Listener for Foo Protocol example (Wireshark Lua)

1. -- ############################################################################
2. -- Continuing our Dissector example at [1], let's say we wanted to print the value
3. -- of `foo.str` for packets whose `foo.num` field is >= sqrt(5) (I picked a
4. -- condition that couldn't already be achieved with display filters).
5. --
6. -- This Wireshark Lua script implements a listener for this purpose.
7. --
8. -- [1]: http://pastebin.com/8j0LhVTQ
9. -- ############################################################################
10.  
11. -- 1. Declare the tap with the `Listener()` function
12. local tap = Listener.new(nil, 'foo')
13.  
14. -- 2. Declare field extractors to pull values of named fields from the current packet
15. local f_str = Field.new('foo.str')
16. local f_num = Field.new('foo.num')
17.  
18. -- 3. Declare the tap's packet function
19. function tap.packet(pinfo, buf)
20.  
21.     -- check if at least one instance of foo.num is >= sqrt(5)
22.     local gt_sqrt5 = false
23.     for _,v in ipairs({ f_num() }) do
24.         if v >= math.sqrt(5) then
25.             gt_sqrt5 = true
26.             break
27.         end
28.     end
29.  
30.     if gt_sqrt5 then
31.         -- print all instances of foo.str from the current packet
32.         for _,v in ipairs({ f_str() }) do
33.             info(pinfo.number..'foo.str'..v)
34.         end
35.     end
36. end