Wireshark-bugs: [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authentic
Date: Sat, 27 Oct 2007 21:40:43 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1947





------- Comment #1 from stephentfisher@xxxxxxxxx  2007-10-27 21:40 GMT -------
Thanks for your bug report.  As the writer of the VNC dissector, I agree that
it has its shortcomings (some of them large).  However, it was extremely
difficult to get to even the state the dissector is in because of how the VNC
protocol works.

The first so many packets do not have any markers that state what the purpose
of that packet is so it has to be inferred based on the packets before it.

Packets that do have identifiers later on sometimes bury clues on how to
dissect it deep in the packet (or even the next packet!).  Then there are the
server framebuffer updates that span multiple TCP segments, which are another
pain to deal with.

If you can attach capture files to this bug which are not handled properly by
the first so many packet routines, I can fix it and commit the changes as soon
as I can get to it.  There probably is a better way to handle state in the
first so many packets.  I can possibly come up with a better way to handle all
the variants once I know about them.

Your code contributions are also welcome, just attach them in any state they
are in to this bug and I can incorporate them as I am obviously very familiar
with the existing code.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.