Yes, that was the starting point but I have already tried numerous other ways to get the data out of the extracted field with no luck. I found a similar sample from this presentation for Sharkfest'09 available here:
http://www.cacetech.com/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
Here is the code sample from it:
=======================
-- Register a field value
udp_len_f = Field.new ("udp.length")
local function menuable_tap ()
function tap.packet (pinfo, buffer, userdata)
-- Fetch the UDP length
local udp_len = udp_len_f()
if udp_len and udp_len.value > 400 then
-- Do something with big UDP packages
end
end
end
=======================
Apparently the reassembled data is contained within userdata structure passed to tap.packet function but I could not find a way to either print or save that data anyhow. I have already posted on Lua list hoping to get a way to access the userdata type but it turned out that lua is only getting a pointer via this userdata type to the actual reassembled packet data. So there should be some wireshark specific function to access and use that data. Unfortunately, I spent 3 days on it already and have not found that function yet.
Hopefully someone on wireshark list will help me here...
Apparently the range method is not usefull for the reassemled packets because it works with tvb buffer which is a buffer for the current packet only so it can't access the previous packets with the rest of the reassembled data. I guess that's why we get those "expired tvb" errors when accessing previous packets...