-introducing signing of regex accept states, removing PID from regex API

7 files changed, 181 insertions, 108 deletions

diff --git a/src/regex/gnunet-daemon-regexprofiler.c b/src/regex/gnunet-daemon-regexprofiler.c
index 3f4dd087f..d4c9cb7cb 100644
--- a/src/regex/gnunet-daemon-regexprofiler.c
+++ b/src/regex/gnunet-daemon-regexprofiler.c
@@ -95,6 +95,12 @@ static char *rx_with_pfx;
  */
 static unsigned int rounds = 5;
 
+/**
+ * Private key for this peer.
+ */
+static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
+
+
 
 /**
  * Task run during shutdown.
@@ -118,6 +124,8 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
     GNUNET_DHT_disconnect (dht_handle);
     dht_handle = NULL;
   }
+  GNUNET_CRYPTO_ecc_key_free (my_private_key);
+  my_private_key = NULL;
 
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Daemon for %s shutting down\n",
@@ -134,7 +142,6 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 static void
 reannounce_regex (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
-  struct GNUNET_PeerIdentity id;
   struct GNUNET_TIME_Relative random_delay;
   char *regex = cls;
 
@@ -159,12 +166,11 @@ reannounce_regex (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "First time, creating regex: %s\n",
                 regex);
-    memset (&id, 0, sizeof (struct GNUNET_PeerIdentity));
     announce_handle = REGEX_INTERNAL_announce (dht_handle,
-                                            &id,
-                                            regex,
-                                            (unsigned int) max_path_compression,
-                                            stats_handle);
+                                               my_private_key,
+                                               regex,
+                                               (unsigned int) max_path_compression,
+                                               stats_handle);
   }
   else
   {
@@ -252,6 +258,8 @@ run (void *cls, char *const *args GNUNET_UNUSED,
 
   cfg = cfg_;
 
+  my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg);
+  GNUNET_assert (NULL != my_private_key);
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_number (cfg, "REGEXPROFILER",
                                              "MAX_PATH_COMPRESSION",
diff --git a/src/regex/gnunet-service-regex.c b/src/regex/gnunet-service-regex.c
index 697b04a36..96a6b82b1 100644
--- a/src/regex/gnunet-service-regex.c
+++ b/src/regex/gnunet-service-regex.c
@@ -99,6 +99,11 @@ static struct ClientEntry *client_tail;
  */
 static struct GNUNET_SERVER_NotificationContext *nc;
 
+/**
+ * Private key for this peer.
+ */
+static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key;
+
 
 /**
  * Task run during shutdown.
@@ -115,6 +120,8 @@ cleanup_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
   stats = NULL;
   GNUNET_SERVER_notification_context_destroy (nc);
   nc = NULL;
+  GNUNET_CRYPTO_ecc_key_free (my_private_key);
+  my_private_key = NULL;
 }
 
 
@@ -208,10 +215,10 @@ handle_announce (void *cls,
   ce = GNUNET_new (struct ClientEntry);
   ce->client = client;
   ce->ah = REGEX_INTERNAL_announce (dht,
-                                  &am->pid,
-                                  regex,
-                                  ntohs (am->compression),
-                                  stats);
+                                    my_private_key,
+                                    regex,
+                                    ntohs (am->compression),
+                                    stats);
   if (NULL == ce->ah)
   {
     GNUNET_break (0);
@@ -347,9 +354,18 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
     {&handle_search, NULL, GNUNET_MESSAGE_TYPE_REGEX_SEARCH, 0},
     {NULL, NULL, 0, 0}
   };
+
+  my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg);
+  if (NULL == my_private_key)
+  {   
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
   dht = GNUNET_DHT_connect (cfg, 1024);
   if (NULL == dht)
   {
+    GNUNET_CRYPTO_ecc_key_free (my_private_key);
+    my_private_key = NULL;
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c
index 9eeb13190..d8312a1a0 100644
--- a/src/regex/plugin_block_regex.c
+++ b/src/regex/plugin_block_regex.c
@@ -28,35 +28,8 @@
 #include "gnunet_block_plugin.h"
 #include "block_regex.h"
 #include "regex_block_lib.h"
-
-/**
- * Number of bits we set per entry in the bloomfilter.
- * Do not change!
- */
-#define BLOOMFILTER_K 16
-
-
-/**
- * Show debug info about outgoing edges from a block.
- * 
- * @param cls Closure (uunsed).
- * @param token Edge label.
- * @param len Length of @c token.
- * @param key Block the edge point to.
- * 
- * @return GNUNET_YES to keep iterating.
- */
-static int
-rdebug (void *cls,
-        const char *token,
-        size_t len,
-        const struct GNUNET_HashCode *key)
-{
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
-              "%s: %.*s\n",
-              GNUNET_h2s (key), len, token);
-  return GNUNET_YES;
-}
+#include "gnunet_constants.h"
+#include "gnunet_signatures.h"
 
 
 /**
@@ -86,8 +59,21 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
                       size_t xquery_size, const void *reply_block,
                       size_t reply_block_size)
 {
-  if (NULL == reply_block) /* queries (GET) are always valid */
-    return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
+  if (NULL == reply_block)
+    {
+      if (0 != xquery_size)
+        {
+          const char *s;  
+          
+          s = (const char *) xquery;
+          if ('\0' != s[xquery_size - 1]) /* must be valid 0-terminated string */
+            {
+              GNUNET_break_op (0);
+              return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
+            }
+        }
+      return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
+    }
   if (0 != xquery_size)
   {
     const char *query;
@@ -95,22 +81,15 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
     query = (const char *) xquery;
     if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Block xquery not a valid string\n");
-      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+      GNUNET_break_op (0);
+      return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
     }
   }
-  else if (NULL != query) /* PUTs don't need xquery */
+  else 
   {
-    const struct RegexBlock *rblock = reply_block;
-
+    /* xquery is required for regex, at least an empty string */
     GNUNET_break_op (0);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
-                "Block with no xquery, query: %s, %u edges\n",
-                GNUNET_h2s (query), 
-                ntohl (rblock->n_edges));
-    REGEX_BLOCK_iterate (rblock, reply_block_size, &rdebug, NULL);
-    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+    return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
   }
   switch (REGEX_BLOCK_check (reply_block,
                              reply_block_size,
@@ -121,12 +100,9 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
       GNUNET_break_op(0);
       return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
     case GNUNET_NO:
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "BLOCK XQUERY %s not accepted\n", xquery);
+      /* xquery missmatch, can happen */
       return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT;
     default:
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "BLOCK XQUERY %s accepted\n", xquery);
       break;
   }
   if (NULL != bf)
@@ -143,7 +119,7 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
     }
     else
     {
-      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);
+      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
     }
     GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
   }
@@ -178,6 +154,8 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
                              size_t xquery_size, const void *reply_block,
                              size_t reply_block_size)
 {
+  const struct RegexAcceptBlock *rba;
+
   if (0 != xquery_size)
   {
     GNUNET_break_op (0);
@@ -185,7 +163,31 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
   }
   if (NULL == reply_block)
     return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
-  if (sizeof (struct RegexAccept) != reply_block_size)
+  if (sizeof (struct RegexAcceptBlock) != reply_block_size)
+  {
+    GNUNET_break_op(0);
+    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+  }
+  rba = reply_block;
+  if (ntohl (rba->purpose.size) !=
+      sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+      sizeof (struct GNUNET_TIME_AbsoluteNBO) +
+      sizeof (struct GNUNET_HashCode)) 
+  {
+    GNUNET_break_op(0);
+    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+  }
+  if (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (rba->expiration_time)).rel_value)
+  {
+    /* technically invalid, but can happen without an error, so
+       we're nice by reporting it as a 'duplicate' */
+    return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE;
+  }  
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
+                                &rba->purpose,
+                                &rba->signature,
+                                &rba->public_key))
   {
     GNUNET_break_op(0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
@@ -204,7 +206,7 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
     }
     else
     {
-      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);
+      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
     }
     GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
   }
@@ -247,7 +249,6 @@ block_plugin_regex_evaluate (void *cls, enum GNUNET_BLOCK_Type type,
                                      xquery, xquery_size,
                                      reply_block, reply_block_size);
       break;
-
     case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
       result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator,
                                             xquery, xquery_size,
@@ -277,18 +278,24 @@ block_plugin_regex_get_key (void *cls, enum GNUNET_BLOCK_Type type,
                             const void *block, size_t block_size,
                             struct GNUNET_HashCode * key)
 {
-  int ret;
-
   switch (type)
   {
     case GNUNET_BLOCK_TYPE_REGEX:
-      ret = REGEX_BLOCK_get_key (block, block_size,
-                                 key);
-      GNUNET_break_op (GNUNET_OK == ret);
-      return ret;
+      if (GNUNET_OK !=
+          REGEX_BLOCK_get_key (block, block_size,
+                               key))
+      {
+        GNUNET_break_op (0);
+        return GNUNET_NO;
+      }
+      return GNUNET_OK;
     case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
-      GNUNET_assert (sizeof (struct RegexAccept) <= block_size);
-      *key = ((struct RegexAccept *) block)->key;
+      if (sizeof (struct RegexAcceptBlock) != block_size);
+      {
+        GNUNET_break_op (0);
+        return GNUNET_NO;
+      }
+      *key = ((struct RegexAcceptBlock *) block)->key;
       return GNUNET_OK;
     default:
       GNUNET_break (0);
diff --git a/src/regex/regex_api.c b/src/regex/regex_api.c
index ec9ee0de8..fdfd05058 100644
--- a/src/regex/regex_api.c
+++ b/src/regex/regex_api.c
@@ -118,7 +118,6 @@ handle_a_reconnect (void *cls,
  */
 struct GNUNET_REGEX_Announcement *
 GNUNET_REGEX_announce (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                       const struct GNUNET_PeerIdentity *id,
                        const char *regex,
                        struct GNUNET_TIME_Relative refresh_delay,
                        uint16_t compression)
@@ -142,7 +141,6 @@ GNUNET_REGEX_announce (const struct GNUNET_CONFIGURATION_Handle *cfg,
   a->msg.compression = htons (compression);
   a->msg.reserved = htons (0);
   a->msg.refresh_delay = GNUNET_TIME_relative_hton (refresh_delay);
-  a->msg.pid = *id;
   memcpy (&a[1], regex, slen);
   retry_announcement (a);
   return a;
diff --git a/src/regex/regex_internal_dht.c b/src/regex/regex_internal_dht.c
index e7259edcc..3d6cf7360 100644
--- a/src/regex/regex_internal_dht.c
+++ b/src/regex/regex_internal_dht.c
@@ -28,6 +28,9 @@
 #include "regex_block_lib.h"
 #include "gnunet_dht_service.h"
 #include "gnunet_statistics_service.h"
+#include "gnunet_constants.h"
+#include "gnunet_signatures.h"
+
 
 #define LOG(kind,...) GNUNET_log_from (kind,"regex-dht",__VA_ARGS__)
 
@@ -42,6 +45,10 @@
 #define DHT_OPT         GNUNET_DHT_RO_DEMULTIPLEX_EVERYWHERE
 #endif
 
+
+/**
+ * Handle to store cached data about a regex announce.
+ */
 struct REGEX_INTERNAL_Announcement
 {
   /**
@@ -60,9 +67,9 @@ struct REGEX_INTERNAL_Announcement
   struct REGEX_INTERNAL_Automaton* dfa;
 
   /**
-   * Identity under which to announce the regex.
+   * Our private key.
    */
-  struct GNUNET_PeerIdentity id;
+  const struct GNUNET_CRYPTO_EccPrivateKey *priv;
 
   /**
    * Optional statistics handle to report usage. Can be NULL.
@@ -100,14 +107,25 @@ regex_iterator (void *cls,
        num_edges);
   if (GNUNET_YES == accepting)
   {
-    struct RegexAccept block;
+    struct RegexAcceptBlock block;
 
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "State %s is accepting, putting own id\n",
          GNUNET_h2s(key));
     size = sizeof (block);
+    block.purpose.size = sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+      sizeof (struct GNUNET_TIME_AbsoluteNBO) +
+      sizeof (struct GNUNET_HashCode);
+    block.purpose.purpose = ntohl (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT);
+    block.expiration_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_DHT_MAX_EXPIRATION));
     block.key = *key;
-    block.id = h->id;
+    GNUNET_CRYPTO_ecc_key_get_public (h->priv,
+                                      &block.public_key);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_sign (h->priv,
+                                           &block.purpose,
+                                           &block.signature));
+
     GNUNET_STATISTICS_update (h->stats, "# regex accepting blocks stored",
                               1, GNUNET_NO);
     GNUNET_STATISTICS_update (h->stats, "# regex accepting block bytes stored",
@@ -144,12 +162,25 @@ regex_iterator (void *cls,
 }
 
 
+/**
+ * Announce a regular expression: put all states of the automaton in the DHT.
+ * Does not free resources, must call REGEX_INTERNAL_announce_cancel for that.
+ * 
+ * @param dht An existing and valid DHT service handle. CANNOT be NULL.
+ * @param priv our private key, must remain valid until the announcement is cancelled
+ * @param regex Regular expression to announce.
+ * @param compression How many characters per edge can we squeeze?
+ * @param stats Optional statistics handle to report usage. Can be NULL.
+ * 
+ * @return Handle to reuse o free cached resources.
+ *         Must be freed by calling REGEX_INTERNAL_announce_cancel.
+ */
 struct REGEX_INTERNAL_Announcement *
 REGEX_INTERNAL_announce (struct GNUNET_DHT_Handle *dht,
-                       const struct GNUNET_PeerIdentity *id,
-                       const char *regex,
-                       uint16_t compression,
-                       struct GNUNET_STATISTICS_Handle *stats)
+                         const struct GNUNET_CRYPTO_EccPrivateKey *priv,
+                         const char *regex,
+                         uint16_t compression,
+                         struct GNUNET_STATISTICS_Handle *stats)
 {
   struct REGEX_INTERNAL_Announcement *h;
 
@@ -158,7 +189,7 @@ REGEX_INTERNAL_announce (struct GNUNET_DHT_Handle *dht,
   h->regex = regex;
   h->dht = dht;
   h->stats = stats;
-  h->id = *id;
+  h->priv = priv;
   h->dfa = REGEX_INTERNAL_construct_dfa (regex,
                                        strlen (regex),
                                        compression);
@@ -167,6 +198,12 @@ REGEX_INTERNAL_announce (struct GNUNET_DHT_Handle *dht,
 }
 
 
+/**
+ * Announce again a regular expression previously announced.
+ * Does use caching to speed up process.
+ * 
+ * @param h Handle returned by a previous REGEX_INTERNAL_announce call.
+ */
 void
 REGEX_INTERNAL_reannounce (struct REGEX_INTERNAL_Announcement *h)
 {
@@ -177,6 +214,13 @@ REGEX_INTERNAL_reannounce (struct REGEX_INTERNAL_Announcement *h)
 }
 
 
+
+/**
+ * Clear all cached data used by a regex announce.
+ * Does not close DHT connection.
+ * 
+ * @param h Handle returned by a previous REGEX_INTERNAL_announce call.
+ */
 void
 REGEX_INTERNAL_announce_cancel (struct REGEX_INTERNAL_Announcement *h)
 {
@@ -194,26 +238,26 @@ REGEX_INTERNAL_announce_cancel (struct REGEX_INTERNAL_Announcement *h)
  */
 struct RegexSearchContext
 {
-    /**
-     * Part of the description already consumed by
-     * this particular search branch.
-     */
+  /**
+   * Part of the description already consumed by
+   * this particular search branch.
+   */
   size_t position;
 
-    /**
-     * Information about the search.
-     */
+  /**
+   * Information about the search.
+   */
   struct REGEX_INTERNAL_Search *info;
 
-    /**
-     * We just want to look for one edge, the longer the better.
-     * Keep its length.
-     */
+  /**
+   * We just want to look for one edge, the longer the better.
+   * Keep its length.
+   */
   unsigned int longest_match;
 
-    /**
-     * Destination hash of the longest match.
-     */
+  /**
+   * Destination hash of the longest match.
+   */
   struct GNUNET_HashCode hash;
 };
 
@@ -304,7 +348,7 @@ regex_next_edge (const struct RegexBlock *block,
  */
 static void
 dht_get_string_accept_handler (void *cls, struct GNUNET_TIME_Absolute exp,
-                               const struct GNUNET_HashCode * key,
+                               const struct GNUNET_HashCode *key,
                                const struct GNUNET_PeerIdentity *get_path,
                                unsigned int get_path_length,
                                const struct GNUNET_PeerIdentity *put_path,
@@ -312,9 +356,10 @@ dht_get_string_accept_handler (void *cls, struct GNUNET_TIME_Absolute exp,
                                enum GNUNET_BLOCK_Type type,
                                size_t size, const void *data)
 {
-  const struct RegexAccept *block = data;
+  const struct RegexAcceptBlock *block = data;
   struct RegexSearchContext *ctx = cls;
   struct REGEX_INTERNAL_Search *info = ctx->info;
+  struct GNUNET_PeerIdentity pid;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Got regex results from DHT!\n");
   LOG (GNUNET_ERROR_TYPE_INFO, "   accept for %s (key %s)\n",
@@ -324,9 +369,11 @@ dht_get_string_accept_handler (void *cls, struct GNUNET_TIME_Absolute exp,
                             1, GNUNET_NO);
   GNUNET_STATISTICS_update (info->stats, "# regex accepting block bytes found",
                             size, GNUNET_NO);
-
+  GNUNET_CRYPTO_hash (&block->public_key,
+                      sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded),
+                      &pid.hashPubKey);
   info->callback (info->callback_cls,
-                  &block->id,
+                  &pid,
                   get_path, get_path_length,
                   put_path, put_path_length);
 }
diff --git a/src/regex/regex_internal_lib.h b/src/regex/regex_internal_lib.h
index 3d4a1b65c..391a33fd2 100644
--- a/src/regex/regex_internal_lib.h
+++ b/src/regex/regex_internal_lib.h
@@ -150,12 +150,13 @@ struct REGEX_INTERNAL_Announcement;
  */
 struct REGEX_INTERNAL_Search;
 
+
 /**
  * Announce a regular expression: put all states of the automaton in the DHT.
  * Does not free resources, must call REGEX_INTERNAL_announce_cancel for that.
  * 
  * @param dht An existing and valid DHT service handle. CANNOT be NULL.
- * @param id ID to announce as provider of regex. Own ID in most cases.
+ * @param priv our private key, must remain valid until the announcement is cancelled
  * @param regex Regular expression to announce.
  * @param compression How many characters per edge can we squeeze?
  * @param stats Optional statistics handle to report usage. Can be NULL.
@@ -165,10 +166,11 @@ struct REGEX_INTERNAL_Search;
  */
 struct REGEX_INTERNAL_Announcement *
 REGEX_INTERNAL_announce (struct GNUNET_DHT_Handle *dht,
-                       const struct GNUNET_PeerIdentity *id,
-                       const char *regex,
-                       uint16_t compression,
-                       struct GNUNET_STATISTICS_Handle *stats);
+                         const struct GNUNET_CRYPTO_EccPrivateKey *priv,
+                         const char *regex,
+                         uint16_t compression,
+                         struct GNUNET_STATISTICS_Handle *stats);
+
 
 /**
  * Announce again a regular expression previously announced.
diff --git a/src/regex/regex_ipc.h b/src/regex/regex_ipc.h
index b94fceb86..fd6440bb8 100644
--- a/src/regex/regex_ipc.h
+++ b/src/regex/regex_ipc.h
@@ -54,11 +54,6 @@ struct AnnounceMessage
    */
   struct GNUNET_TIME_RelativeNBO refresh_delay;
 
-  /**
-   * Which PID to announce as the provider?
-   */
-  struct GNUNET_PeerIdentity pid;
-
   /* followed by 0-terminated regex as string */
 };