Version 17 - History - Software Inventory Message and Attributes for PA-TNC (SWIMA) - strongSwan

Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 17

Andreas Steffen, 13.06.2017 17:10

-Andreas Steffen
+bh1. Software Inventory Message and Attributes for PA-TNC (SWIMA)
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+h2. Starting PT-TLS Server Daemon
 Andreas Steffen
-Andreas Steffen
+The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command
-Andreas Steffen
+<pre>
-Andreas Steffen
+systemctl start strongswan-swanctl
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from _/etc/tnc_config_.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TNC recommendation policy is 'default'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loading IMVs from '/etc/tnc_config'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: added IETF attributes
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: added ITA-HSR attributes
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: added PWG attributes
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: added TCG attributes
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: libimcv initialized
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The OS IMV is loaded as a dynamic library and attached to the TNC server.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 1 "OS" initialized
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMV is loaded as a dynamic library and attached to the TNC server.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 2 "SWIMA" initialized
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40::20 koala charon-systemd[27680]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem curve25519 chapoly sha3 mgf1 ntru bliss newhope tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: spawning 16 worker threads
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Multiple PT-TLS server and CA certificates are loaded into the daemon
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The actual loading is done by the *swanctl* command line tool which transfers the certificates to the daemon via a Unix socket.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem'
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem'
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem'
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem'
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first server certificate has a matching ECDSA private key loaded from file
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded ECDSA private key
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The second server certificate has a matching ECDSA key protected by a TPM 2.0
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 via TSS2 available
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: AIK signature algorithm is ECDSA with SHA256 hash
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded ECDSA private key from token
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The third server certificate has a matching RSA key protected by a TPM 2.0
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: TPM 2.0 via TSS2 available
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: AIK signature algorithm is RSASSA with SHA256 hash
-Andreas Steffen
+Jun 13 14:40:20 koala charon-systemd[27680]: loaded RSA private key from token
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Again it is the *swanctl* tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem'
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f]
-Andreas Steffen
+Jun 13 14:40:21 koala swanctl[27699]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS server is now up and ready to accept connections on the default TCP port 271.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:40:21 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Accepting PT-TLS Client Connection
 Andreas Steffen
-Andreas Steffen
+A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: accepting PT-TLS stream from 62.96.251.245
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: entering PT-TLS negotiation phase
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: sending TLS cert request for 'O=fw-jfi-home01..uj9jsa'
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com'
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]:   using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]:   using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
-Andreas Steffen
+Jun 13 14:47:13 koala charon-systemd[27680]:   fetching crl from 'http://www.strongsec.com/ca/strongsec.crl' ...
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   crl is valid: until Jun 18 10:00:01 2017
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   fetching crl from 'http://www.strongsec.net/ca/strongsec_delta.crl' ...
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   crl is valid: until Jun 14 10:00:01 2017
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: certificate status is good
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   reached self-signed root ca with a path length of 0
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: negotiated PT-TLS version 1
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: doing SASL client authentication
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: skipping SASL, client already authenticated by TLS certificate
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: entering PT-TLS data transport phase
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: assigned TNCCS Connection ID 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+An OS IMV instance is created for this PB-TNC connection
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   machine AR identity '62.96.251.245' of type IPv4 address authenticated by unknown method
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+A SWIMA IMV instance is created for this PB-TNC connection
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]:   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PB-TNC connection is now initialized and goes into Handshake mode
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first PB-TNC client batch is received containing two PA-TNC messages
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: received TNCCS batch (321 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing IETF/PB-Language-Preference message (31 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing IETF/PB-PA message (230 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing IETF/PB-PA message (52 bytes)
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first PA-TNC message is of type *IETF / Operating System* and contains some IETF standard attributes sent by the OS IMC
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 "OS" received message for Connection ID 1 from IMC 1
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: => 206 bytes @ 0x7f2258005160
-Andreas Steffen
+: 01 00 00 00 01 1D F6 8D 00 00 00 00 00 00 00 02  ................
-Andreas Steffen
+: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00  .....q2..Ubuntu.
-Andreas Steffen
+: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30  ............16.0
-Andreas Steffen
+: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00  4 x86_64........
-Andreas Steffen
+: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00  ................
-Andreas Steffen
+: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00  ................
-Andreas Steffen
+: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 32  .$....2017-06-12
-Andreas Steffen
+: 54 32 30 3A 34 30 3A 31 34 5A 00 00 00 00 00 00  T20:40:14Z......
-Andreas Steffen
+: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00  ................
-Andreas Steffen
+: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00  .............*..
-Andreas Steffen
+: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36  .....45d95021396
-Andreas Steffen
+: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61  d2415e5c53ca2dea
-Andreas Steffen
+: 36 66 62 63 31 63 32 33 38 37 63 35 36 61        6fbc1c2387c56a
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC message with ID 0x011df68d
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+This is the OS information contained in the PA-TNC attributes
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: operating system name is 'Ubuntu' from vendor Canonical
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: operating system version is '16.04 x86_64'
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: operating system numeric version is 16.4
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: operational status: operational, result: successful
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: last boot: Jun 12 20:40:14 UTC 2017
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IPv4 forwarding is enabled
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: factory default password is disabled
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The second PA-TNC message is of type *IETF / Software* and contains a PA-TNC segmentation contract request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: => 28 bytes @ 0x7f22580059d0
-Andreas Steffen
+: 01 00 00 00 B9 E8 DB 83 00 00 55 97 00 00 00 21  ..........U....!
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8              ............
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC message with ID 0xb9e8db83
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+This is the decoded segmentation contract request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC message with ID 0x28043be8
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: created PA-TNC message: => 28 bytes @ 0x7f2258005ad0
-Andreas Steffen
+: 01 00 00 00 28 04 3B E8 00 00 55 97 00 00 00 22  ....(.;...U...."
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8              ............
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+                                               maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: assigned session ID 40 to Connection ID 1
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: running policy script: 2>&1 ipsec imv_policy_manager start 40
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: policy: imv_policy_manager start successful
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: SWIDT workitem 251
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 has no workitems - no evaluation requested
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC message with ID 0x72bd7838
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: created PA-TNC message: => 117 bytes @ 0x7f2258003680
-Andreas Steffen
+: 01 00 00 00 72 BD 78 38 00 00 00 00 00 00 00 09  ....r.x8........
-Andreas Steffen
+: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+: 74 73 02 65 6E                                   ts.en
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 1 provides recommendation 'allow' and evaluation 'don't know'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Sending IETF SW Request Attribute
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 handles SWIDT workitem 251
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: IMV 2 issues sw request 251
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC message with ID 0x6c940091
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: created PA-TNC message: => 52 bytes @ 0x7f2258027be0
-Andreas Steffen
+: 01 00 00 00 6C 94 00 91 00 00 55 97 00 00 00 21  ....l.....U....!
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00  ................
-Andreas Steffen
+: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 FB  ........ .......
-Andreas Steffen
+: 00 00 00 00                                      ....
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:14 koala charon-systemd[27680]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Receiving IETF SW Identity Inventory Attribute
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes)
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: received TNCCS batch (131056 bytes)
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing IETF/PB-PA message (131048 bytes)
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: => 131024 bytes @ 0x7f225008ca00
-Andreas Steffen
+: 01 00 00 00 DC 50 E6 C6 00 00 55 97 00 00 00 22  .....P....U...."
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97  ..............U.
-Andreas Steffen
+: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00  ...#............
-Andreas Steffen
+: 00 00 00 12 00 02 7F B7 00 00 07 FF 00 00 00 FB  ................
-Andreas Steffen
+: 11 22 33 44 00 00 00 01 00 00 00 00 00 00 00 01  ."3D............
-Andreas Steffen
+: 01 00 00 51 73 74 72 6F 6E 67 73 77 61 6E 2E 6F  ...Qstrongswan.o
-Andreas Steffen
+: 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D  rg_Ubuntu_16.04-
-Andreas Steffen
+: 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F 66  x86_64-a11y-prof
-Andreas Steffen
+: 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64 69  ile-manager-indi
-Andreas Steffen
+: 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75 62  cator-0.1.10-0ub
-Andreas Steffen
+: 75 6E 74 75 33 00 00 00 00 00 00 00 00 00 01 01  untu3...........
-Andreas Steffen
+: 00 00 57 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72  ..Wstrongswan.or
-Andreas Steffen
+: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78  g_Ubuntu_16.04-x
-Andreas Steffen
+: 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D 70 6C  86_64-account-pl
-Andreas Steffen
+: 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D 30 2E  ugin-facebook-0.
-Andreas Steffen
+: 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30 31 32  12~16.04.2016012
-Andreas Steffen
+: 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00 00 00  6-0ubuntu1......
-Andreas Steffen
+: 00 00 00 01 01 00 00 55 73 74 72 6F 6E 67 73 77  .......Ustrongsw
-Andreas Steffen
+: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36  an.org_Ubuntu_16
-Andreas Steffen
+: 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75  .04-x86_64-accou
-Andreas Steffen
+: 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69 63 6B 72  nt-plugin-flickr
-Andreas Steffen
+: 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36  -0.12~16.04.2016
-Andreas Steffen
+: 30 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00  0126-0ubuntu1...
-Andreas Steffen
+: 00 00 00 00 00 00 01 01 00 00 55 73 74 72 6F 6E  ..........Ustron
-Andreas Steffen
+: 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75  gswan.org_Ubuntu
-Andreas Steffen
+: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63  _16.04-x86_64-ac
-Andreas Steffen
+: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 67 6F 6F  count-plugin-goo
-Andreas Steffen
+: 67 6C 65 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32  gle-0.12~16.04.2
-Andreas Steffen
+: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31  0160126-0ubuntu1
-Andreas Steffen
+                                                ...
-Andreas Steffen
+: 00 00 00 01 01 00 00 40 73 74 72 6F 6E 67 73 77  .......@strongsw
-Andreas Steffen
+: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36  an.org_Ubuntu_16
-Andreas Steffen
+: 2E 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F  .04-x86_64-pytho
-Andreas Steffen
+: 6E 2D 70 6B 67 2D 72 65 73 6F 75 72 63 65 73 2D  n-pkg-resources-
-Andreas Steffen
+: 32 30 2E 37 2E 30 2D 31 00 00 00 00 00 00 00 00  20.7.0-1........
-Andreas Steffen
+: 00 01 01 00 00 3D 73 74 72 6F 6E 67 73 77 61 6E  .....=strongswan
-Andreas Steffen
+: 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30  .org_Ubuntu_16.0
-Andreas Steffen
+: 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E 2D  4-x86_64-python-
-Andreas Steffen
+: 73 65 74 75 70 74 6F 6F 6C 73 2D 32 30 2E 37 2E  setuptools-20.7.
-Andreas Steffen
+: 30 2D 31 00 00 00 00 00 00 00 00 00 01 01 00 00  0-1.............
-Andreas Steffen
+: 38 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  8strongswan.org_
-Andreas Steffen
+: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36  Ubuntu_16.04-x86
-Andreas Steffen
+: 5F 36 34 2D 70 79 74 68 6F 6E 2D 74 61 6C 6C 6F  _64-python-tallo
-Andreas Steffen
+: 63 2D 32 2E 31 2E 35 2D 32 00 00 00 00 00 00 00  c-2.1.5-2.......
-Andreas Steffen
+: 00 00 01 01 00 00 38 73 74 72 6F 6E 67 73 77 61  ......8strongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E  n.org_Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E  04-x86_64-python
-Andreas Steffen
+: 2D 77 68 65 65 6C 2D 30 2E 32 39 2E 30 2D 31 00  -wheel-0.29.0-1.
-Andreas Steffen
+: 00 00 00 00 00 00 00 00 01 01 00 00 44 73 74 72  ............Dstr
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E  ongswan.org_Ubun
-Andreas Steffen
+: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D  tu_16.04-x86_64-
-Andreas Steffen
+: 70 79 74 68 6F 6E 32 2E 37 2D 32 2E 37 2E 31 32  python2.7-2.7.12
-Andreas Steffen
+: 2D 31 75 62 75 6E 74 75 30 7E 31 36 2E 30 34 2E  -1ubuntu0~16.04.
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing PA-TNC message with ID 0xdc50e6c6
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: received first segment for base attribute ID 1 (130980 bytes)
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: 67 bytes insufficient to parse 68 bytes of data
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]: received software identity inventory with 1646 items for request 251 at eid 1 of epoch 0x11223344, 401 items to follow
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+Jun 13 14:47:15 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+                                               ...
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python-pkg-resources-20.7.0-1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python-setuptools-20.7.0-1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python-talloc-2.1.5-2
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python-wheel-0.29.0-1
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC message with ID 0xeb46af13
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7f2250158500
-Andreas Steffen
+: 01 00 00 00 EB 46 AF 13 00 00 55 97 00 00 00 24  .....F....U....$
-Andreas Steffen
+: 00 00 00 10 00 00 00 01                          ........
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes)
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: received PT-TLS message #3 of type 'PB-TNC Batch' (32859 bytes)
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: received TNCCS batch (32843 bytes)
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: processing IETF/PB-PA message (32835 bytes)
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: => 32811 bytes @ 0x7f2270027540
-Andreas Steffen
+: 01 00 00 00 B7 BA 96 5B 00 00 55 97 00 00 00 23  .......[..U....#
-Andreas Steffen
+: 00 00 80 23 00 00 00 01 31 00 00 00 00 00 00 00  ...#....1.......
-Andreas Steffen
+: 00 00 01 01 00 00 48 73 74 72 6F 6E 67 73 77 61  ......Hstrongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E  n.org_Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E  04-x86_64-python
-Andreas Steffen
+: 32 2E 37 2D 64 65 76 2D 32 2E 37 2E 31 32 2D 31  2.7-dev-2.7.12-1
-Andreas Steffen
+: 75 62 75 6E 74 75 30 7E 31 36 2E 30 34 2E 31 00  ubuntu0~16.04.1.
-Andreas Steffen
+: 00 00 00 00 00 00 00 00 01 01 00 00 4C 73 74 72  ............Lstr
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E  ongswan.org_Ubun
-Andreas Steffen
+: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D  tu_16.04-x86_64-
-Andreas Steffen
+: 70 79 74 68 6F 6E 32 2E 37 2D 6D 69 6E 69 6D 61  python2.7-minima
-Andreas Steffen
+: 6C 2D 32 2E 37 2E 31 32 2D 31 75 62 75 6E 74 75  l-2.7.12-1ubuntu
-Andreas Steffen
+: 30 7E 31 36 2E 30 34 2E 31 00 00 00 00 00 00 00  0~16.04.1.......
-Andreas Steffen
+: 00 00 01 01 00 00 32 73 74 72 6F 6E 67 73 77 61  ......2strongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E  n.org_Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E  04-x86_64-python
-Andreas Steffen
+: 33 2D 33 2E 35 2E 31 2D 33 00 00 00 00 00 00 00  3-3.5.1-3.......
-Andreas Steffen
+: 00 00 01 01 00 00 43 73 74 72 6F 6E 67 73 77 61  ......Cstrongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E  n.org_Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E  04-x86_64-python
-Andreas Steffen
+: 33 2D 61 70 70 6F 72 74 2D 32 2E 32 30 2E 31 2D  3-apport-2.20.1-
-Andreas Steffen
+: 30 75 62 75 6E 74 75 32 2E 36 00 00 00 00 00 00  0ubuntu2.6......
-Andreas Steffen
+                                               ...
-Andreas Steffen
+: 00 00 00 01 01 00 00 42 73 74 72 6F 6E 67 73 77  .......Bstrongsw
-Andreas Steffen
+: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36  an.org_Ubuntu_16
-Andreas Steffen
+: 2E 30 34 2D 78 38 36 5F 36 34 2D 7A 65 6E 69 74  .04-x86_64-zenit
-Andreas Steffen
+: 79 2D 63 6F 6D 6D 6F 6E 2D 33 2E 31 38 2E 31 2E  y-common-3.18.1.
-Andreas Steffen
+: 31 2D 31 75 62 75 6E 74 75 32 00 00 00 00 00 00  1-1ubuntu2......
-Andreas Steffen
+: 00 00 00 01 01 00 00 2D 73 74 72 6F 6E 67 73 77  .......-strongsw
-Andreas Steffen
+: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36  an.org_Ubuntu_16
-Andreas Steffen
+: 2E 30 34 2D 78 38 36 5F 36 34 2D 7A 69 70 2D 33  .04-x86_64-zip-3
-Andreas Steffen
+: 2E 30 2D 31 31 00 00 00 00 00 00 00 00 00 01 01  .0-11...........
-Andreas Steffen
+: 00 00 41 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72  ..Astrongswan.or
-Andreas Steffen
+: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78  g_Ubuntu_16.04-x
-Andreas Steffen
+: 38 36 5F 36 34 2D 7A 6C 69 62 31 67 2D 31 7E 31  86_64-zlib1g-1~1
-Andreas Steffen
+: 2E 32 2E 38 2E 64 66 73 67 2D 32 75 62 75 6E 74  .2.8.dfsg-2ubunt
-Andreas Steffen
+: 75 34 2E 31 00 00 00 00 00 00 00 00 00 01 01 00  u4.1............
-Andreas Steffen
+: 00 45 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67  .Estrongswan.org
-Andreas Steffen
+: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38  _Ubuntu_16.04-x8
-Andreas Steffen
+: 36 5F 36 34 2D 7A 6C 69 62 31 67 2D 64 65 76 2D  6_64-zlib1g-dev-
-Andreas Steffen
+: 31 7E 31 2E 32 2E 38 2E 64 66 73 67 2D 32 75 62  1~1.2.8.dfsg-2ub
-Andreas Steffen
+: 75 6E 74 75 34 2E 31 00 00 00 00 00 00 00 00 00  untu4.1.........
-Andreas Steffen
+: 01 02 00 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E  .....strongswan.
-Andreas Steffen
+: 6F 72 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35  org_strongSwan-5
-Andreas Steffen
+: 2D 35 2D 33 00 15 2F 75 73 72 2F 73 68 61 72 65  -5-3../usr/share
-Andreas Steffen
+: 2F 73 74 72 6F 6E 67 73 77 61 6E                 /strongswan
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: processing PA-TNC message with ID 0xb7ba965b
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: received last segment for base attribute ID 1 (32787 bytes)
-Andreas Steffen
+</pre>
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: received software identity inventory with 401 items for request 251 at eid 1 of epoch 0x11223344, 0 items to follow
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python2.7-2.7.12-1ubuntu0~16.04.1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python2.7-dev-2.7.12-1ubuntu0~16.04.1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python2.7-minimal-2.7.12-1ubuntu0~16.04.1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python3-3.5.1-3
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-python3-apport-2.20.1-0ubuntu2.6
 Andreas Steffen
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-zip-3.0-11
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_strongSwan-5-5-3
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Sending IETF [Targeted] SW Request Attribute
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+un 13 14:47:16 koala charon-systemd[27680]: 12 SWID tag targets
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5dbus5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5gui5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5network5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5opengl5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5printsupport5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-sqlite-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5test5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5widgets5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_Ubuntu_16.04-x86_64-libqt5xml5-5.5.1~dfsg-16ubuntu7.5
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]:   strongswan.org_strongSwan-5-5-3
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC message with ID 0x5f558479
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: created PA-TNC message: => 866 bytes @ 0x7f2270179190
-Andreas Steffen
+: 01 00 00 00 5F 55 84 79 00 00 00 00 00 00 00 11  ...._U.y........
-Andreas Steffen
+: 00 00 03 5A 00 00 00 0C 00 00 00 FB 00 00 00 00  ...Z............
-Andreas Steffen
+: 00 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67  .Fstrongswan.org
-Andreas Steffen
+: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38  _Ubuntu_16.04-x8
-Andreas Steffen
+: 36 5F 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35  6_64-libqt5core5
-Andreas Steffen
+: 61 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75  a-5.5.1~dfsg-16u
-Andreas Steffen
+: 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6E 67  buntu7.5.Estrong
-Andreas Steffen
+: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F  swan.org_Ubuntu_
-Andreas Steffen
+: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62  16.04-x86_64-lib
-Andreas Steffen
+: 71 74 35 64 62 75 73 35 2D 35 2E 35 2E 31 7E 64  qt5dbus5-5.5.1~d
-Andreas Steffen
+: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00  fsg-16ubuntu7.5.
-Andreas Steffen
+: 44 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  Dstrongswan.org_
-Andreas Steffen
+: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36  Ubuntu_16.04-x86
-Andreas Steffen
+: 5F 36 34 2D 6C 69 62 71 74 35 67 75 69 35 2D 35  _64-libqt5gui5-5
-Andreas Steffen
+: 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 6E  .5.1~dfsg-16ubun
-Andreas Steffen
+: 74 75 37 2E 35 00 48 73 74 72 6F 6E 67 73 77 61  tu7.5.Hstrongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E  n.org_Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 74 35  04-x86_64-libqt5
-Andreas Steffen
+: 6E 65 74 77 6F 72 6B 35 2D 35 2E 35 2E 31 7E 64  network5-5.5.1~d
-Andreas Steffen
+: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00  fsg-16ubuntu7.5.
-Andreas Steffen
+: 47 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  Gstrongswan.org_
-Andreas Steffen
+: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36  Ubuntu_16.04-x86
-Andreas Steffen
+: 5F 36 34 2D 6C 69 62 71 74 35 6F 70 65 6E 67 6C  _64-libqt5opengl
-Andreas Steffen
+: 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75  5-5.5.1~dfsg-16u
-Andreas Steffen
+: 62 75 6E 74 75 37 2E 35 00 4D 73 74 72 6F 6E 67  buntu7.5.Mstrong
-Andreas Steffen
+: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F  swan.org_Ubuntu_
-Andreas Steffen
+: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62  16.04-x86_64-lib
-Andreas Steffen
+: 71 74 35 70 72 69 6E 74 73 75 70 70 6F 72 74 35  qt5printsupport5
-Andreas Steffen
+: 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62  -5.5.1~dfsg-16ub
-Andreas Steffen
+: 75 6E 74 75 37 2E 35 00 44 73 74 72 6F 6E 67 73  untu7.5.Dstrongs
-Andreas Steffen
+: 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31  wan.org_Ubuntu_1
-Andreas Steffen
+: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71  6.04-x86_64-libq
-Andreas Steffen
+: 74 35 73 71 6C 35 2D 35 2E 35 2E 31 7E 64 66 73  t5sql5-5.5.1~dfs
-Andreas Steffen
+: 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 4B 73  g-16ubuntu7.5.Ks
-Andreas Steffen
+: 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62  trongswan.org_Ub
-Andreas Steffen
+: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36  untu_16.04-x86_6
-Andreas Steffen
+: 34 2D 6C 69 62 71 74 35 73 71 6C 35 2D 73 71 6C  4-libqt5sql5-sql
-Andreas Steffen
+: 69 74 65 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31  ite-5.5.1~dfsg-1
-Andreas Steffen
+: 36 75 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F  6ubuntu7.5.Estro
-Andreas Steffen
+: 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74  ngswan.org_Ubunt
-Andreas Steffen
+: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C  u_16.04-x86_64-l
-Andreas Steffen
+: 69 62 71 74 35 74 65 73 74 35 2D 35 2E 35 2E 31  ibqt5test5-5.5.1
-Andreas Steffen
+: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E  ~dfsg-16ubuntu7.
-Andreas Steffen
+: 35 00 48 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72  5.Hstrongswan.or
-Andreas Steffen
+: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78  g_Ubuntu_16.04-x
-Andreas Steffen
+: 38 36 5F 36 34 2D 6C 69 62 71 74 35 77 69 64 67  86_64-libqt5widg
-Andreas Steffen
+: 65 74 73 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D  ets5-5.5.1~dfsg-
-Andreas Steffen
+: 31 36 75 62 75 6E 74 75 37 2E 35 00 44 73 74 72  16ubuntu7.5.Dstr
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E  ongswan.org_Ubun
-Andreas Steffen
+: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D  tu_16.04-x86_64-
-Andreas Steffen
+: 6C 69 62 71 74 35 78 6D 6C 35 2D 35 2E 35 2E 31  libqt5xml5-5.5.1
-Andreas Steffen
+: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E  ~dfsg-16ubuntu7.
-Andreas Steffen
+: 35 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72  5..strongswan.or
-Andreas Steffen
+: 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35  g_strongSwan-5-5
-Andreas Steffen
+: 2D 33                                            -3
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: sending PB-TNC SDATA batch (898 bytes) for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:16 koala charon-systemd[27680]: sending PT-TLS message #4 of type 'PB-TNC Batch' (914 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Receiving IETF SW Inventory Attribute
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: received PT-TLS message #4 of type 'PB-TNC Batch' (6892 bytes)
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: received TNCCS batch (6876 bytes)
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: processing IETF/PB-PA message (6868 bytes)
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: => 6844 bytes @ 0x7f226800cde0
-Andreas Steffen
+: 01 00 00 00 6D 84 09 75 00 00 00 00 00 00 00 14  ....m..u........
-Andreas Steffen
+: 00 00 1A B4 00 00 00 0C 00 00 00 FB 11 22 33 44  ............."3D
-Andreas Steffen
+: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 46  ...............F
-Andreas Steffen
+: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55  strongswan.org_U
-Andreas Steffen
+: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F  buntu_16.04-x86_
-Andreas Steffen
+: 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 61 2D  64-libqt5core5a-
-Andreas Steffen
+: 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75  5.5.1~dfsg-16ubu
-Andreas Steffen
+: 6E 74 75 37 2E 35 00 00 00 00 01 EA 3C 3F 78 6D  ntu7.5......<?xm
-Andreas Steffen
+: 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20  l version="1.0"
-Andreas Steffen
+: 65 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22  encoding="utf-8"
-Andreas Steffen
+: 3F 3E 3C 53 6F 66 74 77 61 72 65 49 64 65 6E 74  ?><SoftwareIdent
-Andreas Steffen
+: 69 74 79 20 6E 61 6D 65 3D 22 6C 69 62 71 74 35  ity name="libqt5
-Andreas Steffen
+: 63 6F 72 65 35 61 22 20 74 61 67 49 64 3D 22 55  core5a" tagId="U
-Andreas Steffen
+: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F  buntu_16.04-x86_
-Andreas Steffen
+: 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 61 2D  64-libqt5core5a-
-Andreas Steffen
+: 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75  5.5.1~dfsg-16ubu
-Andreas Steffen
+: 6E 74 75 37 2E 35 22 20 76 65 72 73 69 6F 6E 3D  ntu7.5" version=
-Andreas Steffen
+: 22 35 2E 35 2E 31 2B 64 66 73 67 2D 31 36 75 62  "5.5.1+dfsg-16ub
-Andreas Steffen
+: 75 6E 74 75 37 2E 35 22 20 76 65 72 73 69 6F 6E  untu7.5" version
-Andreas Steffen
+: 53 63 68 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D  Scheme="alphanum
-Andreas Steffen
+: 65 72 69 63 22 20 78 6D 6C 6E 73 3D 22 68 74 74  eric" xmlns="htt
-Andreas Steffen
+: 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73  p://standards.is
-Andreas Steffen
+: 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F  o.org/iso/19770/
-Andreas Steffen
+: 2D 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78  -2/2015/schema.x
-Andreas Steffen
+: 73 64 22 20 78 6D 6C 6E 73 3A 6E 38 30 36 30 3D  sd" xmlns:n8060=
-Andreas Steffen
+: 22 68 74 74 70 3A 2F 2F 63 73 72 63 2E 6E 69 73  "http://csrc.nis
-Andreas Steffen
+: 74 2E 67 6F 76 2F 73 63 68 65 6D 61 2F 73 77 69  t.gov/schema/swi
-Andreas Steffen
+: 64 2F 32 30 31 35 2D 65 78 74 65 6E 73 69 6F 6E  d/2015-extension
-Andreas Steffen
+: 73 2F 73 77 69 64 2D 32 30 31 35 2D 65 78 74 65  s/swid-2015-exte
-Andreas Steffen
+: 6E 73 69 6F 6E 73 2D 31 2E 30 2E 78 73 64 22 3E  nsions-1.0.xsd">
-Andreas Steffen
+: 3C 45 6E 74 69 74 79 20 6E 61 6D 65 3D 22 73 74  <Entity name="st
-Andreas Steffen
+: 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 63 74  rongSwan Project
-Andreas Steffen
+: 22 20 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73  " regid="strongs
-Andreas Steffen
+: 77 61 6E 2E 6F 72 67 22 20 72 6F 6C 65 3D 22 74  wan.org" role="t
-Andreas Steffen
+: 61 67 43 72 65 61 74 6F 72 22 20 2F 3E 3C 4D 65  agCreator" /><Me
-Andreas Steffen
+: 74 61 20 70 72 6F 64 75 63 74 3D 22 55 62 75 6E  ta product="Ubun
-Andreas Steffen
+: 74 75 20 31 36 2E 30 34 20 78 38 36 5F 36 34 22  tu 16.04 x86_64"
-Andreas Steffen
+: 20 2F 3E 3C 2F 53 6F 66 74 77 61 72 65 49 64 65   /></SoftwareIde
-Andreas Steffen
+: 6E 74 69 74 79 3E 00 00 00 00 00 00 00 01 01 00  ntity>..........
-Andreas Steffen
+                                              ...
-Andreas Steffen
+: 74 69 74 79 3E 00 00 00 00 00 00 00 01 02 00 00  tity>...........
-Andreas Steffen
+: 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  .strongswan.org_
-Andreas Steffen
+: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D 33  strongSwan-5-5-3
-Andreas Steffen
+: 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74 72  ../usr/share/str
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 00 00 01 61 3C 3F 78 6D 6C  ongswan...a<?xml
-Andreas Steffen
+: 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65   version="1.0" e
-Andreas Steffen
+: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F  ncoding="utf-8"?
-Andreas Steffen
+: 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E  >..<SoftwareIden
-Andreas Steffen
+: 74 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 74 72  tity.  name="str
-Andreas Steffen
+: 6F 6E 67 53 77 61 6E 22 0A 20 20 74 61 67 49 64  ongSwan".  tagId
-Andreas Steffen
+: 3D 22 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35  ="strongSwan-5-5
-Andreas Steffen
+: 2D 33 22 0A 20 20 76 65 72 73 69 6F 6E 3D 22 35  -3".  version="5
-Andreas Steffen
+: 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E 53 63 68  .5.3" versionSch
-Andreas Steffen
+: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D 65 72 69  eme="alphanumeri
-Andreas Steffen
+: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70  c".  xmlns="http
-Andreas Steffen
+: 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F  ://standards.iso
-Andreas Steffen
+: 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D  .org/iso/19770/-
-Andreas Steffen
+: 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73  2/2015/schema.xs
-Andreas Steffen
+: 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20  d">.  <Entity.
-Andreas Steffen
+: 20 20 6E 61 6D 65 3D 22 73 74 72 6F 6E 67 53 77    name="strongSw
-Andreas Steffen
+: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20  an Project".
-Andreas Steffen
+: 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73 77 61  regid="strongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 3D  n.org".    role=
-Andreas Steffen
+: 22 73 6F 66 74 77 61 72 65 43 72 65 61 74 6F 72  "softwareCreator
-Andreas Steffen
+: 20 6C 69 63 65 6E 73 6F 72 20 74 61 67 43 72 65   licensor tagCre
-Andreas Steffen
+: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61  ator"/>.</Softwa
-Andreas Steffen
+: 72 65 49 64 65 6E 74 69 74 79 3E 0A              reIdentity>.
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: processing PA-TNC message with ID 0x6d840975
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: received software inventory with 12 items for request 251 at eid 1 of epoch 0x11223344, 0 items to follow
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Some XML-encoded ISO-17770-2:2015 SWID tags
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: <?xml version="1.0" encoding="utf-8"?>
-Andreas Steffen
+                                             <SoftwareIdentity
-Andreas Steffen
+                                                name="libqt5core5a"
-Andreas Steffen
+                                                tagId="Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5"
-Andreas Steffen
+                                                version="5.5.1+dfsg-16ubuntu7.5" versionScheme="alphanumeric"
-Andreas Steffen
+                                                xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"
-Andreas Steffen
+                                                xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
-Andreas Steffen
+                                                <Entity
-Andreas Steffen
+                                                   name="strongSwan Project"
-Andreas Steffen
+                                                   regid="strongswan.org"
-Andreas Steffen
+                                                   role="tagCreator" />
-Andreas Steffen
+                                                <Meta product="Ubuntu 16.04 x86_64" />
-Andreas Steffen
+                                             </SoftwareIdentity>
-Andreas Steffen
+                                             ...
-Andreas Steffen
+Jun 13 14:47:18 koala charon-systemd[27680]: <?xml version="1.0" encoding="utf-8"?>
-Andreas Steffen
+                                             <SoftwareIdentity
-Andreas Steffen
+                                                name="strongSwan"
-Andreas Steffen
+                                                tagId="strongSwan-5-5-3"
-Andreas Steffen
+                                                version="5.5.3" versionScheme="alphanumeric"
-Andreas Steffen
+                                                xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-Andreas Steffen
+                                                <Entity
-Andreas Steffen
+                                                   name="strongSwan Project"
-Andreas Steffen
+                                                   regid="strongswan.org"
-Andreas Steffen
+                                                   role="softwareCreator licensor tagCreator"/>
-Andreas Steffen
+                                             </SoftwareIdentity>
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Terminating PT-TLS Client Connection
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 handled SWIDT workitem 251: allow - received inventory of 2047 SWID tag IDs and 12 SWID tags
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: creating PA-TNC message with ID 0x3837395a
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7f2268000920
-Andreas Steffen
+: 01 00 00 00 38 37 39 5A 00 00 00 00 00 00 00 09  ....879Z........
-Andreas Steffen
+: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: running policy script: 2>&1 ipsec imv_policy_manager stop 40
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: policy: recommendation for access requestor 62.96.251.245 is allow
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: policy: imv_policy_manager stop successful
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: creating PB-TNC RESULT batch
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-Assessment-Result message
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-Access-Recommendation message
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: received TNCCS batch (8 bytes)
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: processing PB-TNC CLOSE batch for Connection ID 1
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: final recommendation is 'allow' and evaluation is 'compliant'
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: PT-TLS connection terminates
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 1 "OS" deleted the state of Connection ID 1
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 "SWIMA" deleted the state of Connection ID 1
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: removed TNCCS Connection ID 1
-Andreas Steffen
+Jun 13 14:47:19 koala charon-systemd[27680]: sending TLS close notify
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Stopping PT-TLS Daemon
 Andreas Steffen
-Andreas Steffen
+The strongSwan PT-TLS server daemon can be stopped using the following systemd command
-Andreas Steffen
+<pre>
-Andreas Steffen
+systemctl stop strongswan-swanctl
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 13 17:05:21 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: SIGTERM received, shutting down
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: IMV 2 "SWIMA" terminated
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: IMV 1 "OS" terminated
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: removed IETF attributes
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: removed ITA-HSR attributes
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: removed PWG attributes
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: removed TCG attributes
-Andreas Steffen
+Jun 13 17:05:21 koala charon-systemd[27680]: libimcv terminated
-Andreas Steffen
+Jun 13 17:05:21 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
-Andreas Steffen
+</pre>

Project

General

Profile

strongSwan

Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 17