Feature #1872
openadd --list-decoder-protos or similar
Description
It would be useful to have
suricata --list-decoder-protos
or similar to list supported decoder protocols like we have :
pevma@DONPEDRO:~$ sudo suricata --list-app-layer-protos =========Supported App Layer Protocols========= http ftp smtp tls ssh imap msn smb dcerpc dns
AH Updated by Andreas Herz over 9 years ago
- Assignee set to OISF Dev
- Target version set to TBD
AH Updated by Andreas Herz almost 7 years ago
- Related to Feature #635: output: missing keywords in list-keywords output added
VJ Updated by Victor Julien almost 7 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Andreas Herz
AH Updated by Andreas Herz almost 7 years ago
While the app-layer-protocols are also keywords usable in rules not all decode protos are real keywords (vlan, pppoe f or example), so should we still print it the same way?
PM Updated by Peter Manev almost 7 years ago
Maybe have a message per field that is not a keyword? could be messy though.
VJ Updated by Victor Julien almost 7 years ago
I think these are different things. We have protocols that suri can decode and protocol names for in rules. I don't mind having 2 options to list each set.
AH Updated by Andreas Herz almost 7 years ago
Just to be sure, you would suggest to split those into two options like --list-decoder-protos and --list-decoder-protos-keywords (names still to be discussed)?
VJ Updated by Victor Julien over 6 years ago
Yeah. I would think --list-decoder-protos and --list-rule-protos
PM Updated by Peter Manev over 6 years ago
I like that approach.
AH Updated by Andreas Herz over 6 years ago
I can implement that but --list-decoder-protos would still have all and --list-rule-protos would be a subset excluding those which aren't keywords. But while playing around with #635 I would either add those of the --list-rule-protos to the --list-keywords list (to match idea 1) or as a section (to match idea 2).
VJ Updated by Victor Julien almost 6 years ago
I'm confused with what you're asking/saying, but I think its best to start with an implementation and then we can discuss the result/output. It's not a big project so it won't be a waste of time if things need to change.