Actions
Feature #435
closedlist keyword commandline options
Effort:
Difficulty:
Label:
Description
Option or options to list keywords available, including whether or not they are compatible with "ip only", if they inspect "state" etc. Maybe just a --list-keywords with output like:
Name | Features | Description flowbits | ip-only compatible | Set/check flowbits in a flow. tls.subject | state inspecting | Match TLS/SSL certificate Subject field
Updated by Victor Julien over 12 years ago
- Target version changed from 1.3beta2 to 1.4
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4 to 1.4beta3
Updated by Eric Leblond about 12 years ago
- Assignee changed from OISF Dev to Eric Leblond
Updated by Eric Leblond about 12 years ago
- % Done changed from 0 to 80
Updated by Eric Leblond about 12 years ago
- % Done changed from 80 to 60
I forgot an important part: the keyword code has to be updated to add the features and description information.
Updated by Eric Leblond about 12 years ago
- % Done changed from 60 to 80
Proposed update: https://github.com/inliniac/suricata/pull/195
A few keywords are missing:
tag;;ALPROTO_UNKNOWN;none;; uricontent;;ALPROTO_HTTP;payload inspecting rule;; replace;;ALPROTO_UNKNOWN;payload inspecting rule;; rawbytes;;ALPROTO_UNKNOWN;No option:payload inspecting rule;; byte_test;;ALPROTO_UNKNOWN;payload inspecting rule;; byte_jump;;ALPROTO_UNKNOWN;payload inspecting rule;; ftpbounce;;ALPROTO_FTP;none;; flowvar;;ALPROTO_UNKNOWN;none;; pktvar;;ALPROTO_UNKNOWN;payload inspecting rule;; noalert;;ALPROTO_UNKNOWN;No option;; ipv4-csum;;ALPROTO_UNKNOWN;none;; tcpv4-csum;;ALPROTO_UNKNOWN;none;; tcpv6-csum;;ALPROTO_UNKNOWN;none;; udpv4-csum;;ALPROTO_UNKNOWN;none;; udpv6-csum;;ALPROTO_UNKNOWN;none;; icmpv4-csum;;ALPROTO_UNKNOWN;none;; icmpv6-csum;;ALPROTO_UNKNOWN;none;; tos;;ALPROTO_UNKNOWN;none;; icmp_id;;ALPROTO_UNKNOWN;none;; decode-event;;ALPROTO_UNKNOWN;IP only rule;; flags;;ALPROTO_UNKNOWN;none;; nfq_set_mark;;ALPROTO_UNKNOWN;none;; http_raw_header;;ALPROTO_HTTP;payload inspecting rule;; ssh.protoversion;;ALPROTO_SSH;none;; ssh.softwareversion;;ALPROTO_SSH;none;; ssl_version;;ALPROTO_TLS;none;; ssl_state;;ALPROTO_TLS;none;; byte_extract;;ALPROTO_UNKNOWN;payload inspecting rule;; pkt_data;;ALPROTO_HTTP;none;; app-layer-event;;ALPROTO_UNKNOWN;none;; dce_iface;;ALPROTO_DCERPC;payload inspecting rule;; dce_opnum;;ALPROTO_DCERPC;payload inspecting rule;; dce_stub_data;;ALPROTO_DCERPC;payload inspecting rule;; asn1;;ALPROTO_UNKNOWN;none;; engine-event;;ALPROTO_UNKNOWN;none;; stream-event;;ALPROTO_UNKNOWN;none;; l3_proto;;ALPROTO_UNKNOWN;none;; luajit;;ALPROTO_HTTP;none;;
By the way, last line is strange.
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4beta3 to 1.4rc1
Updated by Victor Julien about 12 years ago
- Status changed from New to Closed
- % Done changed from 80 to 100
Merged https://github.com/inliniac/suricata/pull/205, thanks!
Actions