On Apr 8, 2020, at 3:44 AM, Peimann, Jannis <jannis.peimann@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> In general my question is:
> Is there a native preferred Wireshark way to read in large configuration files for dissectors, without the need to change them during runtime?
> If so, what would be that way?
"The format that's already used in other software" is probably the first choice, if there is such software.
That's why, for example, the RADIUS dissector uses FreeRADIUS format, and why we use /etc/hosts or /etc/ethers format for address-to-name maps.
XML may have been chosen for DIAMETER because of
https://tools.ietf.org/html/draft-frascone-xml-dictionary-00
If there are DIAMETER dictionaries that used that or on something based on that, it would also fall into the "format that's already used in other software" category.
If there *isn't* already such a format, there isn't anything "native" in the sense that 1) it's a standard for Wireshark or 2) there's already code to implement it, other than UAT.
> Or do I have to implement something like this on my own?
Yes.
> Would be great if a framework for this is already inside Wireshark, that doesn’t need much time to understand.
There isn't such a framework.
