wirefilter/
lib.rs

1//! This is the main crate for the filter engine.
2//!
3//! It contains public APIs for parsing filter syntax, compiling them into
4//! an executable IR and, finally, executing filters against provided values.
5//!
6//! # Example
7//!
8//! ```
9//! use wirefilter::{ExecutionContext, Scheme, Type};
10//!
11//! fn main() -> Result<(), failure::Error> {
12//!     // Create a map of possible filter fields.
13//!     let scheme = Scheme! {
14//!         http.method: Bytes,
15//!         http.ua: Bytes,
16//!         port: Int,
17//!     };
18//!
19//!     // Parse a Wireshark-like expression into an AST.
20//!     let ast = scheme.parse(
21//!         r#"
22//!             http.method != "POST" &&
23//!             not http.ua matches "(googlebot|facebook)" &&
24//!             port in {80 443}
25//!         "#,
26//!     )?;
27//!
28//!     println!("Parsed filter representation: {:?}", ast);
29//!
30//!     // Compile the AST into an executable filter.
31//!     let filter = ast.compile();
32//!
33//!     // Set runtime field values to test the filter against.
34//!     let mut ctx = ExecutionContext::new(&scheme);
35//!
36//!     ctx.set_field_value("http.method", "GET")?;
37//!
38//!     ctx.set_field_value(
39//!         "http.ua",
40//!         "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
41//!     )?;
42//!
43//!     ctx.set_field_value("port", 443)?;
44//!
45//!     // Execute the filter with given runtime values.
46//!     println!("Filter matches: {:?}", filter.execute(&ctx)?); // true
47//!
48//!     // Amend one of the runtime values and execute the filter again.
49//!     ctx.set_field_value("port", 8080)?;
50//!
51//!     println!("Filter matches: {:?}", filter.execute(&ctx)?); // false
52//!
53//!     Ok(())
54//! }
55//! ```
56#![warn(missing_docs)]
57
58extern crate cfg_if;
59extern crate failure;
60extern crate serde;
61
62#[cfg(test)]
63extern crate indoc;
64
65#[cfg(test)]
66extern crate lazy_static;
67
68#[cfg(test)]
69extern crate serde_json;
70
71extern crate cidr;
72extern crate fnv;
73extern crate indexmap;
74extern crate memmem;
75
76#[cfg(feature = "regex")]
77extern crate regex;
78
79#[macro_use]
80mod lex;
81
82#[macro_use]
83mod scheme;
84
85mod ast;
86mod execution_context;
87mod filter;
88mod heap_searcher;
89mod range_set;
90mod rhs_types;
91mod strict_partial_ord;
92mod types;
93
94pub use self::{
95    ast::FilterAst,
96    execution_context::{ExecutionContext, FieldValueTypeMismatchError},
97    filter::{Filter, SchemeMismatchError},
98    scheme::{FieldRedefinitionError, ParseError, Scheme, UnknownFieldError},
99    types::{GetType, LhsValue, Type},
100};