Wireshark-dev: Re: [Wireshark-dev] Patches to dissect TightVNC extensions to the VNC protocol

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 18 Nov 2008 13:04:56 -0700
On Tue, Nov 18, 2008 at 01:28:53PM -0600, Federico Mena Quintero wrote:

> I've been working on making the VNC dissector work for TightVNC 
> extensions, including decoding rectangles with tight compression.

Excellent!  Could you please open a bug (https://bugs.wireshark.org) and 
mark it as an enhancement request and then attach your patches to it?

> The patchset is attached; it's all my individual commits for clarity, 
> but please tell me if you'd prefer to have this as a single, big 
> patch. This adds the following to the VNC dissector:

That's fine.

> That is, the dissectors first check that they have as much data as 
> they need, and only then do they fiddle with the displayed tree.  Is 
> this correct, or am I overlooking something?

That is correct, but see below..

> Changing the VNC dissector to follow that pattern isn't horribly hard, 
> just a lot of grunt work, but I can handle it if someone can confirm 
> what the "right" pattern is for a dissector :)

It would be appreciated if you could figure out a better way to handle 
the VNC dissection.  The problem I ran into writing the bulk of the VNC 
dissector was that you don't know how much more data there is until you 
go further along in the packet.  Basically: you find out you need X more 
bytes of data, so you request them, then you find out you need Y more 
bytes of data after reading the X bytes of data and so on.  I stared at 
the VNC dissector so much that I may have just overlooked a better way 
to handle things.  Any input/code is appreciated :).


Steve