Hi guys,
I was looking at porting from FreeRDP to wireshark the various RDP
decompressors, and I've seen tvbuff_[zlib|lz77] and friends and they all
seem stateless, so I was quite surprised.
Does it mean that you can start decoding only the full stream, because I
guess that if you take an arbitrary chunk, you need the history to
decode it correctly ?
Writing this email, I figure that it kinda answers my question, but I
wanted to start the discussion on this. I mean in my particular case for
RDP bulk compression, it means that I will have to maintain a bulk
context per conversation, and update that context when I'm treating new
compressed packet, or am I missing something ?
Best regards.
--
David FORT
website: https://www.hardening-consulting.com/