#filter #wireshark #tshark

min_shark

A crate to parse and match a subset of the wireshark filter display language

5 releases (breaking)

0.6.0 Dec 9, 2024
0.5.0 Mar 19, 2024
0.4.0 Feb 29, 2024
0.2.0 Sep 19, 2023
0.1.0 Sep 1, 2023

#575 in Network programming

Download history 23/week @ 2024-09-18 27/week @ 2024-09-25 4/week @ 2024-10-02 2/week @ 2024-10-16 20/week @ 2024-10-23 1/week @ 2024-10-30 3/week @ 2024-11-13 4/week @ 2024-11-20 15/week @ 2024-11-27 164/week @ 2024-12-04 54/week @ 2024-12-11 2/week @ 2024-12-18

101 downloads per month

MIT/Apache

150KB
4K SLoC

GitHub Workflow Status (with event) docs.rs Crates.io Codecov Crates.io

This is a parser and execution engine for minimal Wireshark®-like filters.

See here for supported syntax.

Usage example:


    let filter = "ip.addr in {192.168.1.0/24, 10.1.1.0/24} and payload ~ '(?i)CaSeInSeNsItIvE'";
    let expression = min_shark::parse(filter);

    // .. later
    let is_match = expression
        .matcher()
        .tcp(true)
        .src_ip("1.1.1.1/24".parse().unwrap())
        .payload(b"CaseInsensitive")
        .is_match();

    assert_eq!(is_match, true);

Dependencies

~3–4.5MB
~81K SLoC