/* packet-vnc.c

 * Routines for VNC dissection (Virtual Network Computing)

 * Copyright 2005, Ulf Lamping <ulf.lamping@web.de>

 * Copyright 2006-2007, Stephen Fisher (see AUTHORS file)

 *

 * Wireshark - Network traffic analyzer

 * By Gerald Combs <gerald@wireshark.org>

 * Copyright 1998 Gerald Combs

 *

 * SPDX-License-Identifier: GPL-2.0-or-later

 */

/* Dissection of the VNC (Virtual Network Computing) network traffic.

 *

 * All versions of RealVNC and TightVNC are supported.

 * Note: The addition of TightVNC support is not yet complete.

 *

 * Several VNC implementations available, see:

 * http://www.realvnc.com/

 * http://www.tightvnc.com/

 * http://ultravnc.sourceforge.net/

 * [Fedora TigerVNC]

 * ...

 *

 * The protocol itself is known as RFB - Remote Frame Buffer Protocol.

 *

 * This code is based on the protocol specification published in RFC 6143

 *  and the RealVNC free edition & TightVNC source code

 *  Note: rfbproto.rst [ https://github.com/svn2github/tigervnc/blob/master/rfbproto/rfbproto.rst ]

 *        seems to have additional information over rfbproto.pdf.

 */

/* XXX:

 *  This dissector adds items to the protocol tree before completing re-assembly

 *   of a VNC PDU which extends over more than one TCP segment.

 *  This is not correct. As noted in Bug #5366 (and elsewhere), the correct method

 *  is that:

 *   "one must walk over all the message first, to determine its exact length

 *    (one of the characteristics of the protocol, hard to determine prior to

 *    going over the message what its final size would be)".

 *

 *  The original method of reassembly:

 *    When more data is needed to continue dissecting a PDU, repeatedly request

 *    a few additional bytes (for one or a few more fields of the PDU).

 *   This resulted in 'one-pass' tshark dissection redissecting

 *    the PDU repeatedly many, many times with each time dissecting

 *    the PDU with one or a few more additional fields.

 *    This generated *lots* of (repeated) output since a reassembled

 *    VNC PDU can contain many fields (each of short length).

 *    It also resulted in the fragment table containing many, many small fragments

 *     for VNC PDUS containing many small fields.

 *

 *  The current reassembly method:

 *    Use DESEGMENT_ONE_MORE_SEGMENT when requesting additional data for a PDU.

 *    This significantly reduces the amount of repeated data in a dissection,

 *    but will still result in "partial" repeated dissection output in some cases.

 */

/* (Somewhat random notes while reviewing the code):

   Check types, etc against IANA list

   Optimize: Do col_set(..., COL_INFO) once (after fetching message type & before dispatching ?)

   Dispatch via a message table (instead of using a switch(...)

   Msg type 150: client-server: enable/disable (1+9 bytes); server-client: endofContinousUpdates(1+0 bytes) ?

*/

#include "config.h"

#include <epan/packet.h>

#include <epan/conversation.h>

#include <epan/prefs.h>

#include <epan/expert.h>

#include <epan/proto_data.h>

#include <epan/tfs.h>

#include <wsutil/array.h>

#include "packet-x11.h" /* This contains the extern for the X11 value_string_ext

       * "x11_keysym_vals_source_ext" that VNC uses. */

void proto_register_vnc(void);

typedef enum {

  VNC_SECURITY_TYPE_INVALID       =  0,

  VNC_SECURITY_TYPE_NONE          =  1,

  VNC_SECURITY_TYPE_VNC           =  2,

  VNC_SECURITY_TYPE_RA2           =  5,

  VNC_SECURITY_TYPE_RA2ne         =  6,

  VNC_SECURITY_TYPE_TIGHT         = 16,

  VNC_SECURITY_TYPE_ULTRA         = 17,

  VNC_SECURITY_TYPE_TLS           = 18,

  VNC_SECURITY_TYPE_VENCRYPT      = 19,

  VNC_SECURITY_TYPE_GTK_VNC_SASL  = 20,

  VNC_SECURITY_TYPE_MD5_HASH_AUTH = 21,

  VNC_SECURITY_TYPE_XVP           = 22,

  VNC_SECURITY_TYPE_ARD           = 30,

  VNC_TIGHT_AUTH_TGHT_ULGNAUTH    = 119,

  VNC_TIGHT_AUTH_TGHT_XTRNAUTH    = 130,

  VNC_VENCRYPT_AUTH_PLAIN         = 256,

  VNC_VENCRYPT_AUTH_TLSNONE       = 257,

  VNC_VENCRYPT_AUTH_TLSVNC        = 258,

  VNC_VENCRYPT_AUTH_TLSPLAIN      = 259,

  VNC_VENCRYPT_AUTH_X509_NONE     = 260,

  VNC_VENCRYPT_AUTH_X509_VNC      = 261,

  VNC_VENCRYPT_AUTH_X509_PLAIN    = 262,

  VNC_VENCRYPT_AUTH_TLSSASL       = 263,

  VNC_VENCRYPT_AUTH_X509_SASL     = 264

} vnc_security_types_e;

static const value_string vnc_security_types_vs[] = {

  { VNC_SECURITY_TYPE_INVALID,      "Invalid"              },

  { VNC_SECURITY_TYPE_NONE,         "None"                 },

  { VNC_SECURITY_TYPE_VNC,          "VNC"                  },

  { VNC_SECURITY_TYPE_RA2,          "RA2"                  },

  { VNC_SECURITY_TYPE_RA2ne,        "RA2ne"                },

  { VNC_SECURITY_TYPE_TIGHT,        "Tight"                },

  { VNC_SECURITY_TYPE_ULTRA,        "Ultra"                },

  { VNC_SECURITY_TYPE_TLS,          "TLS"                  },

  { VNC_SECURITY_TYPE_VENCRYPT,     "VeNCrypt"             },

  { VNC_SECURITY_TYPE_GTK_VNC_SASL, "GTK-VNC SASL"         },

  { VNC_SECURITY_TYPE_ARD,          "Apple Remote Desktop" },

  { 0,  NULL                     }

};

static const value_string vnc_vencrypt_auth_types_vs[] = {

  { VNC_SECURITY_TYPE_NONE,       "None"        },

  { VNC_SECURITY_TYPE_VNC,        "VNC"         },

  { VNC_VENCRYPT_AUTH_PLAIN,      "Plain"       },

  { VNC_VENCRYPT_AUTH_TLSNONE,    "TLS None"    },

  { VNC_VENCRYPT_AUTH_TLSVNC,     "TLS VNC"     },

  { VNC_VENCRYPT_AUTH_TLSPLAIN,   "TLS Plain"   },

  { VNC_VENCRYPT_AUTH_X509_NONE,  "X.509 None"  },

  { VNC_VENCRYPT_AUTH_X509_VNC,   "X.509 VNC"   },

  { VNC_VENCRYPT_AUTH_X509_PLAIN, "X.509 Plain" },

  { VNC_VENCRYPT_AUTH_TLSSASL,    "TLS SASL"    },

  { VNC_VENCRYPT_AUTH_X509_SASL,  "X.509 SASL"  },

  { 0,  NULL                     }

};

static const true_false_string auth_result_tfs = {

  "Failed",

  "OK"

};

typedef enum {

  /* Required */

  VNC_CLIENT_MESSAGE_TYPE_SET_PIXEL_FORMAT    =   0,

  VNC_CLIENT_MESSAGE_TYPE_SET_ENCODINGS     =   2,

  VNC_CLIENT_MESSAGE_TYPE_FRAMEBUF_UPDATE_REQ   =   3,

  VNC_CLIENT_MESSAGE_TYPE_KEY_EVENT     =   4,

  VNC_CLIENT_MESSAGE_TYPE_POINTER_EVENT     =   5,

  VNC_CLIENT_MESSAGE_TYPE_CLIENT_CUT_TEXT     =   6,

  /* Optional */

  VNC_CLIENT_MESSAGE_TYPE_MIRRORLINK      = 128,

  VNC_CLIENT_MESSAGE_TYPE_ENABLE_CONTINUOUS_UPDATES = 150,  /* TightVNC */

  VNC_CLIENT_MESSAGE_TYPE_FENCE       = 248,  /* TigerVNC */

  VNC_CLIENT_MESSAGE_TYPE_XVP       = 250,

  VNC_CLIENT_MESSAGE_TYPE_SETR_DESKTOP_SIZE   = 251,

  VNC_CLIENT_MESSAGE_TYPE_TIGHT       = 252,

  VNC_CLIENT_MESSAGE_TYPE_GII       = 253,

  VNC_CLIENT_MESSAGE_TYPE_QEMU        = 255

} vnc_client_message_types_e;

static const value_string vnc_client_message_types_vs[] = {

  /* Required */

  { VNC_CLIENT_MESSAGE_TYPE_SET_PIXEL_FORMAT,      "Set Pixel Format"     },

  { VNC_CLIENT_MESSAGE_TYPE_SET_ENCODINGS,       "Set Encodings"      },

  { VNC_CLIENT_MESSAGE_TYPE_FRAMEBUF_UPDATE_REQ,       "Framebuffer Update Request" },

  { VNC_CLIENT_MESSAGE_TYPE_KEY_EVENT,         "Key Event"      },

  { VNC_CLIENT_MESSAGE_TYPE_POINTER_EVENT,       "Pointer Event"            },

  { VNC_CLIENT_MESSAGE_TYPE_CLIENT_CUT_TEXT,       "Cut Text"                   },

  /* Optional */

  { VNC_CLIENT_MESSAGE_TYPE_MIRRORLINK,        "MirrorLink"     },

  { VNC_CLIENT_MESSAGE_TYPE_ENABLE_CONTINUOUS_UPDATES, "Enable Continuous Updates"  },

  { VNC_CLIENT_MESSAGE_TYPE_FENCE,         "Fence"        },

  { VNC_CLIENT_MESSAGE_TYPE_XVP,           "Xvp"        },

  { VNC_CLIENT_MESSAGE_TYPE_SETR_DESKTOP_SIZE,       "Setr Desktop Size"    },

  { VNC_CLIENT_MESSAGE_TYPE_TIGHT,         "Tight"        },

  { VNC_CLIENT_MESSAGE_TYPE_GII,           "Gii"        },

  { VNC_CLIENT_MESSAGE_TYPE_QEMU,          "Qemu"       },

  { 0,  NULL                                      }

};

typedef enum {

  VNC_SERVER_MESSAGE_TYPE_FRAMEBUFFER_UPDATE    =   0,

  VNC_SERVER_MESSAGE_TYPE_SET_COLORMAP_ENTRIES    =   1,

  VNC_SERVER_MESSAGE_TYPE_RING_BELL     =   2,

  VNC_SERVER_MESSAGE_TYPE_CUT_TEXT      =   3,

  VNC_SERVER_MESSAGE_TYPE_MIRRORLINK      = 128,

  VNC_SERVER_MESSAGE_TYPE_END_CONTINUOUS_UPDATES    = 150,  /* TightVNC */

  VNC_SERVER_MESSAGE_TYPE_FENCE       = 248,  /* TigerVNC */

  VNC_SERVER_MESSAGE_TYPE_XVP       = 250,

  VNC_SERVER_MESSAGE_TYPE_TIGHT       = 252,

  VNC_SERVER_MESSAGE_TYPE_GII       = 253,

  VNC_SERVER_MESSAGE_TYPE_QEMU        = 255

} vnc_server_message_types_e;

static const value_string vnc_server_message_types_vs[] = {

  { VNC_SERVER_MESSAGE_TYPE_FRAMEBUFFER_UPDATE,      "Framebuffer Update"  },

  { VNC_SERVER_MESSAGE_TYPE_SET_COLORMAP_ENTRIES,      "Set Colormap Entries"  },

  { VNC_SERVER_MESSAGE_TYPE_RING_BELL,         "Ring Bell"     },

  { VNC_SERVER_MESSAGE_TYPE_CUT_TEXT,        "Cut Text"      },

  { VNC_SERVER_MESSAGE_TYPE_MIRRORLINK,        "MirrorLink"    },

  { VNC_SERVER_MESSAGE_TYPE_END_CONTINUOUS_UPDATES,    "End Continuous Updates" },

  { VNC_SERVER_MESSAGE_TYPE_FENCE,         "Fence"       },

  { VNC_SERVER_MESSAGE_TYPE_XVP,           "Xvp"       },

  { VNC_SERVER_MESSAGE_TYPE_TIGHT,         "Tight"       },

  { VNC_SERVER_MESSAGE_TYPE_GII,           "Gii"       },

  { VNC_SERVER_MESSAGE_TYPE_QEMU,          "Qemu"      },

  { 0,  NULL                   }

};

#define VNC_ENCODING_TYPE_DESKTOP_SIZE       0xFFFFFF21

#define VNC_ENCODING_TYPE_LAST_RECT          0xFFFFFF20

#define VNC_ENCODING_TYPE_POINTER_POS        0xFFFFFF18

#define VNC_ENCODING_TYPE_RICH_CURSOR        0xFFFFFF11

#define VNC_ENCODING_TYPE_X_CURSOR           0xFFFFFF10

#define VNC_ENCODING_TYPE_RAW                0

#define VNC_ENCODING_TYPE_COPY_RECT          1

#define VNC_ENCODING_TYPE_RRE                2

#define VNC_ENCODING_TYPE_CORRE              4

#define VNC_ENCODING_TYPE_HEXTILE            5

#define VNC_ENCODING_TYPE_ZLIB               6

#define VNC_ENCODING_TYPE_TIGHT              7

#define VNC_ENCODING_TYPE_ZLIBHEX            8

#define VNC_ENCODING_TYPE_ULTRA              9

#define VNC_ENCODING_TYPE_TRLE               15

#define VNC_ENCODING_TYPE_RLE              16

#define VNC_ENCODING_TYPE_HITACHI_ZYWRLE     17

#define VNC_ENCODING_TYPE_JPEG_0             -32

#define VNC_ENCODING_TYPE_JPEG_1             -31

#define VNC_ENCODING_TYPE_JPEG_2             -30

#define VNC_ENCODING_TYPE_JPEG_3             -29

#define VNC_ENCODING_TYPE_JPEG_4             -28

#define VNC_ENCODING_TYPE_JPEG_5             -27

#define VNC_ENCODING_TYPE_JPEG_6             -26

#define VNC_ENCODING_TYPE_JPEG_7             -25

#define VNC_ENCODING_TYPE_JPEG_8             -24

#define VNC_ENCODING_TYPE_JPEG_9             -23

#define VNC_ENCODING_TYPE_COMPRESSION_0      0xFFFFFF00

#define VNC_ENCODING_TYPE_COMPRESSION_1      0xFFFFFF01

#define VNC_ENCODING_TYPE_COMPRESSION_2      0xFFFFFF02

#define VNC_ENCODING_TYPE_COMPRESSION_3      0xFFFFFF03

#define VNC_ENCODING_TYPE_COMPRESSION_4      0xFFFFFF04

#define VNC_ENCODING_TYPE_COMPRESSION_5      0xFFFFFF05

#define VNC_ENCODING_TYPE_COMPRESSION_6      0xFFFFFF06

#define VNC_ENCODING_TYPE_COMPRESSION_7      0xFFFFFF07

#define VNC_ENCODING_TYPE_COMPRESSION_8      0xFFFFFF08

#define VNC_ENCODING_TYPE_COMPRESSION_9      0xFFFFFF09

#define VNC_ENCODING_TYPE_WMVi               0x574D5669

#define VNC_ENCODING_TYPE_CACHE              0xFFFF0000

#define VNC_ENCODING_TYPE_CACHE_ENABLE       0xFFFF0001

#define VNC_ENCODING_TYPE_XOR_ZLIB           0xFFFF0002

#define VNC_ENCODING_TYPE_XOR_MONO_ZLIB      0xFFFF0003

#define VNC_ENCODING_TYPE_XOR_MULTI_ZLIB     0xFFFF0004

#define VNC_ENCODING_TYPE_SOLID_COLOR        0xFFFF0005

#define VNC_ENCODING_TYPE_XOR_ENABLE         0xFFFF0006

#define VNC_ENCODING_TYPE_CACHE_ZIP          0xFFFF0007

#define VNC_ENCODING_TYPE_SOL_MONO_ZIP       0xFFFF0008

#define VNC_ENCODING_TYPE_ULTRA_ZIP          0xFFFF0009

#define VNC_ENCODING_TYPE_SERVER_STATE       0xFFFF8000

#define VNC_ENCODING_TYPE_ENABLE_KEEP_ALIVE  0xFFFF8001

#define VNC_ENCODING_TYPE_FTP_PROTO_VER      0xFFFF8002

#define VNC_ENCODING_TYPE_POINTER_CHANGE     -257

#define VNC_ENCODING_TYPE_EXT_KEY_EVENT      -258

#define VNC_ENCODING_TYPE_AUDIO               259

#define VNC_ENCODING_TYPE_DESKTOP_NAME       -307

#define VNC_ENCODING_TYPE_EXTENDED_DESK_SIZE -308

#define VNC_ENCODING_TYPE_KEYBOARD_LED_STATE 0XFFFE0000

#define VNC_ENCODING_TYPE_SUPPORTED_MESSAGES 0XFFFE0001

#define VNC_ENCODING_TYPE_SUPPORTED_ENCODINGS 0XFFFE0002

#define VNC_ENCODING_TYPE_SERVER_IDENTITY    0XFFFE0003

#define VNC_ENCODING_TYPE_MIRRORLINK         0xFFFFFDF5

#define VNC_ENCODING_TYPE_CONTEXT_INFORMATION 0xFFFFFDF4

#define VNC_ENCODING_TYPE_SLRLE              0xFFFFFDF3

#define VNC_ENCODING_TYPE_TRANSFORM          0xFFFFFDF2

#define VNC_ENCODING_TYPE_HSML               0xFFFFFDF1

#define VNC_ENCODING_TYPE_H264               0X48323634

static const value_string encoding_types_vs[] = {

  { VNC_ENCODING_TYPE_DESKTOP_SIZE, "DesktopSize (pseudo)" },

  { VNC_ENCODING_TYPE_LAST_RECT,    "LastRect (pseudo)"    },

  { VNC_ENCODING_TYPE_POINTER_POS,  "Pointer pos (pseudo)" },

  { VNC_ENCODING_TYPE_RICH_CURSOR,  "Rich Cursor (pseudo)" },

  { VNC_ENCODING_TYPE_X_CURSOR,   "X Cursor (pseudo)"    },

  { VNC_ENCODING_TYPE_RAW,    "Raw"                  },

  { VNC_ENCODING_TYPE_COPY_RECT,    "CopyRect"             },

  { VNC_ENCODING_TYPE_RRE,    "RRE"                  },

  { VNC_ENCODING_TYPE_CORRE,    "CoRRE"                },

  { VNC_ENCODING_TYPE_HEXTILE,    "Hextile"              },

  { VNC_ENCODING_TYPE_ZLIB,   "Zlib"                 },

  { VNC_ENCODING_TYPE_TIGHT,    "Tight"                },

  { VNC_ENCODING_TYPE_ZLIBHEX,    "ZlibHex"              },

  { VNC_ENCODING_TYPE_ULTRA,    "Ultra"          },

  { VNC_ENCODING_TYPE_RLE,    "ZRLE"                 },

  { VNC_ENCODING_TYPE_HITACHI_ZYWRLE, "Hitachi ZYWRLE"       },

  { VNC_ENCODING_TYPE_JPEG_0,   "JPEG quality level 0" },

  { VNC_ENCODING_TYPE_JPEG_1,   "JPEG quality level 1" },

  { VNC_ENCODING_TYPE_JPEG_2,   "JPEG quality level 2" },

  { VNC_ENCODING_TYPE_JPEG_3,   "JPEG quality level 3" },

  { VNC_ENCODING_TYPE_JPEG_4,   "JPEG quality level 4" },

  { VNC_ENCODING_TYPE_JPEG_5,   "JPEG quality level 5" },

  { VNC_ENCODING_TYPE_JPEG_6,   "JPEG quality level 6" },

  { VNC_ENCODING_TYPE_JPEG_7,   "JPEG quality level 7" },

  { VNC_ENCODING_TYPE_JPEG_8,   "JPEG quality level 8" },

  { VNC_ENCODING_TYPE_JPEG_9,   "JPEG quality level 9" },

  { VNC_ENCODING_TYPE_COMPRESSION_0,  "Compression level 0"  },

  { VNC_ENCODING_TYPE_COMPRESSION_1,  "Compression level 1"  },

  { VNC_ENCODING_TYPE_COMPRESSION_2,  "Compression level 2"  },

  { VNC_ENCODING_TYPE_COMPRESSION_3,  "Compression level 3"  },

  { VNC_ENCODING_TYPE_COMPRESSION_4,  "Compression level 4"  },

  { VNC_ENCODING_TYPE_COMPRESSION_5,  "Compression level 5"  },

  { VNC_ENCODING_TYPE_COMPRESSION_6,  "Compression level 6"  },

  { VNC_ENCODING_TYPE_COMPRESSION_7,  "Compression level 7"  },

  { VNC_ENCODING_TYPE_COMPRESSION_8,  "Compression level 8"  },

  { VNC_ENCODING_TYPE_COMPRESSION_9,  "Compression level 9"  },

  /* FIXME understand for real what the below mean. Taken from Ultra VNC source code */

/*  { VNC_ENCODING_TYPE_CACHE,     */

  { VNC_ENCODING_TYPE_CACHE_ENABLE,   "Enable Caching"},

/*  { VNC_ENCODING_TYPE_XOR_ZLIB,

  { VNC_ENCODING_TYPE_XOR_MONO_ZLIB,

  { VNC_ENCODING_TYPE_XOR_MULTI_ZLIB,

  { VNC_ENCODING_TYPE_SOLID_COLOR,

  { VNC_ENCODING_TYPE_XOR_ENABLE,

  { VNC_ENCODING_TYPE_CACHE_ZIP,

  { VNC_ENCODING_TYPE_SOL_MONO_ZIP,

  { VNC_ENCODING_TYPE_ULTRA_ZIP,

*/  { VNC_ENCODING_TYPE_SERVER_STATE,   "Server State"         },

  { VNC_ENCODING_TYPE_ENABLE_KEEP_ALIVE,  "Enable Keep Alive"    },

  { VNC_ENCODING_TYPE_FTP_PROTO_VER,  "FTP protocol version" },

  { VNC_ENCODING_TYPE_EXTENDED_DESK_SIZE, "Extended Desktop Size"},

  { VNC_ENCODING_TYPE_DESKTOP_NAME, "Desktop Name"         },

  { VNC_ENCODING_TYPE_KEYBOARD_LED_STATE, "Keyboard LED State"   },

  { VNC_ENCODING_TYPE_SUPPORTED_MESSAGES, "Supported Messages"   },

  { VNC_ENCODING_TYPE_SUPPORTED_ENCODINGS, "Supported Encodings" },

  { VNC_ENCODING_TYPE_SERVER_IDENTITY,  "Server Identity"      },

  { VNC_ENCODING_TYPE_MIRRORLINK,   "MirrorLink"           },

  { VNC_ENCODING_TYPE_CONTEXT_INFORMATION, "Context Information" },

  { VNC_ENCODING_TYPE_SLRLE,    "SLRLE"                },

  { VNC_ENCODING_TYPE_TRANSFORM,    "Transform"            },

  { VNC_ENCODING_TYPE_HSML,   "HSML"                 },

  { VNC_ENCODING_TYPE_H264,   "H264"                 },

  { 0,        NULL                   }

};

/* Rectangle types for Tight encoding.  These come in the "control byte" at the

 * start of a rectangle's payload.  Note that these are with respect to the most

 * significant bits 4-7 of the control byte, so you must shift it to the right 4

 * bits before comparing against these values.

 */

#define TIGHT_RECT_FILL      0x08

#define TIGHT_RECT_JPEG      0x09

#define TIGHT_RECT_MAX_VALUE 0x09

#define TIGHT_RECT_EXPLICIT_FILTER_FLAG 0x04

/* Filter types for Basic encoding of Tight rectangles */

#define TIGHT_RECT_FILTER_COPY     0x00

#define TIGHT_RECT_FILTER_PALETTE  0x01

#define TIGHT_RECT_FILTER_GRADIENT 0x02

/* Minimum number of bytes to compress for Tight encoding */

#define TIGHT_MIN_BYTES_TO_COMPRESS 12

static const value_string tight_filter_ids_vs[] = {

  { TIGHT_RECT_FILTER_COPY,     "Copy"     },

  { TIGHT_RECT_FILTER_PALETTE,  "Palette"  },

  { TIGHT_RECT_FILTER_GRADIENT, "Gradient" },

  { 0, NULL }

};

/* MirrorLink messages */

typedef enum {

  VNC_ML_EXT_BYE_BYE                      = 0,

  VNC_ML_EXT_SERVER_DISPLAY_CONFIGURATION = 1,

  VNC_ML_EXT_CLIENT_DISPLAY_CONFIGURATION = 2,

  VNC_ML_EXT_SERVER_EVENT_CONFIGURATION   = 3,

  VNC_ML_EXT_CLIENT_EVENT_CONFIGURATION   = 4,

  VNC_ML_EXT_EVENT_MAPPING                = 5,

  VNC_ML_EXT_EVENT_MAPPING_REQUEST        = 6,

  VNC_ML_EXT_KEY_EVENT_LISTING            = 7,

  VNC_ML_EXT_KEY_EVENT_LISTING_REQUEST    = 8,

  VNC_ML_EXT_VIRTUAL_KEYBOARD             = 9,

  VNC_ML_EXT_VIRTUAL_KEYBOARD_REQUEST     = 10,

  VNC_ML_EXT_DEVICE_STATUS                = 11,

  VNC_ML_EXT_DEVICE_STATUS_REQUEST        = 12,

  VNC_ML_EXT_CONTENT_ATTESTATION          = 13,

  VNC_ML_EXT_CONTENT_ATTESTATION_REQUEST  = 14,

  VNC_ML_EXT_FB_BLOCKING_NOTIFICATION     = 16,

  VNC_ML_EXT_AUDIO_BLOCKING_NOTIFICATION  = 18,

  VNC_ML_EXT_TOUCH_EVENT                  = 20,

  VNC_ML_EXT_FB_ALTERNATIVE_TEXT          = 21,

  VNC_ML_EXT_FB_ALTERNATIVE_TEXT_REQUEST  = 22

} vnc_mirrorlink_ext_types_e;

static const value_string vnc_mirrorlink_types_vs[] = {

  { VNC_ML_EXT_BYE_BYE,                      "ByeBye"                               },

  { VNC_ML_EXT_SERVER_DISPLAY_CONFIGURATION, "Server Display Configuration"         },

  { VNC_ML_EXT_CLIENT_DISPLAY_CONFIGURATION, "Client Display Configuration"         },

  { VNC_ML_EXT_SERVER_EVENT_CONFIGURATION,   "Server Event Configuration"           },

  { VNC_ML_EXT_CLIENT_EVENT_CONFIGURATION,   "Client Event Configuration"           },

  { VNC_ML_EXT_EVENT_MAPPING,                "Event Mapping"                        },

  { VNC_ML_EXT_EVENT_MAPPING_REQUEST,        "Event Mapping Request"                },

  { VNC_ML_EXT_KEY_EVENT_LISTING,            "Key Event Listing"                    },

  { VNC_ML_EXT_KEY_EVENT_LISTING_REQUEST,    "Key Event Listing Request"            },

  { VNC_ML_EXT_VIRTUAL_KEYBOARD,             "Virtual Keyboard Trigger"             },

  { VNC_ML_EXT_VIRTUAL_KEYBOARD_REQUEST,     "Virtual Keyboard Trigger Request"     },

  { VNC_ML_EXT_DEVICE_STATUS,                "Device Status"                        },

  { VNC_ML_EXT_DEVICE_STATUS_REQUEST,        "Device Status Request"                },

  { VNC_ML_EXT_CONTENT_ATTESTATION,          "Content Attestation"                  },

  { VNC_ML_EXT_CONTENT_ATTESTATION_REQUEST,  "Content Attestation Request"          },

  { VNC_ML_EXT_FB_BLOCKING_NOTIFICATION,     "Framebuffer Blocking Notification"    },

  { VNC_ML_EXT_AUDIO_BLOCKING_NOTIFICATION,  "Audio Blocking Notification"          },

  { VNC_ML_EXT_TOUCH_EVENT,                  "Touch Event"                          },

  { VNC_ML_EXT_FB_ALTERNATIVE_TEXT,          "Framebuffer Alternative Text"         },

  { VNC_ML_EXT_FB_ALTERNATIVE_TEXT_REQUEST,  "Framebuffer Alternative Text Request" },

  { 0,  NULL                                                                        }

};

/* Slice types for H.264 encoding */

typedef enum {

  VNC_H264_SLICE_TYPE_P = 0,

  VNC_H264_SLICE_TYPE_B = 1,

  VNC_H264_SLICE_TYPE_I = 2

} vnc_h264_slice_types_e;

static const value_string vnc_h264_slice_types_vs[] = {

  { VNC_H264_SLICE_TYPE_P, "Predicted"    },

  { VNC_H264_SLICE_TYPE_B, "Bi-predicted" },

  { VNC_H264_SLICE_TYPE_I, "Intra coded"  },

  { 0, NULL                               }

};

typedef enum {

  VNC_SESSION_STATE_SERVER_VERSION,

  VNC_SESSION_STATE_CLIENT_VERSION,

  VNC_SESSION_STATE_SECURITY,

  VNC_SESSION_STATE_SECURITY_TYPES,

  VNC_SESSION_STATE_TIGHT_TUNNELING_CAPABILITIES,

  VNC_SESSION_STATE_TIGHT_TUNNEL_TYPE_REPLY,

  VNC_SESSION_STATE_TIGHT_AUTH_CAPABILITIES,

  VNC_SESSION_STATE_TIGHT_AUTH_TYPE_REPLY,

  VNC_SESSION_STATE_TIGHT_UNKNOWN_PACKET3,

  VNC_SESSION_STATE_VNC_AUTHENTICATION_CHALLENGE,

  VNC_SESSION_STATE_VNC_AUTHENTICATION_RESPONSE,

  VNC_SESSION_STATE_ARD_AUTHENTICATION_CHALLENGE,

  VNC_SESSION_STATE_ARD_AUTHENTICATION_RESPONSE,

  VNC_SESSION_STATE_SECURITY_RESULT,

  VNC_SESSION_STATE_VENCRYPT_SERVER_VERSION,

  VNC_SESSION_STATE_VENCRYPT_CLIENT_VERSION,

  VNC_SESSION_STATE_VENCRYPT_AUTH_CAPABILITIES,

  VNC_SESSION_STATE_VENCRYPT_AUTH_TYPE_REPLY,

  VNC_SESSION_STATE_VENCRYPT_AUTH_ACK,

  VNC_SESSION_STATE_CLIENT_INIT,

  VNC_SESSION_STATE_SERVER_INIT,

  VNC_SESSION_STATE_TIGHT_INTERACTION_CAPS,

  VNC_SESSION_STATE_NORMAL_TRAFFIC

} vnc_session_state_e;

#define VNC_FENCE_BLOCK_BEFORE   0x00000001

#define VNC_FENCE_BLOCK_AFTER    0x00000002

#define VNC_FENCE_SYNC_NEXT      0x00000004

#define VNC_FENCE_REQUEST        0x80000000

/* This structure will be tied to each conversation. */

typedef struct {

  double server_proto_ver, client_proto_ver;

  uint32_t server_port;

  /* These are specific to TightVNC */

  int num_server_message_types;

  int num_client_message_types;

  int num_encoding_types;

  uint8_t security_type_selected;

  bool tight_enabled;

  /* This is specific to Apple Remote Desktop */

  uint16_t ard_key_length;

  /* State information valid on first sequential pass;

   * stored in per-packet info for subsequent passes. */

  uint8_t bytes_per_pixel;

  uint8_t depth;

  vnc_session_state_e vnc_next_state;

  int preferred_encoding;

} vnc_conversation_t;

/* This structure will be tied to each packet */

typedef struct {

  vnc_session_state_e state;

  //int preferred_encoding; XXX: Not actually used?

  uint8_t bytes_per_pixel;

  uint8_t depth;

} vnc_packet_t;

void proto_reg_handoff_vnc(void);

static bool vnc_startup_messages(tvbuff_t *tvb, packet_info *pinfo,

             int offset, proto_tree *tree,

             vnc_conversation_t *per_conversation_info);

static void vnc_client_to_server(tvbuff_t *tvb, packet_info *pinfo,

         int *offset, proto_tree *tree,

         vnc_conversation_t *per_conversation_info);

static void vnc_server_to_client(tvbuff_t *tvb, packet_info *pinfo,

         int *offset, proto_tree *tree);

static void vnc_client_set_pixel_format(tvbuff_t *tvb, packet_info *pinfo,

          int *offset, proto_tree *tree,

          vnc_conversation_t *per_conversation_info);

static void vnc_client_set_encodings(tvbuff_t *tvb, packet_info *pinfo,

             int *offset, proto_tree *tree,

             vnc_conversation_t *per_conversation_info);

static void vnc_client_framebuffer_update_request(tvbuff_t *tvb,

              packet_info *pinfo,

              int *offset,

              proto_tree *tree);

static void vnc_client_key_event(tvbuff_t *tvb, packet_info *pinfo,

         int *offset, proto_tree *tree);

static void vnc_client_pointer_event(tvbuff_t *tvb, packet_info *pinfo,

             int *offset, proto_tree *tree);

static void vnc_client_cut_text(tvbuff_t *tvb, packet_info *pinfo, int *offset,

        proto_tree *tree);

static unsigned vnc_server_framebuffer_update(tvbuff_t *tvb, packet_info *pinfo,

             int *offset, proto_tree *tree);

static unsigned vnc_raw_encoding(tvbuff_t *tvb, packet_info *pinfo, int *offset,

            proto_tree *tree, const uint16_t width, const uint16_t height);

static unsigned vnc_copyrect_encoding(tvbuff_t *tvb, packet_info *pinfo,

           int *offset, proto_tree *tree,

           const uint16_t width, const uint16_t height);

static unsigned vnc_rre_encoding(tvbuff_t *tvb, packet_info *pinfo, int *offset,

            proto_tree *tree, const uint16_t width, const uint16_t height);

static unsigned vnc_hextile_encoding(tvbuff_t *tvb, packet_info *pinfo,

          int *offset, proto_tree *tree,

          const uint16_t width, const uint16_t height);

static unsigned vnc_zrle_encoding(tvbuff_t *tvb, packet_info *pinfo, int *offset,

             proto_tree *tree, const uint16_t width, const uint16_t height);

static unsigned vnc_tight_encoding(tvbuff_t *tvb, packet_info *pinfo, int *offset,

        proto_tree *tree, const uint16_t width, const uint16_t height);

static unsigned vnc_rich_cursor_encoding(tvbuff_t *tvb, packet_info *pinfo,

              int *offset, proto_tree *tree, const uint16_t width,

              const uint16_t height);

static unsigned vnc_x_cursor_encoding(tvbuff_t *tvb, packet_info *pinfo,

           int *offset, proto_tree *tree, const uint16_t width,

           const uint16_t height);

static unsigned vnc_server_set_colormap_entries(tvbuff_t *tvb, packet_info *pinfo,

               int *offset, proto_tree *tree);

static void vnc_server_ring_bell(tvbuff_t *tvb, packet_info *pinfo,

         int *offset, proto_tree *tree);

static unsigned vnc_server_cut_text(tvbuff_t *tvb, packet_info *pinfo,

         int *offset, proto_tree *tree);

static void vnc_set_bytes_per_pixel(packet_info *pinfo, vnc_conversation_t *per_conversation_info, const uint8_t bytes_per_pixel);

static void vnc_set_depth(packet_info *pinfo, vnc_conversation_t *per_conversation_info, const uint8_t depth);

static uint8_t vnc_get_bytes_per_pixel(packet_info *pinfo);

static uint8_t vnc_get_depth(packet_info *pinfo);

static uint32_t vnc_extended_desktop_size(tvbuff_t *tvb, int *offset, proto_tree *tree);

static unsigned vnc_supported_messages(tvbuff_t *tvb, int *offset,

            proto_tree *tree, const uint16_t width);

static unsigned vnc_supported_encodings(tvbuff_t *tvb, int *offset,

             proto_tree *tree, const uint16_t width,

             const uint16_t height);

static unsigned vnc_server_identity(tvbuff_t *tvb, int *offset,

         proto_tree *tree, const uint16_t width);

static unsigned vnc_fence(tvbuff_t *tvb, packet_info *pinfo, int *offset,

          proto_tree *tree);

static unsigned vnc_mirrorlink(tvbuff_t *tvb, packet_info *pinfo, int *offset,

          proto_tree *tree);

static unsigned vnc_context_information(tvbuff_t *tvb, int *offset,

             proto_tree *tree);

static unsigned vnc_slrle_encoding(tvbuff_t *tvb, packet_info *pinfo, int *offset,

        proto_tree *tree, const uint16_t height);

static unsigned vnc_h264_encoding(tvbuff_t *tvb, int *offset, proto_tree *tree);

#define VNC_BYTES_NEEDED(a)         \

  if((a) > (unsigned)tvb_reported_length_remaining(tvb, *offset)) \

    return (a);

/* Initialize the protocol and registered fields */

static int proto_vnc; /* Protocol subtree */

static int hf_vnc_padding;

static int hf_vnc_server_proto_ver;

static int hf_vnc_client_proto_ver;

static int hf_vnc_num_security_types;

static int hf_vnc_security_type;

static int hf_vnc_server_security_type;

static int hf_vnc_client_security_type;

static int hf_vnc_auth_challenge;

static int hf_vnc_auth_response;

static int hf_vnc_auth_result;

static int hf_vnc_auth_error;

static int hf_vnc_auth_error_length;

static int hf_vnc_ard_auth_generator;

static int hf_vnc_ard_auth_key_len;

static int hf_vnc_ard_auth_modulus;

static int hf_vnc_ard_auth_server_key;

static int hf_vnc_ard_auth_credentials;

static int hf_vnc_ard_auth_client_key;

static int hf_vnc_share_desktop_flag;

static int hf_vnc_width;

static int hf_vnc_height;

static int hf_vnc_server_bits_per_pixel;

static int hf_vnc_server_depth;

static int hf_vnc_server_big_endian_flag;

static int hf_vnc_server_true_color_flag;

static int hf_vnc_server_red_max;

static int hf_vnc_server_green_max;

static int hf_vnc_server_blue_max;

static int hf_vnc_server_red_shift;

static int hf_vnc_server_green_shift;

static int hf_vnc_server_blue_shift;

static int hf_vnc_desktop_name;

static int hf_vnc_desktop_name_len;

static int hf_vnc_desktop_screen_num;

static int hf_vnc_desktop_screen_id;

static int hf_vnc_desktop_screen_x;

static int hf_vnc_desktop_screen_y;

static int hf_vnc_desktop_screen_width;

static int hf_vnc_desktop_screen_height;

static int hf_vnc_desktop_screen_flags;

static int hf_vnc_num_server_message_types;

static int hf_vnc_num_client_message_types;

static int hf_vnc_num_encoding_types;

/********** Client Message Types **********/

static int hf_vnc_client_message_type; /* A subtree under VNC */

static int hf_vnc_client_bits_per_pixel;

static int hf_vnc_client_depth;

static int hf_vnc_client_big_endian_flag;

static int hf_vnc_client_true_color_flag;

static int hf_vnc_client_red_max;

static int hf_vnc_client_green_max;

static int hf_vnc_client_blue_max;

static int hf_vnc_client_red_shift;

static int hf_vnc_client_green_shift;

static int hf_vnc_client_blue_shift;

/* Client Key Event */

static int hf_vnc_key_down;

static int hf_vnc_key;

/* Client Pointer Event */

static int hf_vnc_button_1_pos;

static int hf_vnc_button_2_pos;

static int hf_vnc_button_3_pos;

static int hf_vnc_button_4_pos;

static int hf_vnc_button_5_pos;

static int hf_vnc_button_6_pos;

static int hf_vnc_button_7_pos;

static int hf_vnc_button_8_pos;

static int hf_vnc_pointer_x_pos;

static int hf_vnc_pointer_y_pos;

/* Client Framebuffer Update Request */

static int hf_vnc_update_req_incremental;

static int hf_vnc_update_req_x_pos;

static int hf_vnc_update_req_y_pos;

static int hf_vnc_update_req_width;

static int hf_vnc_update_req_height;

/* Client Set Encodings */

static int hf_vnc_encoding_num;

static int hf_vnc_client_set_encodings_encoding_type;

/* Client Cut Text */

static int hf_vnc_client_cut_text_len;

static int hf_vnc_client_cut_text;

/********** Server Message Types **********/

static int hf_vnc_server_message_type; /* Subtree */

/* Tunneling capabilities (TightVNC extension) */

static int hf_vnc_tight_num_tunnel_types;

static int hf_vnc_tight_tunnel_type_code;

static int hf_vnc_tight_tunnel_type_vendor;

static int hf_vnc_tight_tunnel_type_signature;

/* Authentication capabilities (TightVNC extension) */

static int hf_vnc_tight_num_auth_types;

static int hf_vnc_tight_auth_code;

/* TightVNC capabilities */

static int hf_vnc_tight_server_message_type;

static int hf_vnc_tight_server_vendor;

static int hf_vnc_tight_signature;

static int hf_vnc_tight_server_name;

static int hf_vnc_tight_client_message_type;

static int hf_vnc_tight_client_vendor;

static int hf_vnc_tight_client_name;

static int hf_vnc_tight_encoding_type;

static int hf_vnc_tight_encoding_vendor;

static int hf_vnc_tight_encoding_name;

/* VeNCrypt capabilities */

static int hf_vnc_vencrypt_server_major_ver;

static int hf_vnc_vencrypt_server_minor_ver;

static int hf_vnc_vencrypt_client_major_ver;

static int hf_vnc_vencrypt_client_minor_ver;

static int hf_vnc_vencrypt_version_ack;

static int hf_vnc_vencrypt_num_auth_types;

static int hf_vnc_vencrypt_auth_type;

static int hf_vnc_vencrypt_auth_type_ack;

/* Tight compression parameters */

static int hf_vnc_tight_reset_stream0;

static int hf_vnc_tight_reset_stream1;

static int hf_vnc_tight_reset_stream2;

static int hf_vnc_tight_reset_stream3;

static int hf_vnc_tight_rect_type;

static int hf_vnc_tight_image_len;

static int hf_vnc_tight_image_data;

static int hf_vnc_tight_fill_color;

static int hf_vnc_tight_filter_flag;

static int hf_vnc_tight_filter_id;

static int hf_vnc_tight_palette_num_colors;

static int hf_vnc_tight_palette_data;

/* Server Framebuffer Update */

static int hf_vnc_rectangle_num;

static int hf_vnc_fb_update_x_pos;

static int hf_vnc_fb_update_y_pos;

static int hf_vnc_fb_update_width;

static int hf_vnc_fb_update_height;

static int hf_vnc_fb_update_encoding_type;

/* Raw Encoding */

static int hf_vnc_raw_pixel_data;

/* CopyRect Encoding */

static int hf_vnc_copyrect_src_x_pos;

static int hf_vnc_copyrect_src_y_pos;

/* RRE Encoding */

static int hf_vnc_rre_num_subrects;

static int hf_vnc_rre_bg_pixel;

static int hf_vnc_rre_subrect_pixel;

static int hf_vnc_rre_subrect_x_pos;

static int hf_vnc_rre_subrect_y_pos;

static int hf_vnc_rre_subrect_width;

static int hf_vnc_rre_subrect_height;

/* Hextile Encoding */

static int hf_vnc_hextile_subencoding_mask;

static int hf_vnc_hextile_raw;

static int hf_vnc_hextile_raw_value;

static int hf_vnc_hextile_bg;

static int hf_vnc_hextile_bg_value;

static int hf_vnc_hextile_fg;

static int hf_vnc_hextile_fg_value;

static int hf_vnc_hextile_anysubrects;

static int hf_vnc_hextile_num_subrects;

static int hf_vnc_hextile_subrectscolored;

static int hf_vnc_hextile_subrect_pixel_value;

static int hf_vnc_hextile_subrect_x_pos;

static int hf_vnc_hextile_subrect_y_pos;

static int hf_vnc_hextile_subrect_width;

static int hf_vnc_hextile_subrect_height;

/* ZRLE Encoding */

static int hf_vnc_zrle_len;

static int hf_vnc_zrle_subencoding;

static int hf_vnc_zrle_rle;

static int hf_vnc_zrle_palette_size;

static int hf_vnc_zrle_data;

static int hf_vnc_zrle_raw;

static int hf_vnc_zrle_palette;

/* Cursor Encoding */

static int hf_vnc_cursor_x_fore_back;

static int hf_vnc_cursor_encoding_pixels;

static int hf_vnc_cursor_encoding_bitmask;

/* Server Set Colormap Entries */

static int hf_vnc_color_groups;

static int hf_vnc_colormap_first_color;

static int hf_vnc_colormap_num_colors;

static int hf_vnc_colormap_red;

static int hf_vnc_colormap_green;

static int hf_vnc_colormap_blue;

/* Server Cut Text */

static int hf_vnc_server_cut_text_len;

static int hf_vnc_server_cut_text;

/* LibVNCServer additions */

static int hf_vnc_supported_messages_client2server;

static int hf_vnc_supported_messages_server2client;

static int hf_vnc_num_supported_encodings;

static int hf_vnc_supported_encodings;

static int hf_vnc_server_identity;

/* MirrorLink */

static int hf_vnc_mirrorlink_type;

static int hf_vnc_mirrorlink_length;

static int hf_vnc_mirrorlink_version_major;

static int hf_vnc_mirrorlink_version_minor;

static int hf_vnc_mirrorlink_framebuffer_configuration;

static int hf_vnc_mirrorlink_pixel_width;

static int hf_vnc_mirrorlink_pixel_height;

static int hf_vnc_mirrorlink_pixel_format;

static int hf_vnc_mirrorlink_display_width;

static int hf_vnc_mirrorlink_display_height;

static int hf_vnc_mirrorlink_display_distance;

static int hf_vnc_mirrorlink_keyboard_language;

static int hf_vnc_mirrorlink_keyboard_country;

static int hf_vnc_mirrorlink_ui_language;

static int hf_vnc_mirrorlink_ui_country;

static int hf_vnc_mirrorlink_knob_keys;

static int hf_vnc_mirrorlink_device_keys;

static int hf_vnc_mirrorlink_multimedia_keys;

static int hf_vnc_mirrorlink_key_related;

static int hf_vnc_mirrorlink_pointer_related;

static int hf_vnc_mirrorlink_key_symbol_value_client;

static int hf_vnc_mirrorlink_key_symbol_value_server;

static int hf_vnc_mirrorlink_key_configuration;

static int hf_vnc_mirrorlink_key_num_events;

static int hf_vnc_mirrorlink_key_event_counter;

static int hf_vnc_mirrorlink_key_symbol_value;

static int hf_vnc_mirrorlink_key_request_configuration;

static int hf_vnc_mirrorlink_keyboard_configuration;

static int hf_vnc_mirrorlink_cursor_x;

static int hf_vnc_mirrorlink_cursor_y;

static int hf_vnc_mirrorlink_text_x;

static int hf_vnc_mirrorlink_text_y;

static int hf_vnc_mirrorlink_text_width;

static int hf_vnc_mirrorlink_text_height;

static int hf_vnc_mirrorlink_keyboard_request_configuration;

static int hf_vnc_mirrorlink_device_status;

static int hf_vnc_mirrorlink_app_id;

static int hf_vnc_mirrorlink_fb_block_x;

static int hf_vnc_mirrorlink_fb_block_y;

static int hf_vnc_mirrorlink_fb_block_width;

static int hf_vnc_mirrorlink_fb_block_height;

static int hf_vnc_mirrorlink_fb_block_reason;

static int hf_vnc_mirrorlink_audio_block_reason;

static int hf_vnc_mirrorlink_touch_num_events;

static int hf_vnc_mirrorlink_touch_x;

static int hf_vnc_mirrorlink_touch_y;

static int hf_vnc_mirrorlink_touch_id;

static int hf_vnc_mirrorlink_touch_pressure;

static int hf_vnc_mirrorlink_text;

static int hf_vnc_mirrorlink_text_length;

static int hf_vnc_mirrorlink_text_max_length;

static int hf_vnc_mirrorlink_unknown;

/* Fence */

static int hf_vnc_fence_flags;

static int hf_vnc_fence_request;

static int hf_vnc_fence_sync_next;

static int hf_vnc_fence_block_after;

static int hf_vnc_fence_block_before;

static int hf_vnc_fence_payload_length;

static int hf_vnc_fence_payload;

static int * const vnc_fence_flags[] = {

  &hf_vnc_fence_request,

  &hf_vnc_fence_sync_next,

  &hf_vnc_fence_block_after,

  &hf_vnc_fence_block_before,

  NULL

};

/* Context Information */

static int hf_vnc_context_information_app_id;

static int hf_vnc_context_information_app_category;

static int hf_vnc_context_information_app_trust_level;

static int hf_vnc_context_information_content_category;

static int hf_vnc_context_information_content_rules;

static int hf_vnc_context_information_content_trust_level;

/* Scan Line based Run-Length Encoding */

static int hf_vnc_slrle_run_num;

static int hf_vnc_slrle_run_data;

/* H.264 Encoding */

static int hf_vnc_h264_slice_type;

static int hf_vnc_h264_nbytes;

static int hf_vnc_h264_width;

static int hf_vnc_h264_height;

static int hf_vnc_h264_data;

/********** End of Server Message Types **********/

static bool vnc_preference_desegment = true;

/* Initialize the subtree pointers */

static int ett_vnc;

static int ett_vnc_client_message_type;

static int ett_vnc_server_message_type;

static int ett_vnc_rect;

static int ett_vnc_encoding_type;

static int ett_vnc_rre_subrect;

static int ett_vnc_hextile_subencoding_mask;

static int ett_vnc_hextile_num_subrects;

static int ett_vnc_hextile_subrect;

static int ett_vnc_hextile_tile;

static int ett_vnc_zrle_subencoding;

static int ett_vnc_colormap_num_groups;

static int ett_vnc_colormap_color_group;

static int ett_vnc_desktop_screen;

static int ett_vnc_key_events;

static int ett_vnc_touch_events;

static int ett_vnc_slrle_subline;

static int ett_vnc_fence_flags;

static expert_field ei_vnc_possible_gtk_vnc_bug;

static expert_field ei_vnc_auth_code_mismatch;

static expert_field ei_vnc_unknown_tight_vnc_auth;

static expert_field ei_vnc_too_many_rectangles;

static expert_field ei_vnc_too_many_sub_rectangles;

static expert_field ei_vnc_invalid_encoding;

static expert_field ei_vnc_too_many_colors;

static expert_field ei_vnc_too_many_cut_text;

static expert_field ei_vnc_zrle_failed;

static expert_field ei_vnc_unknown_tight;

static expert_field ei_vnc_reassemble;

#define VNC_PORT_RANGE "5500-5501,5900-5901"

/* Port 5900 is IANA registered (under the service name "Remote Framebuffer"),

 * the others are customary but not registered as mentioned in RFC 6143.

 * (5900+N is commonly used in the case of multiple servers, analogous to

 * X11.) */

static range_t *vnc_tcp_range;

static dissector_handle_t vnc_handle;

static dissector_handle_t tls_handle;

/* Code to dissect the packets */

static int

dissect_vnc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)

{

  bool ret;

  int      offset = 0;

  /* Set up structures needed to add the protocol subtree and manage it */

  proto_item     *ti;

  proto_tree     *vnc_tree;

  conversation_t     *conversation;

  vnc_conversation_t *per_conversation_info;

  conversation = find_or_create_conversation(pinfo);

  /* Retrieve information from conversation, or add it if it isn't

   * there yet */

  per_conversation_info = (vnc_conversation_t *)conversation_get_proto_data(conversation, proto_vnc);

  if(!per_conversation_info) {

    per_conversation_info = wmem_new(wmem_file_scope(), vnc_conversation_t);

    per_conversation_info->vnc_next_state = VNC_SESSION_STATE_SERVER_VERSION;

    per_conversation_info->security_type_selected = VNC_SECURITY_TYPE_INVALID;

    per_conversation_info->tight_enabled = false;

    per_conversation_info->preferred_encoding = VNC_ENCODING_TYPE_RAW;

    /* Initial values for depth and bytes_per_pixel are set in

     * in the mandatory VNC_SESSION_STATE_SERVER_INIT startup

     * message. "This pixel format will be used unless the

     * client requests a different format using the SetPixelFormat

     * message" (RFC 6143 7.3.2 ServerInit) */

    conversation_add_proto_data(conversation, proto_vnc, per_conversation_info);

  }

  /* Make entries in Protocol column and Info column on summary display */

  col_set_str(pinfo->cinfo, COL_PROTOCOL, "VNC");

  /* First, clear the info column */

  col_clear(pinfo->cinfo, COL_INFO);

  /* create display subtree for the protocol */

  ti = proto_tree_add_item(tree, proto_vnc, tvb, 0, -1, ENC_NA);

  vnc_tree = proto_item_add_subtree(ti, ett_vnc);

  /* Dissect any remaining session startup messages */

  ret = vnc_startup_messages(tvb, pinfo, offset, vnc_tree,

           per_conversation_info);

  if (ret) {

    return tvb_captured_length(tvb);  /* We're in a "startup" state; Cannot yet do "normal" processing */

  }

  if (per_conversation_info->security_type_selected == VNC_SECURITY_TYPE_VENCRYPT) {

    call_dissector_with_data(tls_handle, tvb, pinfo, vnc_tree, GUINT_TO_POINTER(offset));

    return tvb_captured_length(tvb);

  }

  if(value_is_in_range(vnc_tcp_range, pinfo->destport) || per_conversation_info->server_port == pinfo->destport) {

    vnc_client_to_server(tvb, pinfo, &offset, vnc_tree, per_conversation_info);

  }

  else {

    vnc_server_to_client(tvb, pinfo, &offset, vnc_tree);

  }

  return tvb_captured_length(tvb);

}

/* Returns the new offset after processing the 4-byte vendor string */

static int

process_vendor(proto_tree *tree, int hfindex, tvbuff_t *tvb, int offset)

{

  const uint8_t *vendor;

  proto_item *ti;

  if (tree) {

    ti = proto_tree_add_item_ret_string(tree, hfindex, tvb, offset, 4, ENC_ASCII|ENC_NA, wmem_packet_scope(), &vendor);

    if(g_ascii_strcasecmp(vendor, "STDV") == 0)

      proto_item_append_text(ti, " (Standard VNC vendor)");

    else if(g_ascii_strcasecmp(vendor, "TRDV") == 0)

      proto_item_append_text(ti, " (Tridia VNC vendor)");

    else if(g_ascii_strcasecmp(vendor, "TGHT") == 0)

      proto_item_append_text(ti, " (Tight VNC vendor)");

  }

  offset += 4;

  return offset;

}

/* Returns the new offset after processing the specified number of capabilities */

static int

process_tight_capabilities(proto_tree *tree,

         int type_index, int vendor_index, int name_index,

         tvbuff_t *tvb, int offset, const int num_capabilities)

{

  int i;

  /* See vnc_unixsrc/include/rfbproto.h:rfbCapabilityInfo */

  for (i = 0; i < num_capabilities; i++) {

    proto_tree_add_item(tree, type_index, tvb, offset, 4, ENC_BIG_ENDIAN);

    offset += 4;

    offset = process_vendor(tree, vendor_index, tvb, offset);

    proto_tree_add_item(tree, name_index, tvb, offset, 8, ENC_ASCII|ENC_NA);

    offset += 8;

  }

  return offset;

}

/* Returns true if this looks like a client or server version packet: 12 bytes, in the format "RFB xxx.yyy\n" .

* Will check for the 12 bytes exact length, the 'RFB ' string and that it ends with a '\n'.

* The exact 'xxx.yyy' is checked later, by trying to convert it to a double using g_ascii_strtod.

* pinfo and tree are NULL when using this function to check the heuristics for dissection.  If we're

* checking the heuristics, we don't need to add expert_info, we just reject that packet as not

* being a VNC packet.

*/

static bool

vnc_is_client_or_server_version_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)

{

  if(tvb_captured_length(tvb) != 12) {

    return false;

  }

  if(tvb_strncaseeql(tvb, 0, "RFB ", 4) != 0) {

    return false;

  }

  /* 0x2e = '.'   0xa = '\n' */

  if (tvb_get_uint8(tvb, 7) != 0x2e) {

    return false;

  }

  if (tvb_get_uint8(tvb,11) != 0xa) {

    if (tvb_get_uint8(tvb,11) == 0) {

      /* Per bug 5469,  It appears that any VNC clients using gtk-vnc before [1] was

      * fixed will exhibit the described protocol violation that prevents wireshark

      * from dissecting the session.

      *

      * [1] http://git.gnome.org/browse/gtk-vnc/commit/?id=bc9e2b19167686dd381a0508af1a5113675d08a2

      */

      if ((pinfo != NULL) && (tree != NULL)) {

        proto_tree_add_expert(tree, pinfo, &ei_vnc_possible_gtk_vnc_bug, tvb, -1, 0);

      }

      return true;

    }