detect/transform: Add transform "validate" function

This commit adds an (optional) entry for a validation function. The
validation function, if present, will be used during rule processing.

Its role is to determine if the arguments are compatible with the
transform. E.g., a content string of "this string has whitespace" is not
compatible with the `strip_whitespace` transform.

(cherry picked from commit 596875fa68af18746abbbd9e307d14a93f23c3f7)

diff --git a/src/detect.h b/src/detect.h
index c79c8bd91dafd1edbc959b973bc564fb95321aa5..4392f09b622c5fb0293cf57577f65612edd87714 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1182,6 +1182,7 @@ typedef struct SigTableElmt_ {
 
     /** InspectionBuffer transformation callback */
     void (*Transform)(InspectionBuffer *);
+    bool (*TransformValidate)(const uint8_t *content, uint16_t content_len);
 
     /** keyword setup function pointer */
     int (*Setup)(DetectEngineCtx *, Signature *, const char *);