router: add regex substitution to header hashing

api/envoy/config/route/v3/route_components.proto

@@ -615,6 +615,10 @@ message RouteAction {
       string header_name = 1 [
         (validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}
       ];
+
+      // If specified, the request header value will be rewritten and used
+      // to produce the hash key.
+      type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 2;
     }
 
     // Envoy supports two types of cookie affinity:

docs/root/version_history/current.rst

@@ -124,6 +124,7 @@ New Features
 * request_id: added to :ref:`always_set_request_id_in_response setting <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.always_set_request_id_in_response>`
   to set :ref:`x-request-id <config_http_conn_man_headers_x-request-id>` header in response even if
   tracing is not forced.
+* router: add regex substitution support for header based hashing.
 * router: add support for RESPONSE_FLAGS and RESPONSE_CODE_DETAILS :ref:`header formatters
   <config_http_conn_man_headers_custom_request_headers>`.
 * router: allow Rate Limiting Service to be called in case of missing request header for a descriptor if the :ref:`skip_if_absent <envoy_v3_api_field_config.route.v3.RateLimit.Action.RequestHeaders.skip_if_absent>` field is set to true.

source/common/http/hash_policy.cc

@@ -2,6 +2,8 @@
 
 #include "envoy/config/route/v3/route_components.pb.h"
 
+#include "common/common/matchers.h"
+#include "common/common/regex.h"
 #include "common/http/utility.h"
 
 #include "absl/strings/str_cat.h"
@@ -21,8 +23,15 @@ class HashMethodImplBase : public HashPolicyImpl::HashMethod {
 
 class HeaderHashMethod : public HashMethodImplBase {
 public:
-  HeaderHashMethod(const std::string& header_name, bool terminal)
-      : HashMethodImplBase(terminal), header_name_(header_name) {}
+  HeaderHashMethod(const envoy::config::route::v3::RouteAction::HashPolicy::Header& header,
+                   bool terminal)
+      : HashMethodImplBase(terminal), header_name_(header.header_name()) {
+    if (header.has_regex_rewrite()) {
+      const auto& rewrite_spec = header.regex_rewrite();
+      regex_rewrite_ = Regex::Utility::parseRegex(rewrite_spec.pattern());
+      regex_rewrite_substitution_ = rewrite_spec.substitution();
+    }
+  }
 
   absl::optional<uint64_t> evaluate(const Network::Address::Instance*,
                                     const RequestHeaderMap& headers,
@@ -32,13 +41,20 @@ class HeaderHashMethod : public HashMethodImplBase {
 
     const HeaderEntry* header = headers.get(header_name_);
     if (header) {
-      hash = HashUtil::xxHash64(header->value().getStringView());
+      if (regex_rewrite_ != nullptr) {
+        hash = HashUtil::xxHash64(regex_rewrite_->replaceAll(header->value().getStringView(),
+                                                             regex_rewrite_substitution_));
+      } else {
+        hash = HashUtil::xxHash64(header->value().getStringView());
+      }
     }
     return hash;
   }
 
 private:
   const LowerCaseString header_name_;
+  Regex::CompiledMatcherPtr regex_rewrite_{};
+  std::string regex_rewrite_substitution_{};
 };
 
 class CookieHashMethod : public HashMethodImplBase {
@@ -145,7 +161,7 @@ HashPolicyImpl::HashPolicyImpl(
     switch (hash_policy->policy_specifier_case()) {
     case envoy::config::route::v3::RouteAction::HashPolicy::PolicySpecifierCase::kHeader:
       hash_impls_.emplace_back(
-          new HeaderHashMethod(hash_policy->header().header_name(), hash_policy->terminal()));
+          new HeaderHashMethod(hash_policy->header(), hash_policy->terminal()));
       break;
     case envoy::config::route::v3::RouteAction::HashPolicy::PolicySpecifierCase::kCookie: {
       absl::optional<std::chrono::seconds> ttl;

test/common/router/config_impl_test.cc

@@ -2205,6 +2205,27 @@ TEST_F(RouterMatcherHashPolicyTest, HashHeaders) {
   }
 }
 
+TEST_F(RouterMatcherHashPolicyTest, HashHeadersRegexSubstitution) {
+  // Apply a regex substitution before hashing.
+  auto* header = firstRouteHashPolicy()->mutable_header();
+  header->set_header_name(":path");
+  auto* regex_spec = header->mutable_regex_rewrite();
+  regex_spec->set_substitution("\\1");
+  auto* pattern = regex_spec->mutable_pattern();
+  pattern->mutable_google_re2();
+  pattern->set_regex("^/(\\w+)$");
+  {
+    Http::TestRequestHeaderMapImpl headers = genHeaders("www.lyft.com", "/foo", "GET");
+    Router::RouteConstSharedPtr route = config().route(headers, 0);
+    const auto foo_hash_value = 3728699739546630719;
+    EXPECT_EQ(route->routeEntry()
+                  ->hashPolicy()
+                  ->generateHash(nullptr, headers, add_cookie_nop_, nullptr)
+                  .value(),
+              foo_hash_value);
+  }
+}
+
 class RouterMatcherCookieHashPolicyTest : public RouterMatcherHashPolicyTest {
 public:
   RouterMatcherCookieHashPolicyTest() {