2.2.9.1.2 Server Fast-Path Update PDU (TS_FP_UPDATE_PDU)
Fast-path revises server output packets from the first byte with the goal of improving bandwidth. The TPKT Header ([T123] section 8), X.224 Class 0 Data TPDU ([X224] section 13.7), and MCS Send Data Indication ([T125] section 11.33) are replaced; the Security Header (section 2.2.8.1.1.2) is collapsed into the fast-path output header; and the Share Data Header (section 2.2.8.1.1.1.2) is replaced by a new fast-path format. The contents of the graphics and pointer updates (sections 2.2.9.1.1.3 and 2.2.9.1.1.4) are also changed to reduce their size, particularly by removing or reducing headers. Support for fast-path output is advertised in the General Capability Set (section 2.2.7.1.1).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
fpOutputHeader |
length1 |
length2 (optional) |
fipsInformation (optional) |
||||||||||||||||||||||||||||
|
... |
dataSignature (optional) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
fpOutputUpdates (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
fpOutputHeader (1 byte): An 8-bit, unsigned integer. One-byte, bit-packed header. This byte coincides with the first byte of the TPKT Header ([T123] section 8). Two pieces of information are collapsed into this byte:
Security flags
Action code
-
The format of the fpOutputHeader byte is described by the following bitmask diagram.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1action
reserved
flags
-
action (2 bits): A 2-bit, unsigned integer that indicates whether the PDU is in fast-path or slow-path format.
-
Value (2 bits)
Meaning
FASTPATH_OUTPUT_ACTION_FASTPATH
0x0
Indicates that the PDU is a fast-path output PDU.
FASTPATH_OUTPUT_ACTION_X224
0x3
Indicates the presence of a TPKT Header ([T123] section 8) initial version byte which indicates that the PDU is a slow-path output PDU (in this case the full value of the initial byte MUST be 0x03).
-
-
reserved (4 bits): A 4-bit, unsigned integer that is unused and reserved for future use. This field MUST be set to zero.
-
flags (2 bits): A 2-bit, unsigned integer that contains flags describing the cryptographic parameters of the PDU.
-
Flag (2 bits)
Meaning
FASTPATH_OUTPUT_SECURE_CHECKSUM
0x1
Indicates that the MAC signature for the PDU was generated using the "salted MAC generation" technique (section 5.3.6.1.1). If this bit is not set, then the standard technique was used (sections 2.2.8.1.1.2.2 and 2.2.8.1.1.2.3).
FASTPATH_OUTPUT_ENCRYPTED
0x2
Indicates that the PDU contains an 8-byte MAC signature after the optional length2 field (that is, the dataSignature field is present), and the contents of the PDU are encrypted using the negotiated encryption package (sections 5.3.2 and 5.3.6).
-
length1 (1 byte): An 8-bit, unsigned integer. If the most significant bit of the length1 field is not set, then the size of the PDU is in the range 1 to 127 bytes and the length1 field contains the overall PDU length (the length2 field is not present in this case). However, if the most significant bit of the length1 field is set, then the overall PDU length is given by the low 7 bits of the length1 field concatenated with the 8 bits of the length2 field, in big-endian order (the length2 field contains the low-order bits). The overall PDU length SHOULD be less than or equal to 16,383 bytes.
length2 (1 byte): An 8-bit, unsigned integer. If the most significant bit of the length1 field is not set, then the length2 field is not present. If the most significant bit of the length1 field is set, then the overall PDU length is given by the low 7 bits of the length1 field concatenated with the 8 bits of the length2 field, in big-endian order (the length2 field contains the low-order bits). The overall PDU length SHOULD be less than or equal to 16,383 bytes.
fipsInformation (4 bytes): An optional Fast-Path FIPS Information (section 2.2.8.1.2.1) structure, present when the Encryption Method selected by the server (sections 5.3.2 and 2.2.1.4.3) is ENCRYPTION_METHOD_FIPS (0x00000010).
dataSignature (8 bytes): MAC generated over the packet using one of the techniques specified in section 5.3.6 (the FASTPATH_OUTPUT_SECURE_CHECKSUM flag, which is set in the fpOutputHeader field, describes the method used to generate the signature). This field MUST be present if the FASTPATH_OUTPUT_ENCRYPTED flag is set in the fpOutputHeader field.
fpOutputUpdates (variable): An array of Fast-Path Update (section 2.2.9.1.2.1) structures to be processed by the client.