Example

use wirefilter::{ExecutionContext,Scheme};fnmain() ->Result<(),Box<dyn std::error::Error>>{// Create a map of possible filter fields.let scheme =Scheme!{        http.method:Bytes,        http.ua:Bytes,        port:Int,}.build();// Parse a Wireshark-like expression into an AST.let ast = scheme.parse(r#"            http.method != "POST" &&            not http.ua matches "(googlebot|facebook)" &&            port in {80 443}        "#,)?;println!("Parsed filter representation: {:?}", ast);// Compile the AST into an executable filter.let filter = ast.compile();// Set runtime field values to test the filter against.letmut ctx =ExecutionContext::new(&scheme);    ctx.set_field_value(scheme.get_field("http.method").unwrap(),"GET")?;    ctx.set_field_value(        scheme.get_field("http.ua").unwrap(),"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",)?;    ctx.set_field_value(scheme.get_field("port").unwrap(),443)?;// Execute the filter with given runtime values.println!("Filter matches: {:?}", filter.execute(&ctx)?);// true// Amend one of the runtime values and execute the filter again.    ctx.set_field_value(scheme.get_field("port").unwrap(),8080)?;println!("Filter matches: {:?}", filter.execute(&ctx)?);// falseOk(())}

Fuzzing

cargo install afl --force

cd fuzz/bytescargo afl build

cargo afl fuzz -i in -o out ../../target/debug/fuzz-bytes

Looks like the target binary is not instrumented!

Licensing