From 2a829dfbf955bf61d5358359efe0f87ff6653c6b Mon Sep 17 00:00:00 2001
From: Peter Haag <peter@people.ops-trust.net>
Date: Mon, 1 Jan 2018 12:57:27 +0100
Subject: [PATCH] IPFIX time stamps - Fix elements #21,#22 offset calculation

---
 ChangeLog        |  3 +++
 bin/ipfix.c      | 15 +++++++++++++--
 bin/netflow_v9.c |  1 +
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0aa8376..04000bd 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2018-01-01
+- IPFIX time stamps - Fix elements #21,#22 offset calculation, but timestamps not yet evaluated. (#160)
+
 2017-12-31
 - IPFIX sampling - sampling algorithm no longer required for tag #34
 - IPFIX sampling add tags #305 and #304 - set them identical to #34, #35
diff --git a/bin/ipfix.c b/bin/ipfix.c
index 925ec5a..5c0b793 100644
--- a/bin/ipfix.c
+++ b/bin/ipfix.c
@@ -665,13 +665,24 @@ size_t				size_required;
 		PushSequence( table, IPFIX_flowEndDeltaMicroseconds, &offset, &table->flow_end);
 		offset = BYTE_OFFSET_first + 8;
 		table->delta_time = 1;
-		dbg_printf("Time stamp: flow start/end delta microseconds\n");
+		dbg_printf("Time stamp: flow start/end delta microseconds: %u/%u\n",
+			IPFIX_flowStartDeltaMicroseconds, IPFIX_flowEndDeltaMicroseconds);
 	} else if ( cache.lookup_info[IPFIX_flowStartMilliseconds].found ) {
 		PushSequence( table, IPFIX_flowStartMilliseconds, &offset, &table->flow_start);
 		offset = BYTE_OFFSET_first + 4;
 		PushSequence( table, IPFIX_flowEndMilliseconds, &offset, &table->flow_end);
 		offset = BYTE_OFFSET_first + 8;
-		dbg_printf("Time stamp: flow start/end absolute milliseconds\n");
+		dbg_printf("Time stamp: flow start/end absolute milliseconds: %u/%u\n", 
+			IPFIX_flowStartMilliseconds, IPFIX_flowEndMilliseconds);
+	} else if ( cache.lookup_info[IPFIX_flowStartSysUpTime].found ) {
+		PushSequence( table, IPFIX_flowStartSysUpTime, &offset, &table->flow_start);
+		offset = BYTE_OFFSET_first + 4;
+		PushSequence( table, IPFIX_flowEndSysUpTime, &offset, &table->flow_end);
+		offset = BYTE_OFFSET_first + 8;
+		dbg_printf("Time stamp: flow start/end relative milliseconds: %u/%u\n", 
+			IPFIX_flowStartSysUpTime, IPFIX_flowEndSysUpTime);
+	} else {
+		dbg_printf("Time stamp: No known format found\n");
 	}
 	offset +=1;	// Skip netflow v9 fwd status
 	PushSequence( table, IPFIX_tcpControlBits, &offset, NULL);
diff --git a/bin/netflow_v9.c b/bin/netflow_v9.c
index 35c8272..21e7f2e 100644
--- a/bin/netflow_v9.c
+++ b/bin/netflow_v9.c
@@ -544,6 +544,7 @@ int	index;
 			index++;
 		}
 #ifdef DEVEL
+		index--;
 		printf("=> known type: %u(%s), at index: %i, length: %u not supported\n", 
 			Type, v9_element_map[index].name, index, Length);