3.3.5.1 Constructing a Server-to-Client Slow-Path PDU

The majority of server-to-client slow-path PDUs have the same basic structure (sections 5.3.7.2 and 5.4.4):

  • tpktHeader: TPKT Header ([T123] section 8)

  • x224Data: X.224 Class 0 Data TPDU ([X224] section 13.7)

    • mcsSDin: MCS Send Data Indication PDU ([T125] section 7, Part 7)

      • securityHeader: Optional Security Header (section 2.2.9.1.1.2)

      • shareDataHeader: Share Data Header (section 2.2.8.1.1.1.2)

      • PDU Contents (see the section describing the PDU structure and fields in section 2.2)

The tpktHeader field is initialized as specified in [T123] section 8, while the x224Data field is initialized as specified in [X224] section 13.7.

The mcsSDin field is initialized as specified in [T125] section 11.33. The embedded initiator field MUST be set to the MCS server channel ID held in the Server Channel ID store (section 3.3.1.5) and the embedded channelId field MUST be set to the MCS I/O channel ID held in the I/O Channel ID store (section 3.2.1.3). The embedded userData field contains the remaining fields of the PDU.

If Enhanced RDP Security (section 5.4) is in effect, the External Security Protocol (section 5.4.5) MUST be used to encrypt the entire PDU and generate a verification digest before the PDU is transmitted over the wire. Also, in this scenario, the securityHeader field MUST NOT be present.

If Standard RDP Security mechanisms (section 5.3) are in effect, the PDU data following the optional securityHeader field is encrypted and signed (using the methods and techniques specified in section 5.3.6) based on the values of the Encryption Level and Encryption Method selected by the server as part of the negotiation specified in section 5.3.2. The format of the securityHeader field is selected as specified in the section describing the PDU structure and fields in section 2.2, and the fields populated with the appropriate security data. If the data is to be encrypted, the embedded flags field of the securityHeader field MUST contain the SEC_ENCRYPT (0x0008) flag.

The shareDataHeader field contains a Share Data Header structure as described in section 2.2.8.1.1.1.2. The pduSource field of the embedded Share Control Header (section 2.2.8.1.1.1.1) MUST be set to the MCS server channel ID held in the Server Channel ID store (section 3.3.1.5). If the contents of the PDU are to be compressed (this MUST be done before any MAC signature is constructed and encryption methods applied), the embedded compressedType field of the shareDataHeader MUST be initialized as specified in section 2.2.8.1.1.1.2. The remaining Share Data Header and Share Control Header fields MUST be populated as specified in sections 2.2.8.1.1.1.1, 2.2.8.1.1.1.2, and the section describing the PDU structure and fields in section 2.2.

Any remaining fields are populated as specified in the section describing the PDU structure and fields in section 2.2.