Switch to go-re2 #1005
Switch to go-re2 #1005
Conversation
Go's Regexp seems to be very costly for Coraza (and perhaps others). Profiling Coraza/Caddy (w/OWASP4), with the 'wrk' benchmark tool shows the following: 31.68% caddy caddy [.] regexp.(*machine).add 16.80% caddy caddy [.] regexp.(*machine).step 16.55% caddy caddy [.] regexp.(*machine).match 4.47% caddy caddy [.] regexp.(*inputString).step 3.45% caddy caddy [.] regexp.(*machine).alloc 3.13% caddy caddy [.] regexp.lazyFlag.match After switching over to Re2, those disappear.
|
We provide a plugin to make it easy to swap in go-re2 https://github.com/corazawaf/coraza-wasilibs go-re2 is a pretty heavyweight dependency so it's probably better to still keep it opt-in rather than only supporting it. I think for caddy we just want to provide a build tag that uses coraza-wasilibs |
|
I don't think we should migrate right away but defintively we need a section on how to use wasilibs. Mind working that out @monkburger? see https://github.com/corazawaf/coraza-wasilibs |
|
Maybe for regex engines, we should have build flags... I was also working on hyperscan integration |
|
@monkburger Are you up for working on #1005 (comment)? |
Sorry. I haven't had any free time in the last few months to look at this. |
When running Coraza within Caddy, profiling was showing elevated regexp.* usage. After discussions on Slack, it was demonstrated that the Go-Re2 offers much lower CPU / slightly better performance with Go-Re2 compared to the standard regexp. (There are legions of discussions about Go's regexp engine being slow on the web)
Since this is a drop-in replacement, existing testing doesn't require adjustment as far as I can see. (if this is an issue I can send another PR)
Make sure that you've checked the boxes below before you submit PR:
Thanks for your contribution ❤️