Implementation multi pattern regular expressions#2161
Open
Implementation multi pattern regular expressions#2161
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
biathlon3
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
2 times, most recently
from
5c02ff5 to
8c64bfa
Compare
biathlon3
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
2 times, most recently
from
4f4608e to
d932ab5
Compare
Contributor
Author
|
I squashed it into one commit so it can be reviewed. |
biathlon3
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
2 times, most recently
from
5f2b864 to
09f70b3
Compare
krizhanovsky
requested review from
EvgeniiMekhanik,
const-t and
krizhanovsky
and removed request for
EvgeniiMekhanik and
krizhanovsky
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
2 times, most recently
from
7f2013e to
88c3570
Compare
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
88c3570 to
ce3286e
Compare
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
ce3286e to
5d5654c
Compare
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
5d5654c to
ddea565
Compare
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
ddea565 to
37e1965
Compare
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
4ca8b16 to
ebc646e
Compare
Enabling avx512 causing compilation time wanings relateed to string fortification. Compiler can't check the size of the data, because the length of the data calculates at runtime. Do unsafe copy to suppress the warnings.
The config can be included using !include directive in http_chain
section. Example:
```
http_chain {
#some rules ...
!include /etc/tempesta/ua_block_rules.conf
}
```
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
2 times, most recently
from
f3147f6 to
3a1196e
Compare
Contributor
Fixed |
Do strict matching to not match not suitable strings like "!includeasd" and " #include"
What has been done: - Added a user-space helper `regex_setup.sh` that passes expressions to hscollider and copies the compiled database to the rex module database. Path to the script can be specified using environment variable REGEX_SETUP_SCRIPT_PATH and path to the regex databases can be specified using REGEX_DIR_PATH variable. Implemented as kernel module parameter. - Moved regular expression code to its own file. - Rex directory added to `rules` file.
In this patch we allocate only the amount of memory needed for the regex ID, instead of allocating memory for the full string pattern
Remove outdated comment and change minimal regex length. Currently we allow even 1 symbol regex, but not empty regex.
`cookie "cookie_name" ~ "cookie_value"` is not supported at this moment, seems it doesn't make sense to have such option, matching by header could be useed instead to find all occurrences in single regex call. Example: `hdr cookie ~ "/cookie_name=cookie_value/"`
const-t
force-pushed
the
ag_Multi-pattern-regular-expressions
branch
from
3a1196e to
e3a81a4
Compare
| @@ -114,7 +118,7 @@ templater() | |||
| line=$(echo "$raw_line" | sed -e '/request /s/\\r\\n/\x0d\x0a/g') | |||
| if [[ ${line:0:1} = \# ]]; then | |||
| : | |||
| elif [[ $line =~ '!include' ]]; then | |||
| elif [[ $line =~ ^[[:space:]]*!include[[:space:]]+.+$ ]]; then | |||
Contributor
There was a problem hiding this comment.
Is it ok that we can have any count of space before include?
| @@ -0,0 +1 @@ | |||
| ../../regex.c No newline at end of file | |||
Contributor
There was a problem hiding this comment.
No empty line at the end of the file?
EvgeniiMekhanik
approved these changes
Feb 19, 2026
Contributor
EvgeniiMekhanik
left a comment
EvgeniiMekhanik
left a comment
There was a problem hiding this comment.
Please also add three stress tests with reconfiguration with regexp:
- With success reconfiguration regexp config - regexp config
- Fail reconfig
- Success was regexp now not regexp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To compile regexp required installation of hscollider. For simplicity it built as debian package.
Add repository
Install the package