DETECTION ENGINE:
- create a detection_engine_ctx for storing the sig list, packet entry point, other stuff
- many group heads seem to have the same number of sigs. See if we can save memory by detecting similars... the savings are in the pattern matcher.
 -> this is done, and works. However it can be taken further. It's not the group heads that should be compared, but the mpm contexts...

- implement flow as a prefilter
- implement protocol as a prefilter
- implement src and dst ports as prefilters

- speed up initialization with many address groups present
- do a sort-insert for the temp address lists: sort it big to small to speed up later inserts
- siggroup(uri)content comparison can benefit from a list size counter

WU-MANBER:
- Consider using dynamic/variable hash sizes. A wm_ctx is quite big (512kb) even for small pattern sets.

ADDRESSES:
- support [1.2.3.4,2.3.4.5] notation: unittest

MAIN:
- move packet preallocation into it's own function
- create a cleanup function

THREADING
- Add pre-threading initialization API e.g. for Sig loading on Detect.
- Add post-threading deinitialization API

CUSTOM LOGGING:
- idea: add a logging module that can be told to output things based on flowvars