I opened an issue on GitLab (
https://gitlab.com/wireshark/wireshark/-/issues/19069) and made a pull request (
https://gitlab.com/wireshark/wireshark/-/merge_requests/10604) regarding allowing the user to choose a directory containing master secret log files in the TLS option page to allow decrypting packets using multiple log files.
I have received feedback from Peter where he did not support this proposition and provided some workarounds. However, as stated in the conversation, the workarounds do not work for my use cases.
One of his concerns is that Wireshark has a special code that can detect when the keylog file has any updates. In my proposed implementation, I maintain a mapping from the file name to its file descriptor. These file descriptors then follow the same process of importing a single log file so the file update detection should remain the same.
It has been a month since our last exchange so I would like to get others' opinions on this matter.
Thank you in advance.
Regards,
Pontakorn Prasertsuk