Need help with wirefilter?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

cloudflare
687 Stars 54 Forks MIT License 392 Commits 8 Opened issues

Description

An execution engine for Wireshark-like filters

Services available

!
?

Need anything else?

Contributors list

# 2,985
TypeScr...
ecmascr...
Babel
estree
320 commits
# 13,770
HTML
functio...
test-fr...
yarn
46 commits
# 68,731
D
Rust
Shell
servo
24 commits
# 301,810
gstream...
viml
Vim
lightli...
2 commits

Wirefilter

Build status Crates.io License

This is an execution engine for Wireshark®-like filters.

It contains public APIs for parsing filter syntax, compiling them into an executable IR and, finally, executing filters against provided values.

Example

use wirefilter::{ExecutionContext, Scheme, Type};

fn main() -> Result { // Create a map of possible filter fields. let scheme = Scheme! { http.method: Bytes, http.ua: Bytes, port: Int, };

// Parse a Wireshark-like expression into an AST.
let ast = scheme.parse(r#"
    http.method != "POST" &&
    not http.ua matches "(googlebot|facebook)" &&
    port in {80 443}
"#)?;

println!("Parsed filter representation: {:?}", ast);

// Compile the AST into an executable filter.
let filter = ast.compile();

// Set runtime field values to test the filter against.
let mut ctx = ExecutionContext::new(&scheme);

ctx.set_field_value("http.method", "GET")?;

ctx.set_field_value(
    "http.ua",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
)?;

ctx.set_field_value("port", 443)?;

// Execute the filter with given runtime values.
println!("Filter matches: {:?}", filter.execute(&ctx)?); // true

// Amend one of the runtime values and execute the filter again.
ctx.set_field_value("port", 8080)?;

println!("Filter matches: {:?}", filter.execute(&ctx)?); // false

Ok(())

}

Licensing

Licensed under the MIT license. See the LICENSE file for details.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.