…tures-merged

- Upgraded nDPI submodule from 4.0 to 4.12
- Added JA4 client fingerprint support alongside existing JA3 support
- Updated 33 test result files to match improved nDPI 4.12 detection:
  - 1kxun.pcap: 5 flows now detected as Mikrotik (previously Unknown)
  - KakaoTalk_talk.pcap: 1 flow now detected as AmazonAWS (previously Unknown)
  - Various other test files with improved protocol detection
- All tests now pass with nDPI 4.12

- Upgrade nDPI submodule from 4.12 to 4.14
- Remove JA3C support (removed in nDPI 4.14)
- Rename fingerprint fields: ja4_client_fingerprint → ja4c_fingerprint, ja3_server_fingerprint → ja3s_fingerprint
- Update C code to use JA4C instead of JA3C
- Update Python code to match new field names
- Update test expectations for nDPI 4.14's improved protocol classification
- All tests passing with new nDPI 4.14 detection results

- Replace manual string concatenation with csv.writer() for RFC 4180 compliance
- Update open_file() to use text mode with proper encoding and newline handling
- Remove manual quoting from csv_converter() as csv.writer() handles this properly
- Bump version to 6.7.0

This addresses potential data corruption with special characters (commas, quotes,
newlines) in network flow data by using Python's standard CSV module instead
of manual string formatting.

- Updates nDPI from 4.14 stable (90090b9ae) to dev branch (5f312c0cd)
- Includes fixes for JA4 ALPN fingerprint calculation
- Includes fixes for JA4 SNI detection with missing extensions
- Resolves JA4 fingerprint accuracy issues for proper interoperability

This reverts commit 4af71b6.

- Update nDPI submodule to custom fork with JA4 fixes (drnpkr/nDPI:ja4-fixes-4.14)
- Incorporates fixes from nDPI PR #2915: ntop/nDPI#2915
- Fix JA4 ALPN calculation to use first+last characters (not first+second)
- Fix JA4 SNI detection to properly handle missing SNI extensions
- Bump version from 6.7.0 to 6.7.1
- Maintains nDPI 4.14 API compatibility while improving JA4 accuracy
- All tests pass successfully with corrected JA4 fingerprints

Reverted field names from ja4c_fingerprint/ja3s_fingerprint back to
client_fingerprint/server_fingerprint to better reflect that these
fields contain protocol-specific fingerprints:

- DHCP: Option request list fingerprints
- SSH: HASSH client/server fingerprints
- TLS: JA4C client / JA3S server fingerprints

This resolves confusion where field names suggested they only
contained JA4/JA3 values, when they actually store various
protocol fingerprints by design (as in the original NFStream design).

Changes:
- Reverted Python field names in flow.py
- Updated C code field references in lib_engine.c
- Updated test assertions in tests.py
- Added comments explaining multi-protocol fingerprint nature

The underlying C struct fields remain ja4c/ja3s for nDPI compatibility.

Update fingerprint field names from ja4c/ja3s to ja4_client/ja3_server
to align with nDPI's struct field naming convention. This improves code
clarity and consistency with the underlying nDPI library.

Changes:
- Update C struct fields in lib_engine.c
- Update Python field access in flow.py
- Maintain existing client_fingerprint/server_fingerprint API

The CFFI bindings were rebuilt to sync the new field names, and all
tests pass including TLS fingerprinting verification.

- Update setup.cfg with correct current version (6.7.1)
- Fix quote style to match actual file patterns
- Remove reference to non-existent lib_engine.c version field
- Add bumpversion>=0.6.0 to dev_requirements.txt for proper version management

Make IPv6 ip_size calculation consistent with IPv4 for unified accounting modes.
IPv6 ip6_un1_plen field excludes the IPv6 header (per RFC), while IPv4 tot_len
includes the IPv4 header. This caused inconsistent accounting behavior between
IPv4 and IPv6 flows.

Updated packet_get_ipv6_info() to include IPv6 header size in total length
calculation for consistent accounting semantics:
- Before: iph.tot_len = iph6->ip6_hdr.ip6_un1_plen (payload only)
- After: iph.tot_len = htons(sizeof(struct ndpi_ipv6hdr) + ntohs(iph6->ip6_hdr.ip6_un1_plen))

This ensures unified accounting behavior across IPv4 and IPv6:
- Mode 0: Raw packet (all headers + data)
- Mode 1: IP packet (IP header + transport + data)
- Mode 2: Transport segment (transport header + data)
- Mode 3: Application payload (data only)

Previously IPv6 Mode 1 and Mode 2 were identical, now they differ by 40 bytes.