Suricata

The NDPI plugin introduces some keywords, and it would be nice to provide a way to test for these keywords. While we do support features, the "ndpi" feature might not be enough, as future versions of the plugin could add new keywords. A more generic approach could be provided by allowing the requires keyword to check for the existence of rule keywords, for example:

requires: keyword foobar, keyword ndpi_risk;

While I do have a quick implementation of this ready, I think it should be discussed if we want this.