Feature #1872
openadd --list-decoder-protos or similar
Description
It would be useful to have
suricata --list-decoder-protos
or similar to list supported decoder protocols like we have :
pevma@DONPEDRO:~$ sudo suricata --list-app-layer-protos =========Supported App Layer Protocols========= http ftp smtp tls ssh imap msn smb dcerpc dns
Updated by Andreas Herz over 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Andreas Herz almost 5 years ago
- Related to Bug #635: Some keywords missing in list-keyword command (like 'tcp-pkt') added
Updated by Victor Julien almost 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Andreas Herz
Updated by Andreas Herz almost 5 years ago
While the app-layer-protocols are also keywords usable in rules not all decode protos are real keywords (vlan, pppoe f or example), so should we still print it the same way?
Updated by Peter Manev almost 5 years ago
Maybe have a message per field that is not a keyword? could be messy though.
Updated by Victor Julien almost 5 years ago
I think these are different things. We have protocols that suri can decode and protocol names for in rules. I don't mind having 2 options to list each set.
Updated by Andreas Herz almost 5 years ago
Just to be sure, you would suggest to split those into two options like --list-decoder-protos and --list-decoder-protos-keywords (names still to be discussed)?
Updated by Victor Julien almost 5 years ago
Yeah. I would think --list-decoder-protos and --list-rule-protos
Updated by Andreas Herz over 4 years ago
I can implement that but --list-decoder-protos would still have all and --list-rule-protos would be a subset excluding those which aren't keywords. But while playing around with #635 I would either add those of the --list-rule-protos to the --list-keywords list (to match idea 1) or as a section (to match idea 2).
Updated by Victor Julien about 4 years ago
I'm confused with what you're asking/saying, but I think its best to start with an implementation and then we can discuss the result/output. It's not a big project so it won't be a waste of time if things need to change.