Mailing List Archive

On 22/11/16 14:41, David CARLIER wrote:
> You probably thought of it but is there any plan (next year ?) to implement
> pcre2 support in varnish ?

IIRC Geoff has a pcre2 version of https://code.uplex.de/uplex-varnish/libvmod-re
in the works

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/22/2016 11:22 PM, Nils Goroll wrote:
> On 22/11/16 14:41, David CARLIER wrote:
>> You probably thought of it but is there any plan (next year ?) to
>> implement pcre2 support in varnish ?
>
> IIRC Geoff has a pcre2 version of
> https://code.uplex.de/uplex-varnish/libvmod-re in the works

"In the works" is saying too much, more like kicking around the idea.
Real Soon Now in my Copious Free Time.

I haven't heard any developers talking about pcre2, and I suspect that
support via VMODs for new regex libraries is the most likely path
forward. One of the reasons for introducing VMODs was to lessen the
burden on the main project to add and maintain new features, and it
seems to me that this is a good case for that.

This one, for example, supports use of Google re2:

https://code.uplex.de/uplex-varnish/libvmod-re2

@David, do you have a use case for pcre2? I haven't heard much about
it, for example whether or how much it performs better than original
pcre. Just the fact that the pcre project will be going forward with
pcre2 is a good reason to support it. Any other arguments for it would
help to move the VMOD out of the vaporware column.


Best,
Geoff
- --
** * * UPLEX - Nils Goroll Systemoptimierung

Scheffelstraße 32
22301 Hamburg

Tel +49 40 2880 5731
Mob +49 176 636 90917
Fax +49 40 42949753

http://uplex.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYNVaQAAoJEOUwvh9pJNURu6MP/2DZ3uHwO/XvcbQrWeOM8wsV
CnGEn+7fr1pOV94sfhXyVMs4I3YIChzt/ys+Mc72MLkw+mxnyC1y+8zrXeubpO5S
7DQX6uP7iadtoGtBuY0WWGyha1X/dbIGYSsI8B9JRZPZnT7MP5y4AkOh8hnJZrW/
dQxGqIQPkB+WTDivTE/T6BXQAFk+HLJbHZ7sxH2LzddqIV8+Ewb4Ul8QY3hwxLo5
Z/8C3K0nEdLH/Z7BgMTz3ud7CTLVEHowdgEBqo9lR6cP7v4JrGnt6pfdoYBFt340
YDws+mjG1fmNBTc+avV8KNeXST7D8X6FXEPsY+TXegtfU4Ki5O22071rRLswtoj8
s++ERLmYqKP9z+gkp7fZEBiq17JNeKtJZQCpm90i939imeqdmCAFb+qr9m6VXVJJ
FCNgFfNj0uea7RQoC8ewzh+kvxj5PNUlOUr+bdx1u2N0NqVe2LE0h49nvt5/LNmd
liABQrHhIjE9GvvsLlcaqx95Xz7aXeb0U2irfd2YQKD8Pbc5Lgjq0F9GLGU5G5lD
WdeyCve/CutPxKx0lOQRLtsjyWEy/3D9d7QZpKBXd6xe/FpuySj+T/kCWplYMq+C
jSHJ+xm/ZIJwqNjmbulMxSdlqqqIPMHLALOp/iNvNz906qorIVrh8k17huy7Eo6c
wGBT/hEEMR9fS/sAmrdg
=wB9x
-----END PGP SIGNATURE-----

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

Hi,

@Geoff your answer makes sense, so to explain some people start to install
pcre2 over pcre due to pcre's security flaws rather than supposely
performance increases (I do not think there is really). Plus I have
submitted a pcre2 support this week to haproxy which might land in the next
branch. I was just curious how other softwares was doing ;)

Kind regards.

On 23 November 2016 at 08:42, Geoff Simmons <geoff@uplex.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 11/22/2016 11:22 PM, Nils Goroll wrote:
> > On 22/11/16 14:41, David CARLIER wrote:
> >> You probably thought of it but is there any plan (next year ?) to
> >> implement pcre2 support in varnish ?
> >
> > IIRC Geoff has a pcre2 version of
> > https://code.uplex.de/uplex-varnish/libvmod-re in the works
>
> "In the works" is saying too much, more like kicking around the idea.
> Real Soon Now in my Copious Free Time.
>
> I haven't heard any developers talking about pcre2, and I suspect that
> support via VMODs for new regex libraries is the most likely path
> forward. One of the reasons for introducing VMODs was to lessen the
> burden on the main project to add and maintain new features, and it
> seems to me that this is a good case for that.
>
> This one, for example, supports use of Google re2:
>
> https://code.uplex.de/uplex-varnish/libvmod-re2
>
> @David, do you have a use case for pcre2? I haven't heard much about
> it, for example whether or how much it performs better than original
> pcre. Just the fact that the pcre project will be going forward with
> pcre2 is a good reason to support it. Any other arguments for it would
> help to move the VMOD out of the vaporware column.
>
>
> Best,
> Geoff
> - --
> ** * * UPLEX - Nils Goroll Systemoptimierung
>
> Scheffelstraße 32
> 22301 Hamburg
>
> Tel +49 40 2880 5731
> Mob +49 176 636 90917
> Fax +49 40 42949753
>
> http://uplex.de
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJYNVaQAAoJEOUwvh9pJNURu6MP/2DZ3uHwO/XvcbQrWeOM8wsV
> CnGEn+7fr1pOV94sfhXyVMs4I3YIChzt/ys+Mc72MLkw+mxnyC1y+8zrXeubpO5S
> 7DQX6uP7iadtoGtBuY0WWGyha1X/dbIGYSsI8B9JRZPZnT7MP5y4AkOh8hnJZrW/
> dQxGqIQPkB+WTDivTE/T6BXQAFk+HLJbHZ7sxH2LzddqIV8+Ewb4Ul8QY3hwxLo5
> Z/8C3K0nEdLH/Z7BgMTz3ud7CTLVEHowdgEBqo9lR6cP7v4JrGnt6pfdoYBFt340
> YDws+mjG1fmNBTc+avV8KNeXST7D8X6FXEPsY+TXegtfU4Ki5O22071rRLswtoj8
> s++ERLmYqKP9z+gkp7fZEBiq17JNeKtJZQCpm90i939imeqdmCAFb+qr9m6VXVJJ
> FCNgFfNj0uea7RQoC8ewzh+kvxj5PNUlOUr+bdx1u2N0NqVe2LE0h49nvt5/LNmd
> liABQrHhIjE9GvvsLlcaqx95Xz7aXeb0U2irfd2YQKD8Pbc5Lgjq0F9GLGU5G5lD
> WdeyCve/CutPxKx0lOQRLtsjyWEy/3D9d7QZpKBXd6xe/FpuySj+T/kCWplYMq+C
> jSHJ+xm/ZIJwqNjmbulMxSdlqqqIPMHLALOp/iNvNz906qorIVrh8k17huy7Eo6c
> wGBT/hEEMR9fS/sAmrdg
> =wB9x
> -----END PGP SIGNATURE-----
>

--------
In message <CA+XhMqz8XcobkAHm+A3Cc7EZt3SUk1vKhppVC3T2-CxqHB8+Zg@mail.gmail.com>, David CARLIER writes:

>Hi dear developers,
>
>You probably thought of it but is there any plan (next year ?) to implement
>pcre2 support in varnish ?

I will just echo what Geoff said: If we support pcre2 it will be as a VMOD.

(In hindsight, it was a mistake to pull in pcre, rather than stick with
POSIX regexps, but we didn't have VMODS back then, so it was either or.)

If we find that practically everybody "import pcre2" in their VCL, we will
probably drag that VMOD into the main project, otherwise it will live
independently.

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/23/2016 09:47 AM, David CARLIER wrote:
>
> ... some people start to install pcre2 over pcre due to pcre's
> security flaws

Is there something to be worried about? I'm looking at the CVEs for
pcre, and it looks to me like there's nothing that can't be fixed by
updating the libraries. The most recent one (March of this year)
applies to both pcre and pcre2.

On 11/23/2016 10:44 AM, Poul-Henning Kamp wrote:
>
> If we find that practically everybody "import pcre2" in their VCL,
> we will probably drag that VMOD into the main project, otherwise it
> will live independently.

Philip Hazel's plan is to continue maintaining the original pcre lib
only for bug fixes, and all new features will go into pcre2. At some
point in the mid to long term, old pcre might become just too old. I
suspect that will be when everyone will be importing a VMOD for regexen.


Best,
Geoff
- --
** * * UPLEX - Nils Goroll Systemoptimierung

Scheffelstraße 32
22301 Hamburg

Tel +49 40 2880 5731
Mob +49 176 636 90917
Fax +49 40 42949753

http://uplex.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYNaRsAAoJEOUwvh9pJNURbHYP/iKBWkJqryFdSHZxxQRxim6U
LGtiJbC4JIu9il68sMNn/I+Pqa/7xp1ChWe3GpZLlcBaM9/aOamJrR8WvRaRPHhv
dGIILXBotzMPnUJyk3mEott2O6W+4sXbknNJJITizo5gEvNgHU4T7c11GxHL+dp/
o0Fav0eh9pL+5FzLSdBuBx4vQefxfjB8XR1XCVBSplZzbQsfs7xbeN9qWvQYzEw1
qyWlzHBRKz2Ao9e2PUfZU5wfDp56KFQV5kXRGU1cm+HER+Q+0/gU5/w0ze8TaIcx
v6QqK5Xxawd0Ju/pf5ve/ujsHHqGdeD5R5ZrG371gE9MsOvtzxaNurZFK9speRd/
v71lSEk+EOvSy76JJM+ggIL3GZIHKlnWRs2FTIu0dtpIyUwvQX8b0VaZzr/q4QGc
0vmRmW53FYApyj37naYJMZVspBikVJaltbiXR9e8gVWikWVsluAgKMx1CLNLzWhg
1LYrGvxwOpOdqg/efkPfP+RwqhEnG5pl7Wbug9fHYmJiwsVhICE1jBaBmiS6GyNF
yw+x2Ynh79oxyShBMMmWxkh/hKbAUMVqgY7oTpqUG8v00ynhqR4bZDs6r4l6SULs
2GPFrcknkZiYwO16YlXsNVDC9BxO4OpmB26lyc00C8DhW0HuYmkRKw3hkBJTEiDf
dwcejzdIdWbKso8vd9Ue
=jY5K
-----END PGP SIGNATURE-----

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

@Geoff

I agree with you, there s no urgency to implement it, althought the API of
pcre2 is way better designed (ie the ovec array resulting from the match is
properly sized now for example) but more for the near future indeed, anyway
in Haproxy the developement is done but won t be available before next year.

On 23 November 2016 at 14:15, Geoff Simmons <geoff@uplex.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 11/23/2016 09:47 AM, David CARLIER wrote:
> >
> > ... some people start to install pcre2 over pcre due to pcre's
> > security flaws
>
> Is there something to be worried about? I'm looking at the CVEs for
> pcre, and it looks to me like there's nothing that can't be fixed by
> updating the libraries. The most recent one (March of this year)
> applies to both pcre and pcre2.
>
> On 11/23/2016 10:44 AM, Poul-Henning Kamp wrote:
> >
> > If we find that practically everybody "import pcre2" in their VCL,
> > we will probably drag that VMOD into the main project, otherwise it
> > will live independently.
>
> Philip Hazel's plan is to continue maintaining the original pcre lib
> only for bug fixes, and all new features will go into pcre2. At some
> point in the mid to long term, old pcre might become just too old. I
> suspect that will be when everyone will be importing a VMOD for regexen.
>
>
> Best,
> Geoff
> - --
> ** * * UPLEX - Nils Goroll Systemoptimierung
>
> Scheffelstraße 32
> 22301 Hamburg
>
> Tel +49 40 2880 5731
> Mob +49 176 636 90917
> Fax +49 40 42949753
>
> http://uplex.de
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJYNaRsAAoJEOUwvh9pJNURbHYP/iKBWkJqryFdSHZxxQRxim6U
> LGtiJbC4JIu9il68sMNn/I+Pqa/7xp1ChWe3GpZLlcBaM9/aOamJrR8WvRaRPHhv
> dGIILXBotzMPnUJyk3mEott2O6W+4sXbknNJJITizo5gEvNgHU4T7c11GxHL+dp/
> o0Fav0eh9pL+5FzLSdBuBx4vQefxfjB8XR1XCVBSplZzbQsfs7xbeN9qWvQYzEw1
> qyWlzHBRKz2Ao9e2PUfZU5wfDp56KFQV5kXRGU1cm+HER+Q+0/gU5/w0ze8TaIcx
> v6QqK5Xxawd0Ju/pf5ve/ujsHHqGdeD5R5ZrG371gE9MsOvtzxaNurZFK9speRd/
> v71lSEk+EOvSy76JJM+ggIL3GZIHKlnWRs2FTIu0dtpIyUwvQX8b0VaZzr/q4QGc
> 0vmRmW53FYApyj37naYJMZVspBikVJaltbiXR9e8gVWikWVsluAgKMx1CLNLzWhg
> 1LYrGvxwOpOdqg/efkPfP+RwqhEnG5pl7Wbug9fHYmJiwsVhICE1jBaBmiS6GyNF
> yw+x2Ynh79oxyShBMMmWxkh/hKbAUMVqgY7oTpqUG8v00ynhqR4bZDs6r4l6SULs
> 2GPFrcknkZiYwO16YlXsNVDC9BxO4OpmB26lyc00C8DhW0HuYmkRKw3hkBJTEiDf
> dwcejzdIdWbKso8vd9Ue
> =jY5K
> -----END PGP SIGNATURE-----
>

--------
In message <c881243c-bc6f-375f-bf89-3576e18739fc@uplex.de>, Geoff Simmons writes:

>Philip Hazel's plan is to continue maintaining the original pcre lib
>only for bug fixes, and all new features will go into pcre2. At some
>point in the mid to long term, old pcre might become just too old. I
>suspect that will be when everyone will be importing a VMOD for regexen.

Name it wisely then, ot they will all curse your name on a daily basis :-)


--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/23/2016 09:42 AM, Geoff Simmons wrote:
> On 11/22/2016 11:22 PM, Nils Goroll wrote:
>> On 22/11/16 14:41, David CARLIER wrote:
>>> You probably thought of it but is there any plan (next year ?)
>>> to implement pcre2 support in varnish ?
>
>> IIRC Geoff has a pcre2 version of
>> https://code.uplex.de/uplex-varnish/libvmod-re in the works
>
> "In the works" is saying too much, more like kicking around the
> idea. Real Soon Now in my Copious Free Time.

Only eight months later ...

https://code.uplex.de/uplex-varnish/libvmod-pcre2

Let us know what you think if you get a chance to try it.


Best,
Geoff
- --
** * * UPLEX - Nils Goroll Systemoptimierung

Scheffelstra?e 32
22301 Hamburg

Tel +49 40 2880 5731
Mob +49 176 636 90917
Fax +49 40 42949753

http://uplex.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZbLPyAAoJEOUwvh9pJNUR4I8QAKh5NoVZ3l9gLNY82dvGGyON
2ITsqVhy2CpvFoKQFIYFNYxOKSl5dQhgqioopeODB8EucJ4zdBUQOy0qvUuBylq0
z7aVjauVQp8t0W7mCRmx5MmRwvC0u4z59wQ34FXXQXO3MS/HsnSG9bZDOZfeXK3p
6eVtGAacfimEPgXnuIoDQsntalUomq9lre/71koFuOTRA3zvvZ3rzFLvtOTSd1J/
BHnVdlLR3YVLxXRod4puUd7qJ9lEiwCoN6OiKE8GNwm5uD3nC8Pi+75utg760m1r
q4FHivLf6AolJIMq2NWRV8Bfwa1Dsh+trLIsEYlt1+Ct1ntzK+jo5HVOfc5QrTnf
vB6tgAOE4Na1u5Yo9bepYScS1QxEQ+GYYHARtShY0wksLLlruXVGZJAa4aseVZyU
DF178mXVrThX2KCJy8OtnKH1JDAKBGbM2LHX5kY+DjZZ5VtoJGo1JEOwmUNcs1GB
MIqnaQHDbxR1KHubbkOdFhwemOdMzgpUAn7DuHmR/TUvjJHumIFT3J++mW1tlp2W
4bhjXpEysYXJ91fZC659RXEfhvdfi6ak+N5V4tTsH0U/5uoHur5biiP377/ssVJF
1eS00wjyNXPSnObodQdpYkFocF0LlIhvG7i8ZJHOgoDMNXJPe1+1gnEe3wIM9I0z
uN3Y9hJaq+gNKirwOyjJ
=Lguk
-----END PGP SIGNATURE-----

_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev