So I'm looking at how listener taps work. What I've come up with at this point is:
my_tap = Listener.new(nil, "myfilter")
myvar = Field.new("something to look at")
-- then the callback
function my_tap.packet(pinfo)
-- format the time like os.date("%c", pinfo.abs_ts)
-- what else is in pinfo.???
-- lots of stuff
end
I have been unable to find any thorough documentation on what gets exposed to lua via the pinfo parameter to the packet callback. So far I have found *pinfo.abs_ts*. Which is great because tcp.options.timestamp.tsval seems to either be null or contain incorrect / incomplete information all the time.
What exactly gets exposed through pinfo? Is there a list of information I can pull somewhere other than pinfo.abs_ts?
wireshark.org/docs/wsug_html_chunked/lua_module_Pinfo.html seems to describe pretty much everything I was looking for