From d61534d7d6b10dd22355b3b5c16a678d6bd07153 Mon Sep 17 00:00:00 2001
From: "Tomoya.Fujita" <Tomoya.Fujita@sony.com>
Date: Wed, 24 May 2023 09:57:21 -0700
Subject: [PATCH 1/4] Fast-DDS uses SHM transport by default, so network
 traffic cannot be monitored with tcpdump.

Signed-off-by: Tomoya.Fujita <Tomoya.Fujita@sony.com>
---
 source/Tutorials/Advanced/Security/Examine-Traffic.rst | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/source/Tutorials/Advanced/Security/Examine-Traffic.rst b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
index 23653de57d..0cbc2b6f1f 100644
--- a/source/Tutorials/Advanced/Security/Examine-Traffic.rst
+++ b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
@@ -25,6 +25,11 @@ ROS 2 communications security is all about protecting communications between nod
 Prior tutorials enabled security, but how can you **really** tell if traffic is being encrypted?
 In this tutorial we'll take a look at capturing live network traffic to show the difference between encrypted and unencrypted traffic.
 
+.. note::
+
+  Please go through this tutorial to use different host system for talker and listener with ``rmw_fastrtps_cpp``.
+  ``rmw_fastrtps_cpp`` uses `Shared Memory Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/shared_memory/shared_memory.html>`_ by default to improve the performance in the transport layer when the endpoints are in the same host system.
+  Security enclaves still can be applied, effective and data will be encrypted, but we cannot capture live network traffic since the data will not be on the network interface.
 
 Run the demo
 ------------
@@ -50,6 +55,9 @@ The security environment variables are not set so security is not enabled for th
 
 .. code-block:: bash
 
+  # Disable ROS Security for both terminals
+  export ROS_SECURITY_ENABLE=false
+
   # In terminal 1:
   ros2 run demo_nodes_cpp talker --ros-args --enclave /talker_listener/talker
 
@@ -198,7 +206,7 @@ A typical data packet looks like the following::
     0x0150:  42ae f04d 0559 84c5 7116 1c51 91ba 3799  B..M.Y..q..Q..7.
     0x0160:  0000 0000                                ....
 
-The data in this RTPS packet is all encrpyted.
+The data in this RTPS packet is all encrypted.
 
 In addition to this data packet, you should see additional packets with node and enclave names; these support other ROS features such as parameters and services.
 Encryption options for these packets can also be controlled by security policy.

From 35d516001d109235c129286bb295a9a397e76f35 Mon Sep 17 00:00:00 2001
From: "Tomoya.Fujita" <Tomoya.Fujita@sony.com>
Date: Thu, 25 May 2023 09:35:34 -0700
Subject: [PATCH 2/4] unset ROS_SECURITY_ENABLE instead of setting `false`.

Signed-off-by: Tomoya.Fujita <Tomoya.Fujita@sony.com>
---
 source/Tutorials/Advanced/Security/Examine-Traffic.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/Tutorials/Advanced/Security/Examine-Traffic.rst b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
index 0cbc2b6f1f..d22af155be 100644
--- a/source/Tutorials/Advanced/Security/Examine-Traffic.rst
+++ b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
@@ -56,7 +56,7 @@ The security environment variables are not set so security is not enabled for th
 .. code-block:: bash
 
   # Disable ROS Security for both terminals
-  export ROS_SECURITY_ENABLE=false
+  unset ROS_SECURITY_ENABLE
 
   # In terminal 1:
   ros2 run demo_nodes_cpp talker --ros-args --enclave /talker_listener/talker

From 2eb2e66ec9242105424a48d33707c4c207435871 Mon Sep 17 00:00:00 2001
From: "Tomoya.Fujita" <Tomoya.Fujita@sony.com>
Date: Thu, 1 Jun 2023 12:12:51 -0700
Subject: [PATCH 3/4] update description from review.

Signed-off-by: Tomoya.Fujita <Tomoya.Fujita@sony.com>
---
 source/Tutorials/Advanced/Security/Examine-Traffic.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source/Tutorials/Advanced/Security/Examine-Traffic.rst b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
index d22af155be..20bd9f1e74 100644
--- a/source/Tutorials/Advanced/Security/Examine-Traffic.rst
+++ b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
@@ -27,9 +27,10 @@ In this tutorial we'll take a look at capturing live network traffic to show the
 
 .. note::
 
-  Please go through this tutorial to use different host system for talker and listener with ``rmw_fastrtps_cpp``.
   ``rmw_fastrtps_cpp`` uses `Shared Memory Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/shared_memory/shared_memory.html>`_ by default to improve the performance in the transport layer when the endpoints are in the same host system.
-  Security enclaves still can be applied, effective and data will be encrypted, but we cannot capture live network traffic since the data will not be on the network interface.
+  Because of this improvement, we cannot capture live network traffic since the data will not be on the network interface.
+  In case of  ``rmw_fastrtps_cpp``, we need to do either going through this tutorial to use different host system or disabling shared memory transport with `Enabling UDP Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/udp/udp.html#enabling-udp-transport>`_ and `How to set Fast-DDS XML configuration <https://github.com/ros2/rmw_fastrtps#full-qos-configuration>`_.
+  Security enclaves still can be applied, effective and data will be encrypted.
 
 Run the demo
 ------------

From 0e272d3a59749df51121a69488bddf776d464e74 Mon Sep 17 00:00:00 2001
From: "Tomoya.Fujita" <Tomoya.Fujita@sony.com>
Date: Mon, 5 Jun 2023 10:35:22 -0700
Subject: [PATCH 4/4] update note description.

Signed-off-by: Tomoya.Fujita <Tomoya.Fujita@sony.com>
---
 source/Tutorials/Advanced/Security/Examine-Traffic.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/Tutorials/Advanced/Security/Examine-Traffic.rst b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
index 20bd9f1e74..d9e666cb0f 100644
--- a/source/Tutorials/Advanced/Security/Examine-Traffic.rst
+++ b/source/Tutorials/Advanced/Security/Examine-Traffic.rst
@@ -28,9 +28,9 @@ In this tutorial we'll take a look at capturing live network traffic to show the
 .. note::
 
   ``rmw_fastrtps_cpp`` uses `Shared Memory Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/shared_memory/shared_memory.html>`_ by default to improve the performance in the transport layer when the endpoints are in the same host system.
-  Because of this improvement, we cannot capture live network traffic since the data will not be on the network interface.
-  In case of  ``rmw_fastrtps_cpp``, we need to do either going through this tutorial to use different host system or disabling shared memory transport with `Enabling UDP Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/udp/udp.html#enabling-udp-transport>`_ and `How to set Fast-DDS XML configuration <https://github.com/ros2/rmw_fastrtps#full-qos-configuration>`_.
-  Security enclaves still can be applied, effective and data will be encrypted.
+  Security enclaves are still applied, and data will be encrypted.
+  However, you cannot capture live network traffic since the data will not be on the network interface.
+  If you are using  ``rmw_fastrtps_cpp``, you need to either go through this tutorial and use a different host system between the publisher and subscriber, or disable shared memory transport with `Enabling UDP Transport <https://fast-dds.docs.eprosima.com/en/latest/fastdds/transport/udp/udp.html#enabling-udp-transport>`_ and `How to set Fast-DDS XML configuration <https://github.com/ros2/rmw_fastrtps#full-qos-configuration>`_.
 
 Run the demo
 ------------