diff --git a/envoy/type/matcher/regex.proto b/envoy/type/matcher/regex.proto index 9e41637a..b23c0bff 100644 --- a/envoy/type/matcher/regex.proto +++ b/envoy/type/matcher/regex.proto @@ -19,6 +19,16 @@ message RegexMatcher { // Google's `RE2 `_ regex engine. The regex string must adhere to // the documented `syntax `_. The engine is designed // to complete execution in linear time as well as limit the amount of memory used. + // + // Envoy supports program size checking via runtime. The runtime keys `re2.max_program_size.error_level` + // and `re2.max_program_size.warn_level` can be set to integers as the maximum program size or + // complexity that a compiled regex can have before an exception is thrown or a warning is + // logged, respectively. `re2.max_program_size.error_level` defaults to 100, and + // `re2.max_program_size.warn_level` has no default if unset (will not check/log a warning). + // + // Envoy emits two stats for tracking the program size of regexes: the histogram `re2.program_size`, + // which records the program size, and the counter `re2.exceeded_warn_level`, which is incremented + // each time the program size exceeds the warn level threshold. message GoogleRE2 { // This field controls the RE2 "program size" which is a rough estimate of how complex a // compiled regex is to evaluate. A regex that has a program size greater than the configured diff --git a/envoy/type/matcher/v3/regex.proto b/envoy/type/matcher/v3/regex.proto index 5a7922ec..6087c6f9 100644 --- a/envoy/type/matcher/v3/regex.proto +++ b/envoy/type/matcher/v3/regex.proto @@ -22,6 +22,16 @@ message RegexMatcher { // Google's `RE2 `_ regex engine. The regex string must adhere to // the documented `syntax `_. The engine is designed // to complete execution in linear time as well as limit the amount of memory used. + // + // Envoy supports program size checking via runtime. The runtime keys `re2.max_program_size.error_level` + // and `re2.max_program_size.warn_level` can be set to integers as the maximum program size or + // complexity that a compiled regex can have before an exception is thrown or a warning is + // logged, respectively. `re2.max_program_size.error_level` defaults to 100, and + // `re2.max_program_size.warn_level` has no default if unset (will not check/log a warning). + // + // Envoy emits two stats for tracking the program size of regexes: the histogram `re2.program_size`, + // which records the program size, and the counter `re2.exceeded_warn_level`, which is incremented + // each time the program size exceeds the warn level threshold. message GoogleRE2 { option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.RegexMatcher.GoogleRE2"; diff --git a/envoy/type/matcher/v4alpha/regex.proto b/envoy/type/matcher/v4alpha/regex.proto index bfd8c3dd..087c5e3f 100644 --- a/envoy/type/matcher/v4alpha/regex.proto +++ b/envoy/type/matcher/v4alpha/regex.proto @@ -22,6 +22,16 @@ message RegexMatcher { // Google's `RE2 `_ regex engine. The regex string must adhere to // the documented `syntax `_. The engine is designed // to complete execution in linear time as well as limit the amount of memory used. + // + // Envoy supports program size checking via runtime. The runtime keys `re2.max_program_size.error_level` + // and `re2.max_program_size.warn_level` can be set to integers as the maximum program size or + // complexity that a compiled regex can have before an exception is thrown or a warning is + // logged, respectively. `re2.max_program_size.error_level` defaults to 100, and + // `re2.max_program_size.warn_level` has no default if unset (will not check/log a warning). + // + // Envoy emits two stats for tracking the program size of regexes: the histogram `re2.program_size`, + // which records the program size, and the counter `re2.exceeded_warn_level`, which is incremented + // each time the program size exceeds the warn level threshold. message GoogleRE2 { option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.v3.RegexMatcher.GoogleRE2";