Add nDPI protocol analyzer and integrate with handshake analysis

Dockerfile

@@ -6,8 +6,22 @@ RUN apt-get update && apt-get install -y \
     iproute2 \
     iptables \
     tcpdump \
+    build-essential \
+    git \
+    libpcap-dev \
+    libjson-c-dev \
+    pkg-config \
     && rm -rf /var/lib/apt/lists/*
 
+# Build and install nDPI
+RUN git clone https://github.com/ntop/nDPI.git /tmp/nDPI && \
+    cd /tmp/nDPI && \
+    ./autogen.sh && \
+    make && \
+    make install && \
+    ldconfig && \
+    rm -rf /tmp/nDPI
+
 WORKDIR /app
 
 # Copy pubspec files first (for dependency caching)
@@ -18,6 +32,10 @@ RUN dart pub get
 
 # Copy source code (invalidates cache from here)
 COPY lib/ ./lib/
+COPY protocol_analyzer.c ./
+
+# Compile the C protocol analyzer
+RUN gcc -o protocol_analyzer protocol_analyzer.c -lndpi -lpcap
 
 # Compile the application
 RUN dart compile exe lib/main.dart -o waylume_server