Crate wirefilter

Source
Expand description

This is the main crate for the filter engine.

It contains public APIs for parsing filter syntax, compiling them into an executable IR and, finally, executing filters against provided values.

§Example

use wirefilter::{ExecutionContext, Scheme, Type};

fn main() -> Result<(), failure::Error> {
    // Create a map of possible filter fields.
    let scheme = Scheme! {
        http.method: Bytes,
        http.ua: Bytes,
        port: Int,
    };

    // Parse a Wireshark-like expression into an AST.
    let ast = scheme.parse(
        r#"
            http.method != "POST" &&
            not http.ua matches "(googlebot|facebook)" &&
            port in {80 443}
        "#,
    )?;

    println!("Parsed filter representation: {:?}", ast);

    // Compile the AST into an executable filter.
    let filter = ast.compile();

    // Set runtime field values to test the filter against.
    let mut ctx = ExecutionContext::new(&scheme);

    ctx.set_field_value("http.method", "GET")?;

    ctx.set_field_value(
        "http.ua",
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
    )?;

    ctx.set_field_value("port", 443)?;

    // Execute the filter with given runtime values.
    println!("Filter matches: {:?}", filter.execute(&ctx)?); // true

    // Amend one of the runtime values and execute the filter again.
    ctx.set_field_value("port", 8080)?;

    println!("Filter matches: {:?}", filter.execute(&ctx)?); // false

    Ok(())
}

Macros§

Scheme
A convenience macro for constructing a Scheme with static contents.

Structs§

ExecutionContext
An execution context stores an associated Scheme and a set of runtime values to execute Filter against.
FieldRedefinitionError
An error that occurs when previously defined field gets redefined.
FieldValueTypeMismatchError
An error that occurs if the type of the value for the field doesn’t match the type specified in the Scheme.
Filter
An IR for a compiled filter expression.
FilterAst
A parsed filter AST.
ParseError
An opaque filter parsing error associated with the original input.
Scheme
The main registry for fields and their associated types.
SchemeMismatchError
An error that occurs if filter and provided ExecutionContext have different schemes.
UnknownFieldError
An error that occurs if an unregistered field name was queried from a Scheme.

Enums§

LhsValue
An LHS value provided for filter execution.
Type
Enumeration of supported types for field values.

Traits§

GetType
Provides a way to get a Type of the implementor.