Google Git
Sign in
apache / trafficserver / 37061d84eb7951da0c6a54e594fa61929f9deba1 / . / doc / uml / TLS-Bridge-Messages.uml
blob: f4ca445a719f6b8e11ed14a8c632ca476c894e1f [file] [log] [blame]
' Licensed under the Apache License, Version 2.0 (the "License");
' you may not use this file except in compliance with the License.
' You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
' Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
' on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
' See the License for the specific language governing permissions and limitations under the License.
@startuml
scale max 720 width
actor Client
box "Ingress ATS" #DDFFDD
entity "Client\nNetVConn" as uanet
participant "Ingress\nATS" as ingress
entity "Client\nVConn" as uavc
entity "TLS Bridge" as plugin
entity "Peer\nVConn" as peervc
end box
box "Peer ATS" #DDDDFF
participant "Peer\nATS" as peer
end box
participant Service
Client <-[#green]> ingress : <font color="green">//TCP//</font> Handshake
activate uanet
Client -[#blue]-> uanet : <font color="blue">""CONNECT"" Service</font>
uanet -> ingress : //Parse request//
ingress -[#black]> plugin : ""READ_REQUEST_HDR_HOOK""
plugin -> ingress : //TSHttpTxnIntercept()//
ingress -> uavc : //Create//
activate uavc
uanet -[#blue]-> ingress : <font color="blue">""CONNECT"" Service</font>
ingress -[#blue]-> uavc : <font color="blue">""CONNECT"" Service</font>
ingress -[#black]> plugin : ""TS_EVENT_NET_ACCEPT""
note right : Client VConn is passed in event data.
plugin -\ ingress : //TSHttpConnect()//
ingress -> peervc : //create//
activate peervc
ingress -/ plugin : //return Peer VConn//
plugin -[#blue]-> peervc : <font color="blue">""CONNECT"" Peer</font>
peervc -> ingress : //parse request//
ingress <-[#green]> peer : <font color="green">//TCP//</font> Handshake
ingress <-[#green]> peer : <font color="green">//TLS//</font> Handshake
ingress -[#blue]-> peervc : <font color="blue">""200 OK""</font>
peervc -[#blue]-> plugin : <font color="blue">""200 OK""</font>
note left
This signals a raw TLS connection
to the Peer ATS. The response is
parsed and consumed by Plugin.
end note
note over plugin : Plugin switches to byte forwarding.
uavc -[#blue]-> plugin : <font color="blue">""CONNECT"" Service</font>
note left: Original Client Request.
plugin -[#blue]-> peervc : <font color="blue">""CONNECT"" Service</font>
peervc -[#blue]-> peer : <font color="blue">""CONNECT"" Service</font>
peer <-[#green]> Service : <font color="green">//TCP//</font> Handshake
peer <-[#green]> Service : <font color="green">//TLS//</font> Handshake
note left : Optional, based on 'Service'
peer -[#blue]-> peervc : <font color="blue">""200 OK""</font>
peervc -[#blue]-> plugin : <font color="blue">""200 OK""</font>
plugin -[#blue]-> uavc : <font color="blue">""200 OK""</font>
uavc -[#blue]-> ingress : <font color="blue">""200 OK""</font>
note left
ATS updates the incoming response based on
local configuration. This means what goes out
to the Client may be different than what the
plugin wrote (forwarded from Peer ATS).
end note
ingress -[#black]> plugin : ""SEND_RESPONSE_HDR_HOOK""
note right : Plugin cleans up response here.
ingress -[#blue]-> uanet : <font color="blue">""200 OK""</font>
uanet -[#blue]-> Client : <font color="blue">""200 OK""</font>
Client <-[#green]> Service : //TCP/TLS Connect//
@enduml