Suricata

See PR https://github.com/inliniac/suricata/pull/180

I forgot an important part: the keyword code has to be updated to add the features and description information.

Proposed update: https://github.com/inliniac/suricata/pull/195

A few keywords are missing:

tag;;ALPROTO_UNKNOWN;none;;
uricontent;;ALPROTO_HTTP;payload inspecting rule;;
replace;;ALPROTO_UNKNOWN;payload inspecting rule;;
rawbytes;;ALPROTO_UNKNOWN;No option:payload inspecting rule;;
byte_test;;ALPROTO_UNKNOWN;payload inspecting rule;;
byte_jump;;ALPROTO_UNKNOWN;payload inspecting rule;;
ftpbounce;;ALPROTO_FTP;none;;
flowvar;;ALPROTO_UNKNOWN;none;;
pktvar;;ALPROTO_UNKNOWN;payload inspecting rule;;
noalert;;ALPROTO_UNKNOWN;No option;;
ipv4-csum;;ALPROTO_UNKNOWN;none;;
tcpv4-csum;;ALPROTO_UNKNOWN;none;;
tcpv6-csum;;ALPROTO_UNKNOWN;none;;
udpv4-csum;;ALPROTO_UNKNOWN;none;;
udpv6-csum;;ALPROTO_UNKNOWN;none;;
icmpv4-csum;;ALPROTO_UNKNOWN;none;;
icmpv6-csum;;ALPROTO_UNKNOWN;none;;
tos;;ALPROTO_UNKNOWN;none;;
icmp_id;;ALPROTO_UNKNOWN;none;;
decode-event;;ALPROTO_UNKNOWN;IP only rule;;
flags;;ALPROTO_UNKNOWN;none;;
nfq_set_mark;;ALPROTO_UNKNOWN;none;;
http_raw_header;;ALPROTO_HTTP;payload inspecting rule;;
ssh.protoversion;;ALPROTO_SSH;none;;
ssh.softwareversion;;ALPROTO_SSH;none;;
ssl_version;;ALPROTO_TLS;none;;
ssl_state;;ALPROTO_TLS;none;;
byte_extract;;ALPROTO_UNKNOWN;payload inspecting rule;;
pkt_data;;ALPROTO_HTTP;none;;
app-layer-event;;ALPROTO_UNKNOWN;none;;
dce_iface;;ALPROTO_DCERPC;payload inspecting rule;;
dce_opnum;;ALPROTO_DCERPC;payload inspecting rule;;
dce_stub_data;;ALPROTO_DCERPC;payload inspecting rule;;
asn1;;ALPROTO_UNKNOWN;none;;
engine-event;;ALPROTO_UNKNOWN;none;;
stream-event;;ALPROTO_UNKNOWN;none;;
l3_proto;;ALPROTO_UNKNOWN;none;;
luajit;;ALPROTO_HTTP;none;;

By the way, last line is strange.

Merged https://github.com/inliniac/suricata/pull/205, thanks!