[Spice-devel] Graceful failure when VNC client connects to SPICE server ?

Daniel P. Berrange berrange at redhat.com
Wed Jan 25 15:17:18 UTC 2017 

When used with QEMU at least, both SPICE and VNC live in the same port
range (5900+). It is thus not entirely uncommon for a user to mistakenly
connect to a SPICE server with a VNC client, or vica-verca.

When connecting to VNC server with a SPICE client, you quickly get an
error. This is because the VNC server sends its short greeting and then
sees the RedLinkMess from the SPICE client, realizes its garbage and
drops the connection.

When connecting to a SPICE server with a VNC client though, you get an
indefinite hang. The VNC client is waiting for the VNC greeting, which
the SPICE server will never send. The SPICE server is waiting for the
RedLinkMess which the VNC client will never send.

Since VNC is a server sends first protocol and SPICE is a client sends
first protocol, it would seem this problem is impossible to fix, but
I think it is possible to tweak things so it can be more gracefully
handled.

In VNC the protocol starts with the follow data sent:

 Server: "RFB 003.008\n"
 Client: "RFB 003.008\n"

What I'm thinking is that we could easily change the VNC client so that
it will send some bytes first. eg

 Client: "RFB "
 Server: "RFB 003.008\n"
 Client: "003.008\n"

>From the VNC server POV, it'll still be receiving the same 12 bytes from
the client - it just happens that 4 of them might arrive a tiny bit
earlier than the other 8 of them. IOW nothing should break in the VNC
server from this change.

I tried this, but we still get a hang in the SPICE server. The problem
is that the SPICE server code is waiting for the full RedLinkMess
message to be received before checking its content.

Can we change the SPICE server so that it reads the 'uint32 magic' first,
validates that, and then reads the remainder of RedLinkMess ?

This would solve the problem, as the SPICE server would see 'RFB ' as the
magic, realize it was garbage and so close the connection. The VNC client
which is waiting for the VNC greeting will thus terminate rather than hanging
forever.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

More information about the Spice-devel mailing list