The bytes parser in IPFIX packets uses struct.unpack for each field, based on the corresponding field length. But this implementation ignores signed/unsigned fields, defaulting to unsigned. Since there is at least one signed32 in the fields dict, this check must be implemented. Tests should cover this case as well.
The bytes parser in IPFIX packets uses
struct.unpack
for each field, based on the corresponding field length. But this implementation ignores signed/unsigned fields, defaulting to unsigned. Since there is at least onesigned32
in the fields dict, this check must be implemented. Tests should cover this case as well.