Comment # 12
on bug 13238
from Eric Kotz
> This one is a lot harder to address because it depends on your definition of
> "corrupt". Because Wireshark can be used to find protocol bugs, it
> shouldn't always trust a length field. And if the length field is wrong,
> how do you really know where the next MPEG packet is in the frame? I'm
> tempted to close this as WONTFIX.
To look at this a different way, Wireshark doesn't give up on parsing
subsequent IP packets when it encounters a corrupt IP packets.
I think a reasonable compromise is to attempt to trust the length field, then
look for the 0x47 MPEG Sync Pattern (possibly within the bounds of MPEG packet
size) of the MPEG packet after the length field it just trusted. If it finds
it, it ought to be able to continue. If it can't find that sync pattern where
it expects it then, giving up is reasonable then. If it can, it should attempt
to parse the next MPEG packet.
You are receiving this mail because:
- You are watching all bug changes.