From affef1a97266b914178234d88ab132641efad31a Mon Sep 17 00:00:00 2001
From: GitOldGrumpy <github@matthewodonnell.co.uk>
Date: Fri, 2 Sep 2022 16:01:11 +0100
Subject: [PATCH 1/5] Fix for clearing enteprise flag bit

---
 netflow/ipfix.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netflow/ipfix.py b/netflow/ipfix.py
index 139100a..a0cb6e0 100644
--- a/netflow/ipfix.py
+++ b/netflow/ipfix.py
@@ -954,7 +954,7 @@ def parse_fields(data: bytes, count: int) -> (list, int):
             pack = struct.unpack("!HHI", data[offset:offset + 8])
             fields.append(
                 TemplateFieldEnterprise(
-                    id=pack[0] & ~(1 << 7),  # ID, clear enterprise flag bit
+                    id=pack[0] & ~(1 << 15),  # ID, clear enterprise flag bit
                     length=pack[1],  # field length
                     enterprise_number=pack[2]  # enterprise number
                 )

From 88f864036b8d989136f19014468feee53c10426c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Paul=20Gla=C3=9F?= <paul.glass@rohde-schwarz.com>
Date: Fri, 2 Sep 2022 15:23:59 +0200
Subject: [PATCH 2/5] Fixed string conversion from bytes

---
 netflow/ipfix.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netflow/ipfix.py b/netflow/ipfix.py
index a0cb6e0..bb68069 100644
--- a/netflow/ipfix.py
+++ b/netflow/ipfix.py
@@ -770,7 +770,7 @@ class IPFIXDataRecord:
             if type(value) is bytes:
                 # Check if value is raw bytes, so no conversion happened in struct.unpack
                 if field_datatype in ["string"]:
-                    value = str(value)
+                    value = value.decode()
                 # TODO: handle octetArray (= does not have to be unicode encoded)
                 elif field_datatype in ["boolean"]:
                     value = True if value == 1 else False  # 2 = false per RFC

From 073a2122902a380e0c4ff484cf44b3f76170f9a4 Mon Sep 17 00:00:00 2001
From: Dominik Pataky <software+commits@dpataky.eu>
Date: Fri, 2 Dec 2022 17:24:55 +0100
Subject: [PATCH 3/5] IPFIX: extend string field conversion to fallback to
 str()

Closes #42
---
 netflow/ipfix.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/netflow/ipfix.py b/netflow/ipfix.py
index bb68069..d8eb412 100644
--- a/netflow/ipfix.py
+++ b/netflow/ipfix.py
@@ -770,7 +770,10 @@ class IPFIXDataRecord:
             if type(value) is bytes:
                 # Check if value is raw bytes, so no conversion happened in struct.unpack
                 if field_datatype in ["string"]:
-                    value = value.decode()
+                    try:
+                        value = value.decode()
+                    except UnicodeDecodeError:
+                        value = str(value)
                 # TODO: handle octetArray (= does not have to be unicode encoded)
                 elif field_datatype in ["boolean"]:
                     value = True if value == 1 else False  # 2 = false per RFC

From 2eb2283873f7e3ae33f62a343f11a05a6f3cd2ac Mon Sep 17 00:00:00 2001
From: Dominik Pataky <software+commits@dpataky.eu>
Date: Sat, 3 Dec 2022 08:55:20 +0100
Subject: [PATCH 4/5] Fix test runner to ubuntu-20.04

---
 .github/workflows/run_tests.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
index 4687276..b5856c3 100644
--- a/.github/workflows/run_tests.yml
+++ b/.github/workflows/run_tests.yml
@@ -1,4 +1,4 @@
-name: Run tests
+name: Run Python unit tests
 
 on:
   push:
@@ -10,15 +10,15 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v2
-      
+
       - name: Set up Python 3.5.3
         uses: gabrielfalcao/pyenv-action@v7
         with:
           default: '3.5.3'  # Debian Stretch (oldoldstable)
-      
+
       - name: Run Python unittests
         run: python3 -m unittest

From fe1d3df296be8f494debcfce85d769ad8a437f2e Mon Sep 17 00:00:00 2001
From: Dominik Pataky <software+commits@dpataky.eu>
Date: Sat, 3 Dec 2022 09:33:24 +0100
Subject: [PATCH 5/5] IPFIX: improve bitwise operation on enterprise flag bit

---
 netflow/ipfix.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/netflow/ipfix.py b/netflow/ipfix.py
index d8eb412..1524f5a 100644
--- a/netflow/ipfix.py
+++ b/netflow/ipfix.py
@@ -953,11 +953,11 @@ def parse_fields(data: bytes, count: int) -> (list, int):
     offset = 0
     fields = []  # type: List[Union[TemplateField, TemplateFieldEnterprise]]
     for ctr in range(count):
-        if data[offset] & 1 << 7 != 0:  # enterprise flag set
+        if (data[offset] & (1 << 7)) != 0:  # enterprise flag set. Bitwise AND checks bit only in the first byte/octet
             pack = struct.unpack("!HHI", data[offset:offset + 8])
             fields.append(
                 TemplateFieldEnterprise(
-                    id=pack[0] & ~(1 << 15),  # ID, clear enterprise flag bit
+                    id=(pack[0] & ~(1 << 15)),  # clear enterprise flag bit. Bitwise AND and INVERT work on two bytes
                     length=pack[1],  # field length
                     enterprise_number=pack[2]  # enterprise number
                 )
@@ -966,7 +966,10 @@ def parse_fields(data: bytes, count: int) -> (list, int):
         else:
             pack = struct.unpack("!HH", data[offset:offset + 4])
             fields.append(
-                TemplateField(id=pack[0], length=pack[1])
+                TemplateField(
+                    id=pack[0],
+                    length=pack[1]
+                )
             )
             offset += 4
     return fields, offset