According to IPFIX RFC, when field highest bit is set to 1 then the field is considered Enterprise.
In such case just after that filed there are additional 4 bytes with value Enterprise Number an id in the field interpretation for the lookup table.
Due to that when hitting records with Enterprise-Specific Information Elements will get corrupted.
According to IPFIX RFC, when field highest bit is set to 1 then the field is considered Enterprise. In such case just after that filed there are additional 4 bytes with value Enterprise Number an id in the field interpretation for the lookup table.
Due to that when hitting records with Enterprise-Specific Information Elements will get corrupted.
link to RFC https://datatracker.ietf.org/doc/html/rfc7011#page-64
link to faulty function: https://github.com/cloudflare/goflow/blob/742cddc5dc37bac910151b9519e2720776ba404d/decoders/netflow/netflow.go#L93