Feature #1872
open
add --list-decoder-protos or similar
Added by Peter Manev about 8 years ago.
Updated over 4 years ago.
Description
It would be useful to have
suricata --list-decoder-protos
or similar to list supported decoder protocols like we have :
pevma@DONPEDRO:~$ sudo suricata --list-app-layer-protos
=========Supported App Layer Protocols=========
http
ftp
smtp
tls
ssh
imap
msn
smb
dcerpc
dns
Related issues
1 (1 open — 0 closed)
- Assignee set to OISF Dev
- Target version set to TBD
- Related to Bug #635: Some keywords missing in list-keyword command (like 'tcp-pkt') added
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Andreas Herz
While the app-layer-protocols are also keywords usable in rules not all decode protos are real keywords (vlan, pppoe f or example), so should we still print it the same way?
Maybe have a message per field that is not a keyword? could be messy though.
I think these are different things. We have protocols that suri can decode and protocol names for in rules. I don't mind having 2 options to list each set.
Just to be sure, you would suggest to split those into two options like --list-decoder-protos and --list-decoder-protos-keywords (names still to be discussed)?
Yeah. I would think --list-decoder-protos and --list-rule-protos
I can implement that but --list-decoder-protos would still have all and --list-rule-protos would be a subset excluding those which aren't keywords. But while playing around with #635 I would either add those of the --list-rule-protos to the --list-keywords list (to match idea 1) or as a section (to match idea 2).
I'm confused with what you're asking/saying, but I think its best to start with an implementation and then we can discuss the result/output. It's not a big project so it won't be a waste of time if things need to change.
Also available in: Atom
PDF