From: Juliana Fajardini Date: Tue, 31 Aug 2021 10:04:53 +0000 (+0100) Subject: devguide/transactions: update & refine diagrams X-Git-Tag: suricata-7.0.0-beta1~1331 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6c5dfacc7496d685afe3a441de79b2e9f92350f;p=thirdparty%2Fsuricata.git devguide/transactions: update & refine diagrams - DNS sequence diagram was incorrect (transactions should be unidirectional). After changing it, it made sense to rename the file. Adjusted spacing, too. Updated transactions.rst accordingly. - TLS sequence diagram was refined to illustrate how Suricata actually implements the protocol. --- diff --git a/doc/devguide/extending/app-layer/img/DnsRequestUnidirectionalTransaction.msc b/doc/devguide/extending/app-layer/img/DnsUnidirectionalTransactions.msc similarity index 75% rename from doc/devguide/extending/app-layer/img/DnsRequestUnidirectionalTransaction.msc rename to doc/devguide/extending/app-layer/img/DnsUnidirectionalTransactions.msc index 6f978ef267..f5bd588f68 100644 --- a/doc/devguide/extending/app-layer/img/DnsRequestUnidirectionalTransaction.msc +++ b/doc/devguide/extending/app-layer/img/DnsUnidirectionalTransactions.msc @@ -9,7 +9,8 @@ msc { # Message Flow a =>> b [ label = "DNS Request" ]; - b =>> a [ label = "DNS Response" ]; + --- [ label = "Transaction 1 Completed" ]; |||; - --- [ label = "Transaction Completed" ]; + b =>> a [ label = "DNS Response" ]; + --- [ label = "Transaction 2 Completed" ]; } diff --git a/doc/devguide/extending/app-layer/img/TlsHandshake.msc b/doc/devguide/extending/app-layer/img/TlsHandshake.msc index 7f13bc93db..e21ee9be6b 100644 --- a/doc/devguide/extending/app-layer/img/TlsHandshake.msc +++ b/doc/devguide/extending/app-layer/img/TlsHandshake.msc @@ -5,17 +5,27 @@ msc { arcgradient = "10"; # Entities - a [ label = "Client" ], b [ label = "Server"]; + a [ label = "Client" ], b [ label = "Server" ]; # Message Flow - a =>> b [ label = "ClientHello"]; - b =>> a [ label = "ServerHello"]; - b =>> a [ label = "ServerCertificate"]; - b =>> a [ label = "ServerHello Done"]; - a =>> b [ label = "ClientCertificate"]; - a =>> b [ label = "ClientKeyExchange"]; + # TLS_STATE_IN_PROGRESS = 0, + a abox b [ label = "TLS_STATE_IN_PROGRESS" ]; + a =>> b [ label = "ClientHello" ]; + b =>> a [ label = "ServerHello" ]; + b =>> a [ label = "ServerCertificate" ]; + b =>> a [ label = "ServerHello Done" ]; + + a =>> b [ label = "ClientCertificate" ]; + # TLS_STATE_CERT_READY = 1, + a abox b [ label = "TLS_STATE_CERT_READY" ]; + a =>> b [ label = "ClientKeyExchange" ]; + a =>> b [ label = "Finished" ]; b =>> a [ label = "Finished" ]; - + # TLS_HANDSHAKE_DONE = 2, + a abox b [ label = "TLS_HANDSHAKE_DONE" ]; + ...; + # TLS_STATE_FINISHED = 3 + a abox b [ label = "TLS_STATE_FINISHED" ]; --- [ label = "Transaction Completed" ]; } diff --git a/doc/devguide/extending/app-layer/transactions.rst b/doc/devguide/extending/app-layer/transactions.rst index e30cb965ad..6d823a163b 100644 --- a/doc/devguide/extending/app-layer/transactions.rst +++ b/doc/devguide/extending/app-layer/transactions.rst @@ -216,7 +216,7 @@ Sequence Diagrams A DNS transaction in Suricata can be considered unidirectional: -.. image:: img/DnsRequestUnidirectionalTransaction.png +.. image:: img/DnsUnidirectionalTransactions.png :width: 600 :alt: A sequence diagram with two entities, Client and Server, with an arrow going from the Client to the Server, labeled "DNS Request". After that, there is a dotted line labeled "Transaction Completed".