Added daemon event: DAEMON_EVENT_STATUS (periodically send's daemon statistics.)

 * Improved distributor timeout handling (per-thread).
 * flow-info.py / flow-dash.py: Distinguish between flow risk severities.
 * nDPId: Skip tag switch datalink packet dissection / processing.
 * nDPId: Fixed incorrect value for current active flows.
 * Improved JSON schema's.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 34 insertions, 31 deletions

diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out
index fa4fdde8c..029d82336 100644
--- a/test/results/reasm_crash_anon.pcapng.out
+++ b/test/results/reasm_crash_anon.pcapng.out
@@ -1,29 +1,32 @@
-00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
-00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
-00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
-00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410865765918,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45}
-00454{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"ts_msec":1410865765920,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86}
-00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
-00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866097027,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
-00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866217426,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45}
-00363{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"ts_msec":1410866247530,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="}
-00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20}
-00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866428129,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"}
-00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45}
-00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="}
-00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
-00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="}
-00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","total-events-serialized":26}
+00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
+00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1410865705717}
+00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
+00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
+00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
+00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
+00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410865735821,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918}
+00461{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1410865765918,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920}
+00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424}
+00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866097026,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027}
+00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866187327,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866217426}
+00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":1410866247528,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="}
+00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530}
+00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":20,"global_ts_msec":1410866307727}
+00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866398032,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"}
+00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129}
+00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="}
+00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634}
+00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1410866909737}
+00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="}
+00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242}
+00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":29,"global_ts_msec":1410867180785}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 209/200
 ~~ skipped flows.............: 0
@@ -32,10 +35,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4694641 bytes
-~~ total memory freed........: 4694641 bytes
+~~ total memory allocated....: 4694657 bytes
+~~ total memory freed........: 4694657 bytes
 ~~ total allocations/frees...: 101347/101347
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 173 chars
-~~ json string max len.......: 650 chars
-~~ json string avg len.......: 414 chars
+~~ json string min len.......: 234 chars
+~~ json string max len.......: 657 chars
+~~ json string avg len.......: 440 chars