Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(kuma-cp) raise the regex program size limit #2139

Merged
merged 1 commit into from
Jun 10, 2021
Merged

fix(kuma-cp) raise the regex program size limit #2139

merged 1 commit into from
Jun 10, 2021

Conversation

jpeach
Copy link
Contributor

@jpeach jpeach commented Jun 10, 2021

Summary

Even though regex program sizes are deprecated, Envoy still enforces
the default limit of 100 in the layered runtime. Since users have no
reasonable way to predict the size of some arbitrary regex or know
how that affect performance, just max out the limit. We have to use
UINT32_MAX here, because the actual check truncates the value. We also
set a warning limit to an arbitrary size value in case anyone looks at
logs and wants to optimize their regexes.

Full changelog

N/A

Issues resolved

Fix #2103.

Documentation

N/A

Testing

  • Unit tests
  • E2E tests
  • Manual testing on Universal
  • Manual testing on Kubernetes

After applying the new bootstrap, Envoy accepts a regex with a large program size, but logs a warning:

[2021-06-09 23:52:07.442][19][warning][misc] [source/common/common/regex.cc:100] regex '/static/[a-zA-Z0-9._-]{0,200}/[a-zA-Z0-9._-]{0,200}' RE2 program size of 2013 > max program size of 1000 set for the warn level threshold. Increase configured max program size if necessary.

@jpeach jpeach requested a review from a team as a code owner June 10, 2021 00:06
@jpeach
fix(kuma-cp) raise the regex program size limit
4744021 
Even though regex program sizes are deprecated, Envoy still enforces
the default limit of 100 in the layered runtime. Since users have no
reasonable way to predict the size of some arbitrary regex or know
how that affect performance, just max out the limit. We have to use
UINT32_MAX here, because the actual check truncates the value. We also
set a warning limit to an arbitrary size value in case anyone looks at
logs and wants to optimize their regexes.

This fixes #2103.

Signed-off-by: James Peach <james.peach@konghq.com>
jakubdyszkiewicz
jakubdyszkiewicz approved these changes Jun 10, 2021
View reviewed changes
Copy link
Contributor

@jakubdyszkiewicz jakubdyszkiewicz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great!

@jakubdyszkiewicz jakubdyszkiewicz merged commit 60a631d into kumahq:master Jun 10, 2021
@jpeach jpeach deleted the fix/re2-max-program-size branch June 10, 2021 21:57
@pavelnikolov pavelnikolov mentioned this pull request Feb 28, 2022
Closed
@davidalger davidalger mentioned this pull request Feb 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use layered runtime to max out the regex program size
2 participants
@jpeach @jakubdyszkiewicz