tracking: app_record / pdu inspection support
Effort to make it possible to avoid raw tcp data inspection. Many rules looking for application records make assumptions about pdu's aligning with packets.
Rules should be able to do something like
alert ftp ... (record; content:"USER"; ... ).