Hi,
I'm writing a script in Lua I want to use with Tshark. With this script I want to process a pcap file I feed to Tshark with the '-r' option. In the script I use a tap (listener) to process the packets.
The problem I have is that I want the script to process only the packets that comply with the filter I set with the '-Y' option (or the '-f' option, but that doesn't work in combination with '-r'). In Wireshark I can use the 'get_filter()' function to get the current display filter and give that as an argument to the 'Listener.new()' function. But 'get_filter()' doesn't work in Tshark.
Of course I can set the filter hardcoded in the script, but that isn't what I want.
So, is there a way to process only packets that comply with the filter? Some ideas I had, but I don't know if they are possible:
1) Read the display filter value in Lua directly (as 'get_filter()' does in Wireshark)?
2) Read the complete command given at the command line (including -y ....') and parse this command line in Lua to get the filter value?
3) For every packet coming in through 'Listener.packet()' check if it complies with the display filter by checking some value from 'Pinfo'?
4) Can I use the 'get_preference(preference)' function?
5) Some other options?