ModSecurity
ModSecurity copied to clipboard
WIP: Add RE2 regexp engine support
See #1996.
Every commit has detailed description.
I've implemented the fallback approach so far: if RE2 support is enabled, every regular expression is compiled with RE2, and if that fails, regular expression is compiled with libpcre instead. Please see #1996 for more detailed discussion why this approach is necessary.
There's also lots of refactoring of regexp related code.
Open questions:
- [ ] Perhaps, since RE2 support is considered experimental, configure script should not even attempt to build it unless explicit
--with-re
is supplied? - [ ] There's no easy way to know which regular expression uses which engine. It might feel like kind of implicit magic, which isn't really good.
- [x] There's no error handling when regular expression is invalid. This isn't a regression introduced by this PR, but now might be the time to do something about it.
- [ ] PR needs code review, obviously.
- [ ] Changelog entry
- [ ] Documentation
- [ ] Maybe something else I missed.