suricata/TODO

DETECTION ENGINE:
- create a detection_engine_ctx for storing the sig list, packet entry point, other stuff
- many group heads seem to have the same number of sigs. See if we can save memory by detecting similars... the savings are in the pattern matcher.
 -> this is done, and works. However it can be taken further. It's not the group heads that should be compared, but the mpm contexts...

- implement flow as a prefilter
- implement protocol as a prefilter
- implement src and dst ports as prefilters

- speed up initialization with many address groups present
- do a sort-insert for the temp address lists: sort it big to small to speed up later inserts
- siggroup(uri)content comparison can benefit from a list size counter

WU-MANBER:
- Consider using dynamic/variable hash sizes. A wm_ctx is quite big (512kb) even for small pattern sets.

ADDRESSES:
- support [1.2.3.4,2.3.4.5] notation: unittest

MAIN:
- move packet preallocation into it's own function
- create a cleanup function

THREADING
- Add pre-threading initialization API e.g. for Sig loading on Detect.
- Add post-threading deinitialization API

CUSTOM LOGGING:
- idea: add a logging module that can be told to output things based on flowvars
Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 17 years ago			`DETECTION ENGINE:`
			`- create a detection_engine_ctx for storing the sig list, packet entry point, other stuff`
			`- many group heads seem to have the same number of sigs. See if we can save memory by detecting similars... the savings are in the pattern matcher.`
			`-> this is done, and works. However it can be taken further. It's not the group heads that should be compared, but the mpm contexts...`

			`- implement flow as a prefilter`
			`- implement protocol as a prefilter`
			`- implement src and dst ports as prefilters`

Update todo. 17 years ago			`- speed up initialization with many address groups present`
Update todo 17 years ago			`- do a sort-insert for the temp address lists: sort it big to small to speed up later inserts`
			`- siggroup(uri)content comparison can benefit from a list size counter`
Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 17 years ago
			`WU-MANBER:`
			`- Consider using dynamic/variable hash sizes. A wm_ctx is quite big (512kb) even for small pattern sets.`

Update todo. 17 years ago			`ADDRESSES:`
Update todo 17 years ago			`- support [1.2.3.4,2.3.4.5] notation: unittest`
Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 17 years ago
			`MAIN:`
			`- move packet preallocation into it's own function`
			`- create a cleanup function`

Update todo 17 years ago			`THREADING`
			`- Add pre-threading initialization API e.g. for Sig loading on Detect.`
			`- Add post-threading deinitialization API`
Add log-httplog module that logs http request uri's, hosts and useragents to a per line text format. 17 years ago
			`CUSTOM LOGGING:`
			`- idea: add a logging module that can be told to output things based on flowvars`