It looks to me that the enterprise flag bit is incorrectly cleared. Looking at line 957 in ipfix.py it clears the 7th bit when according to the spec the enterprise flag is the 15th bit.
The flag is first checked on line 953 using the 7th bit because it is working on a byte, it then unpacks a short moving the flag to the 15th bit.
It looks to me that the enterprise flag bit is incorrectly cleared. Looking at line 957 in ipfix.py it clears the 7th bit when according to the spec the enterprise flag is the 15th bit.
The flag is first checked on line 953 using the 7th bit because it is working on a byte, it then unpacks a short moving the flag to the 15th bit.