Version 6 - History - Endpoint Compliance via PT-TLS Protocol - strongSwan

Endpoint Compliance via PT-TLS Protocol » History » Version 6

Andreas Steffen, 16.08.2013 11:37

-Andreas Steffen
+h1. Endpoint Compliance via PT-TLS Protocol
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+h2. Starting the strongSwan Policy Decision Point (PDP)
 Andreas Steffen
-Andreas Steffen
+The strongSwan PDP starts and loads its server certificate and the client credentials
-Andreas Steffen
+<pre>
-Andreas Steffen
+[DMN] Starting IKE charon daemon (strongSwan 5.1.0, Linux 3.10.5, x86_64)
-Andreas Steffen
+[LIB] openssl FIPS mode(0) - disabled
-Andreas Steffen
+[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
-Andreas Steffen
+[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
-Andreas Steffen
+[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
-Andreas Steffen
+[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
-Andreas Steffen
+[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
-Andreas Steffen
+[CFG] loading crls from '/etc/ipsec.d/crls'
-Andreas Steffen
+[CFG] loading secrets from '/etc/ipsec.secrets'
-Andreas Steffen
+[CFG]   loaded RSA private key from '/etc/ipsec.d/private/aaaKey.pem'
-Andreas Steffen
+[CFG]   loaded EAP secret for carol
-Andreas Steffen
+[CFG]   loaded EAP secret for dave
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Next the OS and SWID IMVs are loaded
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] TNC recommendation policy is 'default'
-Andreas Steffen
+[TNC] loading IMVs from '/etc/tnc_config'
-Andreas Steffen
+[TNC] added IETF attributes
-Andreas Steffen
+[TNC] added ITA-HSR attributes
-Andreas Steffen
+[LIB] libimcv initialized
-Andreas Steffen
+[IMV] IMV 1 "OS" initialized
-Andreas Steffen
+[TNC] IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 "OS" loaded from '/usr/local/lib/ipsec/imcvs/imv-os.so'
-Andreas Steffen
+[IMV] IMV 2 "SWID" initialized
-Andreas Steffen
+[TNC] added TCG attributes
-Andreas Steffen
+[LIB] libpts initialized
-Andreas Steffen
+[TNC] IMV 2 supports 1 message type: 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 "SWID" loaded from '/usr/local/lib/ipsec/imcvs/imv-swid.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PDP loads all plugins needed to communicate via its EAP-RADIUS and PT-TLS interfaces and spawns 16 worker threads
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IKE] eap method EAP_TTLS selected
-Andreas Steffen
+[LIB] loaded plugins: charon curl pem pkcs1 nonce x509 revocation openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
-Andreas Steffen
+[JOB] spawning 16 worker threads
-Andreas Steffen
+[CFG] received stroke: add connection 'aaa'
-Andreas Steffen
+[CFG]   loaded certificate "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" from 'aaaCert.pem'
-Andreas Steffen
+[CFG] added configuration 'aaa'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. PT-TLS Connection by Access Requestor "carol"
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] accepting PT-TLS stream from 192.168.0.100
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Connection Setup
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS negotiation phase
-Andreas Steffen
+[TLS] processing TLS Handshake record (176 bytes)
-Andreas Steffen
+[TLS] received TLS ClientHello handshake (172 bytes)
-Andreas Steffen
+[TLS] received TLS 'signature algorithms' extension
-Andreas Steffen
+[TLS] received TLS 'elliptic curves' extension
-Andreas Steffen
+[TLS] received TLS 'ec point formats' extension
-Andreas Steffen
+[TLS] received TLS 'server name' extension
-Andreas Steffen
+[TLS] received 28 TLS cipher suites:
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS] sending TLS ServerHello handshake (54 bytes)
-Andreas Steffen
+[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org'
-Andreas Steffen
+[TLS] sending TLS Certificate handshake (1066 bytes)
-Andreas Steffen
+[TLS] selected ECDH group SECP256R1
-Andreas Steffen
+[TLS] created signature with MD5/RSA
-Andreas Steffen
+[TLS] sending TLS ServerKeyExchange handshake (329 bytes)
-Andreas Steffen
+[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
-Andreas Steffen
+[TLS] sending TLS CertificateRequest handshake (102 bytes)
-Andreas Steffen
+[TLS] sending TLS ServerHelloDone handshake (0 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (1571 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (77 bytes)
-Andreas Steffen
+[TLS] received TLS Certificate handshake (3 bytes)
-Andreas Steffen
+[TLS] received TLS ClientKeyExchange handshake (66 bytes)
-Andreas Steffen
+[TLS] processing TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (64 bytes)
-Andreas Steffen
+[TLS] received TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] sending TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. PT-TLS Negotiation
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] negotiated PT-TLS version 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. SASL Password-based Client Authentication
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] doing SASL client authentication
-Andreas Steffen
+[TNC] offering SASL PLAIN
-Andreas Steffen
+[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (22 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (80 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #1 of type 'SASL Mechanism Selection' (37 bytes)
-Andreas Steffen
+[TNC] client starts SASL PLAIN authentication
-Andreas Steffen
+[TNC] SASL PLAIN authentication successful
-Andreas Steffen
+[TNC] SASL client identity is 'carol'
-Andreas Steffen
+[TNC] sending PT-TLS message #2 of type 'SASL Result' (17 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #3 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS data transport phase
-Andreas Steffen
+[TNC] no PB-TNC batch to send
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (320 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (275 bytes)
-Andreas Steffen
+[TNC] assigned TNCCS Connection ID 1
-Andreas Steffen
+[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'carol' authenticated by password
-Andreas Steffen
+[IMV]   assigned session ID 2
-Andreas Steffen
+[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'carol' authenticated by password
-Andreas Steffen
+[IMV]   assigned session ID 2
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] received TNCCS batch (259 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 259 bytes @ 0x6dcd80
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 01 03 00 00 00 00 00 00 00 06  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu
-Andreas Steffen
+[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........
-Andreas Steffen
+[TNC]   48: 00 00 DC 00 00 00 00 00 00 00 01 00 01 FF FF 01  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 B6 BB C4 99 00 00 00 00 00 00 00 02 00  ................
-Andreas Steffen
+[TNC]   80: 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 00  ....%r..Debian..
-Andreas Steffen
+[TNC]   96: 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 78  ...........7.0 x
-Andreas Steffen
+[TNC]  112: 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 00  86_64...........
-Andreas Steffen
+[TNC]  128: 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC]  144: 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 03  ..............$.
-Andreas Steffen
+[TNC]  160: 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32 30  ...2013-08-15T20
-Andreas Steffen
+[TNC]  176: 3A 34 35 3A 30 36 5A 00 00 00 00 00 00 00 0B 00  :45:06Z.........
-Andreas Steffen
+[TNC]  192: 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C 00  ................
-Andreas Steffen
+[TNC]  208: 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 00  ..........*.....
-Andreas Steffen
+[TNC]  224: 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31 66  ..,7781b3894f01f
-Andreas Steffen
+[TNC]  240: 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30 32  40b865d386651702
-Andreas Steffen
+[TNC]  256: 65 30 62                                         e0b
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-Language-Preference message (31 bytes)
-Andreas Steffen
+[TNC] processing PB-PA message (220 bytes)
-Andreas Steffen
+[TNC] setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[IMV] IMV 1 "OS" received message for Connection ID 1 from IMC 1
-Andreas Steffen
+[IMV] => 196 bytes @ 0x6ee790
-Andreas Steffen
+[IMV]    0: 01 00 00 00 B6 BB C4 99 00 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[IMV]   16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[IMV]   32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[IMV]   48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[IMV]   64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[IMV]   80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[IMV]   96: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[IMV]  112: 30 3A 34 35 3A 30 36 5A 00 00 00 00 00 00 00 0B  0:45:06Z........
-Andreas Steffen
+[IMV]  128: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[IMV]  144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[IMV]  160: 00 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31  ...,7781b3894f01
-Andreas Steffen
+[IMV]  176: 66 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30  f40b865d38665170
-Andreas Steffen
+[IMV]  192: 32 65 30 62                                      2e0b
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0xb6bbc499
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+[TNC] => 11 bytes @ 0x6ee7a4
-Andreas Steffen
+[TNC]    0: 00 25 72 00 00 44 65 62 69 61 6E                 .%r..Debian
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+[TNC] => 13 bytes @ 0x6ee7bb
-Andreas Steffen
+[TNC]    0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00           .7.0 x86_64..
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+[TNC] => 16 bytes @ 0x6ee7d4
-Andreas Steffen
+[TNC]    0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+[TNC] => 24 bytes @ 0x6ee7f0
-Andreas Steffen
+[TNC]    0: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]   16: 30 3A 34 35 3A 30 36 5A                          0:45:06Z
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6ee814
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6ee824
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+[TNC] => 32 bytes @ 0x6ee834
-Andreas Steffen
+[TNC]    0: 37 37 38 31 62 33 38 39 34 66 30 31 66 34 30 62  7781b3894f01f40b
-Andreas Steffen
+[TNC]   16: 38 36 35 64 33 38 36 36 35 31 37 30 32 65 30 62  865d386651702e0b
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Operating System Information
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] operating system name is 'Debian' from vendor Debian Project
-Andreas Steffen
+[IMV] operating system version is '7.0 x86_64'
-Andreas Steffen
+[IMV] operating system numeric version is 7.0
-Andreas Steffen
+[IMV] operational status: operational, result: successful
-Andreas Steffen
+[IMV] last boot: Aug 15 20:45:06 UTC 2013
-Andreas Steffen
+[IMV] IPv4 forwarding is disabled
-Andreas Steffen
+[IMV] factory default password is disabled
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Device Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] device ID is 7781b3894f01f40b865d386651702e0b
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager generating Workitem List
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager start
-Andreas Steffen
+[IMV] policy: imv_policy_manager start successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 handles FWDEN workitem 3
-Andreas Steffen
+[IMV] IMV 1 handled FWDEN workitem 3: allow - forwarding not enabled
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x13044192
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6e35f0
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x6fba00
-Andreas Steffen
+[IMV]    0: 01 00 00 00 13 04 41 92 00 00 00 00 00 00 00 09  ......A.........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Sending SWID Request
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handles SWIDT workitem 6
-Andreas Steffen
+[IMV] IMV 2 issues SWID request 6
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x6bc52772
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011
-Andreas Steffen
+[TNC] => 12 bytes @ 0x7150a0
-Andreas Steffen
+[TNC]    0: 01 00 00 00 00 00 00 06 00 00 00 00              ............
-Andreas Steffen
+[IMV] created PA-TNC message: => 32 bytes @ 0x6ebcc0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 6B C5 27 72 00 00 55 97 00 00 00 11  ....k.'r..U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00  ................
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (112 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 112 bytes @ 0x6fc950
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 70 80 00 00 00 00 00 00 01  .......p........
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 00 00 00 00 00 01 FF FF 00 01  ...0............
-Andreas Steffen
+[TNC]   32: 01 00 00 00 13 04 41 92 00 00 00 00 00 00 00 09  ......A.........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 38 00 00 55 97 00 00 00 03 FF FF 00 02  ...8..U.........
-Andreas Steffen
+[TNC]   80: 01 00 00 00 6B C5 27 72 00 00 55 97 00 00 00 11  ....k.'r..U.....
-Andreas Steffen
+[TNC]   96: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00  ................
-Andreas Steffen
+[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (128 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (176 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Receiving SWID Tag Identifier Inventory
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (176 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (134 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (118 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 118 bytes @ 0x714f30
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 76 80 00 00 00 00 00 00 01  .......v........
-Andreas Steffen
+[TNC]   16: 00 00 00 6E 80 00 55 97 00 00 00 03 00 02 00 02  ...n..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 0C 84 EC 82 00 00 55 97 00 00 00 12  ..........U.....
-Andreas Steffen
+[TNC]   48: 00 00 00 4E 00 00 00 01 00 00 00 06 12 31 7A 21  ...N.........1z!
-Andreas Steffen
+[TNC]   64: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[TNC]   80: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[TNC]   96: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[TNC]  112: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (110 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[IMV] IMV 2 "SWID" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+[IMV] => 86 bytes @ 0x6fbdc0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 0C 84 EC 82 00 00 55 97 00 00 00 12  ..........U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 4E 00 00 00 01 00 00 00 06 12 31 7A 21  ...N.........1z!
-Andreas Steffen
+[IMV]   32: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[IMV]   48: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[IMV]   64: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[IMV]   80: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0x0c84ec82
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Identifier Inventory' 0x005597/0x00000012
-Andreas Steffen
+[TNC] => 66 bytes @ 0x6fbdd4
-Andreas Steffen
+[TNC]    0: 00 00 00 01 00 00 00 06 12 31 7A 21 00 00 00 01  .........1z!....
-Andreas Steffen
+[TNC]   16: 00 1C 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E  ..regid.2004-03.
-Andreas Steffen
+[TNC]   32: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 00 10  org.strongswan..
-Andreas Steffen
+[TNC]   48: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 30  strongSwan-5-1-0
-Andreas Steffen
+[TNC]   64: 00 00
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>                                            ..
-Andreas Steffen
+[IMV] received SWID tag ID inventory for request 6 at eid 1 of epoch 0x12317a21
-Andreas Steffen
+[IMV]   regid.2004-03.org.strongswan_strongSwan-5-1-0.swidtag
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handled SWIDT workitem 6: allow - received inventory of 1 SWID tag ID
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x51257e2e
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6e9e50
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x6ed440
-Andreas Steffen
+[IMV]    0: 01 00 00 00 51 25 7E 2E 00 00 00 00 00 00 00 09  ....Q%~.........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager integrating Measurement Results
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager stop
-Andreas Steffen
+[IMV] policy: imv_policy_manager stop successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+[TNC] creating PB-TNC RESULT batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-Assessment-Result message
-Andreas Steffen
+[TNC] adding PB-Access-Recommendation message
-Andreas Steffen
+[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 88 bytes @ 0x6ea730
-Andreas Steffen
+[TNC]    0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01  .......X........
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02  ...0..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 51 25 7E 2E 00 00 00 00 00 00 00 09  ....Q%~.........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 03  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 10 00 00 00 01                          ........
-Andreas Steffen
+[TNC] sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (144 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3.  Closing PT-TLS Connection
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (8 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 8 bytes @ 0x7150a0
-Andreas Steffen
+[TNC]    0: 02 00 00 06 00 00 00 08                          ........
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+[TNC] processing PB-TNC CLOSE batch
-Andreas Steffen
+[TNC] final recommendation is 'allow' and evaluation is 'compliant'
-Andreas Steffen
+[TNC] PT-TLS connection terminates
-Andreas Steffen
+[IMV] IMV 1 "OS" deleted the state of Connection ID 1
-Andreas Steffen
+[IMV] IMV 2 "SWID" deleted the state of Connection ID 1
-Andreas Steffen
+[TNC] removed TNCCS Connection ID 1
-Andreas Steffen
+[TLS] sending TLS close notify
-Andreas Steffen
+[TLS] sending TLS Alert record (48 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. PT-TLS Connection by Access Requestor "dave"
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] accepting PT-TLS stream from 192.168.0.200
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Connection Setup
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS negotiation phase
-Andreas Steffen
+[TLS] processing TLS Handshake record (176 bytes)
-Andreas Steffen
+[TLS] received TLS ClientHello handshake (172 bytes)
-Andreas Steffen
+[TLS] received TLS 'signature algorithms' extension
-Andreas Steffen
+[TLS] received TLS 'elliptic curves' extension
-Andreas Steffen
+[TLS] received TLS 'ec point formats' extension
-Andreas Steffen
+[TLS] received TLS 'server name' extension
-Andreas Steffen
+[TLS] received 28 TLS cipher suites:
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS] sending TLS ServerHello handshake (54 bytes)
-Andreas Steffen
+[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org'
-Andreas Steffen
+[TLS] sending TLS Certificate handshake (1066 bytes)
-Andreas Steffen
+[TLS] selected ECDH group SECP256R1
-Andreas Steffen
+[TLS] created signature with MD5/RSA
-Andreas Steffen
+[TLS] sending TLS ServerKeyExchange handshake (329 bytes)
-Andreas Steffen
+[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
-Andreas Steffen
+[TLS] sending TLS CertificateRequest handshake (102 bytes)
-Andreas Steffen
+[TLS] sending TLS ServerHelloDone handshake (0 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (1571 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (1406 bytes)
-Andreas Steffen
+[TLS] received TLS Certificate handshake (1068 bytes)
-Andreas Steffen
+[TLS] received TLS peer certificate 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org'
-Andreas Steffen
+[TLS] received TLS ClientKeyExchange handshake (66 bytes)
-Andreas Steffen
+[TLS] received TLS CertificateVerify handshake (260 bytes)
-Andreas Steffen
+[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org"
-Andreas Steffen
+[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org"
-Andreas Steffen
+[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
-Andreas Steffen
+[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG]   crl is valid: until Sep 14 20:44:55 2013
-Andreas Steffen
+[CFG] certificate status is good
-Andreas Steffen
+[CFG]   reached self-signed root ca with a path length of 0
-Andreas Steffen
+[TLS] verified signature with SHA1/RSA
-Andreas Steffen
+[TLS] processing TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (64 bytes)
-Andreas Steffen
+[TLS] received TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] sending TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. PT-TLS Negotiation
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] negotiated PT-TLS version 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Certificate-based Client Authentication
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] doing SASL client authentication
-Andreas Steffen
+[TNC] skipping SASL, client already authenticated by TLS certificate
-Andreas Steffen
+[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS data transport phase
-Andreas Steffen
+[TNC] no PB-TNC batch to send
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (96 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #1 of type 'PB-TNC Batch' (55 bytes)
-Andreas Steffen
+[TNC] assigned TNCCS Connection ID 2
-Andreas Steffen
+[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate
-Andreas Steffen
+[IMV]   assigned session ID 3
-Andreas Steffen
+[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate
-Andreas Steffen
+[IMV]   assigned session ID 3
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Handshake'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] received TNCCS batch (39 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 39 bytes @ 0x6e87f0
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 27 00 00 00 00 00 00 00 06  .......'........
-Andreas Steffen
+[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu
-Andreas Steffen
+[TNC]   32: 61 67 65 3A 20 65 6E                             age: en
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-Language-Preference message (31 bytes)
-Andreas Steffen
+[TNC] setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0xdf43848c
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Attribute Request' 0x000000/0x00000001
-Andreas Steffen
+[TNC] => 56 bytes @ 0x6ec8d0
-Andreas Steffen
+[TNC]    0: 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 04  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 05  ................
-Andreas Steffen
+[TNC]   32: 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[TNC]   48: 00 00 90 2A 00 00 00 08                          ...*....
-Andreas Steffen
+[IMV] created PA-TNC message: => 76 bytes @ 0x739a80
-Andreas Steffen
+[IMV]    0: 01 00 00 00 DF 43 84 8C 00 00 00 00 00 00 00 01  .....C..........
-Andreas Steffen
+[IMV]   16: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00  ...D............
-Andreas Steffen
+[IMV]   32: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00  ................
-Andreas Steffen
+[IMV]   48: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00  ................
-Andreas Steffen
+[IMV]   64: 00 00 00 0C 00 00 90 2A 00 00 00 08              .......*....
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 108 bytes @ 0x6e7820
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 6C 80 00 00 00 00 00 00 01  .......l........
-Andreas Steffen
+[TNC]   16: 00 00 00 64 00 00 00 00 00 00 00 01 FF FF 00 01  ...d............
-Andreas Steffen
+[TNC]   32: 01 00 00 00 DF 43 84 8C 00 00 00 00 00 00 00 01  .....C..........
-Andreas Steffen
+[TNC]   48: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00  ...D............
-Andreas Steffen
+[TNC]   64: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00  ................
-Andreas Steffen
+[TNC]   96: 00 00 00 0C 00 00 90 2A 00 00 00 08              .......*....
-Andreas Steffen
+[TNC] sending PT-TLS message #2 of type 'PB-TNC Batch' (124 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (176 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (288 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (244 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (228 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 228 bytes @ 0x714a00
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 E4 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 DC 80 00 00 00 00 00 00 01 00 01 00 01  ................
-Andreas Steffen
+[TNC]   32: 01 00 00 00 D5 CA 70 3D 00 00 00 00 00 00 00 02  ......p=........
-Andreas Steffen
+[TNC]   48: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[TNC]   64: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[TNC]   80: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[TNC]   96: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC]  112: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[TNC]  128: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]  144: 30 3A 34 35 3A 30 37 5A 00 00 00 00 00 00 00 0B  0:45:07Z........
-Andreas Steffen
+[TNC]  160: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[TNC]  176: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[TNC]  192: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66  ...,aabbccddeeff
-Andreas Steffen
+[TNC]  208: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38  1122334455667788
-Andreas Steffen
+[TNC]  224: 39 39 30 30                                      9900
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (220 bytes)
-Andreas Steffen
+[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[IMV] IMV 1 "OS" received message for Connection ID 2 from IMC 1 to IMV 1
-Andreas Steffen
+[IMV] => 196 bytes @ 0x738ac0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 D5 CA 70 3D 00 00 00 00 00 00 00 02  ......p=........
-Andreas Steffen
+[IMV]   16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[IMV]   32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[IMV]   48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[IMV]   64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[IMV]   80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[IMV]   96: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[IMV]  112: 30 3A 34 35 3A 30 37 5A 00 00 00 00 00 00 00 0B  0:45:07Z........
-Andreas Steffen
+[IMV]  128: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[IMV]  144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[IMV]  160: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66  ...,aabbccddeeff
-Andreas Steffen
+[IMV]  176: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38  1122334455667788
-Andreas Steffen
+[IMV]  192: 39 39 30 30                                      9900
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0xd5ca703d
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+[TNC] => 11 bytes @ 0x738ad4
-Andreas Steffen
+[TNC]    0: 00 25 72 00 00 44 65 62 69 61 6E                 .%r..Debian
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+[TNC] => 13 bytes @ 0x738aeb
-Andreas Steffen
+[TNC]    0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00           .7.0 x86_64..
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+[TNC] => 16 bytes @ 0x738b04
-Andreas Steffen
+[TNC]    0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+[TNC] => 24 bytes @ 0x738b20
-Andreas Steffen
+[TNC]    0: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]   16: 30 3A 34 35 3A 30 37 5A                          0:45:07Z
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+[TNC] => 4 bytes @ 0x738b44
-Andreas Steffen
+[TNC]    0: 00 00 00 01                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+[TNC] => 4 bytes @ 0x738b54
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+[TNC] => 32 bytes @ 0x738b64
-Andreas Steffen
+[TNC]    0: 61 61 62 62 63 63 64 64 65 65 66 66 31 31 32 32  aabbccddeeff1122
-Andreas Steffen
+[TNC]   16: 33 33 34 34 35 35 36 36 37 37 38 38 39 39 30 30  3344556677889900
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Operating System Information
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] operating system name is 'Debian' from vendor Debian Project
-Andreas Steffen
+[IMV] operating system version is '7.0 x86_64'
-Andreas Steffen
+[IMV] operating system numeric version is 7.0
-Andreas Steffen
+[IMV] operational status: operational, result: successful
-Andreas Steffen
+[IMV] last boot: Aug 15 20:45:07 UTC 2013
-Andreas Steffen
+[IMV] IPv4 forwarding is enabled
-Andreas Steffen
+[IMV] factory default password is disabled
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Device Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] device ID is aabbccddeeff11223344556677889900
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager generating Workitem List
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager start
-Andreas Steffen
+[IMV] policy: imv_policy_manager start successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 handled FWDEN workitem 11: isolate - forwarding enabled
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x43672a51
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6edbd0
-Andreas Steffen
+[TNC]    0: 00 00 00 02                                      ....
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
-Andreas Steffen
+[TNC] => 81 bytes @ 0x731850
-Andreas Steffen
+[TNC]    0: 00 00 00 00 00 00 00 02 00 00 00 42 49 50 20 50  ...........BIP P
-Andreas Steffen
+[TNC]   16: 61 63 6B 65 74 20 46 6F 72 77 61 72 64 69 6E 67  acket Forwarding
-Andreas Steffen
+[TNC]   32: 0A 20 20 50 6C 65 61 73 65 20 64 69 73 61 62 6C  .  Please disabl
-Andreas Steffen
+[TNC]   48: 65 20 74 68 65 20 66 6F 72 77 61 72 64 69 6E 67  e the forwarding
-Andreas Steffen
+[TNC]   64: 20 6F 66 20 49 50 20 70 61 63 6B 65 74 73 02 65   of IP packets.e
-Andreas Steffen
+[TNC]   80: 6E                                               n
-Andreas Steffen
+[IMV] created PA-TNC message: => 117 bytes @ 0x738620
-Andreas Steffen
+[IMV]    0: 01 00 00 00 43 67 2A 51 00 00 00 00 00 00 00 09  ....Cg*Q........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+[IMV]   32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+[IMV]   48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+[IMV]   64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+[IMV]   80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+[IMV]   96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+[IMV]  112: 74 73 02 65 6E                                   ts.en
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 is setting reason string to 'Improper OS settings were detected'
-Andreas Steffen
+[TNC] IMV 1 is setting reason language to 'en'
-Andreas Steffen
+[TNC] IMV 1 provides recommendation 'isolate' and evaluation 'non-compliant major'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Sending SWID Request
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 issues SWID tag request 14
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0xc9837a03
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011
-Andreas Steffen
+[TNC] => 12 bytes @ 0x6f1400
-Andreas Steffen
+[TNC]    0: 01 00 00 00 00 00 00 0E 00 00 00 00              ............
-Andreas Steffen
+[IMV] created PA-TNC message: => 32 bytes @ 0x731cd0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 C9 83 7A 03 00 00 55 97 00 00 00 11  ......z...U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 18 01 00 00 00 00 00 00 0E 00 00 00 00  ................
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (205 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 205 bytes @ 0x738620
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 CD 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 8D 00 00 00 00 00 00 00 01 FF FF 00 01  ................
-Andreas Steffen
+[TNC]   32: 01 00 00 00 43 67 2A 51 00 00 00 00 00 00 00 09  ....Cg*Q........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+[TNC]   80: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+[TNC]   96: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+[TNC]  112: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+[TNC]  128: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+[TNC]  144: 74 73 02 65 6E 80 00 00 00 00 00 00 01 00 00 00  ts.en...........
-Andreas Steffen
+[TNC]  160: 38 00 00 55 97 00 00 00 03 FF FF 00 02 01 00 00  8..U............
-Andreas Steffen
+[TNC]  176: 00 C9 83 7A 03 00 00 55 97 00 00 00 11 00 00 00  ...z...U........
-Andreas Steffen
+[TNC]  192: 18 01 00 00 00 00 00 00 0E 00 00 00 00           .............
-Andreas Steffen
+[TNC] sending PT-TLS message #3 of type 'PB-TNC Batch' (221 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (272 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (176 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (134 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (118 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 118 bytes @ 0x724380
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 76 80 00 00 00 00 00 00 01  .......v........
-Andreas Steffen
+[TNC]   16: 00 00 00 6E 80 00 55 97 00 00 00 03 00 02 00 02  ...n..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 0E 1E BE 66 00 00 55 97 00 00 00 12  .......f..U.....
-Andreas Steffen
+[TNC]   48: 00 00 00 4E 00 00 00 01 00 00 00 0E D5 98 C7 9E  ...N............
-Andreas Steffen
+[TNC]   64: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[TNC]   80: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[TNC]   96: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[TNC]  112: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (110 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Receiving SWID Tag Identifier Inventory
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[IMV] IMV 2 "SWID" received message for Connection ID 2 from IMC 2 to IMV 2
-Andreas Steffen
+[IMV] => 86 bytes @ 0x738880
-Andreas Steffen
+[IMV]    0: 01 00 00 00 0E 1E BE 66 00 00 55 97 00 00 00 12  .......f..U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 4E 00 00 00 01 00 00 00 0E D5 98 C7 9E  ...N............
-Andreas Steffen
+[IMV]   32: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[IMV]   48: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[IMV]   64: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[IMV]   80: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0x0e1ebe66
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Identifier Inventory' 0x005597/0x00000012
-Andreas Steffen
+[TNC] => 66 bytes @ 0x738894
-Andreas Steffen
+[TNC]    0: 00 00 00 01 00 00 00 0E D5 98 C7 9E 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 1C 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E  ..regid.2004-03.
-Andreas Steffen
+[TNC]   32: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 00 10  org.strongswan..
-Andreas Steffen
+[TNC]   48: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 30  strongSwan-5-1-0
-Andreas Steffen
+[TNC]   64: 00 00                                            ..
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] received SWID tag ID inventory for request 14
-Andreas Steffen
+[IMV]   regid.2004-03.org.strongswan_strongSwan-5-1-0.swidtag
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handled SWIDT workitem 14: allow - received SWID tag ID inventory
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0xfd87492d
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6f9fe0
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x7391d0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 FD 87 49 2D 00 00 00 00 00 00 00 09  ......I-........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager integrating Measurement Results
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager stop
-Andreas Steffen
+[IMV] policy: imv_policy_manager stop successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Isolated'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Isolated'
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+[TNC] creating PB-TNC RESULT batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-Assessment-Result message
-Andreas Steffen
+[TNC] adding PB-Access-Recommendation message
-Andreas Steffen
+[TNC] adding PB-Reason-String message
-Andreas Steffen
+[TNC] sending PB-TNC RESULT batch (141 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 141 bytes @ 0x714aa0
-Andreas Steffen
+[TNC]    0: 02 80 00 03 00 00 00 8D 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02  ...0..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 FD 87 49 2D 00 00 00 00 00 00 00 09  ......I-........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 03  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00 07  ................
-Andreas Steffen
+[TNC]   96: 00 00 00 35 00 00 00 22 49 6D 70 72 6F 70 65 72  ...5..."Improper
-Andreas Steffen
+[TNC]  112: 20 4F 53 20 73 65 74 74 69 6E 67 73 20 77 65 72   OS settings wer
-Andreas Steffen
+[TNC]  128: 65 20 64 65 74 65 63 74 65 64 02 65 6E           e detected.en
-Andreas Steffen
+[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (157 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (208 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Closing PT-TLS Connection
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (8 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 8 bytes @ 0x6f1400
-Andreas Steffen
+[TNC]    0: 02 00 00 06 00 00 00 08                          ........
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+[TNC] processing PB-TNC CLOSE batch
-Andreas Steffen
+[TNC] final recommendation is 'isolate' and evaluation is 'non-compliant major'
-Andreas Steffen
+[TNC] PT-TLS connection terminates
-Andreas Steffen
+[IMV] IMV 1 "OS" deleted the state of Connection ID 2
-Andreas Steffen
+[IMV] IMV 2 "SWID" deleted the state of Connection ID 2
-Andreas Steffen
+[TNC] removed TNCCS Connection ID 2
-Andreas Steffen
+[TLS] sending TLS close notify
-Andreas Steffen
+[TLS] sending TLS Alert record (48 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Terminating the strongSwan Policy Decision Point
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[DMN] signal of type SIGINT received. Shutting down
-Andreas Steffen
+[IMV] IMV 2 "SWID" terminated
-Andreas Steffen
+[TNC] removed TCG attributes
-Andreas Steffen
+[LIB] libpts terminated
-Andreas Steffen
+[IMV] IMV 1 "OS" terminated
-Andreas Steffen
+[TNC] removed IETF attributes
-Andreas Steffen
+[TNC] removed ITA-HSR attributes
-Andreas Steffen
+[LIB] libimcv terminated
-Andreas Steffen
+</pre>

Project

General

Profile

strongSwan

Endpoint Compliance via PT-TLS Protocol » History » Version 6