3.1.5.2.2 Processing of Virtual Channel PDU

  • Article

The Virtual Channel PDU is received by both the client and the server. Its structure and fields are specified in section 2.2.6.1.

If Enhanced RDP Security (section 5.4) is in effect, the External Security Protocol (section 5.4.5) being used to secure the connection MUST be used to decrypt and verify the integrity of the entire PDU prior to any processing taking place.

The embedded length fields within the tpktHeader ([T123] section 8) and mcsPdu ([T125] section 7, parts 7 and 10) fields MUST be examined for consistency with the received data. If there is any discrepancy, the connection SHOULD be dropped.

The mcsPdu field encapsulates either an MCS Send Data Request PDU (if the PDU is being sent from client to server) or an MCS Send Data Indication PDU (if the PDU is being sent from server to client). In both of these cases, the embedded channelId field MUST contain the server-assigned virtual channel ID. This ID MUST be used to route the data in the virtualChannelData field to the appropriate virtual channel endpoint after decryption of the PDU and any necessary decompression of the payload has been conducted.

The conditions mandating the presence of the securityHeader field, as well as the type of Security Header structure present in this field, are explained in section 2.2.6.1. If the securityHeader field is present, the embedded flags field MUST be examined for the presence of the SEC_ENCRYPT (0x0008) flag (section 2.2.8.1.1.2.1), and, if it is present, the data following the securityHeader field MUST be verified and decrypted using the methods and techniques specified in section 5.3.6. If the MAC signature is incorrect, or the data cannot be decrypted correctly, the connection SHOULD be dropped.

If the data in the virtualChannelData field is compressed, then the data MUST be decompressed using the techniques detailed in section 3.1.8.3 (the Virtual Channel PDU compression flags are specified in section 2.2.6.1.1).

If the embedded flags field of the channelPduHeader field (the Channel PDU Header structure is specified in section 2.2.6.1.1) does not contain the CHANNEL_FLAG_FIRST (0x00000001) flag or CHANNEL_FLAG_LAST (0x00000002) flag, and the data is not part of a chunked sequence (that is, a start chunk has not been received), then the data in the virtualChannelData field can be dispatched to the appropriate virtual channel endpoint (no reassembly is required by the endpoint). If the CHANNEL_FLAG_SHOW_PROTOCOL (0x00000010) flag is specified in the Channel PDU Header, then the channelPduHeader field MUST also be dispatched to the virtual channel endpoint.

If the virtual channel data is part of a sequence of chunks, then the instructions in section 3.1.5.2.2.1 MUST be followed to reassemble the stream.