Executing ./tests/run_tests.sh w/o zLib should not result in diff's anymore.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-11-03 03:37:48 +00:00 · 2022-03-24 01:04:49 +01:00
parent c0b7bdacbc
commit 65a9e5a18d
268 changed files with 683 additions and 662 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,6 +18,7 @@ jobs:
      matrix:
        os: ["ubuntu-latest", "ubuntu-18.04"]
        ndpid_gcrypt: ["-DNDPI_WITH_GCRYPT=OFF", "-DNDPI_WITH_GCRYPT=ON"]
+        ndpid_zlib: ["-DENABLE_ZLIB=OFF", "-DENABLE_ZLIB=ON"]

    steps:
      - uses: actions/checkout@v2
@@ -33,10 +34,14 @@ jobs:
        if: startsWith(matrix.os, 'ubuntu') && !startsWith(matrix.ndpid_gcrypt, '-DNDPI_WITH_GCRYPT=OFF')
        run: |
          sudo apt-get install libgcrypt20-dev
+      - name: Install Ubuntu Prerequisities (zlib)
+        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.ndpid_zlib, '-DENABLE_ZLIB=ON')
+        run: |
+          sudo apt-get install zlib1g-dev
      - name: Configure nDPI
        run: |
          mkdir build && cd build
-          env CMAKE_C_FLAGS='-Werror' cmake .. -DENABLE_COVERAGE=ON -DBUILD_EXAMPLES=ON -DBUILD_NDPI=ON -DENABLE_SANITIZER=ON -DENABLE_ZLIB=ON ${{ matrix.ndpid_gcrypt }}
+          env CMAKE_C_FLAGS='-Werror' cmake .. -DENABLE_COVERAGE=ON -DBUILD_EXAMPLES=ON -DBUILD_NDPI=ON -DENABLE_SANITIZER=ON ${{ matrix.ndpid_zlib }} ${{ matrix.ndpid_gcrypt }}
      - name: Build nDPI
        run: |
          make -C build all VERBOSE=1
--- a/examples/py-flow-info/flow-info.py
+++ b/examples/py-flow-info/flow-info.py
@@ -262,9 +262,10 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
    if 'daemon_event_id' in json_dict:
        if json_dict['daemon_event_name'] == 'status':
            color = [TermColor.WARNING]
-            daemon_msg = '[Processed: {} pkts][Flows][active: {} / {}|skipped: {}|!detected: {}' \
+            daemon_msg = '[Processed: {} pkts][ZLib][compressions: {}|diff: {} / {}][Flows][active: {} / {}|skipped: {}|!detected: {}' \
                         '|guessed: {}|detection-updates: {}|updates: {}]'.format(
                            json_dict['packets-processed'],
+                            json_dict['total-compressions'], json_dict['current-compression-diff'], json_dict['total-compression-diff'],
                            json_dict['current-active-flows'], json_dict['total-active-flows'],
                            json_dict['total-skipped-flows'],
                            json_dict['total-not-detected-flows'], json_dict['total-guessed-flows'],
--- a/nDPId-test.c
+++ b/nDPId-test.c
@@ -990,28 +990,45 @@ int main(int argc, char ** argv)
            nDPId_return.total_idle_flows,
            distributor_return.stats.total_flow_timeouts);

-        unsigned long long int total_memory_alloc =
+        unsigned long long int total_alloc_bytes =
 #ifdef ENABLE_ZLIB
-            (unsigned long long int)(ndpi_memory_alloc_bytes - zlib_compression_bytes);
+            (unsigned long long int)(ndpi_memory_alloc_bytes - zlib_compression_bytes - (zlib_compressions * sizeof(struct nDPId_detection_data)));
 #else
            (unsigned long long int)ndpi_memory_alloc_bytes;
 #endif
-        unsigned long long int total_memory_free =
+        unsigned long long int total_free_bytes =
 #ifdef ENABLE_ZLIB
-            (unsigned long long int)(ndpi_memory_free_bytes - zlib_compression_bytes);
+            (unsigned long long int)(ndpi_memory_free_bytes - zlib_compression_bytes - (zlib_compressions * sizeof(struct nDPId_detection_data)));
 #else
            (unsigned long long int)ndpi_memory_free_bytes;
 #endif

+        unsigned long long int total_alloc_count =
+#ifdef ENABLE_ZLIB
+            (unsigned long long int)(ndpi_memory_alloc_count - zlib_compressions * 2);
+#else
+            (unsigned long long int)ndpi_memory_alloc_count;
+#endif
+
+        unsigned long long int total_free_count =
+#ifdef ENABLE_ZLIB
+            (unsigned long long int)(ndpi_memory_free_count - zlib_decompressions * 2);
+#else
+            (unsigned long long int)ndpi_memory_free_count;
+#endif
+
        printf(
            "~~ total memory allocated....: %llu bytes\n"
            "~~ total memory freed........: %llu bytes\n"
            "~~ total allocations/frees...: %llu/%llu\n"
            "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n",
-            total_memory_alloc,
-            total_memory_free,
-            (unsigned long long int)ndpi_memory_alloc_count,
-            (unsigned long long int)ndpi_memory_free_count);
+            total_alloc_bytes -
+                sizeof(struct nDPId_workflow) *
+                    nDPId_options.reader_thread_count /* We do not want to take the workflow into account. */,
+            total_free_bytes -
+                sizeof(struct nDPId_workflow) *
+                    nDPId_options.reader_thread_count /* We do not want to take the workflow into account. */,
+            total_alloc_count, total_free_count);

        printf(
            "~~ json string min len.......: %llu chars\n"
--- a/nDPId.c
+++ b/nDPId.c
@@ -213,12 +213,14 @@ struct nDPId_workflow
 #ifdef ENABLE_MEMORY_PROFILING
    uint64_t last_memory_usage_log_time;
 #endif
+
 #ifdef ENABLE_ZLIB
    uint64_t last_compression_scan_time;
    uint64_t total_compressions;
    uint64_t total_compression_diff;
    uint64_t current_compression_diff;
 #endif
+
    uint64_t last_scan_time;
    uint64_t last_status_time;
    uint64_t last_global_time;
@@ -361,20 +363,20 @@ static char const * const daemon_event_name_table[DAEMON_EVENT_COUNT] = {
 };

 static struct nDPId_reader_thread reader_threads[nDPId_MAX_READER_THREADS] = {};
-static int nDPId_main_thread_shutdown = 0;
-static uint64_t global_flow_id = 1;
+static volatile int nDPId_main_thread_shutdown = 0;
+static volatile uint64_t global_flow_id = 1;
 static int ip4_interface_avail = 0, ip6_interface_avail = 0;

 #ifdef ENABLE_MEMORY_PROFILING
-static uint64_t ndpi_memory_alloc_count = 0;
-static uint64_t ndpi_memory_alloc_bytes = 0;
-static uint64_t ndpi_memory_free_count = 0;
-static uint64_t ndpi_memory_free_bytes = 0;
+static volatile uint64_t ndpi_memory_alloc_count = 0;
+static volatile uint64_t ndpi_memory_alloc_bytes = 0;
+static volatile uint64_t ndpi_memory_free_count = 0;
+static volatile uint64_t ndpi_memory_free_bytes = 0;
 #ifdef ENABLE_ZLIB
-static uint64_t zlib_compressions = 0;
-static uint64_t zlib_decompressions = 0;
-static uint64_t zlib_compression_diff = 0;
-static uint64_t zlib_compression_bytes = 0;
+static volatile uint64_t zlib_compressions = 0;
+static volatile uint64_t zlib_decompressions = 0;
+static volatile uint64_t zlib_compression_diff = 0;
+static volatile uint64_t zlib_compression_bytes = 0;
 #endif
 #endif

@@ -1847,24 +1849,20 @@ static void jsonize_daemon(struct nDPId_reader_thread * const reader_thread, enu
                                         "total-active-flows",
                                         workflow->total_active_flows);
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "total-idle-flows", workflow->total_idle_flows);
-#ifdef ENABLE_ZLIB
+#if defined(ENABLE_ZLIB) && !defined(NO_MAIN)
+            /* Compression diff's may very from run to run. Due to this, `nDPId-test' would be inconsistent. */
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
                                         "total-compressions",
                                         workflow->total_compressions);
-            /* Compression diff's may very from run to run. Due to this, `nDPId-test' would be inconsistent. */
-#ifndef NO_MAIN
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
                                         "total-compression-diff",
                                         workflow->total_compression_diff);
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
                                         "current-compression-diff",
                                         workflow->current_compression_diff);
-#else
-            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "total-compression-diff", 0);
-            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "current-compression-diff", 0);
-#endif
 #else
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "total-compressions", 0);
+            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "total-compression-diff", 0);
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "current-compression-diff", 0);
 #endif
            ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
@@ -3694,7 +3692,7 @@ static void get_current_time(struct timeval * const tval)
    gettimeofday(tval, NULL);
 }

-static void log_flows_flow_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data)
+static void ndpi_log_flow_walker(void const * const A, ndpi_VISIT which, int depth, void * const user_data)
 {
    struct nDPId_reader_thread const * const reader_thread = (struct nDPId_reader_thread *)user_data;
    struct nDPId_flow_basic const * const flow_basic = *(struct nDPId_flow_basic **)A;
@@ -3775,7 +3773,7 @@ static void log_all_flows(struct nDPId_reader_thread const * const reader_thread
           (unsigned long long int)workflow->last_scan_time);
    for (size_t scan_index = 0; scan_index < workflow->max_active_flows; ++scan_index)
    {
-        ndpi_twalk(workflow->ndpi_flows_active[scan_index], log_flows_flow_walker, (void *)reader_thread);
+        ndpi_twalk(workflow->ndpi_flows_active[scan_index], ndpi_log_flow_walker, (void *)reader_thread);
    }
 }

@@ -3859,7 +3857,7 @@ static void run_pcap_loop(struct nDPId_reader_thread * const reader_thread)
            int const timeout_ms = 1000; /* TODO: Configurable? */
            int nready;
            struct timeval tval_before_epoll, tval_after_epoll;
-            while (nDPId_main_thread_shutdown == 0 && processing_threads_error_or_eof() == 0)
+            while (__sync_fetch_and_add(&nDPId_main_thread_shutdown, 0) == 0 && processing_threads_error_or_eof() == 0)
            {
                get_current_time(&tval_before_epoll);
                errno = 0;
@@ -3947,7 +3945,7 @@ static void run_pcap_loop(struct nDPId_reader_thread * const reader_thread)
                    }
                    else
                    {
-                        logger(1, "Unknown event data 0x%lx returned", events[i].data.u64);
+                        logger(1, "Unknown event data 0x%llx returned", (unsigned long long int)events[i].data.u64);
                    }
                }
            }
@@ -4756,7 +4754,7 @@ int main(int argc, char ** argv)
    signal(SIGTERM, sighandler);
    signal(SIGPIPE, SIG_IGN);

-    while (nDPId_main_thread_shutdown == 0 && processing_threads_error_or_eof() == 0)
+    while (__sync_fetch_and_add(&nDPId_main_thread_shutdown, 0) == 0 && processing_threads_error_or_eof() == 0)
    {
        sleep(1);
    }
--- a/test/results/1kxun.pcap.out
+++ b/test/results/1kxun.pcap.out
@@ -692,7 +692,7 @@
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1439,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":14,"total-guessed-flows":8,"total-detected-flows":107,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":129,"total-idle-flows":129,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":695,"global_ts_msec":1470104433789}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1439,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":14,"total-guessed-flows":8,"total-detected-flows":107,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":129,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":695,"global_ts_msec":1470104433789}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1439/1439
 ~~ skipped flows.............: 0
@@ -701,9 +701,9 @@
 ~~ total active/idle flows...: 129/129
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4905698 bytes
-~~ total memory freed........: 4905698 bytes
-~~ total allocations/frees...: 103044/103044
+~~ total memory allocated....: 4904682 bytes
+~~ total memory freed........: 4904682 bytes
+~~ total allocations/frees...: 103042/103042
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 458 chars
 ~~ json string max len.......: 2444 chars
--- a/test/results/443-chrome.pcap.out
+++ b/test/results/443-chrome.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4681899 bytes
-~~ total memory freed........: 4681899 bytes
+~~ total memory allocated....: 4681587 bytes
+~~ total memory freed........: 4681587 bytes
 ~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/443-curl.pcap.out
+++ b/test/results/443-curl.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4687899 bytes
-~~ total memory freed........: 4687899 bytes
+~~ total memory allocated....: 4687587 bytes
+~~ total memory freed........: 4687587 bytes
 ~~ total allocations/frees...: 101258/101258
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 464 chars
--- a/test/results/443-firefox.pcap.out
+++ b/test/results/443-firefox.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4704135 bytes
-~~ total memory freed........: 4704135 bytes
+~~ total memory allocated....: 4703823 bytes
+~~ total memory freed........: 4703823 bytes
 ~~ total allocations/frees...: 101817/101817
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/443-git.pcap.out
+++ b/test/results/443-git.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4690278 bytes
-~~ total memory freed........: 4690278 bytes
+~~ total memory allocated....: 4689966 bytes
+~~ total memory freed........: 4689966 bytes
 ~~ total allocations/frees...: 101221/101221
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 463 chars
--- a/test/results/443-opvn.pcap.out
+++ b/test/results/443-opvn.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4683204 bytes
-~~ total memory freed........: 4683204 bytes
+~~ total memory allocated....: 4682892 bytes
+~~ total memory freed........: 4682892 bytes
 ~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 464 chars
--- a/test/results/443-safari.pcap.out
+++ b/test/results/443-safari.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4685957 bytes
-~~ total memory freed........: 4685957 bytes
+~~ total memory allocated....: 4685645 bytes
+~~ total memory freed........: 4685645 bytes
 ~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/4in4tunnel.pcap.out
+++ b/test/results/4in4tunnel.pcap.out
@@ -23,8 +23,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4678950 bytes
-~~ total memory freed........: 4678950 bytes
+~~ total memory allocated....: 4678638 bytes
+~~ total memory freed........: 4678638 bytes
 ~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 192 chars
--- a/test/results/4in6tunnel.pcap.out
+++ b/test/results/4in6tunnel.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679938 bytes
-~~ total memory freed........: 4679938 bytes
+~~ total memory allocated....: 4679626 bytes
+~~ total memory freed........: 4679626 bytes
 ~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/6in4tunnel.pcap.out
+++ b/test/results/6in4tunnel.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4683505 bytes
-~~ total memory freed........: 4683505 bytes
+~~ total memory allocated....: 4683193 bytes
+~~ total memory freed........: 4683193 bytes
 ~~ total allocations/frees...: 101270/101270
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/6in6tunnel.pcap.out
+++ b/test/results/6in6tunnel.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4680752 bytes
-~~ total memory freed........: 4680752 bytes
+~~ total memory allocated....: 4680440 bytes
+~~ total memory freed........: 4680440 bytes
 ~~ total allocations/frees...: 101148/101148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4680228 bytes
-~~ total memory freed........: 4680228 bytes
+~~ total memory allocated....: 4679916 bytes
+~~ total memory freed........: 4679916 bytes
 ~~ total allocations/frees...: 101157/101157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 453 chars
--- a/test/results/BGP_redist.pcap.out
+++ b/test/results/BGP_redist.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 192 chars
--- a/test/results/EAQ.pcap.out
+++ b/test/results/EAQ.pcap.out
@@ -195,8 +195,8 @@
 ~~ total active/idle flows...: 31/31
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4711796 bytes
-~~ total memory freed........: 4711796 bytes
+~~ total memory allocated....: 4711484 bytes
+~~ total memory freed........: 4711484 bytes
 ~~ total allocations/frees...: 101436/101436
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 449 chars
--- a/test/results/IEC104.pcap.out
+++ b/test/results/IEC104.pcap.out
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4681129 bytes
-~~ total memory freed........: 4681129 bytes
+~~ total memory allocated....: 4680817 bytes
+~~ total memory freed........: 4680817 bytes
 ~~ total allocations/frees...: 101161/101161
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 453 chars
--- a/test/results/KakaoTalk_chat.pcap.out
+++ b/test/results/KakaoTalk_chat.pcap.out
@@ -233,7 +233,7 @@
 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":3,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299}
+00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 347/347
 ~~ skipped flows.............: 0
@@ -242,9 +242,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4838084 bytes
-~~ total memory freed........: 4838084 bytes
-~~ total allocations/frees...: 101817/101817
+~~ total memory allocated....: 4835660 bytes
+~~ total memory freed........: 4835660 bytes
+~~ total allocations/frees...: 101811/101811
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
 ~~ json string max len.......: 1834 chars
--- a/test/results/KakaoTalk_talk.pcap.out
+++ b/test/results/KakaoTalk_talk.pcap.out
@@ -113,7 +113,7 @@
 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":7,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1430069216559}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1430069216559}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3203/3203
 ~~ skipped flows.............: 0
@@ -122,9 +122,9 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4821157 bytes
-~~ total memory freed........: 4821157 bytes
-~~ total allocations/frees...: 104436/104436
+~~ total memory allocated....: 4815917 bytes
+~~ total memory freed........: 4815917 bytes
+~~ total allocations/frees...: 104422/104422
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 465 chars
 ~~ json string max len.......: 1524 chars
--- a/test/results/NTPv2.pcap.out
+++ b/test/results/NTPv2.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 461 chars
--- a/test/results/NTPv3.pcap.out
+++ b/test/results/NTPv3.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 461 chars
--- a/test/results/NTPv4.pcap.out
+++ b/test/results/NTPv4.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 461 chars
--- a/test/results/Oscar.pcap.out
+++ b/test/results/Oscar.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4714763 bytes
-~~ total memory freed........: 4714763 bytes
+~~ total memory allocated....: 4714451 bytes
+~~ total memory freed........: 4714451 bytes
 ~~ total allocations/frees...: 101225/101225
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 456 chars
--- a/test/results/WebattackRCE.pcap.out
+++ b/test/results/WebattackRCE.pcap.out
@@ -3197,8 +3197,8 @@
 ~~ total active/idle flows...: 797/797
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5486899 bytes
-~~ total memory freed........: 5486899 bytes
+~~ total memory allocated....: 5486587 bytes
+~~ total memory freed........: 5486587 bytes
 ~~ total allocations/frees...: 106628/106628
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 468 chars
--- a/test/results/WebattackSQLinj.pcap.out
+++ b/test/results/WebattackSQLinj.pcap.out
@@ -63,8 +63,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4691252 bytes
-~~ total memory freed........: 4691252 bytes
+~~ total memory allocated....: 4690940 bytes
+~~ total memory freed........: 4690940 bytes
 ~~ total allocations/frees...: 101297/101297
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 471 chars
--- a/test/results/WebattackXSS.pcap.out
+++ b/test/results/WebattackXSS.pcap.out
@@ -1849,7 +1849,7 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"}
-00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":245,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":79,"total-active-flows":334,"total-idle-flows":255,"total-compressions":295,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1852,"global_ts_msec":1499347536104}
+00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":245,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":79,"total-active-flows":334,"total-idle-flows":255,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1852,"global_ts_msec":1499347536104}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347536332,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="}
@@ -3967,7 +3967,7 @@
 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-data-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":609,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3970,"global_ts_msec":1499348099366}
+00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-data-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3970,"global_ts_msec":1499348099366}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9374/9374
 ~~ skipped flows.............: 0
@@ -3976,9 +3976,9 @@
 ~~ total active/idle flows...: 661/661
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5960160 bytes
-~~ total memory freed........: 5960160 bytes
-~~ total allocations/frees...: 113803/113803
+~~ total memory allocated....: 5531112 bytes
+~~ total memory freed........: 5531112 bytes
+~~ total allocations/frees...: 112585/112585
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 468 chars
 ~~ json string max len.......: 1123 chars
--- a/test/results/aimini-http.pcap.out
+++ b/test/results/aimini-http.pcap.out
@@ -33,8 +33,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4687019 bytes
-~~ total memory freed........: 4687019 bytes
+~~ total memory allocated....: 4686707 bytes
+~~ total memory freed........: 4686707 bytes
 ~~ total allocations/frees...: 101297/101297
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/ajp.pcap.out
+++ b/test/results/ajp.pcap.out
@@ -45,8 +45,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4681448 bytes
-~~ total memory freed........: 4681448 bytes
+~~ total memory allocated....: 4681136 bytes
+~~ total memory freed........: 4681136 bytes
 ~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 202 chars
--- a/test/results/alexa-app.pcapng.out
+++ b/test/results/alexa-app.pcapng.out
@@ -1070,7 +1070,7 @@
 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
 00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-data-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":0,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":64,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1073,"global_ts_msec":1490976198776}
+00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-data-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":0,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1073,"global_ts_msec":1490976198776}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3435/3406
 ~~ skipped flows.............: 0
@@ -1079,9 +1079,9 @@
 ~~ total active/idle flows...: 160/160
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5413256 bytes
-~~ total memory freed........: 5413256 bytes
-~~ total allocations/frees...: 105819/105819
+~~ total memory allocated....: 5367888 bytes
+~~ total memory freed........: 5367888 bytes
+~~ total allocations/frees...: 105691/105691
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 189 chars
 ~~ json string max len.......: 2122 chars
--- a/test/results/among_us.pcap.out
+++ b/test/results/among_us.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 455 chars
--- a/test/results/amqp.pcap.out
+++ b/test/results/amqp.pcap.out
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4692350 bytes
-~~ total memory freed........: 4692350 bytes
+~~ total memory allocated....: 4692038 bytes
+~~ total memory freed........: 4692038 bytes
 ~~ total allocations/frees...: 101312/101312
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 460 chars
--- a/test/results/android.pcap.out
+++ b/test/results/android.pcap.out
@@ -378,7 +378,7 @@
 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-data-len":101980,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":56,"total-detection-updates":42,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":6,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":381,"global_ts_msec":1582454872047}
+00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-data-len":101980,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":56,"total-detection-updates":42,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":381,"global_ts_msec":1582454872047}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 500/475
 ~~ skipped flows.............: 0
@@ -387,9 +387,9 @@
 ~~ total active/idle flows...: 63/63
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4912219 bytes
-~~ total memory freed........: 4912219 bytes
-~~ total allocations/frees...: 102065/102065
+~~ total memory allocated....: 4907683 bytes
+~~ total memory freed........: 4907683 bytes
+~~ total allocations/frees...: 102053/102053
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 463 chars
 ~~ json string max len.......: 2361 chars
--- a/test/results/anyconnect-vpn.pcap.out
+++ b/test/results/anyconnect-vpn.pcap.out
@@ -395,7 +395,7 @@
 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
 00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-data-len":880499,"total-not-detected-flows":2,"total-guessed-flows":10,"total-detected-flows":57,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":2,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":398,"global_ts_msec":1569687289262}
+00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-data-len":880499,"total-not-detected-flows":2,"total-guessed-flows":10,"total-detected-flows":57,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":398,"global_ts_msec":1569687289262}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3001/2997
 ~~ skipped flows.............: 0
@@ -404,9 +404,9 @@
 ~~ total active/idle flows...: 69/69
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4891999 bytes
-~~ total memory freed........: 4891999 bytes
-~~ total allocations/frees...: 104399/104399
+~~ total memory allocated....: 4890279 bytes
+~~ total memory freed........: 4890279 bytes
+~~ total allocations/frees...: 104395/104395
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 451 chars
 ~~ json string max len.......: 1597 chars
--- a/test/results/anydesk-2.pcap.out
+++ b/test/results/anydesk-2.pcap.out
@@ -911,8 +911,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4755223 bytes
-~~ total memory freed........: 4755223 bytes
+~~ total memory allocated....: 4754911 bytes
+~~ total memory freed........: 4754911 bytes
 ~~ total allocations/frees...: 103241/103241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 211 chars
--- a/test/results/anydesk.pcap.out
+++ b/test/results/anydesk.pcap.out
@@ -23,8 +23,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4889326 bytes
-~~ total memory freed........: 4889326 bytes
+~~ total memory allocated....: 4889014 bytes
+~~ total memory freed........: 4889014 bytes
 ~~ total allocations/frees...: 108114/108114
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 454 chars
--- a/test/results/avast_securedns.pcapng.out
+++ b/test/results/avast_securedns.pcapng.out
@@ -215,8 +215,8 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4715191 bytes
-~~ total memory freed........: 4715191 bytes
+~~ total memory allocated....: 4714879 bytes
+~~ total memory freed........: 4714879 bytes
 ~~ total allocations/frees...: 101334/101334
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 473 chars
--- a/test/results/bad-dns-traffic.pcap.out
+++ b/test/results/bad-dns-traffic.pcap.out
@@ -35,8 +35,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4692644 bytes
-~~ total memory freed........: 4692644 bytes
+~~ total memory allocated....: 4692332 bytes
+~~ total memory freed........: 4692332 bytes
 ~~ total allocations/frees...: 101531/101531
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 471 chars
--- a/test/results/badpackets.pcap.out
+++ b/test/results/badpackets.pcap.out
@@ -210,8 +210,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4678950 bytes
-~~ total memory freed........: 4678950 bytes
+~~ total memory allocated....: 4678638 bytes
+~~ total memory freed........: 4678638 bytes
 ~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 209 chars
--- a/test/results/bitcoin.pcap.out
+++ b/test/results/bitcoin.pcap.out
@@ -20,7 +20,7 @@
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
-00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215}
+00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215}
 00773{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -29,12 +29,12 @@
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
 00776{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"thread_ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"thread_ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1301329138452}
+00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1301329138452}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
-00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1301329743430}
+00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1301329743430}
 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00773{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
@@ -43,7 +43,7 @@
 00777{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1301329810839}
+00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1301329810839}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 637/637
 ~~ skipped flows.............: 0
@@ -52,9 +52,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5748230 bytes
-~~ total memory freed........: 5748230 bytes
-~~ total allocations/frees...: 101873/101873
+~~ total memory allocated....: 5747214 bytes
+~~ total memory freed........: 5747214 bytes
+~~ total allocations/frees...: 101871/101871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 463 chars
 ~~ json string max len.......: 1833 chars
--- a/test/results/bittorrent.pcap.out
+++ b/test/results/bittorrent.pcap.out
@@ -140,8 +140,8 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5015765 bytes
-~~ total memory freed........: 5015765 bytes
+~~ total memory allocated....: 5015453 bytes
+~~ total memory freed........: 5015453 bytes
 ~~ total allocations/frees...: 101535/101535
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/bittorrent_utp.pcap.out
+++ b/test/results/bittorrent_utp.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4944476 bytes
-~~ total memory freed........: 4944476 bytes
+~~ total memory allocated....: 4944164 bytes
+~~ total memory freed........: 4944164 bytes
 ~~ total allocations/frees...: 101231/101231
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 470 chars
--- a/test/results/bot.pcap.out
+++ b/test/results/bot.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4691638 bytes
-~~ total memory freed........: 4691638 bytes
+~~ total memory allocated....: 4691326 bytes
+~~ total memory freed........: 4691326 bytes
 ~~ total allocations/frees...: 101549/101549
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 459 chars
--- a/test/results/bt_search.pcap.out
+++ b/test/results/bt_search.pcap.out
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4942040 bytes
-~~ total memory freed........: 4942040 bytes
+~~ total memory allocated....: 4941728 bytes
+~~ total memory freed........: 4941728 bytes
 ~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 465 chars
--- a/test/results/capwap.pcap.out
+++ b/test/results/capwap.pcap.out
@@ -45,7 +45,7 @@
 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-data-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1422329175528}
+00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-data-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1422329175528}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 422/397
 ~~ skipped flows.............: 0
@@ -54,9 +54,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4695527 bytes
-~~ total memory freed........: 4695527 bytes
-~~ total allocations/frees...: 101554/101554
+~~ total memory allocated....: 4694511 bytes
+~~ total memory freed........: 4694511 bytes
+~~ total allocations/frees...: 101552/101552
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 186 chars
 ~~ json string max len.......: 806 chars
--- a/test/results/cassandra.pcap.out
+++ b/test/results/cassandra.pcap.out
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4688988 bytes
-~~ total memory freed........: 4688988 bytes
+~~ total memory allocated....: 4688676 bytes
+~~ total memory freed........: 4688676 bytes
 ~~ total allocations/frees...: 101432/101432
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 465 chars
--- a/test/results/check_mk_new.pcap.out
+++ b/test/results/check_mk_new.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682664 bytes
-~~ total memory freed........: 4682664 bytes
+~~ total memory allocated....: 4682352 bytes
+~~ total memory freed........: 4682352 bytes
 ~~ total allocations/frees...: 101241/101241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 468 chars
--- a/test/results/chrome.pcap.out
+++ b/test/results/chrome.pcap.out
@@ -51,8 +51,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4860121 bytes
-~~ total memory freed........: 4860121 bytes
+~~ total memory allocated....: 4859809 bytes
+~~ total memory freed........: 4859809 bytes
 ~~ total allocations/frees...: 106809/106809
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 462 chars
--- a/test/results/coap_mqtt.pcap.out
+++ b/test/results/coap_mqtt.pcap.out
@@ -97,8 +97,8 @@
 ~~ total active/idle flows...: 16/16
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4948000 bytes
-~~ total memory freed........: 4948000 bytes
+~~ total memory allocated....: 4947688 bytes
+~~ total memory freed........: 4947688 bytes
 ~~ total allocations/frees...: 109706/109706
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 458 chars
--- a/test/results/cpha.pcap.out
+++ b/test/results/cpha.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 460 chars
--- a/test/results/dcerpc.pcap.out
+++ b/test/results/dcerpc.pcap.out
@@ -31,8 +31,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682902 bytes
-~~ total memory freed........: 4682902 bytes
+~~ total memory allocated....: 4682590 bytes
+~~ total memory freed........: 4682590 bytes
 ~~ total allocations/frees...: 101168/101168
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 462 chars
--- a/test/results/dhcp-fuzz.pcapng.out
+++ b/test/results/dhcp-fuzz.pcapng.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679851 bytes
-~~ total memory freed........: 4679851 bytes
+~~ total memory allocated....: 4679539 bytes
+~~ total memory freed........: 4679539 bytes
 ~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/diameter.pcap.out
+++ b/test/results/diameter.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679996 bytes
-~~ total memory freed........: 4679996 bytes
+~~ total memory allocated....: 4679684 bytes
+~~ total memory freed........: 4679684 bytes
 ~~ total allocations/frees...: 101149/101149
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 464 chars
--- a/test/results/dlt_ppp.pcap.out
+++ b/test/results/dlt_ppp.pcap.out
@@ -10,8 +10,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4678950 bytes
-~~ total memory freed........: 4678950 bytes
+~~ total memory allocated....: 4678638 bytes
+~~ total memory freed........: 4678638 bytes
 ~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 175 chars
--- a/test/results/dnp3.pcap.out
+++ b/test/results/dnp3.pcap.out
@@ -64,8 +64,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4703721 bytes
-~~ total memory freed........: 4703721 bytes
+~~ total memory allocated....: 4703409 bytes
+~~ total memory freed........: 4703409 bytes
 ~~ total allocations/frees...: 101708/101708
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 460 chars
--- a/test/results/dns-invalid-chars.pcap.out
+++ b/test/results/dns-invalid-chars.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679880 bytes
-~~ total memory freed........: 4679880 bytes
+~~ total memory allocated....: 4679568 bytes
+~~ total memory freed........: 4679568 bytes
 ~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 473 chars
--- a/test/results/dns-tunnel-iodine.pcap.out
+++ b/test/results/dns-tunnel-iodine.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4692408 bytes
-~~ total memory freed........: 4692408 bytes
+~~ total memory allocated....: 4692096 bytes
+~~ total memory freed........: 4692096 bytes
 ~~ total allocations/frees...: 101577/101577
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 473 chars
--- a/test/results/dns_ambiguous_names.pcap.out
+++ b/test/results/dns_ambiguous_names.pcap.out
@@ -69,8 +69,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4688250 bytes
-~~ total memory freed........: 4688250 bytes
+~~ total memory allocated....: 4687938 bytes
+~~ total memory freed........: 4687938 bytes
 ~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 475 chars
--- a/test/results/dns_doh.pcap.out
+++ b/test/results/dns_doh.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4686030 bytes
-~~ total memory freed........: 4686030 bytes
+~~ total memory allocated....: 4685718 bytes
+~~ total memory freed........: 4685718 bytes
 ~~ total allocations/frees...: 101288/101288
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 453 chars
--- a/test/results/dns_dot.pcap.out
+++ b/test/results/dns_dot.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4686775 bytes
-~~ total memory freed........: 4686775 bytes
+~~ total memory allocated....: 4686463 bytes
+~~ total memory freed........: 4686463 bytes
 ~~ total allocations/frees...: 101182/101182
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 463 chars
--- a/test/results/dns_exfiltration.pcap.out
+++ b/test/results/dns_exfiltration.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4688522 bytes
-~~ total memory freed........: 4688522 bytes
+~~ total memory allocated....: 4688210 bytes
+~~ total memory freed........: 4688210 bytes
 ~~ total allocations/frees...: 101443/101443
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 472 chars
--- a/test/results/dns_fragmented.pcap.out
+++ b/test/results/dns_fragmented.pcap.out
@@ -154,8 +154,8 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4698973 bytes
-~~ total memory freed........: 4698973 bytes
+~~ total memory allocated....: 4698661 bytes
+~~ total memory freed........: 4698661 bytes
 ~~ total allocations/frees...: 101262/101262
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 214 chars
--- a/test/results/dns_invert_query.pcapng.out
+++ b/test/results/dns_invert_query.pcapng.out
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679880 bytes
-~~ total memory freed........: 4679880 bytes
+~~ total memory allocated....: 4679568 bytes
+~~ total memory freed........: 4679568 bytes
 ~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 469 chars
--- a/test/results/dns_long_domainname.pcap.out
+++ b/test/results/dns_long_domainname.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679880 bytes
-~~ total memory freed........: 4679880 bytes
+~~ total memory allocated....: 4679568 bytes
+~~ total memory freed........: 4679568 bytes
 ~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 475 chars
--- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1473,8 +1473,8 @@
 ~~ total active/idle flows...: 245/245
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4906742 bytes
-~~ total memory freed........: 4906742 bytes
+~~ total memory allocated....: 4906430 bytes
+~~ total memory freed........: 4906430 bytes
 ~~ total allocations/frees...: 102363/102363
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 228 chars
--- a/test/results/dnscrypt-v2-doh.pcap.out
+++ b/test/results/dnscrypt-v2-doh.pcap.out
@@ -249,8 +249,8 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4871739 bytes
-~~ total memory freed........: 4871739 bytes
+~~ total memory allocated....: 4871427 bytes
+~~ total memory freed........: 4871427 bytes
 ~~ total allocations/frees...: 101955/101955
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 470 chars
--- a/test/results/dnscrypt-v2.pcap.out
+++ b/test/results/dnscrypt-v2.pcap.out
@@ -24,8 +24,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4681740 bytes
-~~ total memory freed........: 4681740 bytes
+~~ total memory allocated....: 4681428 bytes
+~~ total memory freed........: 4681428 bytes
 ~~ total allocations/frees...: 101155/101155
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/dnscrypt_skype_false_positive.pcapng.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679996 bytes
-~~ total memory freed........: 4679996 bytes
+~~ total memory allocated....: 4679684 bytes
+~~ total memory freed........: 4679684 bytes
 ~~ total allocations/frees...: 101149/101149
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 487 chars
--- a/test/results/doq.pcapng.out
+++ b/test/results/doq.pcapng.out
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4686726 bytes
-~~ total memory freed........: 4686726 bytes
+~~ total memory allocated....: 4686414 bytes
+~~ total memory freed........: 4686414 bytes
 ~~ total allocations/frees...: 101178/101178
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 461 chars
--- a/test/results/doq_adguard.pcapng.out
+++ b/test/results/doq_adguard.pcapng.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4693810 bytes
-~~ total memory freed........: 4693810 bytes
+~~ total memory allocated....: 4693498 bytes
+~~ total memory freed........: 4693498 bytes
 ~~ total allocations/frees...: 101451/101451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 469 chars
--- a/test/results/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/dos_win98_smb_netbeui.pcap.out
@@ -347,8 +347,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4684236 bytes
-~~ total memory freed........: 4684236 bytes
+~~ total memory allocated....: 4683924 bytes
+~~ total memory freed........: 4683924 bytes
 ~~ total allocations/frees...: 101214/101214
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 200 chars
--- a/test/results/drda_db2.pcap.out
+++ b/test/results/drda_db2.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682972 bytes
-~~ total memory freed........: 4682972 bytes
+~~ total memory allocated....: 4682660 bytes
+~~ total memory freed........: 4682660 bytes
 ~~ total allocations/frees...: 101182/101182
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 457 chars
--- a/test/results/dropbox.pcap.out
+++ b/test/results/dropbox.pcap.out
@@ -109,8 +109,8 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4716622 bytes
-~~ total memory freed........: 4716622 bytes
+~~ total memory allocated....: 4716310 bytes
+~~ total memory freed........: 4716310 bytes
 ~~ total allocations/frees...: 102033/102033
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 462 chars
--- a/test/results/dtls.pcap.out
+++ b/test/results/dtls.pcap.out
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679880 bytes
-~~ total memory freed........: 4679880 bytes
+~~ total memory allocated....: 4679568 bytes
+~~ total memory freed........: 4679568 bytes
 ~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 460 chars
--- a/test/results/dtls2.pcap.out
+++ b/test/results/dtls2.pcap.out
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4680736 bytes
-~~ total memory freed........: 4680736 bytes
+~~ total memory allocated....: 4680424 bytes
+~~ total memory freed........: 4680424 bytes
 ~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 461 chars
--- a/test/results/dtls_certificate.pcapng.out
+++ b/test/results/dtls_certificate.pcapng.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4688236 bytes
-~~ total memory freed........: 4688236 bytes
+~~ total memory allocated....: 4687924 bytes
+~~ total memory freed........: 4687924 bytes
 ~~ total allocations/frees...: 101148/101148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 474 chars
--- a/test/results/dtls_certificate_fragments.pcap.out
+++ b/test/results/dtls_certificate_fragments.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4680402 bytes
-~~ total memory freed........: 4680402 bytes
+~~ total memory allocated....: 4680090 bytes
+~~ total memory freed........: 4680090 bytes
 ~~ total allocations/frees...: 101163/101163
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 482 chars
--- a/test/results/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/dtls_session_id_and_coockie_both.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679938 bytes
-~~ total memory freed........: 4679938 bytes
+~~ total memory allocated....: 4679626 bytes
+~~ total memory freed........: 4679626 bytes
 ~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
--- a/test/results/encrypted_sni.pcap.out
+++ b/test/results/encrypted_sni.pcap.out
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4689678 bytes
-~~ total memory freed........: 4689678 bytes
+~~ total memory allocated....: 4689366 bytes
+~~ total memory freed........: 4689366 bytes
 ~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 469 chars
--- a/test/results/ethereum.pcap.out
+++ b/test/results/ethereum.pcap.out
@@ -438,8 +438,8 @@
 ~~ total active/idle flows...: 74/74
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4918230 bytes
-~~ total memory freed........: 4918230 bytes
+~~ total memory allocated....: 4917918 bytes
+~~ total memory freed........: 4917918 bytes
 ~~ total allocations/frees...: 103417/103417
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 459 chars
--- a/test/results/ethernetIP.pcap.out
+++ b/test/results/ethernetIP.pcap.out
@@ -33,8 +33,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4685338 bytes
-~~ total memory freed........: 4685338 bytes
+~~ total memory allocated....: 4685026 bytes
+~~ total memory freed........: 4685026 bytes
 ~~ total allocations/frees...: 101252/101252
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 458 chars
--- a/test/results/exe_download.pcap.out
+++ b/test/results/exe_download.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4700289 bytes
-~~ total memory freed........: 4700289 bytes
+~~ total memory allocated....: 4699977 bytes
+~~ total memory freed........: 4699977 bytes
 ~~ total allocations/frees...: 101849/101849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 459 chars
--- a/test/results/exe_download_as_png.pcap.out
+++ b/test/results/exe_download_as_png.pcap.out
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4695363 bytes
-~~ total memory freed........: 4695363 bytes
+~~ total memory allocated....: 4695051 bytes
+~~ total memory freed........: 4695051 bytes
 ~~ total allocations/frees...: 101680/101680
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/facebook.pcap.out
+++ b/test/results/facebook.pcap.out
@@ -24,8 +24,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4693755 bytes
-~~ total memory freed........: 4693755 bytes
+~~ total memory allocated....: 4693443 bytes
+~~ total memory freed........: 4693443 bytes
 ~~ total allocations/frees...: 101227/101227
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 464 chars
--- a/test/results/firefox.pcap.out
+++ b/test/results/firefox.pcap.out
@@ -51,8 +51,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4854427 bytes
-~~ total memory freed........: 4854427 bytes
+~~ total memory allocated....: 4854115 bytes
+~~ total memory freed........: 4854115 bytes
 ~~ total allocations/frees...: 106617/106617
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 463 chars
--- a/test/results/fix.pcap.out
+++ b/test/results/fix.pcap.out
@@ -81,8 +81,8 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4750559 bytes
-~~ total memory freed........: 4750559 bytes
+~~ total memory allocated....: 4750247 bytes
+~~ total memory freed........: 4750247 bytes
 ~~ total allocations/frees...: 102449/102449
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 453 chars
--- a/test/results/forticlient.pcap.out
+++ b/test/results/forticlient.pcap.out
@@ -49,8 +49,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4772383 bytes
-~~ total memory freed........: 4772383 bytes
+~~ total memory allocated....: 4772071 bytes
+~~ total memory freed........: 4772071 bytes
 ~~ total allocations/frees...: 103178/103178
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/ftp-start-tls.pcap.out
+++ b/test/results/ftp-start-tls.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4683349 bytes
-~~ total memory freed........: 4683349 bytes
+~~ total memory allocated....: 4683037 bytes
+~~ total memory freed........: 4683037 bytes
 ~~ total allocations/frees...: 101195/101195
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 467 chars
--- a/test/results/ftp.pcap.out
+++ b/test/results/ftp.pcap.out
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4722278 bytes
-~~ total memory freed........: 4722278 bytes
+~~ total memory allocated....: 4721966 bytes
+~~ total memory freed........: 4721966 bytes
 ~~ total allocations/frees...: 102344/102344
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 459 chars
--- a/test/results/ftp_failed.pcap.out
+++ b/test/results/ftp_failed.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682392 bytes
-~~ total memory freed........: 4682392 bytes
+~~ total memory allocated....: 4682080 bytes
+~~ total memory freed........: 4682080 bytes
 ~~ total allocations/frees...: 101162/101162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 466 chars
--- a/test/results/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/fuzz-2006-06-26-2594.pcap.out
@@ -474,7 +474,7 @@
 00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1120470129593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470129593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsMAR7GHVfCAAAABACVzAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":234,"total-skipped-flows":0,"total-l4-data-len":23856,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":11,"current-active-flows":58,"total-active-flows":104,"total-idle-flows":46,"total-compressions":66,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_msec":1120470141614}
+00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":234,"total-skipped-flows":0,"total-l4-data-len":23856,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":11,"current-active-flows":58,"total-active-flows":104,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_msec":1120470141614}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1120470141614,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470141614,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="}
 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -953,7 +953,7 @@
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1120470721915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470721915,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"}
 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
-00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":398,"total-skipped-flows":0,"total-l4-data-len":38937,"total-not-detected-flows":15,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":25,"current-active-flows":34,"total-active-flows":182,"total-idle-flows":148,"total-compressions":125,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":956,"global_ts_msec":1120470764674}
+00580{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":398,"total-skipped-flows":0,"total-l4-data-len":38937,"total-not-detected-flows":15,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":25,"current-active-flows":34,"total-active-flows":182,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":956,"global_ts_msec":1120470764674}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1120470764674,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470764674,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="}
 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1432,7 +1432,7 @@
 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-compressions":159,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1435,"global_ts_msec":1120471107427}
+00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1435,"global_ts_msec":1120471107427}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 691/554
 ~~ skipped flows.............: 0
@@ -1441,9 +1441,9 @@
 ~~ total active/idle flows...: 249/249
 ~~ total timeout flows.......: 28
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5050704 bytes
-~~ total memory freed........: 5050704 bytes
-~~ total allocations/frees...: 102772/102772
+~~ total memory allocated....: 4938456 bytes
+~~ total memory freed........: 4938456 bytes
+~~ total allocations/frees...: 102454/102454
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 200 chars
 ~~ json string max len.......: 1897 chars
--- a/test/results/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/fuzz-2006-09-29-28586.pcap.out
@@ -203,7 +203,7 @@
 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":15,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_msec":1031854568982}
+00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_msec":1031854568982}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 131/117
 ~~ skipped flows.............: 0
@@ -212,9 +212,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4746898 bytes
-~~ total memory freed........: 4746898 bytes
-~~ total allocations/frees...: 101424/101424
+~~ total memory allocated....: 4736026 bytes
+~~ total memory freed........: 4736026 bytes
+~~ total allocations/frees...: 101394/101394
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 201 chars
 ~~ json string max len.......: 2426 chars
--- a/test/results/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/fuzz-2020-02-16-11740.pcap.out
@@ -35,7 +35,7 @@
 01181{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996641548,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996641548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_msec":1528996641548,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"}
-00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1528996680540}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1528996680540}
 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996680808,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1528996680808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528996680808,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -147,7 +147,7 @@
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1528997266054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997266054,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/tpAAPwRVO\/G4hk1CjhAHgcUJQAAzZq1C0gAxTQDE\/syEk8COAKXrk0TJQABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuTHR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADQlOBVyiA51UB5+BTRf1Z+AgUAAJqmOeZiwwAAElk1sqzX2LSLAQACCwUAAAF5eGigvLsuc5FvQXnfthRQEr72IV3uvADHqUwosXSRIBM="}
 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00574{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":6,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":9,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1528997294157}
+00574{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":6,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1528997294157}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -305,7 +305,7 @@
 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
-00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-compressions":16,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_msec":1528997988607}
+00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_msec":1528997988607}
 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838}
 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240}
@@ -457,7 +457,7 @@
 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453}
 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-compressions":19,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":460,"global_ts_msec":1528998601376}
+00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":460,"global_ts_msec":1528998601376}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -481,7 +481,7 @@
 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
-00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":366,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":128803,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":13,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":21,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":484,"global_ts_msec":1528998643334}
+00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":366,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":128803,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":13,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":484,"global_ts_msec":1528998643334}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 366/299
 ~~ skipped flows.............: 0
@@ -490,9 +490,9 @@
 ~~ total active/idle flows...: 79/79
 ~~ total timeout flows.......: 16
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4771293 bytes
-~~ total memory freed........: 4771293 bytes
-~~ total allocations/frees...: 101718/101718
+~~ total memory allocated....: 4756197 bytes
+~~ total memory freed........: 4756197 bytes
+~~ total allocations/frees...: 101676/101676
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 201 chars
 ~~ json string max len.......: 1566 chars
--- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4678950 bytes
-~~ total memory freed........: 4678950 bytes
+~~ total memory allocated....: 4678638 bytes
+~~ total memory freed........: 4678638 bytes
 ~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 229 chars
--- a/test/results/fuzz-2021-10-13.pcap.out
+++ b/test/results/fuzz-2021-10-13.pcap.out
@@ -11,8 +11,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4678950 bytes
-~~ total memory freed........: 4678950 bytes
+~~ total memory allocated....: 4678638 bytes
+~~ total memory freed........: 4678638 bytes
 ~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 208 chars
--- a/test/results/genshin-impact.pcap.out
+++ b/test/results/genshin-impact.pcap.out
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682871 bytes
-~~ total memory freed........: 4682871 bytes
+~~ total memory allocated....: 4682559 bytes
+~~ total memory freed........: 4682559 bytes
 ~~ total allocations/frees...: 101194/101194
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 470 chars
--- a/test/results/git.pcap.out
+++ b/test/results/git.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682432 bytes
-~~ total memory freed........: 4682432 bytes
+~~ total memory allocated....: 4682120 bytes
+~~ total memory freed........: 4682120 bytes
 ~~ total allocations/frees...: 101233/101233
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 459 chars
--- a/test/results/google_ssl.pcap.out
+++ b/test/results/google_ssl.pcap.out
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4682682 bytes
-~~ total memory freed........: 4682682 bytes
+~~ total memory allocated....: 4682370 bytes
+~~ total memory freed........: 4682370 bytes
 ~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 456 chars
--- a/test/results/googledns_android10.pcap.out
+++ b/test/results/googledns_android10.pcap.out
@@ -56,7 +56,7 @@
 01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":2,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303}
+00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 532/532
 ~~ skipped flows.............: 0
@@ -65,9 +65,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4728634 bytes
-~~ total memory freed........: 4728634 bytes
-~~ total allocations/frees...: 101761/101761
+~~ total memory allocated....: 4726914 bytes
+~~ total memory freed........: 4726914 bytes
+~~ total allocations/frees...: 101757/101757
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 469 chars
 ~~ json string max len.......: 1424 chars
--- a/Show More
+++ b/Show More