[−][src]Crate wirefilter

This is the main crate for the filter engine.

It contains public APIs for parsing filter syntax, compiling them into an executable IR and, finally, executing filters against provided values.

Example

use wirefilter::{ExecutionContext, Scheme, Type};

fn main() -> Result<(), failure::Error> {
    // Create a map of possible filter fields.
    let scheme = Scheme! {
        http.method: Bytes,
        http.ua: Bytes,
        port: Int,
    };

    // Parse a Wireshark-like expression into an AST.
    let ast = scheme.parse(
        r#"
            http.method != "POST" &&
            not http.ua matches "(googlebot|facebook)" &&
            port in {80 443}
        "#,
    )?;

    println!("Parsed filter representation: {:?}", ast);

    // Compile the AST into an executable filter.
    let filter = ast.compile();

    // Set runtime field values to test the filter against.
    let mut ctx = ExecutionContext::new(&scheme);

    ctx.set_field_value("http.method", "GET")?;

    ctx.set_field_value(
        "http.ua",
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
    )?;

    ctx.set_field_value("port", 443)?;

    // Execute the filter with given runtime values.
    println!("Filter matches: {:?}", filter.execute(&ctx)?); // true

    // Amend one of the runtime values and execute the filter again.
    ctx.set_field_value("port", 8080)?;

    println!("Filter matches: {:?}", filter.execute(&ctx)?); // false

    Ok(())
}

Macros

Scheme

A convenience macro for constructing a Scheme with static contents.

Structs

ExecutionContext	An execution context stores an associated `Scheme` and a set of runtime values to execute `Filter` against.
FieldRedefinitionError	An error that occurs when previously defined field gets redefined.
FieldValueTypeMismatchError	An error that occurs if the type of the value for the field doesn't match the type specified in the `Scheme`.
Filter	An IR for a compiled filter expression.
FilterAst	A parsed filter AST.
ParseError	An opaque filter parsing error associated with the original input.
Scheme	The main registry for fields and their associated types.
SchemeMismatchError	An error that occurs if filter and provided `ExecutionContext` have different schemes.
UnknownFieldError	An error that occurs if an unregistered field name was queried from a `Scheme`.

Enums

LhsValue	An LHS value provided for filter execution.
Type	Enumeration of supported types for field values.

Traits

GetType

Provides a way to get a Type of the implementor.