Endpoint Compliance via PT-TLS Protocol » History » Version 14
« Previous -
Version 14/21
(diff) -
Next » -
Current version
Andreas Steffen, 01.09.2013 16:10
Endpoint Compliance via PT-TLS Protocol¶
- Table of contents
- Endpoint Compliance via PT-TLS Protocol
- Starting the strongSwan Policy Decision Point (PDP)
- PT-TLS Connection by Access Requestor "carol"
- TLS Connection Setup
- PT-TLS Negotiation
- SASL Password-based Client Authentication
- PT-TLS Transport Phase
- IF-IMV 1.4 AR Identity
- Operating System Information
- Device Identity
- Policy Manager generating Workitem List
- Sending SWID Request
- Receiving SWID Tag Identifier Inventory
- Human-Readable SWID Tag Identifiers
- Policy Manager integrating Measurement Results
- Closing PT-TLS Connection
- PT-TLS Connection by Access Requestor "dave"
- TLS Connection Setup
- PT-TLS Negotiation
- TLS Certificate-based Client Authentication
- PT-TLS Transport Phase
- IF-IMV 1.4 AR Identity
- Operating System Information
- Device Identity
- Policy Manager generating Workitem List
- Sending SWID Request
- Receiving SWID Tag Inventory
- Human-Readable SWID Tags
- Policy Manager integrating Measurement Results
- Closing PT-TLS Connection
- Terminating the strongSwan Policy Decision Point
Starting the strongSwan Policy Decision Point (PDP)¶
The strongSwan PDP starts and loads its server certificate and the client credentials
00[DMN] Starting IKE charon daemon (strongSwan 5.1.1dr2, Linux 3.10.9, x86_64) 00[LIB] openssl FIPS mode(0) - disabled 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 00[CFG] loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem' 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 00[CFG] loading crls from '/etc/ipsec.d/crls' 00[CFG] loading secrets from '/etc/ipsec.secrets' 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/aaaKey.pem' 00[CFG] loaded EAP secret for carol 00[CFG] loaded EAP secret for dave
Next the OS and SWID IMVs are loaded
00[TNC] TNC recommendation policy is 'default' 00[TNC] loading IMVs from '/etc/tnc_config' 00[TNC] added IETF attributes 00[TNC] added ITA-HSR attributes 00[LIB] libimcv initialized 00[IMV] IMV 1 "OS" initialized 00[TNC] IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 00[TNC] IMV 1 "OS" loaded from '/usr/local/lib/ipsec/imcvs/imv-os.so' 00[IMV] IMV 2 "SWID" initialized 00[TNC] added TCG attributes 00[LIB] libpts initialized 00[TNC] IMV 2 supports 1 message type: 'TCG/SWID' 0x005597/0x00000003 00[TNC] IMV 2 "SWID" loaded from '/usr/local/lib/ipsec/imcvs/imv-swid.so'
The PDP loads all plugins needed to communicate via its EAP-RADIUS and PT-TLS interfaces and spawns 16 worker threads
00[IKE] eap method EAP_TTLS selected 00[LIB] loaded plugins: charon curl pem pkcs1 nonce x509 revocation constraints openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite 00[JOB] spawning 16 worker threads 10[CFG] received stroke: add connection 'aaa' 10[CFG] left nor right host is our side, assuming left=local 10[CFG] loaded certificate "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" from 'aaaCert.pem' 10[CFG] added configuration 'aaa'
PT-TLS Connection by Access Requestor "carol"¶
05[TNC] accepting PT-TLS stream from 192.168.0.100
TLS Connection Setup¶
04[TNC] entering PT-TLS negotiation phase 04[TLS] processing TLS Handshake record (176 bytes) 04[TLS] received TLS ClientHello handshake (172 bytes) 04[TLS] received TLS 'signature algorithms' extension 04[TLS] received TLS 'elliptic curves' extension 04[TLS] received TLS 'ec point formats' extension 04[TLS] received TLS 'server name' extension 04[TLS] received 28 TLS cipher suites: 04[TLS] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 04[TLS] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 04[TLS] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 04[TLS] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 04[TLS] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 04[TLS] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 04[TLS] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 04[TLS] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA 04[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA 04[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 04[TLS] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 04[TLS] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 04[TLS] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 04[TLS] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 04[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA 04[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA 04[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256 04[TLS] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 04[TLS] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 04[TLS] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 04[TLS] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 04[TLS] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 04[TLS] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 04[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA 04[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 04[TLS] sending TLS ServerHello handshake (54 bytes) 04[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org' 04[TLS] sending TLS Certificate handshake (1066 bytes) 04[TLS] selected ECDH group SECP256R1 04[TLS] created signature with MD5/RSA 04[TLS] sending TLS ServerKeyExchange handshake (329 bytes) 04[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' 04[TLS] sending TLS CertificateRequest handshake (102 bytes) 04[TLS] sending TLS ServerHelloDone handshake (0 bytes) 04[TLS] sending TLS Handshake record (1571 bytes) 04[TLS] processing TLS Handshake record (77 bytes) 04[TLS] received TLS Certificate handshake (3 bytes) 04[TLS] received TLS ClientKeyExchange handshake (66 bytes) 04[TLS] processing TLS ChangeCipherSpec record (1 bytes) 04[TLS] processing TLS Handshake record (64 bytes) 04[TLS] received TLS Finished handshake (12 bytes) 04[TLS] sending TLS ChangeCipherSpec record (1 bytes) 04[TLS] sending TLS Finished handshake (12 bytes) 04[TLS] sending TLS Handshake record (64 bytes)
PT-TLS Negotiation¶
04[TLS] processing TLS ApplicationData record (64 bytes) 04[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes) 04[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes) 04[TLS] sending TLS ApplicationData record (64 bytes) 04[TNC] negotiated PT-TLS version 1
SASL Password-based Client Authentication¶
04[TNC] doing SASL client authentication 04[TNC] offering SASL PLAIN 04[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (22 bytes) 04[TLS] sending TLS ApplicationData record (64 bytes) 04[TLS] processing TLS ApplicationData record (80 bytes) 04[TNC] received PT-TLS message #1 of type 'SASL Mechanism Selection' (37 bytes) 04[TNC] client starts SASL PLAIN authentication 04[TNC] SASL PLAIN authentication successful 04[TNC] SASL client identity is 'carol' 04[TNC] sending PT-TLS message #2 of type 'SASL Result' (17 bytes) 04[TLS] sending TLS ApplicationData record (64 bytes) 04[TNC] sending PT-TLS message #3 of type 'SASL Mechanisms' (16 bytes) 04[TLS] sending TLS ApplicationData record (64 bytes)
PT-TLS Transport Phase¶
04[TNC] entering PT-TLS data transport phase
IF-IMV 1.4 AR Identity¶
12[TLS] processing TLS ApplicationData record (320 bytes) 12[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (275 bytes) 12[TNC] assigned TNCCS Connection ID 1 12[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh 12[IMV] over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes 12[IMV] user AR identity 'carol' authenticated by password 12[IMV] assigned session ID 2 12[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh 12[IMV] over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes 12[IMV] user AR identity 'carol' authenticated by password 12[IMV] assigned session ID 2 12[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Handshake' 12[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Handshake'
12[TNC] received TNCCS batch (259 bytes) for Connection ID 1
12[TNC] => 259 bytes @ 0x6f0890
12[TNC] 0: 02 00 00 01 00 00 01 03 00 00 00 00 00 00 00 06 ................
12[TNC] 16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75 ....Accept-Langu
12[TNC] 32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00 age: en.........
12[TNC] 48: 00 00 DC 00 00 00 00 00 00 00 01 00 01 FF FF 01 ................
12[TNC] 64: 00 00 00 4E 47 7B 3C 00 00 00 00 00 00 00 02 00 ...NG{<.........
12[TNC] 80: 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 00 ....%r..Debian..
12[TNC] 96: 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 78 ...........7.0 x
12[TNC] 112: 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 00 86_64...........
12[TNC] 128: 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 00 ................
12[TNC] 144: 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 03 ..............$.
12[TNC] 160: 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 34 ...2013-08-30T14
12[TNC] 176: 3A 30 32 3A 33 36 5A 00 00 00 00 00 00 00 0B 00 :02:36Z.........
12[TNC] 192: 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C 00 ................
12[TNC] 208: 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 00 ..........*.....
12[TNC] 224: 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31 66 ..,7781b3894f01f
12[TNC] 240: 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30 32 40b865d386651702
12[TNC] 256: 65 30 62 e0b
12[TNC] PB-TNC state transition from 'Init' to 'Server Working'
12[TNC] processing PB-TNC CDATA batch
12[TNC] processing PB-Language-Preference message (31 bytes)
12[TNC] processing PB-PA message (220 bytes)
12[TNC] setting language preference to 'en'
12[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
12[IMV] IMV 1 "OS" received message for Connection ID 1 from IMC 1
12[IMV] => 196 bytes @ 0x6e8060
12[IMV] 0: 01 00 00 00 4E 47 7B 3C 00 00 00 00 00 00 00 02 ....NG{<........
12[IMV] 16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 .....%r..Debian.
12[IMV] 32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 ............7.0
12[IMV] 48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 x86_64..........
12[IMV] 64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 ................
12[IMV] 80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 ...............$
12[IMV] 96: 03 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 ....2013-08-30T1
12[IMV] 112: 34 3A 30 32 3A 33 36 5A 00 00 00 00 00 00 00 0B 4:02:36Z........
12[IMV] 128: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C ................
12[IMV] 144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 ...........*....
12[IMV] 160: 00 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31 ...,7781b3894f01
12[IMV] 176: 66 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30 f40b865d38665170
12[IMV] 192: 32 65 30 62 2e0b
12[TNC] processing PA-TNC message with ID 0x4e477b3c
12[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
12[TNC] => 11 bytes @ 0x6e8074
12[TNC] 0: 00 25 72 00 00 44 65 62 69 61 6E .%r..Debian
12[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
12[TNC] => 13 bytes @ 0x6e808b
12[TNC] 0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00 .7.0 x86_64..
12[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
12[TNC] => 16 bytes @ 0x6e80a4
12[TNC] 0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 ................
12[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
12[TNC] => 24 bytes @ 0x6e80c0
12[TNC] 0: 03 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 ....2013-08-30T1
12[TNC] 16: 34 3A 30 32 3A 33 36 5A 4:02:36Z
12[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
12[TNC] => 4 bytes @ 0x6e80e4
12[TNC] 0: 00 00 00 00 ....
12[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
12[TNC] => 4 bytes @ 0x6e80f4
12[TNC] 0: 00 00 00 00 ....
12[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
12[TNC] => 32 bytes @ 0x6e8104
12[TNC] 0: 37 37 38 31 62 33 38 39 34 66 30 31 66 34 30 62 7781b3894f01f40b
12[TNC] 16: 38 36 35 64 33 38 36 36 35 31 37 30 32 65 30 62 865d386651702e0b
Operating System Information¶
12[IMV] operating system name is 'Debian' from vendor Debian Project 12[IMV] operating system version is '7.0 x86_64' 12[IMV] operating system numeric version is 7.0 12[IMV] operational status: operational, result: successful 12[IMV] last boot: Aug 30 14:02:36 UTC 2013 12[IMV] IPv4 forwarding is disabled 12[IMV] factory default password is disabled
Device Identity¶
12[IMV] device ID is 7781b3894f01f40b865d386651702e0b
Policy Manager generating Workitem List¶
This is strongSwan's proprietary Configuration Management Database (CMDB) interface. Based on historical client measurement data and a set of group policies the start script generates a list of measurement workitems. In our scenario only IPv4 forwarding and SWID tags are checked.
12[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager start 12[IMV] policy: imv_policy_manager start successful
12[IMV] IMV 1 handles FWDEN workitem 3 12[IMV] IMV 1 handled FWDEN workitem 3: allow - forwarding not enabled 12[TNC] creating PA-TNC message with ID 0x3be56387 12[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 12[TNC] => 4 bytes @ 0x6e3030 12[TNC] 0: 00 00 00 00 .... 12[IMV] created PA-TNC message: => 24 bytes @ 0x6f04f0 12[IMV] 0: 01 00 00 00 3B E5 63 87 00 00 00 00 00 00 00 09 ....;.c......... 12[IMV] 16: 00 00 00 10 00 00 00 00 ........ 12[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 12[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
Sending SWID Request¶
12[IMV] IMV 2 handles SWIDT workitem 6 12[IMV] IMV 2 issues SWID request 6 12[TNC] creating PA-TNC message with ID 0xeb349c58 12[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011 12[TNC] => 12 bytes @ 0x716830 12[TNC] 0: 01 00 00 00 00 00 00 06 00 00 00 00 ............ 12[IMV] created PA-TNC message: => 32 bytes @ 0x6f04f0 12[IMV] 0: 01 00 00 00 EB 34 9C 58 00 00 55 97 00 00 00 11 .....4.X..U..... 12[IMV] 16: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00 ................ 12[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' 12[TNC] creating PB-TNC SDATA batch 12[TNC] adding PB-PA message 12[TNC] adding PB-PA message 12[TNC] sending PB-TNC SDATA batch (112 bytes) for Connection ID 1 12[TNC] => 112 bytes @ 0x6f0890 12[TNC] 0: 02 80 00 02 00 00 00 70 80 00 00 00 00 00 00 01 .......p........ 12[TNC] 16: 00 00 00 30 00 00 00 00 00 00 00 01 FF FF 00 01 ...0............ 12[TNC] 32: 01 00 00 00 3B E5 63 87 00 00 00 00 00 00 00 09 ....;.c......... 12[TNC] 48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 01 ................ 12[TNC] 64: 00 00 00 38 00 00 55 97 00 00 00 03 FF FF 00 02 ...8..U......... 12[TNC] 80: 01 00 00 00 EB 34 9C 58 00 00 55 97 00 00 00 11 .....4.X..U..... 12[TNC] 96: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00 ................ 12[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (128 bytes) 12[TLS] sending TLS ApplicationData record (176 bytes)
Receiving SWID Tag Identifier Inventory¶
13[TLS] processing TLS ApplicationData record (224 bytes) 13[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (183 bytes) 13[TNC] received TNCCS batch (167 bytes) for Connection ID 1 13[TNC] => 167 bytes @ 0x6f1f30 13[TNC] 0: 02 00 00 01 00 00 00 A7 80 00 00 00 00 00 00 01 ................ 13[TNC] 16: 00 00 00 9F 80 00 55 97 00 00 00 03 00 02 00 02 ......U......... 13[TNC] 32: 01 00 00 00 DC 86 EF 69 00 00 55 97 00 00 00 12 .......i..U..... 13[TNC] 48: 00 00 00 7F 00 00 00 02 00 00 00 06 71 43 2A 93 ............qC*. 13[TNC] 64: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34 ......regid.2004 13[TNC] 80: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 -03.org.strongsw 13[TNC] 96: 61 6E 00 14 73 74 72 6F 6E 67 53 77 61 6E 2D 35 an..strongSwan-5 13[TNC] 112: 2D 31 2D 31 2D 64 72 32 00 00 00 18 72 65 67 69 -1-1-dr2....regi 13[TNC] 128: 64 2E 31 39 39 39 2D 30 33 2E 6F 72 67 2E 64 65 d.1999-03.org.de 13[TNC] 144: 62 69 61 6E 00 0F 73 71 6C 69 74 65 2D 33 2D 37 bian..sqlite-3-7 13[TNC] 160: 2D 31 33 2D 31 00 00 -13-1.. 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' 13[TNC] processing PB-TNC CDATA batch 13[TNC] processing PB-PA message (159 bytes)
13[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003 13[IMV] IMV 2 "SWID" received message for Connection ID 1 from IMC 2 to IMV 2 13[IMV] => 135 bytes @ 0x6f4780 13[IMV] 0: 01 00 00 00 DC 86 EF 69 00 00 55 97 00 00 00 12 .......i..U..... 13[IMV] 16: 00 00 00 7F 00 00 00 02 00 00 00 06 71 43 2A 93 ............qC*. 13[IMV] 32: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34 ......regid.2004 13[IMV] 48: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 -03.org.strongsw 13[IMV] 64: 61 6E 00 14 73 74 72 6F 6E 67 53 77 61 6E 2D 35 an..strongSwan-5 13[IMV] 80: 2D 31 2D 31 2D 64 72 32 00 00 00 18 72 65 67 69 -1-1-dr2....regi 13[IMV] 96: 64 2E 31 39 39 39 2D 30 33 2E 6F 72 67 2E 64 65 d.1999-03.org.de 13[IMV] 112: 62 69 61 6E 00 0F 73 71 6C 69 74 65 2D 33 2D 37 bian..sqlite-3-7 13[IMV] 128: 2D 31 33 2D 31 00 00 -13-1.. 13[TNC] processing PA-TNC message with ID 0xdc86ef69 13[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Identifier Inventory' 0x005597/0x00000012 13[TNC] => 115 bytes @ 0x6f4794 13[TNC] 0: 00 00 00 02 00 00 00 06 71 43 2A 93 00 00 00 01 ........qC*..... 13[TNC] 16: 00 1C 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E ..regid.2004-03. 13[TNC] 32: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 00 14 org.strongswan.. 13[TNC] 48: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 31 strongSwan-5-1-1 13[TNC] 64: 2D 64 72 32 00 00 00 18 72 65 67 69 64 2E 31 39 -dr2....regid.19 13[TNC] 80: 39 39 2D 30 33 2E 6F 72 67 2E 64 65 62 69 61 6E 99-03.org.debian 13[TNC] 96: 00 0F 73 71 6C 69 74 65 2D 33 2D 37 2D 31 33 2D ..sqlite-3-7-13- 13[TNC] 112: 31 00 00 1..
Human-Readable SWID Tag Identifiers¶
13[IMV] received SWID tag ID inventory for request 6 at eid 1 of epoch 0x71432a93 13[IMV] regid.2004-03.org.strongswan_strongSwan-5-1-1-dr2.swidtag 13[IMV] regid.1999-03.org.debian_sqlite-3-7-13-1.swidtag
13[IMV] IMV 2 handled SWIDT workitem 6: allow - received inventory of 2 SWID tag IDs 13[TNC] creating PA-TNC message with ID 0x85fed4ee 13[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 13[TNC] => 4 bytes @ 0x6e3220 13[TNC] 0: 00 00 00 00 .... 13[IMV] created PA-TNC message: => 24 bytes @ 0x6ecdc0 13[IMV] 0: 01 00 00 00 85 FE D4 EE 00 00 00 00 00 00 00 09 ................ 13[IMV] 16: 00 00 00 10 00 00 00 00 ........ 13[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003 13[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
Policy Manager integrating Measurement Results¶
13[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager stop 13[IMV] policy: imv_policy_manager stop successful
13[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Allowed' 13[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Allowed' 13[TNC] PB-TNC state transition from 'Server Working' to 'Decided' 13[TNC] creating PB-TNC RESULT batch 13[TNC] adding PB-PA message 13[TNC] adding PB-Assessment-Result message 13[TNC] adding PB-Access-Recommendation message 13[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1 13[TNC] => 88 bytes @ 0x6ee0a0 13[TNC] 0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01 .......X........ 13[TNC] 16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02 ...0..U......... 13[TNC] 32: 01 00 00 00 85 FE D4 EE 00 00 00 00 00 00 00 09 ................ 13[TNC] 48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02 ................ 13[TNC] 64: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 03 ................ 13[TNC] 80: 00 00 00 10 00 00 00 01 ........ 13[TNC] sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes) 13[TLS] sending TLS ApplicationData record (144 bytes)
Closing PT-TLS Connection¶
14[TLS] processing TLS ApplicationData record (64 bytes) 14[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes) 14[TNC] received TNCCS batch (8 bytes) for Connection ID 1 14[TNC] => 8 bytes @ 0x6ef420 14[TNC] 0: 02 00 00 06 00 00 00 08 ........ 14[TNC] PB-TNC state transition from 'Decided' to 'End' 14[TNC] processing PB-TNC CLOSE batch 14[TNC] final recommendation is 'allow' and evaluation is 'compliant' 14[TNC] PT-TLS connection terminates 14[IMV] IMV 1 "OS" deleted the state of Connection ID 1 14[IMV] IMV 2 "SWID" deleted the state of Connection ID 1 14[TNC] removed TNCCS Connection ID 1 14[TLS] sending TLS close notify 14[TLS] sending TLS Alert record (48 bytes)
PT-TLS Connection by Access Requestor "dave"¶
15[TNC] accepting PT-TLS stream from 192.168.0.200
TLS Connection Setup¶
03[TNC] entering PT-TLS negotiation phase 03[TLS] processing TLS Handshake record (176 bytes) 03[TLS] received TLS ClientHello handshake (172 bytes) 03[TLS] received TLS 'signature algorithms' extension 03[TLS] received TLS 'elliptic curves' extension 03[TLS] received TLS 'ec point formats' extension 03[TLS] received TLS 'server name' extension 03[TLS] received 28 TLS cipher suites: 03[TLS] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 03[TLS] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 03[TLS] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 03[TLS] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 03[TLS] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 03[TLS] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 03[TLS] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 03[TLS] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 03[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA 03[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 03[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA 03[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 03[TLS] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 03[TLS] TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 03[TLS] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 03[TLS] TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 03[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 03[TLS] TLS_RSA_WITH_AES_128_CBC_SHA 03[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256 03[TLS] TLS_RSA_WITH_AES_256_CBC_SHA 03[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256 03[TLS] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 03[TLS] TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 03[TLS] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 03[TLS] TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 03[TLS] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 03[TLS] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 03[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA 03[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 03[TLS] sending TLS ServerHello handshake (54 bytes) 03[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org' 03[TLS] sending TLS Certificate handshake (1066 bytes) 03[TLS] selected ECDH group SECP256R1 03[TLS] created signature with MD5/RSA 03[TLS] sending TLS ServerKeyExchange handshake (329 bytes) 03[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' 03[TLS] sending TLS CertificateRequest handshake (102 bytes) 03[TLS] sending TLS ServerHelloDone handshake (0 bytes) 03[TLS] sending TLS Handshake record (1571 bytes) 03[TLS] processing TLS Handshake record (1406 bytes) 03[TLS] received TLS Certificate handshake (1068 bytes) 03[TLS] received TLS peer certificate 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' 03[TLS] received TLS ClientKeyExchange handshake (66 bytes) 03[TLS] received TLS CertificateVerify handshake (260 bytes) 03[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org" 03[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 03[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org" 03[CFG] fetching crl from 'http://crl.strongswan.org/strongswan.crl' ... 03[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 03[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 03[CFG] crl is valid: until Sep 29 14:02:30 2013 03[CFG] certificate status is good 03[CFG] reached self-signed root ca with a path length of 0 03[TLS] verified signature with SHA1/RSA 03[TLS] processing TLS ChangeCipherSpec record (1 bytes) 03[TLS] buffering 31 bytes, 31 bytes of 69 byte TLS record received 03[TLS] buffering 38 bytes, 69 bytes of 69 byte TLS record received 03[TLS] processing buffered TLS Handshake record (64 bytes) 03[TLS] received TLS Finished handshake (12 bytes) 03[TLS] sending TLS ChangeCipherSpec record (1 bytes) 03[TLS] sending TLS Finished handshake (12 bytes) 03[TLS] sending TLS Handshake record (64 bytes)
PT-TLS Negotiation¶
03[TLS] processing TLS ApplicationData record (64 bytes) 03[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes) 03[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes) 03[TLS] sending TLS ApplicationData record (64 bytes) 03[TNC] negotiated PT-TLS version 1
TLS Certificate-based Client Authentication¶
03[TNC] doing SASL client authentication 03[TNC] skipping SASL, client already authenticated by TLS certificate 03[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes) 03[TLS] sending TLS ApplicationData record (64 bytes)
PT-TLS Transport Phase¶
03[TNC] entering PT-TLS data transport phase
IF-IMV 1.4 AR Identity¶
16[TLS] processing TLS ApplicationData record (320 bytes) 16[TNC] received PT-TLS message #1 of type 'PB-TNC Batch' (275 bytes) 16[TNC] assigned TNCCS Connection ID 2 16[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh 16[IMV] over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes 16[IMV] user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate 16[IMV] assigned session ID 3 16[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh 16[IMV] over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes 16[IMV] user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate 16[IMV] assigned session ID 3 16[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Handshake' 16[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Handshake'
16[TNC] received TNCCS batch (39 bytes) for Connection ID 2 16[TNC] => 39 bytes @ 0x72d800 16[TNC] 0: 02 00 00 01 00 00 00 27 00 00 00 00 00 00 00 06 .......'........ 16[TNC] 16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75 ....Accept-Langu 16[TNC] 32: 61 67 65 3A 20 65 6E age: en 16[TNC] PB-TNC state transition from 'Init' to 'Server Working' 16[TNC] processing PB-TNC CDATA batch 16[TNC] processing PB-Language-Preference message (31 bytes) 16[TNC] setting language preference to 'en'
16[TNC] creating PA-TNC message with ID 0x252361d0 16[TNC] creating PA-TNC attribute type 'IETF/Attribute Request' 0x000000/0x00000001 16[TNC] => 56 bytes @ 0x738320 16[TNC] 0: 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 04 ................ 16[TNC] 16: 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 05 ................ 16[TNC] 32: 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 0C ................ 16[TNC] 48: 00 00 90 2A 00 00 00 08 ...*.... 16[IMV] created PA-TNC message: => 76 bytes @ 0x73b3b0 16[IMV] 0: 01 00 00 00 25 23 61 D0 00 00 00 00 00 00 00 01 ....%#a......... 16[IMV] 16: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00 ...D............ 16[IMV] 32: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00 ................ 16[IMV] 48: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00 ................ 16[IMV] 64: 00 00 00 0C 00 00 90 2A 00 00 00 08 .......*.... 16[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' 16[TNC] creating PB-TNC SDATA batch 16[TNC] adding PB-PA message 16[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 2 16[TNC] => 108 bytes @ 0x725950 16[TNC] 0: 02 80 00 02 00 00 00 6C 80 00 00 00 00 00 00 01 .......l........ 16[TNC] 16: 00 00 00 64 00 00 00 00 00 00 00 01 FF FF 00 01 ...d............ 16[TNC] 32: 01 00 00 00 25 23 61 D0 00 00 00 00 00 00 00 01 ....%#a......... 16[TNC] 48: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00 ...D............ 16[TNC] 64: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00 ................ 16[TNC] 80: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00 ................ 16[TNC] 96: 00 00 00 0C 00 00 90 2A 00 00 00 08 .......*.... 16[TNC] sending PT-TLS message #2 of type 'PB-TNC Batch' (124 bytes) 16[TLS] sending TLS ApplicationData record (176 bytes)
02[TLS] processing TLS ApplicationData record (288 bytes) 02[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (244 bytes) 02[TNC] received TNCCS batch (228 bytes) for Connection ID 2 02[TNC] => 228 bytes @ 0x70b060 02[TNC] 0: 02 00 00 01 00 00 00 E4 80 00 00 00 00 00 00 01 ................ 02[TNC] 16: 00 00 00 DC 80 00 00 00 00 00 00 01 00 01 00 01 ................ 02[TNC] 32: 01 00 00 00 26 B5 99 EA 00 00 00 00 00 00 00 02 ....&........... 02[TNC] 48: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 .....%r..Debian. 02[TNC] 64: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 ............7.0 02[TNC] 80: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 x86_64.......... 02[TNC] 96: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 ................ 02[TNC] 112: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 ...............$ 02[TNC] 128: 03 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 ....2013-08-30T1 02[TNC] 144: 34 3A 30 32 3A 33 37 5A 00 00 00 00 00 00 00 0B 4:02:37Z........ 02[TNC] 160: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C ................ 02[TNC] 176: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 ...........*.... 02[TNC] 192: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66 ...,aabbccddeeff 02[TNC] 208: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38 1122334455667788 02[TNC] 224: 39 39 30 30 9900 02[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' 02[TNC] processing PB-TNC CDATA batch 02[TNC] processing PB-PA message (220 bytes) 02[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 02[IMV] IMV 1 "OS" received message for Connection ID 2 from IMC 1 to IMV 1 02[IMV] => 196 bytes @ 0x73a420 02[IMV] 0: 01 00 00 00 26 B5 99 EA 00 00 00 00 00 00 00 02 ....&........... 02[IMV] 16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 .....%r..Debian. 02[IMV] 32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 ............7.0 02[IMV] 48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 x86_64.......... 02[IMV] 64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 ................ 02[IMV] 80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 ...............$ 02[IMV] 96: 03 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 ....2013-08-30T1 02[IMV] 112: 34 3A 30 32 3A 33 37 5A 00 00 00 00 00 00 00 0B 4:02:37Z........ 02[IMV] 128: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C ................ 02[IMV] 144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 ...........*.... 02[IMV] 160: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66 ...,aabbccddeeff 02[IMV] 176: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38 1122334455667788 02[IMV] 192: 39 39 30 30 9900 02[TNC] processing PA-TNC message with ID 0x26b599ea 02[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 02[TNC] => 11 bytes @ 0x73a434 02[TNC] 0: 00 25 72 00 00 44 65 62 69 61 6E .%r..Debian 02[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 02[TNC] => 13 bytes @ 0x73a44b 02[TNC] 0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00 .7.0 x86_64.. 02[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 02[TNC] => 16 bytes @ 0x73a464 02[TNC] 0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 ................ 02[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 02[TNC] => 24 bytes @ 0x73a480 02[TNC] 0: 03 01 00 00 32 30 31 33 2D 30 38 2D 33 30 54 31 ....2013-08-30T1 02[TNC] 16: 34 3A 30 32 3A 33 37 5A 4:02:37Z 02[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b 02[TNC] => 4 bytes @ 0x73a4a4 02[TNC] 0: 00 00 00 01 .... 02[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c 02[TNC] => 4 bytes @ 0x73a4b4 02[TNC] 0: 00 00 00 00 .... 02[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 02[TNC] => 32 bytes @ 0x73a4c4 02[TNC] 0: 61 61 62 62 63 63 64 64 65 65 66 66 31 31 32 32 aabbccddeeff1122 02[TNC] 16: 33 33 34 34 35 35 36 36 37 37 38 38 39 39 30 30 3344556677889900
Operating System Information¶
02[IMV] operating system name is 'Debian' from vendor Debian Project 02[IMV] operating system version is '7.0 x86_64' 02[IMV] operating system numeric version is 7.0 02[IMV] operational status: operational, result: successful 02[IMV] last boot: Aug 30 14:02:37 UTC 2013 02[IMV] IPv4 forwarding is enabled 02[IMV] factory default password is disabled
Device Identity¶
02[IMV] device ID is aabbccddeeff11223344556677889900
Policy Manager generating Workitem List¶
This is strongSwan's proprietary Configuration Management Database (CMDB) interface. Based on historical client measurement data and a set of group policies the start script generates a list of measurement workitems. In our scenario only IPv4 forwarding and SWID tags are checked.
02[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager start 02[IMV] policy: imv_policy_manager start successful
02[IMV] IMV 1 handles FWDEN workitem 9 02[IMV] IMV 1 handled FWDEN workitem 9: isolate - forwarding enabled 02[TNC] creating PA-TNC message with ID 0xe9845d2f 02[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 02[TNC] => 4 bytes @ 0x710b30 02[TNC] 0: 00 00 00 02 .... 02[TNC] creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a 02[TNC] => 81 bytes @ 0x73c150 02[TNC] 0: 00 00 00 00 00 00 00 02 00 00 00 42 49 50 20 50 ...........BIP P 02[TNC] 16: 61 63 6B 65 74 20 46 6F 72 77 61 72 64 69 6E 67 acket Forwarding 02[TNC] 32: 0A 20 20 50 6C 65 61 73 65 20 64 69 73 61 62 6C . Please disabl 02[TNC] 48: 65 20 74 68 65 20 66 6F 72 77 61 72 64 69 6E 67 e the forwarding 02[TNC] 64: 20 6F 66 20 49 50 20 70 61 63 6B 65 74 73 02 65 of IP packets.e 02[TNC] 80: 6E n 02[IMV] created PA-TNC message: => 117 bytes @ 0x738c40 02[IMV] 0: 01 00 00 00 E9 84 5D 2F 00 00 00 00 00 00 00 09 ......]/........ 02[IMV] 16: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A ................ 02[IMV] 32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B 02[IMV] 48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar 02[IMV] 64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di 02[IMV] 80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar 02[IMV] 96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe 02[IMV] 112: 74 73 02 65 6E ts.en 02[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 02[TNC] IMV 1 is setting reason string to 'Improper OS settings were detected' 02[TNC] IMV 1 is setting reason language to 'en' 02[TNC] IMV 1 provides recommendation 'isolate' and evaluation 'non-compliant major'
Sending SWID Request¶
02[IMV] IMV 2 handles SWIDT workitem 11 02[IMV] IMV 2 issues SWID request 11 02[TNC] creating PA-TNC message with ID 0xff7d7278 02[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011 02[TNC] => 12 bytes @ 0x732980 02[TNC] 0: 00 00 00 00 00 00 00 0B 00 00 00 00 ............ 02[IMV] created PA-TNC message: => 32 bytes @ 0x73a100 02[IMV] 0: 01 00 00 00 FF 7D 72 78 00 00 55 97 00 00 00 11 .....}rx..U..... 02[IMV] 16: 00 00 00 18 00 00 00 00 00 00 00 0B 00 00 00 00 ................ 02[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
02[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' 02[TNC] creating PB-TNC SDATA batch 02[TNC] adding PB-PA message 02[TNC] adding PB-PA message 02[TNC] sending PB-TNC SDATA batch (205 bytes) for Connection ID 2 02[TNC] => 205 bytes @ 0x6f8480 02[TNC] 0: 02 80 00 02 00 00 00 CD 80 00 00 00 00 00 00 01 ................ 02[TNC] 16: 00 00 00 8D 00 00 00 00 00 00 00 01 FF FF 00 01 ................ 02[TNC] 32: 01 00 00 00 E9 84 5D 2F 00 00 00 00 00 00 00 09 ......]/........ 02[TNC] 48: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A ................ 02[TNC] 64: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B 02[TNC] 80: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar 02[TNC] 96: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di 02[TNC] 112: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar 02[TNC] 128: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe 02[TNC] 144: 74 73 02 65 6E 80 00 00 00 00 00 00 01 00 00 00 ts.en........... 02[TNC] 160: 38 00 00 55 97 00 00 00 03 FF FF 00 02 01 00 00 8..U............ 02[TNC] 176: 00 FF 7D 72 78 00 00 55 97 00 00 00 11 00 00 00 ..}rx..U........ 02[TNC] 192: 18 00 00 00 00 00 00 00 0B 00 00 00 00 ............. 02[TNC] sending PT-TLS message #3 of type 'PB-TNC Batch' (221 bytes) 02[TLS] sending TLS ApplicationData record (272 bytes)
01[TLS] processing TLS ApplicationData record (2096 bytes)
01[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (2051 bytes)
01[TNC] received TNCCS batch (2035 bytes) for Connection ID 2
01[TNC] => 2035 bytes @ 0x73aa90
01[TNC] 0: 02 00 00 01 00 00 07 F3 80 00 00 00 00 00 00 01 ................
01[TNC] 16: 00 00 07 EB 80 00 55 97 00 00 00 03 00 02 00 02 ......U.........
01[TNC] 32: 01 00 00 00 4F 00 C2 7B 00 00 55 97 00 00 00 14 ....O..{..U.....
01[TNC] 48: 00 00 07 CB 00 00 00 02 00 00 00 0B 85 55 48 98 .............UH.
01[TNC] 64: 00 00 00 01 00 00 00 00 03 E4 3C 3F 78 6D 6C 20 ..........<?xml
01[TNC] 80: 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E version="1.0" en
01[TNC] 96: 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F 3E coding="utf-8"?>
01[TNC] 112: 0A 3C 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74 .<software_ident
01[TNC] 128: 69 66 69 63 61 74 69 6F 6E 5F 74 61 67 20 78 6D ification_tag xm
01[TNC] 144: 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F 73 74 61 6E lns="http://stan
01[TNC] 160: 64 61 72 64 73 2E 69 73 6F 2E 6F 72 67 2F 69 73 dards.iso.org/is
01[TNC] 176: 6F 2F 31 39 37 37 30 2F 2D 32 2F 32 30 30 39 2F o/19770/-2/2009/
01[TNC] 192: 73 63 68 65 6D 61 2E 78 73 64 22 3E 0A 20 20 3C schema.xsd">. <
01[TNC] 208: 65 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 entitlement_requ
01[TNC] 224: 69 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 74 ired_indicator>t
01[TNC] 240: 72 75 65 3C 2F 65 6E 74 69 74 6C 65 6D 65 6E 74 rue</entitlement
01[TNC] 256: 5F 72 65 71 75 69 72 65 64 5F 69 6E 64 69 63 61 _required_indica
01[TNC] 272: 74 6F 72 3E 0A 20 20 3C 70 72 6F 64 75 63 74 5F tor>. <product_
01[TNC] 288: 74 69 74 6C 65 3E 73 74 72 6F 6E 67 53 77 61 6E title>strongSwan
01[TNC] 304: 3C 2F 70 72 6F 64 75 63 74 5F 74 69 74 6C 65 3E </product_title>
01[TNC] 320: 0A 20 20 3C 70 72 6F 64 75 63 74 5F 76 65 72 73 . <product_vers
01[TNC] 336: 69 6F 6E 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 35 ion>. <name>5
01[TNC] 352: 2E 31 2E 31 64 72 32 3C 2F 6E 61 6D 65 3E 0A 20 .1.1dr2</name>.
01[TNC] 368: 20 20 20 3C 6E 75 6D 65 72 69 63 3E 0A 20 20 20 <numeric>.
01[TNC] 384: 20 20 20 3C 6D 61 6A 6F 72 3E 35 3C 2F 6D 61 6A <major>5</maj
01[TNC] 400: 6F 72 3E 0A 20 20 20 20 20 20 3C 6D 69 6E 6F 72 or>. <minor
01[TNC] 416: 3E 31 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 20 20 20 >1</minor>.
01[TNC] 432: 20 3C 62 75 69 6C 64 3E 31 3C 2F 62 75 69 6C 64 <build>1</build
01[TNC] 448: 3E 0A 20 20 20 20 20 20 3C 72 65 76 69 65 77 3E >. <review>
01[TNC] 464: 64 72 32 3C 2F 72 65 76 69 65 77 3E 0A 20 20 20 dr2</review>.
01[TNC] 480: 20 3C 2F 6E 75 6D 65 72 69 63 3E 0A 20 20 3C 2F </numeric>. </
01[TNC] 496: 70 72 6F 64 75 63 74 5F 76 65 72 73 69 6F 6E 3E product_version>
01[TNC] 512: 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 63 72 65 . <software_cre
01[TNC] 528: 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E ator>. <name>
01[TNC] 544: 73 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 strongSwan Proje
01[TNC] 560: 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 ct</name>. <r
01[TNC] 576: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D egid>regid.2004-
01[TNC] 592: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 03.org.strongswa
01[TNC] 608: 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F n</regid>. </so
01[TNC] 624: 66 74 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A ftware_creator>.
01[TNC] 640: 20 20 3C 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 <software_lice
01[TNC] 656: 6E 73 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E nsor>. <name>
01[TNC] 672: 73 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 strongSwan Proje
01[TNC] 688: 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 ct</name>. <r
01[TNC] 704: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D egid>regid.2004-
01[TNC] 720: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 03.org.strongswa
01[TNC] 736: 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F n</regid>. </so
01[TNC] 752: 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F 72 3E ftware_licensor>
01[TNC] 768: 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 69 64 3E . <software_id>
01[TNC] 784: 0A 20 20 20 20 3C 75 6E 69 71 75 65 5F 69 64 3E . <unique_id>
01[TNC] 800: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 31 strongSwan-5-1-1
01[TNC] 816: 2D 64 72 32 3C 2F 75 6E 69 71 75 65 5F 69 64 3E -dr2</unique_id>
01[TNC] 832: 0A 20 20 20 20 3C 74 61 67 5F 63 72 65 61 74 6F . <tag_creato
01[TNC] 848: 72 5F 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 r_regid>regid.20
01[TNC] 864: 30 34 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 04-03.org.strong
01[TNC] 880: 73 77 61 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F swan</tag_creato
01[TNC] 896: 72 5F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 r_regid>. </sof
01[TNC] 912: 74 77 61 72 65 5F 69 64 3E 0A 20 20 3C 74 61 67 tware_id>. <tag
01[TNC] 928: 5F 63 72 65 61 74 6F 72 3E 0A 20 20 20 20 3C 6E _creator>. <n
01[TNC] 944: 61 6D 65 3E 73 74 72 6F 6E 67 53 77 61 6E 20 50 ame>strongSwan P
01[TNC] 960: 72 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 roject</name>.
01[TNC] 976: 20 20 3C 72 65 67 69 64 3E 72 65 67 69 64 2E 32 <regid>regid.2
01[TNC] 992: 30 30 34 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 004-03.org.stron
01[TNC] 1008: 67 73 77 61 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 gswan</regid>.
01[TNC] 1024: 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 3E 0A 3C </tag_creator>.<
01[TNC] 1040: 2F 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74 69 /software_identi
01[TNC] 1056: 66 69 63 61 74 69 6F 6E 5F 74 61 67 3E 0A 00 00 fication_tag>...
01[TNC] 1072: 00 00 03 BF 3C 3F 78 6D 6C 20 76 65 72 73 69 6F ....<?xml versio
01[TNC] 1088: 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 n="1.0" encoding
01[TNC] 1104: 3D 22 75 74 66 2D 38 22 3F 3E 0A 3C 73 6F 66 74 ="utf-8"?>.<soft
01[TNC] 1120: 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 61 74 ware_identificat
01[TNC] 1136: 69 6F 6E 5F 74 61 67 20 78 6D 6C 6E 73 3D 22 68 ion_tag xmlns="h
01[TNC] 1152: 74 74 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E ttp://standards.
01[TNC] 1168: 69 73 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 iso.org/iso/1977
01[TNC] 1184: 30 2F 2D 32 2F 32 30 30 39 2F 73 63 68 65 6D 61 0/-2/2009/schema
01[TNC] 1200: 2E 78 73 64 22 3E 0A 20 20 3C 65 6E 74 69 74 6C .xsd">. <entitl
01[TNC] 1216: 65 6D 65 6E 74 5F 72 65 71 75 69 72 65 64 5F 69 ement_required_i
01[TNC] 1232: 6E 64 69 63 61 74 6F 72 3E 74 72 75 65 3C 2F 65 ndicator>true</e
01[TNC] 1248: 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69 ntitlement_requi
01[TNC] 1264: 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 0A 20 red_indicator>.
01[TNC] 1280: 20 3C 70 72 6F 64 75 63 74 5F 74 69 74 6C 65 3E <product_title>
01[TNC] 1296: 73 71 6C 69 74 65 33 3C 2F 70 72 6F 64 75 63 74 sqlite3</product
01[TNC] 1312: 5F 74 69 74 6C 65 3E 0A 20 20 3C 70 72 6F 64 75 _title>. <produ
01[TNC] 1328: 63 74 5F 76 65 72 73 69 6F 6E 3E 0A 20 20 20 20 ct_version>.
01[TNC] 1344: 3C 6E 61 6D 65 3E 33 2E 37 2E 31 33 2D 31 3C 2F <name>3.7.13-1</
01[TNC] 1360: 6E 61 6D 65 3E 0A 20 20 20 20 3C 6E 75 6D 65 72 name>. <numer
01[TNC] 1376: 69 63 3E 0A 20 20 20 20 20 20 3C 6D 61 6A 6F 72 ic>. <major
01[TNC] 1392: 3E 33 3C 2F 6D 61 6A 6F 72 3E 0A 20 20 20 20 20 >3</major>.
01[TNC] 1408: 20 3C 6D 69 6E 6F 72 3E 37 3C 2F 6D 69 6E 6F 72 <minor>7</minor
01[TNC] 1424: 3E 0A 20 20 20 20 20 20 3C 62 75 69 6C 64 3E 31 >. <build>1
01[TNC] 1440: 33 3C 2F 62 75 69 6C 64 3E 0A 20 20 20 20 20 20 3</build>.
01[TNC] 1456: 3C 72 65 76 69 65 77 3E 31 3C 2F 72 65 76 69 65 <review>1</revie
01[TNC] 1472: 77 3E 0A 20 20 20 20 3C 2F 6E 75 6D 65 72 69 63 w>. </numeric
01[TNC] 1488: 3E 0A 20 20 3C 2F 70 72 6F 64 75 63 74 5F 76 65 >. </product_ve
01[TNC] 1504: 72 73 69 6F 6E 3E 0A 20 20 3C 73 6F 66 74 77 61 rsion>. <softwa
01[TNC] 1520: 72 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 20 20 re_creator>.
01[TNC] 1536: 3C 6E 61 6D 65 3E 53 51 4C 69 74 65 20 50 72 6F <name>SQLite Pro
01[TNC] 1552: 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 ject</name>.
01[TNC] 1568: 3C 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 <regid>regid.200
01[TNC] 1584: 32 2D 30 38 2E 6F 72 67 2E 73 71 6C 69 74 65 3C 2-08.org.sqlite<
01[TNC] 1600: 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 /regid>. </soft
01[TNC] 1616: 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 ware_creator>.
01[TNC] 1632: 3C 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 <software_licens
01[TNC] 1648: 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 44 65 or>. <name>De
01[TNC] 1664: 62 69 61 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E 61 bian Project</na
01[TNC] 1680: 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 64 3E 72 me>. <regid>r
01[TNC] 1696: 65 67 69 64 2E 31 39 39 39 2D 30 33 2E 6F 72 67 egid.1999-03.org
01[TNC] 1712: 2E 64 65 62 69 61 6E 3C 2F 72 65 67 69 64 3E 0A .debian</regid>.
01[TNC] 1728: 20 20 3C 2F 73 6F 66 74 77 61 72 65 5F 6C 69 63 </software_lic
01[TNC] 1744: 65 6E 73 6F 72 3E 0A 20 20 3C 73 6F 66 74 77 61 ensor>. <softwa
01[TNC] 1760: 72 65 5F 69 64 3E 0A 20 20 20 20 3C 75 6E 69 71 re_id>. <uniq
01[TNC] 1776: 75 65 5F 69 64 3E 73 71 6C 69 74 65 2D 33 2D 37 ue_id>sqlite-3-7
01[TNC] 1792: 2D 31 33 2D 31 3C 2F 75 6E 69 71 75 65 5F 69 64 -13-1</unique_id
01[TNC] 1808: 3E 0A 20 20 20 20 3C 74 61 67 5F 63 72 65 61 74 >. <tag_creat
01[TNC] 1824: 6F 72 5F 72 65 67 69 64 3E 72 65 67 69 64 2E 31 or_regid>regid.1
01[TNC] 1840: 39 39 39 2D 30 33 2E 6F 72 67 2E 64 65 62 69 61 999-03.org.debia
01[TNC] 1856: 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 5F 72 n</tag_creator_r
01[TNC] 1872: 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 egid>. </softwa
01[TNC] 1888: 72 65 5F 69 64 3E 0A 20 20 3C 74 61 67 5F 63 72 re_id>. <tag_cr
01[TNC] 1904: 65 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 eator>. <name
01[TNC] 1920: 3E 44 65 62 69 61 6E 20 50 72 6F 6A 65 63 74 3C >Debian Project<
01[TNC] 1936: 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 /name>. <regi
01[TNC] 1952: 64 3E 72 65 67 69 64 2E 31 39 39 39 2D 30 33 2E d>regid.1999-03.
01[TNC] 1968: 6F 72 67 2E 64 65 62 69 61 6E 3C 2F 72 65 67 69 org.debian</regi
01[TNC] 1984: 64 3E 0A 20 20 3C 2F 74 61 67 5F 63 72 65 61 74 d>. </tag_creat
01[TNC] 2000: 6F 72 3E 0A 3C 2F 73 6F 66 74 77 61 72 65 5F 69 or>.</software_i
01[TNC] 2016: 64 65 6E 74 69 66 69 63 61 74 69 6F 6E 5F 74 61 dentification_ta
01[TNC] 2032: 67 3E 0A g>.
01[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
01[TNC] processing PB-TNC CDATA batch
01[TNC] processing PB-PA message (2027 bytes)
Receiving SWID Tag Inventory¶
01[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003
01[IMV] IMV 2 "SWID" received message for Connection ID 2 from IMC 2 to IMV 2
01[IMV] => 2003 bytes @ 0x73cea0
01[IMV] 0: 01 00 00 00 4F 00 C2 7B 00 00 55 97 00 00 00 14 ....O..{..U.....
01[IMV] 16: 00 00 07 CB 00 00 00 02 00 00 00 0B 85 55 48 98 .............UH.
01[IMV] 32: 00 00 00 01 00 00 00 00 03 E4 3C 3F 78 6D 6C 20 ..........<?xml
01[IMV] 48: 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E version="1.0" en
01[IMV] 64: 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F 3E coding="utf-8"?>
01[IMV] 80: 0A 3C 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74 .<software_ident
01[IMV] 96: 69 66 69 63 61 74 69 6F 6E 5F 74 61 67 20 78 6D ification_tag xm
01[IMV] 112: 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F 73 74 61 6E lns="http://stan
01[IMV] 128: 64 61 72 64 73 2E 69 73 6F 2E 6F 72 67 2F 69 73 dards.iso.org/is
01[IMV] 144: 6F 2F 31 39 37 37 30 2F 2D 32 2F 32 30 30 39 2F o/19770/-2/2009/
01[IMV] 160: 73 63 68 65 6D 61 2E 78 73 64 22 3E 0A 20 20 3C schema.xsd">. <
01[IMV] 176: 65 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 entitlement_requ
01[IMV] 192: 69 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 74 ired_indicator>t
01[IMV] 208: 72 75 65 3C 2F 65 6E 74 69 74 6C 65 6D 65 6E 74 rue</entitlement
01[IMV] 224: 5F 72 65 71 75 69 72 65 64 5F 69 6E 64 69 63 61 _required_indica
01[IMV] 240: 74 6F 72 3E 0A 20 20 3C 70 72 6F 64 75 63 74 5F tor>. <product_
01[IMV] 256: 74 69 74 6C 65 3E 73 74 72 6F 6E 67 53 77 61 6E title>strongSwan
01[IMV] 272: 3C 2F 70 72 6F 64 75 63 74 5F 74 69 74 6C 65 3E </product_title>
01[IMV] 288: 0A 20 20 3C 70 72 6F 64 75 63 74 5F 76 65 72 73 . <product_vers
01[IMV] 304: 69 6F 6E 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 35 ion>. <name>5
01[IMV] 320: 2E 31 2E 31 64 72 32 3C 2F 6E 61 6D 65 3E 0A 20 .1.1dr2</name>.
01[IMV] 336: 20 20 20 3C 6E 75 6D 65 72 69 63 3E 0A 20 20 20 <numeric>.
01[IMV] 352: 20 20 20 3C 6D 61 6A 6F 72 3E 35 3C 2F 6D 61 6A <major>5</maj
01[IMV] 368: 6F 72 3E 0A 20 20 20 20 20 20 3C 6D 69 6E 6F 72 or>. <minor
01[IMV] 384: 3E 31 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 20 20 20 >1</minor>.
01[IMV] 400: 20 3C 62 75 69 6C 64 3E 31 3C 2F 62 75 69 6C 64 <build>1</build
01[IMV] 416: 3E 0A 20 20 20 20 20 20 3C 72 65 76 69 65 77 3E >. <review>
01[IMV] 432: 64 72 32 3C 2F 72 65 76 69 65 77 3E 0A 20 20 20 dr2</review>.
01[IMV] 448: 20 3C 2F 6E 75 6D 65 72 69 63 3E 0A 20 20 3C 2F </numeric>. </
01[IMV] 464: 70 72 6F 64 75 63 74 5F 76 65 72 73 69 6F 6E 3E product_version>
01[IMV] 480: 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 63 72 65 . <software_cre
01[IMV] 496: 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E ator>. <name>
01[IMV] 512: 73 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 strongSwan Proje
01[IMV] 528: 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 ct</name>. <r
01[IMV] 544: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D egid>regid.2004-
01[IMV] 560: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 03.org.strongswa
01[IMV] 576: 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F n</regid>. </so
01[IMV] 592: 66 74 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A ftware_creator>.
01[IMV] 608: 20 20 3C 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 <software_lice
01[IMV] 624: 6E 73 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E nsor>. <name>
01[IMV] 640: 73 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 strongSwan Proje
01[IMV] 656: 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 ct</name>. <r
01[IMV] 672: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D egid>regid.2004-
01[IMV] 688: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 03.org.strongswa
01[IMV] 704: 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F n</regid>. </so
01[IMV] 720: 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F 72 3E ftware_licensor>
01[IMV] 736: 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 69 64 3E . <software_id>
01[IMV] 752: 0A 20 20 20 20 3C 75 6E 69 71 75 65 5F 69 64 3E . <unique_id>
01[IMV] 768: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 31 strongSwan-5-1-1
01[IMV] 784: 2D 64 72 32 3C 2F 75 6E 69 71 75 65 5F 69 64 3E -dr2</unique_id>
01[IMV] 800: 0A 20 20 20 20 3C 74 61 67 5F 63 72 65 61 74 6F . <tag_creato
01[IMV] 816: 72 5F 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 r_regid>regid.20
01[IMV] 832: 30 34 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 04-03.org.strong
01[IMV] 848: 73 77 61 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F swan</tag_creato
01[IMV] 864: 72 5F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 r_regid>. </sof
01[IMV] 880: 74 77 61 72 65 5F 69 64 3E 0A 20 20 3C 74 61 67 tware_id>. <tag
01[IMV] 896: 5F 63 72 65 61 74 6F 72 3E 0A 20 20 20 20 3C 6E _creator>. <n
01[IMV] 912: 61 6D 65 3E 73 74 72 6F 6E 67 53 77 61 6E 20 50 ame>strongSwan P
01[IMV] 928: 72 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 roject</name>.
01[IMV] 944: 20 20 3C 72 65 67 69 64 3E 72 65 67 69 64 2E 32 <regid>regid.2
01[IMV] 960: 30 30 34 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 004-03.org.stron
01[IMV] 976: 67 73 77 61 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 gswan</regid>.
01[IMV] 992: 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 3E 0A 3C </tag_creator>.<
01[IMV] 1008: 2F 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74 69 /software_identi
01[IMV] 1024: 66 69 63 61 74 69 6F 6E 5F 74 61 67 3E 0A 00 00 fication_tag>...
01[IMV] 1040: 00 00 03 BF 3C 3F 78 6D 6C 20 76 65 72 73 69 6F ....<?xml versio
01[IMV] 1056: 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 n="1.0" encoding
01[IMV] 1072: 3D 22 75 74 66 2D 38 22 3F 3E 0A 3C 73 6F 66 74 ="utf-8"?>.<soft
01[IMV] 1088: 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 61 74 ware_identificat
01[IMV] 1104: 69 6F 6E 5F 74 61 67 20 78 6D 6C 6E 73 3D 22 68 ion_tag xmlns="h
01[IMV] 1120: 74 74 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E ttp://standards.
01[IMV] 1136: 69 73 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 iso.org/iso/1977
01[IMV] 1152: 30 2F 2D 32 2F 32 30 30 39 2F 73 63 68 65 6D 61 0/-2/2009/schema
01[IMV] 1168: 2E 78 73 64 22 3E 0A 20 20 3C 65 6E 74 69 74 6C .xsd">. <entitl
01[IMV] 1184: 65 6D 65 6E 74 5F 72 65 71 75 69 72 65 64 5F 69 ement_required_i
01[IMV] 1200: 6E 64 69 63 61 74 6F 72 3E 74 72 75 65 3C 2F 65 ndicator>true</e
01[IMV] 1216: 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69 ntitlement_requi
01[IMV] 1232: 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 0A 20 red_indicator>.
01[IMV] 1248: 20 3C 70 72 6F 64 75 63 74 5F 74 69 74 6C 65 3E <product_title>
01[IMV] 1264: 73 71 6C 69 74 65 33 3C 2F 70 72 6F 64 75 63 74 sqlite3</product
01[IMV] 1280: 5F 74 69 74 6C 65 3E 0A 20 20 3C 70 72 6F 64 75 _title>. <produ
01[IMV] 1296: 63 74 5F 76 65 72 73 69 6F 6E 3E 0A 20 20 20 20 ct_version>.
01[IMV] 1312: 3C 6E 61 6D 65 3E 33 2E 37 2E 31 33 2D 31 3C 2F <name>3.7.13-1</
01[IMV] 1328: 6E 61 6D 65 3E 0A 20 20 20 20 3C 6E 75 6D 65 72 name>. <numer
01[IMV] 1344: 69 63 3E 0A 20 20 20 20 20 20 3C 6D 61 6A 6F 72 ic>. <major
01[IMV] 1360: 3E 33 3C 2F 6D 61 6A 6F 72 3E 0A 20 20 20 20 20 >3</major>.
01[IMV] 1376: 20 3C 6D 69 6E 6F 72 3E 37 3C 2F 6D 69 6E 6F 72 <minor>7</minor
01[IMV] 1392: 3E 0A 20 20 20 20 20 20 3C 62 75 69 6C 64 3E 31 >. <build>1
01[IMV] 1408: 33 3C 2F 62 75 69 6C 64 3E 0A 20 20 20 20 20 20 3</build>.
01[IMV] 1424: 3C 72 65 76 69 65 77 3E 31 3C 2F 72 65 76 69 65 <review>1</revie
01[IMV] 1440: 77 3E 0A 20 20 20 20 3C 2F 6E 75 6D 65 72 69 63 w>. </numeric
01[IMV] 1456: 3E 0A 20 20 3C 2F 70 72 6F 64 75 63 74 5F 76 65 >. </product_ve
01[IMV] 1472: 72 73 69 6F 6E 3E 0A 20 20 3C 73 6F 66 74 77 61 rsion>. <softwa
01[IMV] 1488: 72 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 20 20 re_creator>.
01[IMV] 1504: 3C 6E 61 6D 65 3E 53 51 4C 69 74 65 20 50 72 6F <name>SQLite Pro
01[IMV] 1520: 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 ject</name>.
01[IMV] 1536: 3C 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 <regid>regid.200
01[IMV] 1552: 32 2D 30 38 2E 6F 72 67 2E 73 71 6C 69 74 65 3C 2-08.org.sqlite<
01[IMV] 1568: 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 /regid>. </soft
01[IMV] 1584: 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 ware_creator>.
01[IMV] 1600: 3C 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 <software_licens
01[IMV] 1616: 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 44 65 or>. <name>De
01[IMV] 1632: 62 69 61 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E 61 bian Project</na
01[IMV] 1648: 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 64 3E 72 me>. <regid>r
01[IMV] 1664: 65 67 69 64 2E 31 39 39 39 2D 30 33 2E 6F 72 67 egid.1999-03.org
01[IMV] 1680: 2E 64 65 62 69 61 6E 3C 2F 72 65 67 69 64 3E 0A .debian</regid>.
01[IMV] 1696: 20 20 3C 2F 73 6F 66 74 77 61 72 65 5F 6C 69 63 </software_lic
01[IMV] 1712: 65 6E 73 6F 72 3E 0A 20 20 3C 73 6F 66 74 77 61 ensor>. <softwa
01[IMV] 1728: 72 65 5F 69 64 3E 0A 20 20 20 20 3C 75 6E 69 71 re_id>. <uniq
01[IMV] 1744: 75 65 5F 69 64 3E 73 71 6C 69 74 65 2D 33 2D 37 ue_id>sqlite-3-7
01[IMV] 1760: 2D 31 33 2D 31 3C 2F 75 6E 69 71 75 65 5F 69 64 -13-1</unique_id
01[IMV] 1776: 3E 0A 20 20 20 20 3C 74 61 67 5F 63 72 65 61 74 >. <tag_creat
01[IMV] 1792: 6F 72 5F 72 65 67 69 64 3E 72 65 67 69 64 2E 31 or_regid>regid.1
01[IMV] 1808: 39 39 39 2D 30 33 2E 6F 72 67 2E 64 65 62 69 61 999-03.org.debia
01[IMV] 1824: 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 5F 72 n</tag_creator_r
01[IMV] 1840: 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 egid>. </softwa
01[IMV] 1856: 72 65 5F 69 64 3E 0A 20 20 3C 74 61 67 5F 63 72 re_id>. <tag_cr
01[IMV] 1872: 65 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 eator>. <name
01[IMV] 1888: 3E 44 65 62 69 61 6E 20 50 72 6F 6A 65 63 74 3C >Debian Project<
01[IMV] 1904: 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 /name>. <regi
01[IMV] 1920: 64 3E 72 65 67 69 64 2E 31 39 39 39 2D 30 33 2E d>regid.1999-03.
01[IMV] 1936: 6F 72 67 2E 64 65 62 69 61 6E 3C 2F 72 65 67 69 org.debian</regi
01[IMV] 1952: 64 3E 0A 20 20 3C 2F 74 61 67 5F 63 72 65 61 74 d>. </tag_creat
01[IMV] 1968: 6F 72 3E 0A 3C 2F 73 6F 66 74 77 61 72 65 5F 69 or>.</software_i
01[IMV] 1984: 64 65 6E 74 69 66 69 63 61 74 69 6F 6E 5F 74 61 dentification_ta
01[IMV] 2000: 67 3E 0A g>.
01[TNC] processing PA-TNC message with ID 0x4f00c27b 01[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Inventory' 0x005597/0x00000014 01[TNC] => 1983 bytes @ 0x73ceb4 01[TNC] 0: 00 00 00 02 00 00 00 0B 85 55 48 98 00 00 00 01 .........UH..... 01[TNC] 16: 00 00 00 00 03 E4 3C 3F 78 6D 6C 20 76 65 72 73 ......<?xml vers 01[TNC] 32: 69 6F 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 ion="1.0" encodi 01[TNC] 48: 6E 67 3D 22 75 74 66 2D 38 22 3F 3E 0A 3C 73 6F ng="utf-8"?>.<so 01[TNC] 64: 66 74 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 ftware_identific 01[TNC] 80: 61 74 69 6F 6E 5F 74 61 67 20 78 6D 6C 6E 73 3D ation_tag xmlns= 01[TNC] 96: 22 68 74 74 70 3A 2F 2F 73 74 61 6E 64 61 72 64 "http://standard 01[TNC] 112: 73 2E 69 73 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 s.iso.org/iso/19 01[TNC] 128: 37 37 30 2F 2D 32 2F 32 30 30 39 2F 73 63 68 65 770/-2/2009/sche 01[TNC] 144: 6D 61 2E 78 73 64 22 3E 0A 20 20 3C 65 6E 74 69 ma.xsd">. <enti 01[TNC] 160: 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69 72 65 64 tlement_required 01[TNC] 176: 5F 69 6E 64 69 63 61 74 6F 72 3E 74 72 75 65 3C _indicator>true< 01[TNC] 192: 2F 65 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 /entitlement_req 01[TNC] 208: 75 69 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E uired_indicator> 01[TNC] 224: 0A 20 20 3C 70 72 6F 64 75 63 74 5F 74 69 74 6C . <product_titl 01[TNC] 240: 65 3E 73 74 72 6F 6E 67 53 77 61 6E 3C 2F 70 72 e>strongSwan</pr 01[TNC] 256: 6F 64 75 63 74 5F 74 69 74 6C 65 3E 0A 20 20 3C oduct_title>. < 01[TNC] 272: 70 72 6F 64 75 63 74 5F 76 65 72 73 69 6F 6E 3E product_version> 01[TNC] 288: 0A 20 20 20 20 3C 6E 61 6D 65 3E 35 2E 31 2E 31 . <name>5.1.1 01[TNC] 304: 64 72 32 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C dr2</name>. < 01[TNC] 320: 6E 75 6D 65 72 69 63 3E 0A 20 20 20 20 20 20 3C numeric>. < 01[TNC] 336: 6D 61 6A 6F 72 3E 35 3C 2F 6D 61 6A 6F 72 3E 0A major>5</major>. 01[TNC] 352: 20 20 20 20 20 20 3C 6D 69 6E 6F 72 3E 31 3C 2F <minor>1</ 01[TNC] 368: 6D 69 6E 6F 72 3E 0A 20 20 20 20 20 20 3C 62 75 minor>. <bu 01[TNC] 384: 69 6C 64 3E 31 3C 2F 62 75 69 6C 64 3E 0A 20 20 ild>1</build>. 01[TNC] 400: 20 20 20 20 3C 72 65 76 69 65 77 3E 64 72 32 3C <review>dr2< 01[TNC] 416: 2F 72 65 76 69 65 77 3E 0A 20 20 20 20 3C 2F 6E /review>. </n 01[TNC] 432: 75 6D 65 72 69 63 3E 0A 20 20 3C 2F 70 72 6F 64 umeric>. </prod 01[TNC] 448: 75 63 74 5F 76 65 72 73 69 6F 6E 3E 0A 20 20 3C uct_version>. < 01[TNC] 464: 73 6F 66 74 77 61 72 65 5F 63 72 65 61 74 6F 72 software_creator 01[TNC] 480: 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 73 74 72 6F >. <name>stro 01[TNC] 496: 6E 67 53 77 61 6E 20 50 72 6F 6A 65 63 74 3C 2F ngSwan Project</ 01[TNC] 512: 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 64 name>. <regid 01[TNC] 528: 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E 6F >regid.2004-03.o 01[TNC] 544: 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3C 2F 72 rg.strongswan</r 01[TNC] 560: 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 egid>. </softwa 01[TNC] 576: 72 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 3C 73 re_creator>. <s 01[TNC] 592: 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F 72 oftware_licensor 01[TNC] 608: 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 73 74 72 6F >. <name>stro 01[TNC] 624: 6E 67 53 77 61 6E 20 50 72 6F 6A 65 63 74 3C 2F ngSwan Project</ 01[TNC] 640: 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 65 67 69 64 name>. <regid 01[TNC] 656: 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E 6F >regid.2004-03.o 01[TNC] 672: 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3C 2F 72 rg.strongswan</r 01[TNC] 688: 65 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 egid>. </softwa 01[TNC] 704: 72 65 5F 6C 69 63 65 6E 73 6F 72 3E 0A 20 20 3C re_licensor>. < 01[TNC] 720: 73 6F 66 74 77 61 72 65 5F 69 64 3E 0A 20 20 20 software_id>. 01[TNC] 736: 20 3C 75 6E 69 71 75 65 5F 69 64 3E 73 74 72 6F <unique_id>stro 01[TNC] 752: 6E 67 53 77 61 6E 2D 35 2D 31 2D 31 2D 64 72 32 ngSwan-5-1-1-dr2 01[TNC] 768: 3C 2F 75 6E 69 71 75 65 5F 69 64 3E 0A 20 20 20 </unique_id>. 01[TNC] 784: 20 3C 74 61 67 5F 63 72 65 61 74 6F 72 5F 72 65 <tag_creator_re 01[TNC] 800: 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 gid>regid.2004-0 01[TNC] 816: 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3.org.strongswan 01[TNC] 832: 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 5F 72 65 </tag_creator_re 01[TNC] 848: 67 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 72 gid>. </softwar 01[TNC] 864: 65 5F 69 64 3E 0A 20 20 3C 74 61 67 5F 63 72 65 e_id>. <tag_cre 01[TNC] 880: 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E ator>. <name> 01[TNC] 896: 73 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 strongSwan Proje 01[TNC] 912: 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 ct</name>. <r 01[TNC] 928: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D egid>regid.2004- 01[TNC] 944: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 03.org.strongswa 01[TNC] 960: 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F 74 61 n</regid>. </ta 01[TNC] 976: 67 5F 63 72 65 61 74 6F 72 3E 0A 3C 2F 73 6F 66 g_creator>.</sof 01[TNC] 992: 74 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 61 tware_identifica 01[TNC] 1008: 74 69 6F 6E 5F 74 61 67 3E 0A 00 00 00 00 03 BF tion_tag>....... 01[TNC] 1024: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1 01[TNC] 1040: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 75 74 .0" encoding="ut 01[TNC] 1056: 66 2D 38 22 3F 3E 0A 3C 73 6F 66 74 77 61 72 65 f-8"?>.<software 01[TNC] 1072: 5F 69 64 65 6E 74 69 66 69 63 61 74 69 6F 6E 5F _identification_ 01[TNC] 1088: 74 61 67 20 78 6D 6C 6E 73 3D 22 68 74 74 70 3A tag xmlns="http: 01[TNC] 1104: 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F 2E //standards.iso. 01[TNC] 1120: 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D 32 org/iso/19770/-2 01[TNC] 1136: 2F 32 30 30 39 2F 73 63 68 65 6D 61 2E 78 73 64 /2009/schema.xsd 01[TNC] 1152: 22 3E 0A 20 20 3C 65 6E 74 69 74 6C 65 6D 65 6E ">. <entitlemen 01[TNC] 1168: 74 5F 72 65 71 75 69 72 65 64 5F 69 6E 64 69 63 t_required_indic 01[TNC] 1184: 61 74 6F 72 3E 74 72 75 65 3C 2F 65 6E 74 69 74 ator>true</entit 01[TNC] 1200: 6C 65 6D 65 6E 74 5F 72 65 71 75 69 72 65 64 5F lement_required_ 01[TNC] 1216: 69 6E 64 69 63 61 74 6F 72 3E 0A 20 20 3C 70 72 indicator>. <pr 01[TNC] 1232: 6F 64 75 63 74 5F 74 69 74 6C 65 3E 73 71 6C 69 oduct_title>sqli 01[TNC] 1248: 74 65 33 3C 2F 70 72 6F 64 75 63 74 5F 74 69 74 te3</product_tit 01[TNC] 1264: 6C 65 3E 0A 20 20 3C 70 72 6F 64 75 63 74 5F 76 le>. <product_v 01[TNC] 1280: 65 72 73 69 6F 6E 3E 0A 20 20 20 20 3C 6E 61 6D ersion>. <nam 01[TNC] 1296: 65 3E 33 2E 37 2E 31 33 2D 31 3C 2F 6E 61 6D 65 e>3.7.13-1</name 01[TNC] 1312: 3E 0A 20 20 20 20 3C 6E 75 6D 65 72 69 63 3E 0A >. <numeric>. 01[TNC] 1328: 20 20 20 20 20 20 3C 6D 61 6A 6F 72 3E 33 3C 2F <major>3</ 01[TNC] 1344: 6D 61 6A 6F 72 3E 0A 20 20 20 20 20 20 3C 6D 69 major>. <mi 01[TNC] 1360: 6E 6F 72 3E 37 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 nor>7</minor>. 01[TNC] 1376: 20 20 20 20 3C 62 75 69 6C 64 3E 31 33 3C 2F 62 <build>13</b 01[TNC] 1392: 75 69 6C 64 3E 0A 20 20 20 20 20 20 3C 72 65 76 uild>. <rev 01[TNC] 1408: 69 65 77 3E 31 3C 2F 72 65 76 69 65 77 3E 0A 20 iew>1</review>. 01[TNC] 1424: 20 20 20 3C 2F 6E 75 6D 65 72 69 63 3E 0A 20 20 </numeric>. 01[TNC] 1440: 3C 2F 70 72 6F 64 75 63 74 5F 76 65 72 73 69 6F </product_versio 01[TNC] 1456: 6E 3E 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 63 n>. <software_c 01[TNC] 1472: 72 65 61 74 6F 72 3E 0A 20 20 20 20 3C 6E 61 6D reator>. <nam 01[TNC] 1488: 65 3E 53 51 4C 69 74 65 20 50 72 6F 6A 65 63 74 e>SQLite Project 01[TNC] 1504: 3C 2F 6E 61 6D 65 3E 0A 20 20 20 20 3C 72 65 67 </name>. <reg 01[TNC] 1520: 69 64 3E 72 65 67 69 64 2E 32 30 30 32 2D 30 38 id>regid.2002-08 01[TNC] 1536: 2E 6F 72 67 2E 73 71 6C 69 74 65 3C 2F 72 65 67 .org.sqlite</reg 01[TNC] 1552: 69 64 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 72 65 id>. </software 01[TNC] 1568: 5F 63 72 65 61 74 6F 72 3E 0A 20 20 3C 73 6F 66 _creator>. <sof 01[TNC] 1584: 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F 72 3E 0A tware_licensor>. 01[TNC] 1600: 20 20 20 20 3C 6E 61 6D 65 3E 44 65 62 69 61 6E <name>Debian 01[TNC] 1616: 20 50 72 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A Project</name>. 01[TNC] 1632: 20 20 20 20 3C 72 65 67 69 64 3E 72 65 67 69 64 <regid>regid 01[TNC] 1648: 2E 31 39 39 39 2D 30 33 2E 6F 72 67 2E 64 65 62 .1999-03.org.deb 01[TNC] 1664: 69 61 6E 3C 2F 72 65 67 69 64 3E 0A 20 20 3C 2F ian</regid>. </ 01[TNC] 1680: 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F software_licenso 01[TNC] 1696: 72 3E 0A 20 20 3C 73 6F 66 74 77 61 72 65 5F 69 r>. <software_i 01[TNC] 1712: 64 3E 0A 20 20 20 20 3C 75 6E 69 71 75 65 5F 69 d>. <unique_i 01[TNC] 1728: 64 3E 73 71 6C 69 74 65 2D 33 2D 37 2D 31 33 2D d>sqlite-3-7-13- 01[TNC] 1744: 31 3C 2F 75 6E 69 71 75 65 5F 69 64 3E 0A 20 20 1</unique_id>. 01[TNC] 1760: 20 20 3C 74 61 67 5F 63 72 65 61 74 6F 72 5F 72 <tag_creator_r 01[TNC] 1776: 65 67 69 64 3E 72 65 67 69 64 2E 31 39 39 39 2D egid>regid.1999- 01[TNC] 1792: 30 33 2E 6F 72 67 2E 64 65 62 69 61 6E 3C 2F 74 03.org.debian</t 01[TNC] 1808: 61 67 5F 63 72 65 61 74 6F 72 5F 72 65 67 69 64 ag_creator_regid 01[TNC] 1824: 3E 0A 20 20 3C 2F 73 6F 66 74 77 61 72 65 5F 69 >. </software_i 01[TNC] 1840: 64 3E 0A 20 20 3C 74 61 67 5F 63 72 65 61 74 6F d>. <tag_creato 01[TNC] 1856: 72 3E 0A 20 20 20 20 3C 6E 61 6D 65 3E 44 65 62 r>. <name>Deb 01[TNC] 1872: 69 61 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E 61 6D ian Project</nam 01[TNC] 1888: 65 3E 0A 20 20 20 20 3C 72 65 67 69 64 3E 72 65 e>. <regid>re 01[TNC] 1904: 67 69 64 2E 31 39 39 39 2D 30 33 2E 6F 72 67 2E gid.1999-03.org. 01[TNC] 1920: 64 65 62 69 61 6E 3C 2F 72 65 67 69 64 3E 0A 20 debian</regid>. 01[TNC] 1936: 20 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 3E 0A </tag_creator>. 01[TNC] 1952: 3C 2F 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74 </software_ident 01[TNC] 1968: 69 66 69 63 61 74 69 6F 6E 5F 74 61 67 3E 0A ification_tag>.
Human-Readable SWID Tags¶
01[IMV] received SWID tag inventory for request 11 at eid 1 of epoch 0x85554898 01[IMV] <?xml version="1.0" encoding="utf-8"?> 01[IMV] <software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd"> 01[IMV] <entitlement_required_indicator>true</entitlement_required_indicator> 01[IMV] <product_title>strongSwan</product_title> 01[IMV] <product_version> 01[IMV] <name>5.1.1dr2</name> 01[IMV] <numeric> 01[IMV] <major>5</major> 01[IMV] <minor>1</minor> 01[IMV] <build>1</build> 01[IMV] <review>dr2</review> 01[IMV] </numeric> 01[IMV] </product_version> 01[IMV] <software_creator> 01[IMV] <name>strongSwan Project</name> 01[IMV] <regid>regid.2004-03.org.strongswan</regid> 01[IMV] </software_creator> 01[IMV] <software_licensor> 01[IMV] <name>strongSwan Project</name> 01[IMV] <regid>regid.2004-03.org.strongswan</regid> 01[IMV] </software_licensor> 01[IMV] <software_id> 01[IMV] <unique_id>strongSwan-5-1-1-dr2</unique_id> 01[IMV] <tag_creator_regid>regid.2004-03.org.strongswan</tag_creator_regid> 01[IMV] </software_id> 01[IMV] <tag_creator> 01[IMV] <name>strongSwan Project</name> 01[IMV] <regid>regid.2004-03.org.strongswan</regid> 01[IMV] </tag_creator> 01[IMV] </software_identification_tag>
01[IMV] <?xml version="1.0" encoding="utf-8"?> 01[IMV] <software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd"> 01[IMV] <entitlement_required_indicator>true</entitlement_required_indicator> 01[IMV] <product_title>sqlite3</product_title> 01[IMV] <product_version> 01[IMV] <name>3.7.13-1</name> 01[IMV] <numeric> 01[IMV] <major>3</major> 01[IMV] <minor>7</minor> 01[IMV] <build>13</build> 01[IMV] <review>1</review> 01[IMV] </numeric> 01[IMV] </product_version> 01[IMV] <software_creator> 01[IMV] <name>SQLite Project</name> 01[IMV] <regid>regid.2002-08.org.sqlite</regid> 01[IMV] </software_creator> 01[IMV] <software_licensor> 01[IMV] <name>Debian Project</name> 01[IMV] <regid>regid.1999-03.org.debian</regid> 01[IMV] </software_licensor> 01[IMV] <software_id> 01[IMV] <unique_id>sqlite-3-7-13-1</unique_id> 01[IMV] <tag_creator_regid>regid.1999-03.org.debian</tag_creator_regid> 01[IMV] </software_id> 01[IMV] <tag_creator> 01[IMV] <name>Debian Project</name> 01[IMV] <regid>regid.1999-03.org.debian</regid> 01[IMV] </tag_creator> 01[IMV] </software_identification_tag>
01[IMV] IMV 2 handled SWIDT workitem 11: allow - received inventory of 2 SWID tags 01[TNC] creating PA-TNC message with ID 0x25dccdc0 01[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 01[TNC] => 4 bytes @ 0x71b570 01[TNC] 0: 00 00 00 00 .... 01[IMV] created PA-TNC message: => 24 bytes @ 0x6fee90 01[IMV] 0: 01 00 00 00 25 DC CD C0 00 00 00 00 00 00 00 09 ....%........... 01[IMV] 16: 00 00 00 10 00 00 00 00 ........ 01[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003 01[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
Policy Manager integrating Measurement Results¶
01[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager stop 01[IMV] policy: imv_policy_manager stop successful
01[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Isolated' 01[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Isolated' 01[TNC] PB-TNC state transition from 'Server Working' to 'Decided' 01[TNC] creating PB-TNC RESULT batch 01[TNC] adding PB-PA message 01[TNC] adding PB-Assessment-Result message 01[TNC] adding PB-Access-Recommendation message 01[TNC] adding PB-Reason-String message 01[TNC] sending PB-TNC RESULT batch (141 bytes) for Connection ID 2 01[TNC] => 141 bytes @ 0x6f08f0 01[TNC] 0: 02 80 00 03 00 00 00 8D 80 00 00 00 00 00 00 01 ................ 01[TNC] 16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02 ...0..U......... 01[TNC] 32: 01 00 00 00 25 DC CD C0 00 00 00 00 00 00 00 09 ....%........... 01[TNC] 48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02 ................ 01[TNC] 64: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 03 ................ 01[TNC] 80: 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00 07 ................ 01[TNC] 96: 00 00 00 35 00 00 00 22 49 6D 70 72 6F 70 65 72 ...5..."Improper 01[TNC] 112: 20 4F 53 20 73 65 74 74 69 6E 67 73 20 77 65 72 OS settings wer 01[TNC] 128: 65 20 64 65 74 65 63 74 65 64 02 65 6E e detected.en 01[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (157 bytes) 01[TLS] sending TLS ApplicationData record (208 bytes)
Closing PT-TLS Connection¶
10[TLS] processing TLS ApplicationData record (64 bytes) 10[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes) 10[TNC] received TNCCS batch (8 bytes) for Connection ID 2 10[TNC] => 8 bytes @ 0x6f00d0 10[TNC] 0: 02 00 00 06 00 00 00 08 ........ 10[TNC] PB-TNC state transition from 'Decided' to 'End' 10[TNC] processing PB-TNC CLOSE batch 10[TNC] final recommendation is 'isolate' and evaluation is 'non-compliant major' 10[TNC] PT-TLS connection terminates 10[IMV] IMV 1 "OS" deleted the state of Connection ID 2 10[IMV] IMV 2 "SWID" deleted the state of Connection ID 2 10[TNC] removed TNCCS Connection ID 2 10[TLS] sending TLS close notify 10[TLS] sending TLS Alert record (48 bytes)
Terminating the strongSwan Policy Decision Point¶
00[DMN] signal of type SIGINT received. Shutting down 00[IMV] IMV 2 "SWID" terminated 00[TNC] removed TCG attributes 00[LIB] libpts terminated 00[IMV] IMV 1 "OS" terminated 00[TNC] removed IETF attributes 00[TNC] removed ITA-HSR attributes 00[LIB] libimcv terminated