Aggregating over the standard 5-tuple using -a results in aggregated flows like expected, but when a filter is added, e.g. on a source and destination address that were in the aggregated result set, fbitdump errors and stops.
$ fbitdump -R . '%sa6 2001:db8::521:6954:d379:d3c5:7947 and %da6 2a00:db8:1111:c01::7d' -c3
( 3 flows returned, so we're sure these addresses are in the dataset)
# adding -a to aggregate over 5-tuple:
$ fbitdump -R . '%sa6 2001:db8::521:6954:d379:d3c5:7947 and %da6 2a00:db8:1111:c01::7d' -a
Select 'e0id28p0,e0id28p1,e0id4,e0id27p0,e0id27p1, flows, e0id152,( e0id153 - e0id152 ) as td,e0id2,e0id1' with filter '1 = 1' failed
# but using -a without filter does return what we're looking for
$ fbitdump -R . -a | grep "2001:db8::521:6954:d379:d3c5:7947" | grep "2a00:db8:1111:c01::7d"
(2 unidirectional flows returned)
Using -P for post-aggregation filtering does not throw the error, but shows an empty result set.
I have a dataset available to reproduce this, if need be. At this moment, I'm not sure whether this only occurs for v6 data, or also in v4 data.
Thanks for catching this. We added additional checks that everything was OK and stopped the processing if not. However, this case was caught in the checks as well. It should be fixed now.
Aggregating over the standard 5-tuple using
-a
results in aggregated flows like expected, but when a filter is added, e.g. on a source and destination address that were in the aggregated result set, fbitdump errors and stops.Using
-P
for post-aggregation filtering does not throw the error, but shows an empty result set. I have a dataset available to reproduce this, if need be. At this moment, I'm not sure whether this only occurs for v6 data, or also in v4 data.