2.2.9.1.2 Server Fast-Path Update PDU (TS_FP_UPDATE_PDU)

Fast-path revises server output packets from the first byte with the goal of improving bandwidth. The TPKT Header ([T123] section 8), X.224 Class 0 Data TPDU ([X224] section 13.7), and MCS Send Data Indication ([T125] section 11.33) are replaced; the Security Header (section 2.2.8.1.1.2) is collapsed into the fast-path output header; and the Share Data Header (section 2.2.8.1.1.1.2) is replaced by a new fast-path format. The contents of the graphics and pointer updates (sections 2.2.9.1.1.3 and 2.2.9.1.1.4) are also changed to reduce their size, particularly by removing or reducing headers. Support for fast-path output is advertised in the General Capability Set (section 2.2.7.1.1).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

fpOutputHeader

length1

length2 (optional)

fipsInformation (optional)

...

dataSignature (optional)

...

...

fpOutputUpdates (variable)

...

fpOutputHeader (1 byte): An 8-bit, unsigned integer. One-byte, bit-packed header. This byte coincides with the first byte of the TPKT Header ([T123] section 8). Two pieces of information are collapsed into this byte:

  • Security flags

  • Action code

The format of the fpOutputHeader byte is described by the following bitmask diagram.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

action

reserved

flags

action (2 bits): A 2-bit, unsigned integer that indicates whether the PDU is in fast-path or slow-path format.

Value (2 bits)

Meaning

FASTPATH_OUTPUT_ACTION_FASTPATH

0x0

Indicates that the PDU is a fast-path output PDU.

FASTPATH_OUTPUT_ACTION_X224

0x3

Indicates the presence of a TPKT Header ([T123] section 8) initial version byte which indicates that the PDU is a slow-path output PDU (in this case the full value of the initial byte MUST be 0x03).

reserved (4 bits): A 4-bit, unsigned integer that is unused and reserved for future use. This field MUST be set to zero.

flags (2 bits): A 2-bit, unsigned integer that contains flags describing the cryptographic parameters of the PDU.

Flag (2 bits)

Meaning

FASTPATH_OUTPUT_SECURE_CHECKSUM

0x1

Indicates that the MAC signature for the PDU was generated using the "salted MAC generation" technique (section 5.3.6.1.1). If this bit is not set, then the standard technique was used (sections 2.2.8.1.1.2.2 and 2.2.8.1.1.2.3).

FASTPATH_OUTPUT_ENCRYPTED

0x2

Indicates that the PDU contains an 8-byte MAC signature after the optional length2 field (that is, the dataSignature field is present), and the contents of the PDU are encrypted using the negotiated encryption package (sections 5.3.2 and 5.3.6).

length1 (1 byte): An 8-bit, unsigned integer. If the most significant bit of the length1 field is not set, then the size of the PDU is in the range 1 to 127 bytes and the length1 field contains the overall PDU length (the length2 field is not present in this case). However, if the most significant bit of the length1 field is set, then the overall PDU length is given by the low 7 bits of the length1 field concatenated with the 8 bits of the length2 field, in big-endian order (the length2 field contains the low-order bits). The overall PDU length SHOULD be less than or equal to 16,383 bytes.

length2 (1 byte): An 8-bit, unsigned integer. If the most significant bit of the length1 field is not set, then the length2 field is not present. If the most significant bit of the length1 field is set, then the overall PDU length is given by the low 7 bits of the length1 field concatenated with the 8 bits of the length2 field, in big-endian order (the length2 field contains the low-order bits). The overall PDU length SHOULD be less than or equal to 16,383 bytes.

fipsInformation (4 bytes): Optional FIPS header information, present when the Encryption Method selected by the server (sections 5.3.2 and 2.2.1.4.3) is ENCRYPTION_METHOD_FIPS (0x00000010). The Fast-Path FIPS Information structure is specified in section 2.2.8.1.2.1.

dataSignature (8 bytes): MAC generated over the packet using one of the techniques specified in section 5.3.6 (the FASTPATH_OUTPUT_SECURE_CHECKSUM flag, which is set in the fpOutputHeader field, describes the method used to generate the signature). This field MUST be present if the FASTPATH_OUTPUT_ENCRYPTED flag is set in the fpOutputHeader field.

fpOutputUpdates (variable): An array of Fast-Path Update (section 2.2.9.1.2.1) structures to be processed by the client.

Show: