First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to deal with a call to dissector that returns number of bytes in buffer, instead of number of bytes dissected?

Hi,

I'm working on a dissector (in Lua) for a protocol that lays between TCP and VNC. The problem is that sometimes multiple VNC messages are transferred together and that I have no way to know that there is more than a single VNC message in the buffer that I get from the TCP layer. So I have to pass them as a single buffer to the VNC dissector, which in its turn dissect only the first message and return the size of the buffer that I passed to it (and not the number of bytes it dissected). This way I can't figure out that it wasn't dissecting all the messages in the buffer, so I can't call it again with a smaller buffer that starts after the message it dissected.

Is there any way around it? Maybe there is an option to see what bytes a specific dissector already dissected or something like that? Maybe another solution?

Thanks

meniadin's avatar
1
meniadin
asked 2022-02-02 13:07:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Then you probably have to make your dissector smart enough to be able to figure out how large the VNC message is. Once you know that, you ask the TCP dissector for more data until you have a complete message, which you then present to the VNC dissector. This is where dissect_tcp_pdus() comes into strength.

Jaap's avatar
13.7k
Jaap
answered 2022-02-02 14:56:10 +0000
edit flag offensive 0 remove flag delete link
more

Comments

If the VNC dissector is returning a value representative of all data in the tvb but only dissecting a subset of that data, then isn't this a bug in the VNC dissector?

cmaynard's avatar cmaynard (2022-02-02 19:31:26 +0000) edit
more
  • delete

Perhaps. That should be looked into, how the VNC dissector takes in PDU's.

Jaap's avatar Jaap (2022-02-04 16:08:17 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer