netflow mode 32bit: Invalid type 'Q' in unpack at asstatd.pl line 321.

[acoul]

Greetings,

this issue exists on netflow mode only. sflow mode does not exhibit this behavior.

the pmacct config:

daemonize: false promisc: true plugin_buffer_size: 10240
plugin_pipe_size: 10240000 pcap_filter: net 10.0.0.0/8 interface: eth0 plugins: nfprobe[in],nfprobe[out] nfprobe_receiver: 10.2.19.18:9000 nfprobe_source_ip: 10.2.19.3 nfprobe_version: 9 nfprobe_direction[in]: in nfprobe_direction[out]: out nfprobe_ifindex[in]: 731 nfprobe_ifindex[out]: 732 nfacctd_as_new: bgp nfprobe_peer_as: true bgp_peer_src_as_type: bgp bgp_src_as_path_type: bgp bgp_src_std_comm_type: bgp bgp_src_ext_comm_type: bgp bgp_daemon_pipe_size: 1310710 bgp_daemon: true bgp_daemon_ip: 10.2.146.10 bgp_daemon_id: 10.2.146.10 bgp_daemon_port: 17917 bgp_agent_map: /etc/pmacct/agent_to_peer.map bgp_follow_nexthop: 10.2.19.0/24, 10.2.146.0/24, 10.0.0.0/8 aggregate[in]: src_host, dst_host, src_port, dst_port, src_as, dst_as, as_path, peer_src_as, peer_dst_as, proto aggregate[out]: src_host, dst_host, src_port, dst_port, src_as, dst_as, as_path, peer_src_as, peer_dst_as, proto aggregate_filter[in]: ether src !(50:e5:49:33:5c:xx) aggregate_filter[out]: ether src 50:e5:49:33:5c:xx

pmacct/nfprobe, quagga & as-stats all run on same physical fresh gentoo/rolling 32bit system.

attaching a wireshark capture:

wireshark_enp4s0_pcapng.zip

[acoul]

according to this & this I've made the following patch that at least doesn't let asstatd.pl explode under a 32-bit system.

asstatd_32bit.patch.txt

[acoul]

I believe this is a better patch. It has been successfully tested on a 32bit/IPv4 system.

asstatd_32bit_v2.patch.txt