1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
//! This is the main crate for the filter engine. //! //! It contains public APIs for parsing filter syntax, compiling them into //! an executable IR and, finally, executing filters against provided values. //! //! # Example //! //! ``` //! use wirefilter::{ExecutionContext, Scheme, Type}; //! //! fn main() -> Result<(), failure::Error> { //! // Create a map of possible filter fields. //! let scheme = Scheme! { //! http.method: Bytes, //! http.ua: Bytes, //! port: Int, //! }; //! //! // Parse a Wireshark-like expression into an AST. //! let ast = scheme.parse( //! r#" //! http.method != "POST" && //! not http.ua matches "(googlebot|facebook)" && //! port in {80 443} //! "#, //! )?; //! //! println!("Parsed filter representation: {:?}", ast); //! //! // Compile the AST into an executable filter. //! let filter = ast.compile(); //! //! // Set runtime field values to test the filter against. //! let mut ctx = ExecutionContext::new(&scheme); //! //! ctx.set_field_value("http.method", "GET")?; //! //! ctx.set_field_value( //! "http.ua", //! "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0", //! )?; //! //! ctx.set_field_value("port", 443)?; //! //! // Execute the filter with given runtime values. //! println!("Filter matches: {:?}", filter.execute(&ctx)?); // true //! //! // Amend one of the runtime values and execute the filter again. //! ctx.set_field_value("port", 8080)?; //! //! println!("Filter matches: {:?}", filter.execute(&ctx)?); // false //! //! Ok(()) //! } //! ``` #![warn(missing_docs)] extern crate cfg_if; extern crate failure; extern crate serde; #[cfg(test)] extern crate indoc; #[cfg(test)] extern crate lazy_static; #[cfg(test)] extern crate serde_json; extern crate cidr; extern crate fnv; extern crate indexmap; extern crate memmem; #[cfg(feature = "regex")] extern crate regex; #[macro_use] mod lex; #[macro_use] mod scheme; mod ast; mod execution_context; mod filter; mod heap_searcher; mod range_set; mod rhs_types; mod strict_partial_ord; mod types; pub use self::{ ast::FilterAst, execution_context::{ExecutionContext, FieldValueTypeMismatchError}, filter::{Filter, SchemeMismatchError}, scheme::{FieldRedefinitionError, ParseError, Scheme, UnknownFieldError}, types::{GetType, LhsValue, Type}, };