles) ==
-		      ISC_R_SUCCESS);
-	if (old_openfiles != named_g_initopenfiles) {
-		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
-			      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
-			      "adjusted limit on open files from "
-			      "%" PRIu64 " to "
-			      "%" PRIu64,
-			      old_openfiles, named_g_initopenfiles);
-	}
 
 	/*
 	 * If the named configuration filename is relative, prepend the current

bin/named/os.c

@@ -14,6 +14,7 @@
 /*! \file */
 #include <stdarg.h>
 #include <stdbool.h>
+#include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/types.h> /* dev_t FreeBSD 2.1 */
 #ifdef HAVE_UNAME
@@ -37,13 +38,13 @@
 #include <isc/buffer.h>
 #include <isc/file.h>
 #include <isc/print.h>
-#include <isc/resource.h>
 #include <isc/result.h>
 #include <isc/strerr.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
 #include <named/globals.h>
+#include <named/log.h>
 #include <named/main.h>
 #include <named/os.h>
 #ifdef HAVE_LIBSCF
@@ -615,23 +616,47 @@ ns_os_uid(void) {
 
 void
 named_os_adjustnofile(void) {
-#if defined(__linux__) || defined(__sun)
-	isc_result_t result;
-	isc_resourcevalue_t newvalue;
+	int r;
+	struct rlimit rl;
+	rlim_t rlim_old;
+	char strbuf[ISC_STRERRORSIZE];
 
-	/*
-	 * Linux: max number of open files specified by one thread doesn't seem
-	 * to apply to other threads on Linux.
-	 * Sun: restriction needs to be removed sooner when hundreds of CPUs
-	 * are available.
-	 */
-	newvalue = ISC_RESOURCE_UNLIMITED;
-
-	result = isc_resource_setlimit(isc_resource_openfiles, newvalue);
-	if (result != ISC_R_SUCCESS) {
-		named_main_earlywarning("couldn't adjust limit on open files");
+	r = getrlimit(RLIMIT_NOFILE, &rl);
+	if (r != 0) {
+		goto fail;
 	}
-#endif /* if defined(__linux__) || defined(__sun) */
+
+	rlim_old = rl.rlim_cur;
+
+	if (rl.rlim_cur == rl.rlim_max) {
+		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+			      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+			      "the limit on open files is already at the "
+			      "maximum allowed value: "
+			      "%" PRIu64,
+			      (uint64_t)rl.rlim_max);
+		return;
+	}
+
+	rl.rlim_cur = rl.rlim_max;
+	r = setrlimit(RLIMIT_NOFILE, &rl);
+	if (r != 0) {
+		goto fail;
+	}
+
+	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+		      "adjusted limit on open files from "
+		      "%" PRIu64 " to "
+		      "%" PRIu64,
+		      (uint64_t)rlim_old, (uint64_t)rl.rlim_cur);
+	return;
+
+fail:
+	strerror_r(errno, strbuf, sizeof(strbuf));
+	named_main_earlywarning("adjusting limit on open files failed: %s",
+				strbuf);
+	return;
 }
 
 void

bin/named/server.c

@@ -52,7 +52,6 @@
 #include <isc/portset.h>
 #include <isc/print.h>
 #include <isc/refcount.h>
-#include <isc/resource.h>
 #include <isc/result.h>
 #include <isc/signal.h>
 #include <isc/siphash.h>
@@ -4355,8 +4354,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 		max_cache_size = SIZE_AS_PERCENT;
 		max_cache_size_percent = cfg_obj_aspercentage(obj);
 	} else {
-		isc_resourcevalue_t value;
-		value = cfg_obj_asuint64(obj);
+		uint64_t value = cfg_obj_asuint64(obj);
 		if (value > SIZE_MAX) {
 			cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
 				    "'max-cache-size "
@@ -7438,51 +7436,6 @@ setoptstring(named_server_t *server, char **field, const cfg_obj_t *obj) {
 	}
 }
 
-static void
-set_limit(const cfg_obj_t **maps, const char *configname,
-	  const char *description, isc_resource_t resourceid,
-	  isc_resourcevalue_t defaultvalue) {
-	const cfg_obj_t *obj = NULL;
-	const char *resource;
-	isc_resourcevalue_t value;
-	isc_result_t result;
-
-	if (named_config_get(maps, configname, &obj) != ISC_R_SUCCESS) {
-		return;
-	}
-
-	if (cfg_obj_isstring(obj)) {
-		resource = cfg_obj_asstring(obj);
-		if (strcasecmp(resource, "unlimited") == 0) {
-			value = ISC_RESOURCE_UNLIMITED;
-		} else {
-			INSIST(strcasecmp(resource, "default") == 0);
-			value = defaultvalue;
-		}
-	} else {
-		value = cfg_obj_asuint64(obj);
-	}
-
-	result = isc_resource_setlimit(resourceid, value);
-	isc_log_write(
-		named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
-		result == ISC_R_SUCCESS ? ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
-		"set maximum %s to %" PRIu64 ": %s", description, value,
-		isc_result_totext(result));
-}
-
-#define SETLIMIT(cfgvar, resource, description)                       \
-	set_limit(maps, cfgvar, description, isc_resource_##resource, \
-		  named_g_init##resource)
-
-static void
-set_limits(const cfg_obj_t **maps) {
-	SETLIMIT("stacksize", stacksize, "stack size");
-	SETLIMIT("datasize", datasize, "data size");
-	SETLIMIT("coresize", coresize, "core size");
-	SETLIMIT("files", openfiles, "open files");
-}
-
 static void
 portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
 		 bool positive) {
@@ -8575,11 +8528,6 @@ load_configuration(const char *filename, named_server_t *server,
 			      server->bindkeysfile);
 	}
 
-	/*
-	 * Set process limits, which (usually) needs to be done as root.
-	 */
-	set_limits(maps);
-
 	/*
 	 * Check the process lockfile.
 	 */

bin/named/zoneconf.c

@@ -1362,8 +1362,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 				journal_size = -1;
 			}
 		} else {
-			isc_resourcevalue_t value;
-			value = cfg_obj_asuint64(obj);
+			uint64_t value = cfg_obj_asuint64(obj);
 			if (value > DNS_JOURNAL_SIZE_MAX) {
 				cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR,
 					    "'max-journal-size "
@@ -1508,8 +1507,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 				journal_size = -1;
 			}
 		} else {
-			isc_resourcevalue_t value;
-			value = cfg_obj_asuint64(obj);
+			uint64_t value = cfg_obj_asuint64(obj);
 			if (value > DNS_JOURNAL_SIZE_MAX) {
 				cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR,
 					    "'max-journal-size "

conftools/perllib/dnsconf/DNSConf.i

@@ -283,10 +283,6 @@ INT_FIELD_DEFS(recursiveclients)
 INT_FIELD_DEFS(minroots)
 INT_FIELD_DEFS(serialqueries)
 INT_FIELD_DEFS(sigvalidityinterval)
-INT_FIELD_DEFS(datasize)
-INT_FIELD_DEFS(stacksize)
-INT_FIELD_DEFS(coresize)
-INT_FIELD_DEFS(files)
 INT_FIELD_DEFS(maxcachesize)
 INT_FIELD_DEFS(maxncachettl)
 INT_FIELD_DEFS(maxcachettl)

doc/arm/reference.rst

@@ -3626,58 +3626,6 @@ options apply to zone transfers.
    This option acts like :any:`notify-source`, but applies to ``NOTIFY`` messages sent to IPv6
    addresses.
 
-.. _resource_limits:
-
-Operating System Resource Limits
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The server's usage of many system resources can be limited. Scaled
-values are allowed when specifying resource limits. For example, ``1G``
-can be used instead of ``1073741824`` to specify a limit of one
-gigabyte. ``unlimited`` requests unlimited use, or the maximum available
-amount. ``default`` uses the limit that was in force when the server was
-started. See the description of :term:`size`.
-
-The following options are deprecated in favor of setting the operating system
-resource limits from the operating system and/or process supervisor, should not
-be used, and will be rendered non-operational in a future release.
-
-
-.. namedconf:statement:: coresize
-   :tags: deprecated
-   :short: Sets the maximum size of a core dump.
-
-   This sets the maximum size of a core dump. The default is ``default``.
-
-.. namedconf:statement:: datasize
-   :tags: deprecated
-   :short: Sets the maximum amount of data memory that can be used by the server.
-
-   This sets the maximum amount of data memory the server may use. The default is
-   ``default``. This is a hard limit on server memory usage; if the
-   server attempts to allocate memory in excess of this limit, the
-   allocation will fail, which may in turn leave the server unable to
-   perform DNS service. Therefore, this option is rarely useful as a way
-   to limit the amount of memory used by the server, but it can be
-   used to raise an operating system data size limit that is too small
-   by default. To limit the amount of memory used by the
-   server, use the :any:`max-cache-size` and :any:`recursive-clients` options
-   instead.
-
-.. namedconf:statement:: files
-   :tags: deprecated
-   :short: Sets the maximum number of files the server may have open concurrently.
-
-   This sets the maximum number of files the server may have open concurrently.
-   The default is ``unlimited``.
-
-.. namedconf:statement:: stacksize
-   :tags: deprecated
-   :short: Sets the maximum amount of stack memory that can be used by the server.
-
-   This sets the maximum amount of stack memory the server may use. The default is
-   ``default``.
-
 .. _server_resource_limits:
 
 Server Resource Limits

doc/man/named.conf.5in

@@ -152,8 +152,6 @@ options {
 	clients\-per\-query <integer>;
 	cookie\-algorithm ( aes | siphash24 );
 	cookie\-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> ); // deprecated
-	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
 	deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
 	dialup ( notify | notify\-passive | passive | refresh | <boolean> );
@@ -196,7 +194,6 @@ options {
 	fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches\-per\-server <integer> [ ( drop | fail ) ];
 	fetches\-per\-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> ); // deprecated
 	flush\-zones\-on\-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -331,7 +328,6 @@ options {
 	sig\-signing\-type <integer>;
 	sig\-validity\-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale\-answer\-client\-timeout ( disabled | off | <integer> );
 	stale\-answer\-enable <boolean>;
 	stale\-answer\-ttl <duration>;

doc/misc/options

@@ -95,8 +95,6 @@ options {
 	clients-per-query <integer>;
 	cookie-algorithm ( aes | siphash24 );
 	cookie-secret <string>; // may occur multiple times
-	coresize ( default | unlimited | <sizeval> ); // deprecated
-	datasize ( default | unlimited | <sizeval> ); // deprecated
 	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
 	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
@@ -139,7 +137,6 @@ options {
 	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
 	fetches-per-server <integer> [ ( drop | fail ) ];
 	fetches-per-zone <integer> [ ( drop | fail ) ];
-	files ( default | unlimited | <sizeval> ); // deprecated
 	flush-zones-on-shutdown <boolean>;
 	forward ( first | only );
 	forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@@ -274,7 +271,6 @@ options {
 	sig-signing-type <integer>;
 	sig-validity-interval <integer> [ <integer> ];
 	sortlist { <address_match_element>; ... };
-	stacksize ( default | unlimited | <sizeval> ); // deprecated
 	stale-answer-client-timeout ( disabled | off | <integer> );
 	stale-answer-enable <boolean>;
 	stale-answer-ttl <duration>;

doc/notes/notes-current.rst

@@ -40,14 +40,15 @@ Feature Changes
 - The option :any:`auto-dnssec` is deprecated and will be removed in 9.19.
   Please migrate to :any:`dnssec-policy`. :gl:`#3667`
 
-- Deprecate setting the operating system limit (``coresize``, ``datasize``,
+- Remove setting the operating system limit (``coresize``, ``datasize``,
   ``files`` and ``stacksize``) from ``named.conf``.  These options should be set
   from the operating system (``ulimit``) or from the process supervisor
   (e.g. ``systemd``). :gl:`#3676`
 
-- Deprecate setting alternate local addresses for inbound zone transfers
-  (:any:`alt-transfer-source`, :any:`alt-transfer-source-v6`,
-  :any:`use-alt-transfer-source`). :gl:`#3694`
+- On startup, ``named`` will set the current number of open files to maximum
+  allowed by the operating system instead of trying to set it to unlimited
+  which worked only very briefly on Linux 2.6.28 (and was causing performance
+  problems and thus the change was reverted in the kernel). :gl:`#3676`
 
 Bug Fixes
 ~~~~~~~~~

fuzz/isc_lex_gettoken.in/named.conf

@@ -165,11 +165,7 @@ options {
 #maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
 
 	max - ixfr - log - size 20m;
-	coresize 100;
-	datasize 101;
-	files 230;
 	max - cache - size 1m;
-	stacksize 231;
 	heartbeat - interval 1001;
 	interface - interval 1002;
 	statistics - interval 1003;

lib/isc/Makefile.am

@@ -77,7 +77,6 @@ libisc_la_HEADERS =			\
 	include/isc/refcount.h		\
 	include/isc/regex.h		\
 	include/isc/region.h		\
-	include/isc/resource.h		\
 	include/isc/result.h		\
 	include/isc/rwlock.h		\
 	include/isc/safe.h		\
@@ -189,7 +188,6 @@ libisc_la_SOURCES =		\
 	ratelimiter.c		\
 	regex.c			\
 	region.c		\
-	resource.c		\
 	result.c		\
 	safe.c			\
 	serial.c		\

lib/isc/include/isc/resource.h

@@ -1,87 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#pragma once
-
-/*! \file isc/resource.h */
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-#define ISC_RESOURCE_UNLIMITED ((isc_resourcevalue_t)UINT64_MAX)
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value);
-/*%<
- * Set the maximum limit for a system resource.
- *
- * Notes:
- *\li	If 'value' exceeds the maximum possible on the operating system,
- *	it is silently limited to that maximum -- or to "infinity", if
- *	the operating system has that concept.  #ISC_RESOURCE_UNLIMITED
- *	can be used to explicitly ask for the maximum.
- *
- * Requires:
- *\li	'resource' is a valid member of the isc_resource_t enumeration.
- *
- * Returns:
- *\li	#ISC_R_SUCCESS	Success.
- *\li	#ISC_R_NOTIMPLEMENTED	'resource' is not a type known by the OS.
- *\li	#ISC_R_NOPERM	The calling process did not have adequate permission
- *			to change the resource limit.
- */
-
-isc_result_t
-isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value);
-/*%<
- * Get the maximum limit for a system resource.
- *
- * Notes:
- *\li	'value' is set to the maximum limit.
- *
- *\li	#ISC_RESOURCE_UNLIMITED is the maximum value of isc_resourcevalue_t.
- *
- *\li	On many (all?) Unix systems, RLIM_INFINITY is a valid value that is
- *	significantly less than #ISC_RESOURCE_UNLIMITED, but which in practice
- *	behaves the same.
- *
- *\li	The current ISC libdns configuration file parser assigns a value
- *	of UINT32_MAX for a size_spec of "unlimited" and ISC_UNIT32_MAX - 1
- *	for "default", the latter of which is supposed to represent "the
- *	limit that was in force when the server started".  Since these are
- *	valid values in the middle of the range of isc_resourcevalue_t,
- *	there is the possibility for confusion over what exactly those
- *	particular values are supposed to represent in a particular context --
- *	discrete integral values or generalized concepts.
- *
- * Requires:
- *\li	'resource' is a valid member of the isc_resource_t enumeration.
- *
- * Returns:
- *\li	#ISC_R_SUCCESS		Success.
- *\li	#ISC_R_NOTIMPLEMENTED	'resource' is not a type known by the OS.
- */
-
-isc_result_t
-isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value);
-/*%<
- * Same as isc_resource_getlimit(), but returns the current (soft) limit.
- *
- * Returns:
- *\li	#ISC_R_SUCCESS		Success.
- *\li	#ISC_R_NOTIMPLEMENTED	'resource' is not a type known by the OS.
- */
-
-ISC_LANG_ENDDECLS

lib/isc/include/isc/types.h

@@ -71,14 +71,13 @@ typedef struct isc_nmsocket	 isc_nmsocket_t; /*%< Network manager socket */
 typedef struct isc_nmhandle	 isc_nmhandle_t; /*%< Network manager handle */
 typedef struct isc_portset	 isc_portset_t;	 /*%< Port Set */
 typedef struct isc_quota	 isc_quota_t;	 /*%< Quota */
-typedef struct isc_ratelimiter	 isc_ratelimiter_t;   /*%< Rate Limiter */
-typedef struct isc_region	 isc_region_t;	      /*%< Region */
-typedef uint64_t		 isc_resourcevalue_t; /*%< Resource Value */
-typedef struct isc_signal	 isc_signal_t;	      /*%< Signal handler */
-typedef struct isc_sockaddr	 isc_sockaddr_t;      /*%< Socket Address */
-typedef ISC_LIST(isc_sockaddr_t) isc_sockaddrlist_t;  /*%< Socket Address List
-						       * */
-typedef struct isc_stats      isc_stats_t;	      /*%< Statistics */
+typedef struct isc_ratelimiter	 isc_ratelimiter_t;  /*%< Rate Limiter */
+typedef struct isc_region	 isc_region_t;	     /*%< Region */
+typedef struct isc_signal	 isc_signal_t;	     /*%< Signal handler */
+typedef struct isc_sockaddr	 isc_sockaddr_t;     /*%< Socket Address */
+typedef ISC_LIST(isc_sockaddr_t) isc_sockaddrlist_t; /*%< Socket Address List
+						      * */
+typedef struct isc_stats      isc_stats_t;	     /*%< Statistics */
 typedef int_fast64_t	      isc_statscounter_t;
 typedef struct isc_symtab     isc_symtab_t;	/*%< Symbol Table */
 typedef struct isc_task	      isc_task_t;	/*%< Task */
@@ -96,19 +95,6 @@ typedef struct isc_nm_http_endpoints isc_nm_http_endpoints_t;
 
 typedef void (*isc_taskaction_t)(isc_task_t *, isc_event_t *);
 
-/*% Resource */
-typedef enum {
-	isc_resource_coresize = 1,
-	isc_resource_cputime,
-	isc_resource_datasize,
-	isc_resource_filesize,
-	isc_resource_lockedmemory,
-	isc_resource_openfiles,
-	isc_resource_processes,
-	isc_resource_residentsize,
-	isc_resource_stacksize
-} isc_resource_t;
-
 /*% Statistics formats (text file or XML) */
 typedef enum {
 	isc_statsformat_file,

lib/isc/resource.c

@@ -1,208 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include <sys/resource.h>
-#include <sys/time.h> /* Required on some systems for <sys/resource.h>. */
-#include <sys/types.h>
-
-#include <isc/resource.h>
-#include <isc/result.h>
-#include <isc/util.h>
-
-#ifdef __linux__
-#include <linux/fs.h> /* To get the large NR_OPEN. */
-#endif		      /* ifdef __linux__ */
-
-#include "errno2result.h"
-
-static isc_result_t
-resource2rlim(isc_resource_t resource, int *rlim_resource) {
-	isc_result_t result = ISC_R_SUCCESS;
-
-	switch (resource) {
-	case isc_resource_coresize:
-		*rlim_resource = RLIMIT_CORE;
-		break;
-	case isc_resource_cputime:
-		*rlim_resource = RLIMIT_CPU;
-		break;
-	case isc_resource_datasize:
-		*rlim_resource = RLIMIT_DATA;
-		break;
-	case isc_resource_filesize:
-		*rlim_resource = RLIMIT_FSIZE;
-		break;
-	case isc_resource_lockedmemory:
-#ifdef RLIMIT_MEMLOCK
-		*rlim_resource = RLIMIT_MEMLOCK;
-#else  /* ifdef RLIMIT_MEMLOCK */
-		result = ISC_R_NOTIMPLEMENTED;
-#endif /* ifdef RLIMIT_MEMLOCK */
-		break;
-	case isc_resource_openfiles:
-#ifdef RLIMIT_NOFILE
-		*rlim_resource = RLIMIT_NOFILE;
-#else  /* ifdef RLIMIT_NOFILE */
-		result = ISC_R_NOTIMPLEMENTED;
-#endif /* ifdef RLIMIT_NOFILE */
-		break;
-	case isc_resource_processes:
-#ifdef RLIMIT_NPROC
-		*rlim_resource = RLIMIT_NPROC;
-#else  /* ifdef RLIMIT_NPROC */
-		result = ISC_R_NOTIMPLEMENTED;
-#endif /* ifdef RLIMIT_NPROC */
-		break;
-	case isc_resource_residentsize:
-#ifdef RLIMIT_RSS
-		*rlim_resource = RLIMIT_RSS;
-#else  /* ifdef RLIMIT_RSS */
-		result = ISC_R_NOTIMPLEMENTED;
-#endif /* ifdef RLIMIT_RSS */
-		break;
-	case isc_resource_stacksize:
-		*rlim_resource = RLIMIT_STACK;
-		break;
-	default:
-		/*
-		 * This test is not very robust if isc_resource_t
-		 * changes, but generates a clear assertion message.
-		 */
-		REQUIRE(resource >= isc_resource_coresize &&
-			resource <= isc_resource_stacksize);
-
-		result = ISC_R_RANGE;
-		break;
-	}
-
-	return (result);
-}
-
-isc_result_t
-isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) {
-	struct rlimit rl;
-	rlim_t rlim_value;
-	int unixresult;
-	int unixresource;
-	isc_result_t result;
-
-	result = resource2rlim(resource, &unixresource);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
-
-	if (value == ISC_RESOURCE_UNLIMITED) {
-		rlim_value = RLIM_INFINITY;
-	} else {
-		/*
-		 * Carefully ensure the range of rlim_t is not overflowed, by
-		 * calculating how many bytes wider is isc_resourcevalue_t than
-		 * rlim_t, and whether rlim_t has a sign bit.
-		 */
-		isc_resourcevalue_t rlim_max = UINT64_MAX;
-		size_t wider = sizeof(rlim_max) - sizeof(rlim_t);
-		size_t sign_bit = (size_t)(0.0 > (double)(rlim_t)-1);
-
-		rlim_max >>= CHAR_BIT * wider + sign_bit;
-		rlim_value = ISC_MIN(value, rlim_max);
-	}
-
-	rl.rlim_cur = rl.rlim_max = rlim_value;
-	unixresult = setrlimit(unixresource, &rl);
-
-	if (unixresult == 0) {
-		return (ISC_R_SUCCESS);
-	}
-
-#if defined(OPEN_MAX) && defined(__APPLE__)
-	/*
-	 * The Darwin kernel doesn't accept RLIM_INFINITY for rlim_cur; the
-	 * maximum possible value is OPEN_MAX.  BIND8 used to use
-	 * sysconf(_SC_OPEN_MAX) for such a case, but this value is much
-	 * smaller than OPEN_MAX and is not really effective.
-	 */
-	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
-		rl.rlim_cur = OPEN_MAX;
-		unixresult = setrlimit(unixresource, &rl);
-		if (unixresult == 0) {
-			return (ISC_R_SUCCESS);
-		}
-	}
-#elif defined(__linux__)
-#ifndef NR_OPEN
-#define NR_OPEN (1024 * 1024)
-#endif /* ifndef NR_OPEN */
-
-	/*
-	 * Some Linux kernels don't accept RLIM_INFINIT; the maximum
-	 * possible value is the NR_OPEN defined in linux/fs.h.
-	 */
-	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
-		rl.rlim_cur = rl.rlim_max = NR_OPEN;
-		unixresult = setrlimit(unixresource, &rl);
-		if (unixresult == 0) {
-			return (ISC_R_SUCCESS);
-		}
-	}
-#endif /* if defined(OPEN_MAX) && defined(__APPLE__) */
-	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
-		if (getrlimit(unixresource, &rl) == 0) {
-			rl.rlim_cur = rl.rlim_max;
-			unixresult = setrlimit(unixresource, &rl);
-			if (unixresult == 0) {
-				return (ISC_R_SUCCESS);
-			}
-		}
-	}
-	return (isc__errno2result(errno));
-}
-
-isc_result_t
-isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
-	int unixresource;
-	struct rlimit rl;
-	isc_result_t result;
-
-	result = resource2rlim(resource, &unixresource);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
-
-	if (getrlimit(unixresource, &rl) != 0) {
-		return (isc__errno2result(errno));
-	}
-
-	*value = rl.rlim_max;
-	return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
-	int unixresource;
-	struct rlimit rl;
-	isc_result_t result;
-
-	result = resource2rlim(resource, &unixresource);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
-
-	if (getrlimit(unixresource, &rl) != 0) {
-		return (isc__errno2result(errno));
-	}
-
-	*value = rl.rlim_cur;
-	return (ISC_R_SUCCESS);
-}

lib/isccfg/namedconf.c

@@ -1219,8 +1219,8 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "blackhole", &cfg_type_bracketed_aml, 0 },
 	{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
 	{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
-	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
-	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
+	{ "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 #ifdef HAVE_DNSTAP
@@ -1237,7 +1237,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "dscp", &cfg_type_uint32, 0 },
 	{ "dump-file", &cfg_type_qstring, 0 },
 	{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
 #ifdef HAVE_DNSTAP
 	{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
@@ -1319,7 +1319,7 @@ static cfg_clausedef_t options_clauses[] = {
 	{ "session-keyfile", &cfg_type_qstringornone, 0 },
 	{ "session-keyname", &cfg_type_astring, 0 },
 	{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
-	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
 	{ "startup-notify-rate", &cfg_type_uint32, 0 },
 	{ "statistics-file", &cfg_type_qstring, 0 },
 	{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
@@ -2651,7 +2651,7 @@ cfg_type_t cfg_type_addzoneconf = { "addzoneconf",     cfg_parse_mapbody,
 				    &cfg_rep_map,      addzoneconf_clausesets };
 
 static isc_result_t
-parse_unitstring(char *str, isc_resourcevalue_t *valuep) {
+parse_unitstring(char *str, uint64_t *valuep) {
 	char *endp;
 	unsigned int len;
 	uint64_t value;

tests/libtest/ns.c

@@ -30,7 +30,6 @@
 #include <isc/os.h>
 #include <isc/print.h>
 #include <isc/random.h>
-#include <isc/resource.h>
 #include <isc/result.h>
 #include <isc/stdio.h>
 #include <isc/string.h>