https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022016-09-06T16:03:58ZOpen Information Security FoundationSuricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=72822016-09-06T16:03:58ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>OISF Dev</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=123842019-05-31T21:55:45ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-2 priority-4 priority-default" href="/issues/635">Bug #635</a>: Some keywords missing in list-keyword command (like 'tcp-pkt')</i> added</li></ul> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=124622019-06-06T11:42:24ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Andreas Herz</i></li></ul> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=125872019-06-14T22:02:03ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>While the app-layer-protocols are also keywords usable in rules not all decode protos are real keywords (vlan, pppoe f or example), so should we still print it the same way?</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=125882019-06-15T07:09:32ZPeter Manevpetermanev@gmail.com
<ul></ul><p>Maybe have a message per field that is not a keyword? could be messy though.</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=127002019-06-20T20:21:18ZVictor Julienvictor@inliniac.net
<ul></ul><p>I think these are different things. We have protocols that suri can decode and protocol names for in rules. I don't mind having 2 options to list each set.</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=127772019-07-01T19:30:58ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>Just to be sure, you would suggest to split those into two options like --list-decoder-protos and --list-decoder-protos-keywords (names still to be discussed)?</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=131062019-07-25T08:06:06ZVictor Julienvictor@inliniac.net
<ul></ul><p>Yeah. I would think --list-decoder-protos and --list-rule-protos</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=131712019-07-29T14:24:52ZPeter Manevpetermanev@gmail.com
<ul></ul><p>I like that approach.</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=134462019-08-30T20:44:33ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>I can implement that but --list-decoder-protos would still have all and --list-rule-protos would be a subset excluding those which aren't keywords. But while playing around with <a class="issue tracker-1 status-2 priority-4 priority-default" title="Bug: Some keywords missing in list-keyword command (like 'tcp-pkt') (Assigned)" href="https://redmine.openinfosecfoundation.org/issues/635">#635</a> I would either add those of the --list-rule-protos to the --list-keywords list (to match idea 1) or as a section (to match idea 2).</p> Suricata - Feature #1872: add --list-decoder-protos or similarhttps://redmine.openinfosecfoundation.org/issues/1872?journal_id=160992020-04-17T06:24:56ZVictor Julienvictor@inliniac.net
<ul></ul><p>I'm confused with what you're asking/saying, but I think its best to start with an implementation and then we can discuss the result/output. It's not a big project so it won't be a waste of time if things need to change.</p>