bump libnDPI to 0eb7a0388c4549ebbf8cd7a10d398088005cc2de

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

test/results/1kxun.pcap.out

@@ -1170,7 +1170,7 @@
 ~~ total detected protocols..: 113
 ~~ total active/idle flows...: 148/148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2504668 bytes
-~~ total memory freed........: 2504668 bytes
-~~ total allocations/frees...: 37271/37271
+~~ total memory allocated....: 2497118 bytes
+~~ total memory freed........: 2497118 bytes
+~~ total allocations/frees...: 37272/37272
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-chrome.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1928783 bytes
-~~ total memory freed........: 1928783 bytes
-~~ total allocations/frees...: 35326/35326
+~~ total memory allocated....: 1929465 bytes
+~~ total memory freed........: 1929465 bytes
+~~ total allocations/frees...: 35327/35327
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-curl.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1934783 bytes
-~~ total memory freed........: 1934783 bytes
-~~ total allocations/frees...: 35439/35439
+~~ total memory allocated....: 1935465 bytes
+~~ total memory freed........: 1935465 bytes
+~~ total allocations/frees...: 35440/35440
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-firefox.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1951019 bytes
-~~ total memory freed........: 1951019 bytes
-~~ total allocations/frees...: 35998/35998
+~~ total memory allocated....: 1951701 bytes
+~~ total memory freed........: 1951701 bytes
+~~ total allocations/frees...: 35999/35999
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-git.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1937162 bytes
-~~ total memory freed........: 1937162 bytes
-~~ total allocations/frees...: 35402/35402
+~~ total memory allocated....: 1937844 bytes
+~~ total memory freed........: 1937844 bytes
+~~ total allocations/frees...: 35403/35403
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-opvn.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1930088 bytes
-~~ total memory freed........: 1930088 bytes
-~~ total allocations/frees...: 35371/35371
+~~ total memory allocated....: 1930770 bytes
+~~ total memory freed........: 1930770 bytes
+~~ total allocations/frees...: 35372/35372
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/443-safari.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1932841 bytes
-~~ total memory freed........: 1932841 bytes
-~~ total allocations/frees...: 35371/35371
+~~ total memory allocated....: 1933523 bytes
+~~ total memory freed........: 1933523 bytes
+~~ total allocations/frees...: 35372/35372
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/4in4tunnel.pcap.out

@@ -17,7 +17,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/4in6tunnel.pcap.out

@@ -14,7 +14,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926822 bytes
-~~ total memory freed........: 1926822 bytes
-~~ total allocations/frees...: 35328/35328
+~~ total memory allocated....: 1927504 bytes
+~~ total memory freed........: 1927504 bytes
+~~ total allocations/frees...: 35329/35329
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/6in4tunnel.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1930389 bytes
-~~ total memory freed........: 1930389 bytes
-~~ total allocations/frees...: 35451/35451
+~~ total memory allocated....: 1931071 bytes
+~~ total memory freed........: 1931071 bytes
+~~ total allocations/frees...: 35452/35452
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/6in6tunnel.pcap.out

@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929924 bytes
-~~ total memory freed........: 1929924 bytes
-~~ total allocations/frees...: 35329/35329
+~~ total memory allocated....: 1930550 bytes
+~~ total memory freed........: 1930550 bytes
+~~ total allocations/frees...: 35330/35330
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/BGP_Cisco_hdlc_slarp.pcap.out

@@ -24,7 +24,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1927112 bytes
-~~ total memory freed........: 1927112 bytes
-~~ total allocations/frees...: 35338/35338
+~~ total memory allocated....: 1927794 bytes
+~~ total memory freed........: 1927794 bytes
+~~ total allocations/frees...: 35339/35339
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/BGP_redist.pcap.out

@@ -13,7 +13,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 35325/35325
+~~ total memory allocated....: 1927417 bytes
+~~ total memory freed........: 1927417 bytes
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/EAQ.pcap.out

@@ -516,7 +516,7 @@
 ~~ total detected protocols..: 10
 ~~ total active/idle flows...: 104/104
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2258000 bytes
-~~ total memory freed........: 2258000 bytes
-~~ total allocations/frees...: 35836/35836
+~~ total memory allocated....: 2252914 bytes
+~~ total memory freed........: 2252914 bytes
+~~ total allocations/frees...: 35837/35837
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/IEC104.pcap.out

@@ -28,7 +28,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1930301 bytes
-~~ total memory freed........: 1930301 bytes
-~~ total allocations/frees...: 35342/35342
+~~ total memory allocated....: 1930927 bytes
+~~ total memory freed........: 1930927 bytes
+~~ total allocations/frees...: 35343/35343
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/KakaoTalk_chat.pcap.out

@@ -383,7 +383,7 @@
 ~~ total detected protocols..: 29
 ~~ total active/idle flows...: 39/39
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2170672 bytes
-~~ total memory freed........: 2170672 bytes
-~~ total allocations/frees...: 35995/35995
+~~ total memory allocated....: 2169226 bytes
+~~ total memory freed........: 2169226 bytes
+~~ total allocations/frees...: 35996/35996
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/KakaoTalk_talk.pcap.out

@@ -231,7 +231,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 20/20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2106560 bytes
-~~ total memory freed........: 2106560 bytes
-~~ total allocations/frees...: 38602/38602
+~~ total memory allocated....: 2106178 bytes
+~~ total memory freed........: 2106178 bytes
+~~ total allocations/frees...: 38603/38603
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv2.pcap.out

@@ -1,7 +1,7 @@
 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00883{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865383,"pkt_ts_usec":632810,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
 00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 35325/35325
+~~ total memory allocated....: 1927417 bytes
+~~ total memory freed........: 1927417 bytes
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv3.pcap.out

@@ -1,7 +1,7 @@
 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
 00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865405,"pkt_ts_usec":371462,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
 00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 35325/35325
+~~ total memory allocated....: 1927417 bytes
+~~ total memory freed........: 1927417 bytes
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/NTPv4.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 35325/35325
+~~ total memory allocated....: 1927417 bytes
+~~ total memory freed........: 1927417 bytes
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/Oscar.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1973562 bytes
-~~ total memory freed........: 1973562 bytes
-~~ total allocations/frees...: 35409/35409
+~~ total memory allocated....: 1962329 bytes
+~~ total memory freed........: 1962329 bytes
+~~ total allocations/frees...: 35407/35407
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackRCE.pcap.out

@@ -3195,7 +3195,7 @@
 ~~ total detected protocols..: 797
 ~~ total active/idle flows...: 797/797
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4546451 bytes
-~~ total memory freed........: 4546451 bytes
-~~ total allocations/frees...: 40094/40094
+~~ total memory allocated....: 4502557 bytes
+~~ total memory freed........: 4502557 bytes
+~~ total allocations/frees...: 40095/40095
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackSQLinj.pcap.out

@@ -128,7 +128,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 9/9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1956323 bytes
-~~ total memory freed........: 1956323 bytes
-~~ total allocations/frees...: 35469/35469
+~~ total memory allocated....: 1956557 bytes
+~~ total memory freed........: 1956557 bytes
+~~ total allocations/frees...: 35470/35470
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/WebattackXSS.pcap.out

@@ -6153,7 +6153,7 @@
 ~~ total detected protocols..: 22
 ~~ total active/idle flows...: 661/661
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4288102 bytes
-~~ total memory freed........: 4288102 bytes
-~~ total allocations/frees...: 46744/46744
+~~ total memory allocated....: 4251824 bytes
+~~ total memory freed........: 4251824 bytes
+~~ total allocations/frees...: 46745/46745
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/aimini-http.pcap.out

@@ -77,7 +77,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1940735 bytes
-~~ total memory freed........: 1940735 bytes
-~~ total allocations/frees...: 35474/35474
+~~ total memory allocated....: 1941249 bytes
+~~ total memory freed........: 1941249 bytes
+~~ total allocations/frees...: 35475/35475
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ajp.pcap.out

@@ -83,7 +83,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/alexa-app.pcapng.out

@@ -2203,6 +2203,7 @@
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00449{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":840676,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
 00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01241{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3228,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":255,"flow_first_seen":1490976195984,"flow_last_seen":1490976196843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":228473,"flow_avg_l4_payload_len":895,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
 00468{"flow_id":160,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":938799,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"}
 00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}
 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1490976196942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
@@ -2286,7 +2287,7 @@
 00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":255,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":228473,"flow_avg_l4_payload_len":895,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
 00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
@@ -2377,7 +2378,7 @@
 ~~ total detected protocols..: 147
 ~~ total active/idle flows...: 162/162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 3053599 bytes
-~~ total memory freed........: 3053599 bytes
-~~ total allocations/frees...: 39873/39873
+~~ total memory allocated....: 3026439 bytes
+~~ total memory freed........: 3026439 bytes
+~~ total allocations/frees...: 39872/39872
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/among_us.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926735 bytes
-~~ total memory freed........: 1926735 bytes
-~~ total allocations/frees...: 35325/35325
+~~ total memory allocated....: 1927417 bytes
+~~ total memory freed........: 1927417 bytes
+~~ total allocations/frees...: 35326/35326
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/amqp.pcap.out

@@ -61,7 +61,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1943810 bytes
-~~ total memory freed........: 1943810 bytes
-~~ total allocations/frees...: 35493/35493
+~~ total memory allocated....: 1944380 bytes
+~~ total memory freed........: 1944380 bytes
+~~ total allocations/frees...: 35494/35494
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/android.pcap.out

@@ -647,7 +647,7 @@
 ~~ total detected protocols..: 60
 ~~ total active/idle flows...: 67/67
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2358998 bytes
-~~ total memory freed........: 2358998 bytes
-~~ total allocations/frees...: 36260/36260
+~~ total memory allocated....: 2355984 bytes
+~~ total memory freed........: 2355984 bytes
+~~ total allocations/frees...: 36261/36261
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anyconnect-vpn.pcap.out

@@ -623,7 +623,7 @@
 ~~ total detected protocols..: 60
 ~~ total active/idle flows...: 72/72
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2302896 bytes
-~~ total memory freed........: 2302896 bytes
-~~ total allocations/frees...: 38582/38582
+~~ total memory allocated....: 2299602 bytes
+~~ total memory freed........: 2299602 bytes
+~~ total allocations/frees...: 38583/38583
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anydesk-2.pcap.out

@@ -934,7 +934,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2008971 bytes
-~~ total memory freed........: 2008971 bytes
-~~ total allocations/frees...: 37422/37422
+~~ total memory allocated....: 2009485 bytes
+~~ total memory freed........: 2009485 bytes
+~~ total allocations/frees...: 37423/37423
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/anydesk.pcap.out

@@ -27,6 +27,7 @@
 00416{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":534956,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1oAAIAGRx0zU+7bwKiVgQBQqg9odW6qKaaiQFAQ+vDvJAAAAAAAAAAA"}
 00478{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":699842,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AAwplUdeAFBW5dKtCABFAABbe1sAAIAGRukzU+7bwKiVgQBQqg9odW6qKaaiQFAY+vB2YAAAFAMDAAEBFgMDACi4iiS75ftB9gM9aj9+xuZ4lRQvtRoX8YpGHm1rLD+ZptnwWDmjbYq4"}
 00408{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":699869,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJdAAEAGueDAqJWBM1Pu26oPAFAppqJAaHVu3VAQ+NR4cwAA"}
+01149{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1591342199201,"flow_last_seen":1591342212202,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":126748,"flow_avg_l4_payload_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","issuerDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
 00478{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342214,"pkt_ts_usec":31681,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbto5AAEAGCwHAqJWBM1PvkI3\/AFB7i56NMVwTIlAY+DR5WwAAFwMDAC7mz9mv7V5oqQRiiK1BmntnBec1wc6utyo8wHetLW4+4vpxLCxi5CGV1lyg9OUE"}
 00416{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342214,"pkt_ts_usec":31959,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAofKsAAIAGRRczU++QwKiVgQBQjf8xXBMie4uewFAQ+vBOvAAAAAAAAAAA"}
 00480{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342214,"pkt_ts_usec":255944,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AAwplUdeAFBW5dKtCABFAABZfM4AAIAGRMMzU++QwKiVgQBQjf8xXBMie4uewFAY+vBbDwAAFwMDACwkrUQuni1bFVh+peWRbnlsLw+6JDYDm31RWqGf060eD0C3WeR2ucetl5\/1QQ=="}
@@ -36,7 +37,7 @@
 00481{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":454086,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AAwplUdeAFBW5dKtCABFAABZgw0AAIAGPoQzU++QwKiVgQBQjf8xXBNTe4ue81AY+vB\/XQAAFwMDACwkrUQuni1bFlXQfhlbpM1ompEjuxnWze1GuQIrlqNjGlJEE1Ae4+mTb0GZcg=="}
 00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
 00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":126748,"flow_avg_l4_payload_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6963/6963
@@ -45,7 +46,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2149668 bytes
-~~ total memory freed........: 2149668 bytes
+~~ total memory allocated....: 2146168 bytes
+~~ total memory freed........: 2146168 bytes
 ~~ total allocations/frees...: 42298/42298
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/avast_securedns.pcapng.out

@@ -201,7 +201,7 @@
 ~~ total detected protocols..: 39
 ~~ total active/idle flows...: 39/39
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2049019 bytes
-~~ total memory freed........: 2049019 bytes
-~~ total allocations/frees...: 35515/35515
+~~ total memory allocated....: 2047573 bytes
+~~ total memory freed........: 2047573 bytes
+~~ total allocations/frees...: 35516/35516
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bad-dns-traffic.pcap.out

@@ -76,7 +76,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1944104 bytes
-~~ total memory freed........: 1944104 bytes
-~~ total allocations/frees...: 35712/35712
+~~ total memory allocated....: 1944674 bytes
+~~ total memory freed........: 1944674 bytes
+~~ total allocations/frees...: 35713/35713
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/badpackets.pcap.out

@@ -207,7 +207,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bitcoin.pcap.out

@@ -115,7 +115,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6144439 bytes
-~~ total memory freed........: 6144439 bytes
-~~ total allocations/frees...: 36153/36153
+~~ total memory allocated....: 3075191 bytes
+~~ total memory freed........: 3075191 bytes
+~~ total allocations/frees...: 36055/36055
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent.pcap.out

@@ -186,7 +186,7 @@
 ~~ total detected protocols..: 25
 ~~ total active/idle flows...: 25/25
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2058321 bytes
-~~ total memory freed........: 2058321 bytes
-~~ total allocations/frees...: 35718/35718
+~~ total memory allocated....: 2057659 bytes
+~~ total memory freed........: 2057659 bytes
+~~ total allocations/frees...: 35719/35719
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent_ip.pcap.out

@@ -44,7 +44,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 3363389 bytes
-~~ total memory freed........: 3363389 bytes
-~~ total allocations/frees...: 35860/35860
+~~ total memory allocated....: 2222860 bytes
+~~ total memory freed........: 2222860 bytes
+~~ total allocations/frees...: 35834/35834
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bittorrent_utp.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929200 bytes
-~~ total memory freed........: 1929200 bytes
-~~ total allocations/frees...: 35410/35410
+~~ total memory allocated....: 1929882 bytes
+~~ total memory freed........: 1929882 bytes
+~~ total allocations/frees...: 35411/35411
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/bt_search.pcap.out

@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929924 bytes
-~~ total memory freed........: 1929924 bytes
-~~ total allocations/frees...: 35329/35329
+~~ total memory allocated....: 1930550 bytes
+~~ total memory freed........: 1930550 bytes
+~~ total allocations/frees...: 35330/35330
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/capwap.pcap.out

@@ -77,7 +77,7 @@
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1950859 bytes
-~~ total memory freed........: 1950859 bytes
-~~ total allocations/frees...: 35733/35733
+~~ total memory allocated....: 1951317 bytes
+~~ total memory freed........: 1951317 bytes
+~~ total allocations/frees...: 35734/35734
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/cassandra.pcap.out

@@ -0,0 +1,49 @@
+00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1450889498032,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
+00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32598,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
+00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32606,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
+00436{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32855,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAAAAAAACABFAAA96nZAAEAGUkJ\/AAABfwAAAbXII1K9tHk47MEO34AYAVb+MQAAAQEICifsk0Mn7JNDBAAAAAUAAAAA"}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00424{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":32862,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0nZxAAEAGnyV\/AAABfwAAASNStcjswQ7fvbR5QYAQAVb+KAAAAQEICifsk0Mn7JND"}
+00510{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":38534,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAACABFAABxnZ1AAEAGnud\/AAABfwAAASNStcjswQ7fvbR5QYAYAVb+ZQAAAQEICifsk0kn7JNDhAAAAAYAAAA0AAIAC0NPTVBSRVNTSU9OAAIABnNuYXBweQADbHo0AAtDUUxfVkVSU0lPTgABAAUzLjMuMQ=="}
+00424{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":38541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA06ndAAEAGUkp\/AAABfwAAAbXII1K9tHlB7MEPHIAQAVb+KAAAAQEICifsk0kn7JNJ"}
+00468{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":38774,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABT6nhAAEAGUip\/AAABfwAAAbXII1K9tHlB7MEPHIAYAVb+RwAAAQEICifsk0kn7JNJBAAAAQEAAAAWAAEAC0NRTF9WRVJTSU9OAAUzLjMuMQ=="}
+00436{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":39154,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAAAAAAACABFAAA9nZ5AAEAGnxp\/AAABfwAAASNStcjswQ8cvbR5YIAYAVb+MQAAAQEICifsk0kn7JNJhAAAAQIAAAAA"}
+00508{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":40307,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AAAAAAAAAAAAAAAACABFAABu6nlAAEAGUg5\/AAABfwAAAbXII1K9tHlg7MEPJYAYAVb+YgAAAQEICifsk0on7JNJBAAAAgsAAAAxAAMAD1RPUE9MT0dZX0NIQU5HRQANU1RBVFVTX0NIQU5HRQANU0NIRU1BX0NIQU5HRQ=="}
+00438{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":40747,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAAAAAAACABFAAA9nZ9AAEAGnxl\/AAABfwAAASNStcjswQ8lvbR5moAYAVb+MQAAAQEICifsk0sn7JNKhAAAAgIAAAAA"}
+00565{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":41938,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AAAAAAAAAAAAAAAACABFAACZ6npAAEAGUeJ\/AAABfwAAAbXII1K9tHma7MEPLoAYAVb+jQAAAQEICifsk0wn7JNLBAAAAwcAAABcAAAAVVNFTEVDVCBwZWVyLCBkYXRhX2NlbnRlciwgcmFjaywgdG9rZW5zLCBycGNfYWRkcmVzcywgc2NoZW1hX3ZlcnNpb24gRlJPTSBzeXN0ZW0ucGVlcnMAAQA="}
+00586{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":43065,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"AAAAAAAAAAAAAAAACABFAAConaBAAEAGnq1\/AAABfwAAASNStcjswQ8uvbR5\/4AYAVb+nAAAAQEICifsk00n7JNMhAAAAwgAAABrAAAAAgAAAAEAAAAGAAZzeXN0ZW0ABXBlZXJzAARwZWVyABAAC2RhdGFfY2VudGVyAA0ABHJhY2sADQAGdG9rZW5zACIADQALcnBjX2FkZHJlc3MAEAAOc2NoZW1hX3ZlcnNpb24ADAAAAAA="}
+00602{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":43074,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"AAAAAAAAAAAAAAAACABFAACz6ntAAEAGUcd\/AAABfwAAAbXII1K9tHn\/7MEPooAYAVb+pwAAAQEICifsk00n7JNNBAAABAcAAAB2AAAAb1NFTEVDVCBjbHVzdGVyX25hbWUsIGRhdGFfY2VudGVyLCByYWNrLCB0b2tlbnMsIHBhcnRpdGlvbmVyLCBzY2hlbWFfdmVyc2lvbiBGUk9NIHN5c3RlbS5sb2NhbCBXSEVSRSBrZXk9J2xvY2FsJwABAA=="}
+00337{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":46559,"pkt_caplen":11145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11145,"pkt_l4_len":11111}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1450889498074,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00438{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74112,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
+00438{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74125,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
+00425{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74133,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}
+00437{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74804,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAAAAAAACABFAAA91IZAAEAGaDJ\/AAABfwAAAbXJI1KmXkfpF5eWh4AYAVb+MQAAAQEICifsk20n7JNsBAAAAAUAAAAA"}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00425{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":74813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0BetAAEAGNtd\/AAABfwAAASNStckXl5aHpl5H8oAQAVb+KAAAAQEICifsk20n7JNt"}
+00511{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":80104,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAACABFAABxBexAAEAGNpl\/AAABfwAAASNStckXl5aHpl5H8oAYAVb+ZQAAAQEICifsk3In7JNthAAAAAYAAAA0AAIAC0NPTVBSRVNTSU9OAAIABnNuYXBweQADbHo0AAtDUUxfVkVSU0lPTgABAAUzLjMuMQ=="}
+00425{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":80119,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IdAAEAGaDp\/AAABfwAAAbXJI1KmXkfyF5eWxIAQAVb+KAAAAQEICifsk3In7JNy"}
+00469{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":80407,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABT1IhAAEAGaBp\/AAABfwAAAbXJI1KmXkfyF5eWxIAYAVb+RwAAAQEICifsk3In7JNyBAAAAQEAAAAWAAEAC0NRTF9WRVJTSU9OAAUzLjMuMQ=="}
+00437{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":80853,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAAAAAAACABFAAA9Be1AAEAGNsx\/AAABfwAAASNStckXl5bEpl5IEYAYAVb+MQAAAQEICifsk3Mn7JNyhAAAAQIAAAAA"}
+00529{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":82067,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"AAAAAAAAAAAAAAAACABFAAB+1IlAAEAGZ+5\/AAABfwAAAbXJI1KmXkgRF5eWzYAYAVb+cgAAAQEICifsk3Qn7JNzBAAAAgcAAABBAAAALnNlbGVjdCAqIGZyb20gc3lzdGVtLmxvY2FsIHdoZXJlIGtleSA9ICdsb2NhbCcAASQAABOIAAUnk4kkONg="}
+00337{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":85390,"pkt_caplen":11512,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11512,"pkt_l4_len":11478}
+00426{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889498,"pkt_ts_usec":85441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IpAAEAGaDd\/AAABfwAAAbXJI1KmXkhbF5fDg4AQBVX+KAAAAQEICifsk3gn7JN3"}
+00610{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889523,"pkt_ts_usec":982509,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"AAAAAAAAAAAAAAAACABFAAC71ItAAEAGZ69\/AAABfwAAAbXJI1KmXkhbF5fDg4AYBVX+rwAAAQEICifs+KEn7JN3BAAAAwcAAAB+AAAAaUNSRUFURSBLRVlTUEFDRSB0ZXN0X2tleXNwYWNlIFdJVEggUkVQTElDQVRJT04gPSB7ICdjbGFzcycgOiAnU2ltcGxlU3RyYXRlZ3knLCAncmVwbGljYXRpb25fZmFjdG9yJzogMiB9OwABNAAAAGQACAAFJ5OKr29U"}
+00426{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889524,"pkt_ts_usec":22451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Be9AAEAGNtN\/AAABfwAAASNStckXl8ODpl5I4oAQAV7+KAAAAQEICifs+Mkn7Pih"}
+00492{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cassandra.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1450889524,"pkt_ts_usec":28482,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AAAAAAAAAAAAAAAACABFAABjBfBAAEAGNqN\/AAABfwAAASNStckXl8ODpl5I4oAYAV7+VwAAAQEICifs+M8n7PihhAAAAwgAAAAmAAAABQAHQ1JFQVRFRAAIS0VZU1BBQ0UADXRlc3Rfa2V5c3BhY2U="}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test"}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 286/286
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 116292 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 1938786 bytes
+~~ total memory freed........: 1938786 bytes
+~~ total allocations/frees...: 35614/35614
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/check_mk_new.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929548 bytes
-~~ total memory freed........: 1929548 bytes
-~~ total allocations/frees...: 35422/35422
+~~ total memory allocated....: 1930230 bytes
+~~ total memory freed........: 1930230 bytes
+~~ total allocations/frees...: 35423/35423
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/chrome.pcap.out

@@ -107,13 +107,17 @@
 00426{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370352,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neZAADQGGkGSMDoSwKgBsgG7+5p\/iBkRd\/ScG4AQAfobUAAAAQEICjqbGxAzdJe3"}
 00426{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370468,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nedAADQGGkCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAQAfUYkgAAAQEICjqbGxEzdJe3"}
 00846{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370585,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjnehAADQGGRCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAYAfV9JAAAAQEICjqbGxEzdJe3FwMDASqAJRG6bgsbTW0tWRsjRYVGzw9H6gvxErz3e5D\/27VNhWASbt\/0PEltptiu389fTERtuCmmRusUQRw8btYWhKKYy6KckWYkE+6x\/7q4R9bYW0ih6KOhgAi\/cH2GADtxZ6ussAdlzyCJlkjv+vazlqpZeq0Jhjf7+nUOmgwRazjst\/FtIcJfUh634Oav0SiiDA1ZlevmBcX354z7M2\/nSm95\/mVD8ytZN\/0pg6jP98N1XAoBQ+41y58S1q6k3m51Oh4K8wBd383AO\/6iqnSKmamyeg\/2agMRVBw4Dict381VYLjIcmwAvXnTzAnSXsAWFAcfriAwwIE0Vpus4qeP9P6h9YA2N7BkX2vWZR4jWt14ppy\/8G\/8PaR2YFFWOgV\/gVOc3pC93ZzIIfIK"}
+00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":658,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1620902509276,"flow_last_seen":1620902509468,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":196675,"flow_avg_l4_payload_len":771,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1637,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1620902508740,"flow_last_seen":1620902509575,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":194049,"flow_avg_l4_payload_len":760,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1958,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902509612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2039,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620902509273,"flow_last_seen":1620902509621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":209480,"flow_avg_l4_payload_len":821,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1620902509272,"flow_last_seen":1620902509764,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":206438,"flow_avg_l4_payload_len":809,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":194049,"flow_avg_l4_payload_len":760,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":206438,"flow_avg_l4_payload_len":809,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":209480,"flow_avg_l4_payload_len":821,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":196675,"flow_avg_l4_payload_len":771,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5633/5633
@@ -122,7 +126,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2586329 bytes
-~~ total memory freed........: 2586329 bytes
-~~ total allocations/frees...: 41046/41046
+~~ total memory allocated....: 2540138 bytes
+~~ total memory freed........: 2540138 bytes
+~~ total allocations/frees...: 41044/41044
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/coap_mqtt.pcap.out

@@ -194,7 +194,7 @@
 ~~ total detected protocols..: 16
 ~~ total active/idle flows...: 16/16
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2229204 bytes
-~~ total memory freed........: 2229204 bytes
-~~ total allocations/frees...: 43887/43887
+~~ total memory allocated....: 2229046 bytes
+~~ total memory freed........: 2229046 bytes
+~~ total allocations/frees...: 43888/43888
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/cpha.pcap.out

@@ -9,7 +9,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dcerpc.pcap.out

@@ -35,7 +35,7 @@
 ~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1936650 bytes
-~~ total memory freed........: 1936650 bytes
-~~ total allocations/frees...: 35349/35349
+~~ total memory allocated....: 1937164 bytes
+~~ total memory freed........: 1937164 bytes
+~~ total allocations/frees...: 35350/35350
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/diameter.pcap.out

@@ -16,7 +16,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1928928 bytes
-~~ total memory freed........: 1928928 bytes
-~~ total allocations/frees...: 35331/35331
+~~ total memory allocated....: 1929610 bytes
+~~ total memory freed........: 1929610 bytes
+~~ total allocations/frees...: 35332/35332
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dlt_ppp.pcap.out

@@ -9,7 +9,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnp3.pcap.out

@@ -151,7 +151,7 @@
 ~~ total detected protocols..: 8
 ~~ total active/idle flows...: 8/8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1966621 bytes
-~~ total memory freed........: 1966621 bytes
-~~ total allocations/frees...: 35889/35889
+~~ total memory allocated....: 1966911 bytes
+~~ total memory freed........: 1966911 bytes
+~~ total allocations/frees...: 35890/35890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns-tunnel-iodine.pcap.out

@@ -31,7 +31,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1939292 bytes
-~~ total memory freed........: 1939292 bytes
-~~ total allocations/frees...: 35758/35758
+~~ total memory allocated....: 1939974 bytes
+~~ total memory freed........: 1939974 bytes
+~~ total allocations/frees...: 35759/35759
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_ambiguous_names.pcap.out

@@ -67,7 +67,7 @@
 ~~ total detected protocols..: 10
 ~~ total active/idle flows...: 10/10
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1955726 bytes
-~~ total memory freed........: 1955726 bytes
-~~ total allocations/frees...: 35371/35371
+~~ total memory allocated....: 1955904 bytes
+~~ total memory freed........: 1955904 bytes
+~~ total allocations/frees...: 35372/35372
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_doh.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1938299 bytes
-~~ total memory freed........: 1938299 bytes
-~~ total allocations/frees...: 35471/35471
+~~ total memory allocated....: 1938981 bytes
+~~ total memory freed........: 1938981 bytes
+~~ total allocations/frees...: 35472/35472
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_dot.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1932837 bytes
-~~ total memory freed........: 1932837 bytes
-~~ total allocations/frees...: 35357/35357
+~~ total memory allocated....: 1933519 bytes
+~~ total memory freed........: 1933519 bytes
+~~ total allocations/frees...: 35358/35358
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_exfiltration.pcap.out

@@ -31,7 +31,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1935406 bytes
-~~ total memory freed........: 1935406 bytes
-~~ total allocations/frees...: 35624/35624
+~~ total memory allocated....: 1936088 bytes
+~~ total memory freed........: 1936088 bytes
+~~ total allocations/frees...: 35625/35625
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dns_long_domainname.pcap.out

@@ -13,7 +13,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926764 bytes
-~~ total memory freed........: 1926764 bytes
-~~ total allocations/frees...: 35326/35326
+~~ total memory allocated....: 1927446 bytes
+~~ total memory freed........: 1927446 bytes
+~~ total allocations/frees...: 35327/35327
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt-v1-and-resolver-pings.pcap.out

@@ -1488,7 +1488,7 @@
 ~~ total detected protocols..: 251
 ~~ total active/idle flows...: 251/251
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2730858 bytes
-~~ total memory freed........: 2730858 bytes
-~~ total allocations/frees...: 36562/36562
+~~ total memory allocated....: 2717540 bytes
+~~ total memory freed........: 2717540 bytes
+~~ total allocations/frees...: 36563/36563
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt-v2-doh.pcap.out

@@ -627,7 +627,7 @@
 ~~ total detected protocols..: 34
 ~~ total active/idle flows...: 34/34
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2260329 bytes
-~~ total memory freed........: 2260329 bytes
-~~ total allocations/frees...: 36157/36157
+~~ total memory allocated....: 2259163 bytes
+~~ total memory freed........: 2259163 bytes
+~~ total allocations/frees...: 36158/36158
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dnscrypt_skype_false_positive.pcapng.out

@@ -22,7 +22,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1933200 bytes
-~~ total memory freed........: 1933200 bytes
-~~ total allocations/frees...: 35336/35336
+~~ total memory allocated....: 1933770 bytes
+~~ total memory freed........: 1933770 bytes
+~~ total allocations/frees...: 35337/35337
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/doq.pcapng.out

@@ -33,7 +33,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1935898 bytes
-~~ total memory freed........: 1935898 bytes
-~~ total allocations/frees...: 35359/35359
+~~ total memory allocated....: 1936524 bytes
+~~ total memory freed........: 1936524 bytes
+~~ total allocations/frees...: 35360/35360
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/doq_adguard.pcapng.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1940694 bytes
-~~ total memory freed........: 1940694 bytes
-~~ total allocations/frees...: 35632/35632
+~~ total memory allocated....: 1941376 bytes
+~~ total memory freed........: 1941376 bytes
+~~ total allocations/frees...: 35633/35633
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dos_win98_smb_netbeui.pcap.out

@@ -389,7 +389,7 @@
 ~~ total detected protocols..: 7
 ~~ total active/idle flows...: 7/7
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1947464 bytes
-~~ total memory freed........: 1947464 bytes
-~~ total allocations/frees...: 35404/35404
+~~ total memory allocated....: 1947810 bytes
+~~ total memory freed........: 1947810 bytes
+~~ total allocations/frees...: 35405/35405
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/drda_db2.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929856 bytes
-~~ total memory freed........: 1929856 bytes
-~~ total allocations/frees...: 35363/35363
+~~ total memory allocated....: 1930538 bytes
+~~ total memory freed........: 1930538 bytes
+~~ total allocations/frees...: 35364/35364
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dropbox.pcap.out

@@ -178,7 +178,7 @@
 ~~ total detected protocols..: 19
 ~~ total active/idle flows...: 19/19
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2008178 bytes
-~~ total memory freed........: 2008178 bytes
-~~ total allocations/frees...: 36226/36226
+~~ total memory allocated....: 2007852 bytes
+~~ total memory freed........: 2007852 bytes
+~~ total allocations/frees...: 36227/36227
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls.pcap.out

@@ -12,7 +12,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926764 bytes
-~~ total memory freed........: 1926764 bytes
-~~ total allocations/frees...: 35326/35326
+~~ total memory allocated....: 1927446 bytes
+~~ total memory freed........: 1927446 bytes
+~~ total allocations/frees...: 35327/35327
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls2.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1927620 bytes
-~~ total memory freed........: 1927620 bytes
-~~ total allocations/frees...: 35356/35356
+~~ total memory allocated....: 1928302 bytes
+~~ total memory freed........: 1928302 bytes
+~~ total allocations/frees...: 35357/35357
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls_certificate_fragments.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1927286 bytes
-~~ total memory freed........: 1927286 bytes
-~~ total allocations/frees...: 35344/35344
+~~ total memory allocated....: 1927968 bytes
+~~ total memory freed........: 1927968 bytes
+~~ total allocations/frees...: 35345/35345
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/dtls_session_id_and_coockie_both.pcap.out

@@ -15,7 +15,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1926822 bytes
-~~ total memory freed........: 1926822 bytes
-~~ total allocations/frees...: 35328/35328
+~~ total memory allocated....: 1927504 bytes
+~~ total memory freed........: 1927504 bytes
+~~ total allocations/frees...: 35329/35329
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/encrypted_sni.pcap.out

@@ -19,7 +19,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1941138 bytes
-~~ total memory freed........: 1941138 bytes
-~~ total allocations/frees...: 35345/35345
+~~ total memory allocated....: 1941708 bytes
+~~ total memory freed........: 1941708 bytes
+~~ total allocations/frees...: 35346/35346
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ethereum.pcap.out

@@ -1034,7 +1034,7 @@
 ~~ total detected protocols..: 71
 ~~ total active/idle flows...: 74/74
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2332138 bytes
-~~ total memory freed........: 2332138 bytes
-~~ total allocations/frees...: 37598/37598
+~~ total memory allocated....: 2328732 bytes
+~~ total memory freed........: 2328732 bytes
+~~ total allocations/frees...: 37599/37599
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/exe_download.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1947173 bytes
-~~ total memory freed........: 1947173 bytes
-~~ total allocations/frees...: 36030/36030
+~~ total memory allocated....: 1947855 bytes
+~~ total memory freed........: 1947855 bytes
+~~ total allocations/frees...: 36031/36031
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/exe_download_as_png.pcap.out

@@ -26,7 +26,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1942247 bytes
-~~ total memory freed........: 1942247 bytes
-~~ total allocations/frees...: 35861/35861
+~~ total memory allocated....: 1942929 bytes
+~~ total memory freed........: 1942929 bytes
+~~ total allocations/frees...: 35862/35862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/facebook.pcap.out

@@ -46,7 +46,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 2/2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1942927 bytes
-~~ total memory freed........: 1942927 bytes
-~~ total allocations/frees...: 35408/35408
+~~ total memory allocated....: 1943553 bytes
+~~ total memory freed........: 1943553 bytes
+~~ total allocations/frees...: 35409/35409
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/firefox.pcap.out

@@ -107,13 +107,16 @@
 00425{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ru9AADQGcTiSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZfogAAAQEICjwgDNA0DJnO"}
 02377{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226686,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvBAADQGa5eSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZkjwAAAQEICjwgDNE0DJnOFwMDATCFItPF6rhHl1\/YPDMm6GWa4HPcCuK3mqzRTOvvGM6NtGhFTVozdHMGJUEg+z3B0BwleVJpB0reYbEUloZUNqh+kMOlhUZkm4pupaUY0U3DCPm5Acsk4V8tBtBDRLG6xi5ISPF0fnoOemdPNS5pkmhpcXIQTJwrun+oXoL5UMlx4p6HorQcXT3ymZw9p3ypfFXkNfWHg05tgi2hPSGA4o2hvt12+\/r5TqNogm+YBmdd5EhiErbSF+joVzv3duY6fTgEB86x2h8HE\/TFVEHU8HKlPkU6Svy67aTvtbLONANSb8cpYbsgRmmZbRuoDoqmKhfmkhF8uqt5BA5bHxI9CRcQuESZNqQ03RWwnd0xSJ62fuTT7fNyfbaItVf+d+C4AcL5+m96krweQdTXjAV0ZPLmFwMDIeAN9X2eDfUrz11hvbQsIH5c5SfESCAAlIcc2dpQ97y8luRHUEzUkqXDf\/PLM9KOB4UlHlDacLBy1+b8ityG6\/T9TcqAtZtO8cZtb5T8k\/oOc1vYtX\/fgq8q48fIWSmBZU9jTzBi6aEuKMRRnFRhiRxNh9dyb0Yy2FB6oHFwHwHwf5PAHxnV+X59ajF1exRa1UMHzVir8f4FXkVOKMv8cUQQoB4shcljjAEh3YWc4GwJNz6EtfFw9aKeyANS\/FfpHhP17AitFF420+2PsvZPCQFk61oBLlZBkwQu2TpYfarh3hR6rObQFgBNt\/1xoQzprgM51ImkTMS7QSgpgPmVlxM2EATn9cyIKyHbcO4IofjSmxOC\/TVgLA4\/PR3n8QyGp4vmho\/FVYR1+q79PXff9tf\/5mnDk82iUl448pw+rTHDgB1Oejo8OWfKP5yNUeJ+CuRxcCMXRvnXeM1fLPveq3kCveongKC2oflEtuUNEL6fFI94HtalTDWb+Ux8GjoNpr6BxzJKzjHMKM6LZges2fD8PHJZbfzIaskZvfdSBuolTgW2sBuqhivFhjELX+oUCjiKGociBtPOA8Ni+\/iEtI9NJHp8aGoFdSWFa1uqewlQMVodLxawlNpmg0WtfeZ5YSM1OPkyyX4YciYb7q7tYNunRHDhhT2kJLE5A+8q5rTA3u0q\/wL3yJ6FCCwtYSbvldQZTy4MIsOSqzYsDbFrfXCZYTRHYU8H4LJOB5HUdwtbykh\/5sC+HVoyTLbuocH\/spyZYSNkpjWdlwHoH9h9umAjBgwyDAEwyXjzox1tkv\/qvECE3\/OJ6FiVTmMRRf9fk8lPbfiL\/rPXKcw3bAJLJd7PjfDQ8RdRnfJXD0cS6txrN1TTPgHumvmuAmrVsrS+bWAC0Yysl\/Bz95z5obxGI8PQbvH4IU3C4dLfyvW0Jdl2HjBK5yw7HYjAM2htntg23mpT3fqAfn6gy6C3g5KyIP6o4FqT2FGtQaU9Gdo0eFIKiQ4k0TzMBHtWJW0x\/Zg\/+rNMWKMN8WllqBzrpncwdqW6r89jEdyeR+UFAMUXkISP1VN8q7rZTM+jwA1qnjUi6YaGu9TgOt\/Q2Bi21rv6wZKWBIQvMkpzMFXnEaZHpOxm8PFeM\/8E6Wy0MhwWlBotTz0taZJm3bg+JnHp8U6XTLPeuyi+k9vgASq4vBuqC4FV+G9CoPjLqe5WcPy96wz34Gh0Zue2fVjELTOUewWs9fpSmP0Q39IZFXpW9Hs\/lWFoE5yPY++XW1eJ76eVN3B3iDAdUBtcjMOfxmSlic0NyNauA57QWMuFhJj6UlsNJvOpJzYCB8JfOI40SaKcX0nHBIBldeKKFvwAMCT1Y9LjaFM9Ab34HTrSHJye92uqoYM1CzMXhYOvDWXUHtNhZBQra1Olu1ergOfzFZC4stSCM+dwXkAKV8OPjlDGnieK85H2V5M8SEsAsk0jsbmK9VpvJeZs9zJUSvbATHYsyqm1FczDpSo3nRy+"}
 02380{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226805,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvFAADQGa5aSMDoSwKgBsgG7yZFyBG+ty0T9GYAYAfZGWQAAAQEICjwgDNE0DJnO46bdv8K\/Cv0Y71KHBDx2E6DhVxHnO\/Vz+xRwx2MqZfoXdkMxPSicnl3rYCYWn0W24kGlecvyv7f0wZjyQvEeJD0ho1yneg4\/xbfN6nJQCbyAHn52qAkHGnKjO1KZDQzFc+5TrtwQEh+BUcCr8cmLjsOay578DJPCS8ae7imn292Lro+q4p\/3K4HTVpMrHgLfaY6hGzqsUOvRYnp+mBY5J563lmxOlx\/X\/oRuF++LlsfkL4e4knMLMkCVM+4iUfa04TW9CkLfEBrv4TH6EnUWnZyHOF8RFK\/1abv2HzFnA6zXuYU\/Kd5MKn+6eVVnhXGptFU+YDY9XL86PB+02SsiTjKa52KdTP+9os8CK8SqxnVrHpeE8v2tj2IhDJHzCsyjbWxg80M07qQn9G6WWAfhwMD03oDyqCwxVdIW\/MNogzyD29FkqRX3j9n7yWj8xN+nH1XMHDS6XIuSGpwiPcgoHxc0cUkIR5gIcEee+K3NQoHTxX6ggiXJFwDsSAltMJPa777kTM1SAmCL6mIKH5RFm5s+L7B9+mAtbO8rBf5cnca1izIIU+eT1mvlWCfXyubs\/uJZuUdJr7Y86g6QqP+IPTdFl4C7gy0KF+hZPVpBQkFjAx6PRGdxZ3N4LgGKVsnxLmp7ZUheaHfua3vO7HM7OSvw8l\/ze9oD3As+2V7Wmo2giwB8EPOPhoPXSkNhVN8I8jb+AsJnkzY9ecRVSW83tpBDyKQ2XjpmpBwQ9EVwM4CmUKlheybzefnWu1t1PoK21rSakqzAdjrlBFAfkN5f9coT9sI668vA7pI6f2kN4GZ8tIyQwALesL5d32vkjmxhcR9Ephra5vd9TYwTxhKz1Hw33GqfwwnnkzroMItWkC94MT9\/VKvHCr9Tkne6c675Spl2JDFJ3wb5Sydf4A7x2Qg3fRV4opVqzovvzIGgjiZp0CujVL5zOXAkS2HnJxxBD6a2gGfwbj\/Z6sWKOHuDmD\/QBbc9R3zoENgebZ5HtkdkM5tiFNi5InBSHUuObtHnicUdsBv00hPvLUdi0axYCkTtOQYGUheExhiPQQEYgxhPteOzgbjU3mg9+D4CAvzmoWQwsXki5G3MHnAl4MXqGvqYE35YBip6lmx7\/qQkQLExsjMjl+B7GjF\/GjOrYPDQp\/yGV3pHo3O93LWc+UPT+cyc6Ae20\/u3TH3HOo175rQxEg8VW8HVppHsPzIro2fS3GjdyYvBkuLUwDQqAMX4KVTQ4dnO2qsHL+PKVSYcWYly94o5AN77+DmqopSXpQNbyQlzyIzvrgEAOQMj3QfQWQ0Bn8P5Mj+x97H31p8bwf+iNIyw1Swh8fBDvI+AQ0NlZQabe8BzYQmSmRcuhpnkpzfl1wqCP41Ddi8oRLH9G6sT6xjZ+wCmKYQkpmcJBB2Lh8WPQieK6YZvKXFoH7WLC9q24PuGX50w+D4GOr9tvvtBJ2hYPSmZZCP5F+s59SjEghaoKmMGmcH3ppSVAXFE+rrhyYwS+lcqrXjygZhVDgxenUAdLAcDP\/yEtCVPz1MHb1t8t6r7oVmy9HlRVXy8DrtoIbjLDK+Zp2b2M4ERf22yJYBywgnxzDl3qvMmzni+KXjVOVDd078bzWIe3hT1D+ZNLLWcU49PEPJzQXgUobzxSiw8OKUxu2RM8AsKXQbk3i7x\/4DNic0LLIwxlebFuv\/Hup8TuMCyQR9whOnAxau+R2yPyGEHDSf\/wWqW4kDMsq0pZwak4tNm1YE3WjpiXtBoHK1xlAOgyUil\/3uCxlv\/\/guIJMnwv3zRPe9\/AZVpFL0rBjS9F0LKy\/khl2r2y4uw+8DTcXG8M12ci\/8\/7or9Eg+8WXPvfCVuEk60aMXsSqG7KFu6NpASmHnKw7OeZUmavwS1YmSksKTYzohf8zu7u1yDfIYmAtV0cNsQsU45"}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1330,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1620927998806,"flow_last_seen":1620927999354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":195425,"flow_avg_l4_payload_len":766,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1636,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2615,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1620927999112,"flow_last_seen":1620927999490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":207776,"flow_avg_l4_payload_len":814,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3808,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620927999111,"flow_last_seen":1620927999648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":203554,"flow_avg_l4_payload_len":798,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":195425,"flow_avg_l4_payload_len":766,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":203554,"flow_avg_l4_payload_len":798,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":207776,"flow_avg_l4_payload_len":814,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5441/5441
@@ -122,7 +125,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2563192 bytes
-~~ total memory freed........: 2563192 bytes
-~~ total allocations/frees...: 40848/40848
+~~ total memory allocated....: 2434467 bytes
+~~ total memory freed........: 2434467 bytes
+~~ total allocations/frees...: 40840/40840
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/fix.pcap.out

@@ -191,7 +191,7 @@
 ~~ total detected protocols..: 12
 ~~ total active/idle flows...: 12/12
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2022611 bytes
-~~ total memory freed........: 2022611 bytes
-~~ total allocations/frees...: 36630/36630
+~~ total memory allocated....: 2022677 bytes
+~~ total memory freed........: 2022677 bytes
+~~ total allocations/frees...: 36631/36631
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/forticlient.pcap.out

@@ -107,7 +107,7 @@
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2041933 bytes
-~~ total memory freed........: 2041933 bytes
-~~ total allocations/frees...: 37363/37363
+~~ total memory allocated....: 2042391 bytes
+~~ total memory freed........: 2042391 bytes
+~~ total allocations/frees...: 37364/37364
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ftp.pcap.out

@@ -12,7 +12,7 @@
 00441{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976972,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2xCwDBkn+CABFEABBAABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAYECpjewAAAQEICjtXmOwSZ\/tbUEFTUyBOY0ZUUEANCg=="}
 00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":45752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OopAADYGpvJagkZJwKgB1AAVxgZYKsIJoyOYC4AQAAMV2wAAAQEIChJn+207V5js"}
 00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":66945,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xCwDBkn+EBMx8Tl2CABFAABLOotAADYGptpagkZJwKgB1AAVxgZYKsIJoyOYC4AYAAM0PgAAAQEIChJn+3I7V5jsMjMwIExvZ2luIHN1Y2Nlc3NmdWwuDQo="}
-00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol","36":"Clear-text credentials"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
 00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"}
 00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="}
 00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"}
@@ -55,7 +55,7 @@
 ~~ total detected protocols..: 2
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1973738 bytes
-~~ total memory freed........: 1973738 bytes
-~~ total allocations/frees...: 36525/36525
+~~ total memory allocated....: 1974308 bytes
+~~ total memory freed........: 1974308 bytes
+~~ total allocations/frees...: 36526/36526
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ftp_failed.pcap.out

@@ -15,7 +15,7 @@
 00465{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":74667,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACYGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QchwFQbPgBgA4XzJAAABAQgKlgV6zFbTThFRVUlUDQo="}
 00479{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88560,"pkt_caplen":100,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":100,"pkt_l4_len":46,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOAC4GOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBs+ZN0HOgBgCAFELAAABAQgKVtNPzpYFeswyMjEgR29vZGJ5ZS4NCg=="}
 00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88598,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3Qc5wFQbdgBAA4XzDAAABAQgKlgV62lbTT84="}
-00605{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
+00650{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"36":"Clear-text credentials"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
 00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
 00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test"}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929276 bytes
-~~ total memory freed........: 1929276 bytes
-~~ total allocations/frees...: 35343/35343
+~~ total memory allocated....: 1929958 bytes
+~~ total memory freed........: 1929958 bytes
+~~ total allocations/frees...: 35344/35344
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/genshin-impact.pcap.out

@@ -61,7 +61,7 @@
 ~~ total detected protocols..: 3
 ~~ total active/idle flows...: 3/3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1934331 bytes
-~~ total memory freed........: 1934331 bytes
-~~ total allocations/frees...: 35375/35375
+~~ total memory allocated....: 1934901 bytes
+~~ total memory freed........: 1934901 bytes
+~~ total allocations/frees...: 35376/35376
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/git.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929316 bytes
-~~ total memory freed........: 1929316 bytes
-~~ total allocations/frees...: 35414/35414
+~~ total memory allocated....: 1929998 bytes
+~~ total memory freed........: 1929998 bytes
+~~ total allocations/frees...: 35415/35415
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/google_ssl.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929566 bytes
-~~ total memory freed........: 1929566 bytes
-~~ total allocations/frees...: 35353/35353
+~~ total memory allocated....: 1930248 bytes
+~~ total memory freed........: 1930248 bytes
+~~ total allocations/frees...: 35354/35354
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/googledns_android10.pcap.out

@@ -65,7 +65,7 @@
 00420{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":208808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGaHnAqAGfCAgICNowA1VpY9IUAAAAAFAEAADEiwAA"}
 00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
 00480{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":426405,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"entropy":5.297900,"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
 00480{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":440141,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
 00481{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":402579,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
 00480{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":415412,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAAiPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
@@ -127,7 +127,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 8/8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1986838 bytes
-~~ total memory freed........: 1986838 bytes
-~~ total allocations/frees...: 35914/35914
+~~ total memory allocated....: 1987128 bytes
+~~ total memory freed........: 1987128 bytes
+~~ total allocations/frees...: 35915/35915
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/gquic.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1932295 bytes
-~~ total memory freed........: 1932295 bytes
-~~ total allocations/frees...: 35336/35336
+~~ total memory allocated....: 1932977 bytes
+~~ total memory freed........: 1932977 bytes
+~~ total allocations/frees...: 35337/35337
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/h323-overflow.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1928783 bytes
-~~ total memory freed........: 1928783 bytes
-~~ total allocations/frees...: 35326/35326
+~~ total memory allocated....: 1929465 bytes
+~~ total memory freed........: 1929465 bytes
+~~ total allocations/frees...: 35327/35327
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/hangout.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1935465 bytes
-~~ total memory freed........: 1935465 bytes
-~~ total allocations/frees...: 35345/35345
+~~ total memory allocated....: 1936147 bytes
+~~ total memory freed........: 1936147 bytes
+~~ total allocations/frees...: 35346/35346
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/hpvirtgrp.pcap.out

@@ -169,7 +169,7 @@
 ~~ total detected protocols..: 9
 ~~ total active/idle flows...: 9/9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1974333 bytes
-~~ total memory freed........: 1974333 bytes
-~~ total allocations/frees...: 35492/35492
+~~ total memory allocated....: 1974567 bytes
+~~ total memory freed........: 1974567 bytes
+~~ total allocations/frees...: 35493/35493
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http-crash-content-disposition.pcap.out

@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http-lines-split.pcap.out

@@ -24,7 +24,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1927142 bytes
-~~ total memory freed........: 1927142 bytes
-~~ total allocations/frees...: 35340/35340
+~~ total memory allocated....: 1927824 bytes
+~~ total memory freed........: 1927824 bytes
+~~ total allocations/frees...: 35341/35341
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http_auth.pcap.out

@@ -0,0 +1,31 @@
+00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1381844050222,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":222515,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
+00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":402547,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
+00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":402655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}
+01418{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":402794,"pkt_caplen":805,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":805,"pkt_l4_len":771,"pkt":"TBfruiThKM\/pITwrCABFAAMXqUtAAEAGT0HAqAAEwP69qdRBAFCa4jGzA2bR\/oAYICs3TAAAAQEICh9\/FGkwzbX3R0VUIC9wYXNzd29yZC1vay5waHAgSFRUUC8xLjENCkhvc3Q6IGJyb3dzZXJzcHkuZGsNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MA0KQXV0aG9yaXphdGlvbjogQmFzaWMgZEdWemREcG1ZV2xzTWc9PQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfOF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMzAuMC4xNTk5LjY5IFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9icm93c2Vyc3B5LmRrL3Bhc3N3b3JkLnBocA0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUsc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOA0KQ29va2llOiBfX3V0bWE9MTkwOTA4MjgxLjE1NjAwOTU2MTEuMTM4MTg0Mzk2OC4xMzgxODQzOTY4LjEzODE4NDM5NjguMTsgX191dG1iPTE5MDkwODI4MS4yLjEwLjEzODE4NDM5Njk7IF9fdXRtYz0xOTA5MDgyODE7IF9fdXRtej0xOTA5MDgyODEuMTM4MTg0Mzk2OS4xLjEudXRtY3NyPWdvb2dsZXx1dG1jY249KG9yZ2FuaWMpfHV0bWNtZD1vcmdhbmljfHV0bWN0cj0obm90JTIwcHJvdmlkZWQpOyBfX3VuYW09NmI2YWI2ZC0xNDFiYzUxYTgxZS00MTAyYTY2MS0yDQoNCg=="}
+00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36":"Clear-text credentials"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}}
+00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":596540,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KM\/pITwrTBfruiThCABFAAA0Z\/RAADgGm3vA\/r2pwKgABABQ1EEDZtH+muI0loAQAH2ivAAAAQEICjDNtgoffxRp"}
+02365{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":802943,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"KM\/pITwrTBfruiThCABFAAXcZ\/VAADgGldLA\/r2pwKgABABQ1EEDZtH+muI0loAQAH1SGgAAAQEICjDNth8ffxRpSFRUUC8xLjEgNDAxIEF1dGhvcml6YXRpb24gUmVxdWlyZWQNCkRhdGU6IFR1ZSwgMTUgT2N0IDIwMTMgMTM6MzQ6MDIgR01UDQpTZXJ2ZXI6IEFwYWNoZQ0KV1dXLUF1dGhlbnRpY2F0ZTogQmFzaWMgcmVhbG09IkJyb3dzZXJTcHkuZGsgLSBIVFRQIFBhc3N3b3JkIFRlc3QiDQpFeHBpcmVzOiBNb24sIDI2IEp1bCAxOTk3IDA1OjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUsIHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTANClByYWdtYTogbm8tY2FjaGUNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NSwgbWF4PTc1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCg0KNWYxDQo8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBTdHJpY3QvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtc3RyaWN0LmR0ZCI+CjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiB4bWw6bGFuZz0iZW4iIGxhbmc9ImVuIj4KPGhlYWQ+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiIC8+Cjx0aXRsZT5IVFRQIFBhc3N3b3JkIEluZm9ybWF0aW9uIC0gRmFpbHVyZSAtIEJyb3dzZXJTcHkuZGs8L3RpdGxlPgo8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iRmFpbHVyZSEgWW91ciBjbGllbnQgZG9lc24ndCBzdXBwb3J0cyBIVFRQIEJhc2ljIEF1dGhlbnRpY2F0aW9uIG9yIHlvdSBwcm92aWRlIHRoZSB3cm9uZyB1c2VybmFtZSBhbmQvb3IgcGFzc3dvcmQuIEJlbG93IGFyZSBsaXN0ZWQgd2hhdCB5b3UgcHJvdmlkZWQgYXMgbG9naW4gaW5mb3JtYXRpb24uIiAvPgo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgY29udGVudD0iZmFpbHVyZSxwYXNzd29yZCxodHRwLGJhc2ljLGF1dGhlbnRpY2F0aW9uLHByb3RlY3Rpb24iIC8+CjxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvZmF2aWNvbi5pY28iIHR5cGU9ImltYWdlL3gtaWNvbiIgLz4KPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwOi8vYnJvd3NlcnNweS5kay9mYXZpY29uLmljbyIgdHlwZT0iaW1hZ2UveC1pY29uIiAvPgo8bGluayByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBtZWRpYT0iYWxsIiBocmVmPSJodHRwOi8vYnJvd3NlcnNweS5kay90aGVtZS9yZXNldC5jc3MiIC8+CjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgdHlwZT0idGV4dC9jc3MiIG1lZGlhPSJhbGwiIGhyZWY9Imh0dHA6Ly9icm93c2Vyc3B5LmRrL3RoZW1lL2RlZmF1bHQuY3NzIiAvPgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwOi8vYnI="}
+01078{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":804265,"pkt_caplen":551,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":551,"pkt_l4_len":517,"pkt":"KM\/pITwrTBfruiThCABFAAIZZ\/ZAADgGmZTA\/r2pwKgABABQ1EEDZtemmuI0loAYAH3Q5gAAAQEICjDNth8ffxRpb3dzZXJzcHkuZGsvanMvanF1ZXJ5LmpzIj48L3NjcmlwdD4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL3d3dy5nb29nbGUuY29tL2Nvb3AvY3NlL2JyYW5kP2Zvcm09Y3NlLXNlYXJjaC1ib3gmYW1wO2xhbmc9ZW4iPjwvc2NyaXB0Pgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJqcy9qcXVlcnkuYnJvd3Nlci5qcyI+PC9zY3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KLy88IVtDREFUQVsKDQoJCQkkKGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpew0KCQkJCSQoImFbcmVsPWV4dGVybmFsXSIpLmNsaWNrKGZ1bmN0aW9uKCl7DQoJCQkJCXBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCIvb3V0Z29pbmcvIisgJCh0aGlzKS5hdHRyKCJocmVmIikpOw0KCQkJCX0pOw0KCQkJfSk7DQoJCQovL11dPgo8L3NjcmlwdD4KPC9oZWFkPgo8Ym9keSBpZD0iYnJvd3NlcnNweWRrIj4KDQo="}
+00426{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":804299,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA0JFRAAEAG1xvAqAAEwP69qdRBAFCa4jSWA2bZi4AQH+F6KAAAAQEICh9\/FfcwzbYf"}
+00538{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":804861,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"KM\/pITwrTBfruiThCABFAACDZ\/dAADgGmynA\/r2pwKgABABQ1EEDZtmLmuI0loAYAH06nAAAAQEICjDNth8ffxRpNDkNCg0KCQkJPGRpdiBpZD0iaGVhZGVyIj4NCgkJCQk8ZGl2IGNsYXNzPSJpbm5lciI+DQoJCQkJCTxkaXYgaWQ9ImxvZ28iPg0KCQkNCg=="}
+00428{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":804893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA03TRAAEAGHjvAqAAEwP69qdRBAFCa4jSWA2bZ2oAQH9x53gAAAQEICh9\/FfcwzbYf"}
+00728{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":805596,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"KM\/pITwrTBfruiThCABFAAESZ\/hAADgGmpnA\/r2pwKgABABQ1EEDZtnamuI0loAYAH3nAAAAAQEICjDNth8ffxRpZDgNCjxhIGhyZWY9Imh0dHA6Ly9icm93c2Vyc3B5LmRrLyIgdGl0bGU9IkJhY2sgdG8gQnJvd3NlclNweS5kayBmcm9udHBhZ2UiPjxpbWcgYWx0PSJCcm93c2VyU3B5LmRrIGxvZ28iIHdpZHRoPSIzMDAiIGhlaWdodD0iNTMiIHNyYz0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvcGljcy9sb2dvLnBuZyIgLz48L2E+DQoJCQkJCTwvZGl2Pg0KCQkJPGRpdiBpZD0iYmFubmVyLWhlYWRlciI+Cg0K"}
+00428{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":805617,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA0s2FAAEAGSA7AqAAEwP69qdRBAFCa4jSWA2bauIAQH855DQAAAQEICh9\/FfgwzbYf"}
+02367{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":809623,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"KM\/pITwrTBfruiThCABFAAXcZ\/lAADgGlc7A\/r2pwKgABABQ1EEDZtq4muI0loAQAH36uQAAAQEICjDNth8ffxRpMmQ4NA0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgovLzwhW0NEQVRBWwp2YXIgZ29vZ2xlX2FkX2NsaWVudCA9ICJwdWItMzc4MjU5Nzk5NjIxNjI1NyI7CnZhciBnb29nbGVfYWRfc2xvdCA9ICI3NTY0NDY5MzQzIjsKdmFyIGdvb2dsZV9hZF93aWR0aCA9IDQ2ODsKdmFyIGdvb2dsZV9hZF9oZWlnaHQgPSA2MDsKLy9dXT4KPC9zY3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHA6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvc2hvd19hZHMuanMiPjwvc2NyaXB0Pgo8L2Rpdj4KCTwvZGl2Pg0KCQkJCTxkaXYgY2xhc3M9ImNsciI+PC9kaXY+DQoJCQk8L2Rpdj4NCgkJCTxkaXYgaWQ9Im1lbnUiPg0KCQkJCTx1bCBpZD0ibWVudXRvcCI+CjxsaSBjbGFzcz0iYWN0aXZlIj48YSBocmVmPSJodHRwOi8vYnJvd3NlcnNweS5kay8iIHRpdGxlPSJCYWNrIHRvIHRoZSBmcm9udHBhZ2Ugb2YgQnJvd3NlclNweS5kayI+SG9tZTwvYT48L2xpPjxsaT48YSBocmVmPSJodHRwOi8vYnJvd3NlcnNweS5kay9hYm91dC8iIHRpdGxlPSJXaGF0IGlzIEJyb3dzZXJTcHkuZGsgYWxsIGFib3V0PyI+QWJvdXQ8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvYmxvZy8iIHRpdGxlPSJUaGUgQnJvd3NlclNweS5kayBibG9nIHdpdGggbmV3cyBhbmQgcmVsZXZhbnQgaW5mb3JtYXRpb24iPkJsb2c8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvY29udGFjdC8iIHRpdGxlPSJIb3cgZG8gSSBjb250YWN0IEJyb3dzZXJTcHkuZGsiPkNvbnRhY3Q8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvZG9uYXRlLyIgdGl0bGU9IkhvdyBkbyBJIGRvbmF0ZSBtb25leSB0byB0aGUgZGV2ZWxvcG1lbnQgb2YgQnJvd3NlclNweS5kayI+RG9uYXRlPC9hPjwvbGk+PGxpPjxhIGhyZWY9Imh0dHA6Ly9icm93c2Vyc3B5LmRrL2ZhcS8iIHRpdGxlPSJMaXN0IG9mIEZyZXF1ZW50bHkgQXNrZWQgUXVlc3Rpb25zIG9uIEJyb3dzZXJTcHkuZGsiPkZBUTwvYT48L2xpPjwvdWw+Cg0KCQkJCTxkaXYgaWQ9InNlYXJjaCI+PGZvcm0gYWN0aW9uPSJodHRwOi8vYnJvd3NlcnNweS5kay9zZWFyY2gvIiBpZD0iY3NlLXNlYXJjaC1taW5pIj48ZGl2PjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImN4IiB2YWx1ZT0iMDAzNDg0MTMwNzIwOTExNjg2NDI1OmItcmNkX19uYmJ3IiAvPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImNvZiIgdmFsdWU9IkZPUklEOjExIiAvPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImllIiB2YWx1ZT0iVVRGLTgiIC8+PGlucHV0IHR5cGU9InRleHQiIG5hbWU9InEiIHNpemU9IjMwIiB0aXRsZT0iU2VhcmNoIHRoZSBCcm93c2VyU3B5LmRrIHNpdGUiIC8+PGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0ic2EiIGM="}
+02373{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":814178,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"KM\/pITwrTBfruiThCABFAAXcZ\/pAADgGlc3A\/r2pwKgABABQ1EEDZuBgmuI0loAQAH0DVwAAAQEICjDNth8ffxRpbGFzcz0ic3ViIiB2YWx1ZT0iU2VhcmNoIFNpdGUiIHRpdGxlPSJEbyB0aGUgc2VhcmNoISIgLz48L2Rpdj48L2Zvcm0+PC9kaXY+DQoJCQk8L2Rpdj4NCgkJCTxkaXYgaWQ9ImNvbnRlbnQiPg0KCQkJCTxkaXYgaWQ9ImxlZnQiPg0KCQkJCQk8ZGl2IGNsYXNzPSJpbm5lciI+DQoJCQkJCQk8ZGl2IGlkPSJpbmZvIj48cD5Ccm93c2VyU3B5LmRrIHNob3dzIHlvdSBqdXN0IGhvdyBtdWNoIGluZm9ybWF0aW9uIGNhbiBiZSByZXRyaWV2ZWQgZnJvbSB5b3VyIGJyb3dzZXIganVzdCBieSB2aXNpdGluZyBhIHBhZ2UuPC9wPjxwPkF2YWlsYWJsZSB0ZXN0cyBhcmUgbGlzdGVkIGJlbG93LjwvcD48L2Rpdj4NCgkJCQkJCTx1bCBpZD0ibmF2Ij4KPGxpPjxhIGhyZWY9Imh0dHA6Ly9icm93c2Vyc3B5LmRrL2FjY2VwdC5waHAiIHRpdGxlPSJXaGF0IGZpbGV0eXBlcyBkb2VzIHlvdXIgYnJvd3NlciBhY2NlcHQ\/Ij5BY2NlcHRlZCBGaWxldHlwZXM8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvYWN0aXZleC5waHAiIHRpdGxlPSJEb2VzIHlvdXIgYnJvd3NlciBzdXBwb3J0IEFjdGl2ZVg\/Ij5BY3RpdmVYPC9hPjwvbGk+PGxpPjxhIGhyZWY9Imh0dHA6Ly9icm93c2Vyc3B5LmRrL2Fkb2JlcmVhZGVyLnBocCIgdGl0bGU9IklzIEFkb2JlIFJlYWRlciBpbnN0YWxsZWQ\/Ij5BZG9iZSBSZWFkZXI8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvYWpheC5waHAiIHRpdGxlPSJEb2VzIHlvdXIgYnJvd3NlciBzdXBwb3J0IFhNTCByZXF1ZXN0cyBhbmQgZG9jdW1lbnRzLiBYTUxIdHRwUmVxdWVzdCBpcyB1c2VkIGluIEFqYXggYmFzZWQgd2Vic2l0ZXMiPkFqYXggU3VwcG9ydDwvYT48L2xpPjxsaT48YSBocmVmPSJodHRwOi8vYnJvd3NlcnNweS5kay9iYW5kd2lkdGgucGhwIiB0aXRsZT0iV2hhdCBpcyB5b3VyIGludGVybmV0IGNvbm5lY3Rpb24gc3BlZWQ\/Ij5CYW5kd2lkdGg8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvYnJvd3Nlci5waHAiIHRpdGxlPSJXaGF0IGlzIHRoZSBuYW1lIGFuZCB2ZXJzaW9uIG9mIHlvdXIgYnJvd3Nlcj8iPkJyb3dzZXI8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvY2FwYWJpbGl0aWVzLnBocCIgdGl0bGU9IldoYXQgY2FwYWJpbGl0aWVzIGRvZXMgeW91ciBicm93c2VyIGhhdmU\/Ij5DYXBhYmlsaXRpZXM8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvY29sb3JzLnBocCIgdGl0bGU9IldoYXQga2luZCBvZiBzeXN0ZW0gY29sb3JzIGRvZXMgeW91ciBicm93c2VyIHN1cHBvcnQ\/Ij5Db2xvcnM8L2E+PC9saT48bGk+PGEgaHJlZj0iaHR0cDovL2Jyb3dzZXJzcHkuZGsvY29tcG9uZW50LnBocCIgdGl0bGU9IldoYXQgSW50ZXJuZXQgRXhwbG9yZXIgY29tcG9uZW50cyBjYW4gYmUgYW4="}
+00428{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"http_auth.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1381844050,"pkt_ts_usec":814283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TBfruiThKM\/pITwrCABFAAA0zHdAAEAGLvjAqAAEwP69qdRBAFCa4jSWA2bmCIAQHxluagAAAQEICh9\/FgAwzbYf"}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test"}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 33/33
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 19452 bytes
+~~ total detected protocols..: 1
+~~ total active/idle flows...: 1/1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 1928505 bytes
+~~ total memory freed........: 1928505 bytes
+~~ total allocations/frees...: 35361/35361
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/http_ipv6.pcap.out

@@ -189,7 +189,7 @@
 ~~ total detected protocols..: 7
 ~~ total active/idle flows...: 15/15
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2046772 bytes
-~~ total memory freed........: 2046772 bytes
-~~ total allocations/frees...: 35625/35625
+~~ total memory allocated....: 2046670 bytes
+~~ total memory freed........: 2046670 bytes
+~~ total allocations/frees...: 35626/35626
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/iec60780-5-104.pcap.out

@@ -113,7 +113,7 @@
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 6/6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1946769 bytes
-~~ total memory freed........: 1946769 bytes
-~~ total allocations/frees...: 35486/35486
+~~ total memory allocated....: 1947171 bytes
+~~ total memory freed........: 1947171 bytes
+~~ total allocations/frees...: 35487/35487
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/imaps.pcap.out

@@ -27,7 +27,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1932197 bytes
-~~ total memory freed........: 1932197 bytes
-~~ total allocations/frees...: 35349/35349
+~~ total memory allocated....: 1932879 bytes
+~~ total memory freed........: 1932879 bytes
+~~ total allocations/frees...: 35350/35350
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/instagram.pcap.out

@@ -507,7 +507,7 @@
 ~~ total detected protocols..: 25
 ~~ total active/idle flows...: 38/38
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 3304775 bytes
-~~ total memory freed........: 3304775 bytes
-~~ total allocations/frees...: 39058/39058
+~~ total memory allocated....: 2764060 bytes
+~~ total memory freed........: 2764060 bytes
+~~ total allocations/frees...: 39029/39029
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ip_fragmented_garbage.pcap.out

@@ -18219,7 +18219,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 29/29
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2016027 bytes
-~~ total memory freed........: 2016027 bytes
-~~ total allocations/frees...: 35437/35437
+~~ total memory allocated....: 2015141 bytes
+~~ total memory freed........: 2015141 bytes
+~~ total allocations/frees...: 35438/35438
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/iphone.pcap.out

@@ -509,7 +509,7 @@
 ~~ total detected protocols..: 52
 ~~ total active/idle flows...: 53/53
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 2544221 bytes
-~~ total memory freed........: 2544221 bytes
-~~ total allocations/frees...: 36242/36242
+~~ total memory allocated....: 2469986 bytes
+~~ total memory freed........: 2469986 bytes
+~~ total allocations/frees...: 36238/36238
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ipv6_in_gtp.pcap.out

@@ -11,7 +11,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/irc.pcap.out

@@ -7,7 +7,7 @@
 00419{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"}
 00443{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695673,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"AAAMB6wBABNyxPHhCABFAABF\/+NAAEAGJikKtJz5JuVGFLNhH0BpMfDpkRUtNoAYAHMU3gAAAQEICr7CD2IwSCUWTklDSyBtb2xvY2h0ZXN0DQo="}
 00504{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695929,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"ABNyxPHhANAr0XYACABFAAByCCFAADIGK78m5UYUCrSc+R9As2GRFS02aTHw6YAYAFuk2AAAAQEICjBIJRa+wg9EOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogTG9va2luZyB1cCB5b3VyIGhvc3RuYW1lLi4uDQo="}
-00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
+00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol","36":"Clear-text credentials"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
 00419{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+RAAEAGJjkKtJz5JuVGFLNhH0BpMfD6kRUtdIAQAHNSyQAAAQEICr7CD2IwSCUW"}
 00488{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726130,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ABNyxPHhANAr0XYACABFAABlCCJAADIGK8sm5UYUCrSc+R9As2GRFS10aTHw+oAYAFuqEAAAAQEICjBIJR2+wg9iOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogQ2hlY2tpbmcgSWRlbnQNCg=="}
 00421{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726146,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+VAAEAGJjgKtJz5JuVGFLNhH0BpMfD6kRUtpYAQAHNScwAAAQEICr7CD4AwSCUd"}
@@ -25,7 +25,7 @@
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1929595 bytes
-~~ total memory freed........: 1929595 bytes
-~~ total allocations/frees...: 35354/35354
+~~ total memory allocated....: 1930277 bytes
+~~ total memory freed........: 1930277 bytes
+~~ total allocations/frees...: 35355/35355
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

test/results/ja3_lots_of_cipher_suites.pcap.out

@@ -29,7 +29,7 @@
 ~~ total detected protocols..: 0
 ~~ total active/idle flows...: 0/0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 1923546 bytes
-~~ total memory freed........: 1923546 bytes
-~~ total allocations/frees...: 35321/35321
+~~ total memory allocated....: 1924284 bytes
+~~ total memory freed........: 1924284 bytes
+~~ total allocations/frees...: 35322/35322
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~