Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 21
« Previous -
Version 21/27
(diff) -
Next » -
Current version
Andreas Steffen, 22.06.2017 13:45
Software Inventory Message and Attributes for PA-TNC (SWIMA)¶
- Table of contents
- Software Inventory Message and Attributes for PA-TNC (SWIMA)
Starting PT-TLS Server Daemon¶
The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command
systemctl start strongswan-swanctl
First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from /etc/tnc_config.
Jun 22 12:31:28 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... Jun 22 12:31:28 koala charon-systemd[12088]: TNC recommendation policy is 'default' Jun 22 12:31:28 koala charon-systemd[12088]: loading IMVs from '/etc/tnc_config' Jun 22 12:31:28 koala charon-systemd[12088]: added IETF attributes Jun 22 12:31:28 koala charon-systemd[12088]: added ITA-HSR attributes Jun 22 12:31:28 koala charon-systemd[12088]: added PWG attributes Jun 22 12:31:28 koala charon-systemd[12088]: added TCG attributes Jun 22 12:31:28 koala charon-systemd[12088]: libimcv initialized
The OS IMV is loaded as a dynamic library and attached to the TNC server.
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" initialized Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so'
The SWIMA IMV is loaded as a dynamic library and attached to the TNC server.
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" initialized Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009 Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so'
The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled
Jun 22 12:31:28 koala charon-systemd[12088]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici Jun 22 12:31:28 koala charon-systemd[12088]: spawning 16 worker threads
Multiple PT-TLS server and CA certificates are loaded into the daemon
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org' Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com' Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com' Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA' Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
The actual loading is done by the swanctl command line tool which transfers the certificates to the daemon via a Unix socket.
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem' Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem' Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem' Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem' Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem'
The first server certificate has a matching ECDSA private key loaded from file
Jun 22 12:31:28 koala charon-systemd[12088]: loaded ECDSA private key
The second server certificate has a matching ECDSA key protected by a TPM 2.0
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 via TSS2 available Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is ECDSA with SHA256 hash Jun 22 12:31:29 koala charon-systemd[12088]: loaded ECDSA private key from token
The third server certificate has a matching RSA key protected by a TPM 2.0
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 via TSS2 available Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is RSASSA with SHA256 hash Jun 22 12:31:29 koala charon-systemd[12088]: loaded RSA private key from token
Again it is the swanctl tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices.
Jun 22 12:31:29 koala swanctl[12107]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem' Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f] Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547]
The PT-TLS server is now up and ready to accept connections on the default TCP port 271.
Jun 22 12:31:29 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Accepting PT-TLS Client Connection¶
A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket
Jun 22 12:34:56 koala charon-systemd[12088]: accepting PT-TLS stream from 46.126.238.39 Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS negotiation phase Jun 22 12:34:56 koala charon-systemd[12088]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org' Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA' Jun 22 12:34:56 koala charon-systemd[12088]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' Jun 22 12:34:56 koala charon-systemd[12088]: using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com" Jun 22 12:34:56 koala charon-systemd[12088]: using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" Jun 22 12:34:56 koala charon-systemd[12088]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com" Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 25 10:00:01 2017 Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 23 10:00:01 2017 Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl Jun 22 12:34:56 koala charon-systemd[12088]: certificate status is good Jun 22 12:34:56 koala charon-systemd[12088]: reached self-signed root ca with a path length of 0
The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake.
Jun 22 12:34:56 koala charon-systemd[12088]: received PT-TLS message #0 of type 'Version Request' (20 bytes) Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #0 of type 'Version Response' (20 bytes) Jun 22 12:34:56 koala charon-systemd[12088]: negotiated PT-TLS version 1 Jun 22 12:34:56 koala charon-systemd[12088]: doing SASL client authentication Jun 22 12:34:56 koala charon-systemd[12088]: skipping SASL, client already authenticated by TLS certificate Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated
Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS data transport phase Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: assigned TNCCS Connection ID 1
An OS IMV instance is created for this PB-TNC connection
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes Jun 22 12:34:57 koala charon-systemd[12088]: user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate Jun 22 12:34:57 koala charon-systemd[12088]: machine AR identity '46.126.238.39' of type IPv4 address authenticated by unknown method
A SWIMA IMV instance is created for this PB-TNC connection
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
The PB-TNC connection is now initialized and goes into Handshake mode
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake' Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake'
The first PB-TNC client batch is received containing two PA-TNC messages
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (321 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1 Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Init' to 'Server Working' Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-Language-Preference message (31 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (230 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (52 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: setting language preference to 'en'
The first PA-TNC message is of type IETF / Operating System and contains some IETF standard attributes sent by the OS IMC
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" received message for Connection ID 1 from IMC 1
Jun 22 12:34:57 koala charon-systemd[12088]: => 206 bytes @ 0x7ff810004f10
0: 01 00 00 00 6F 69 67 01 00 00 00 00 00 00 00 02 ....oig.........
16: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00 .....q2..Ubuntu.
32: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30 ............16.0
48: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 4 x86_64........
64: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00 ................
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ................
96: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 39 .$....2017-06-19
112: 54 31 34 3A 31 38 3A 33 35 5A 00 00 00 00 00 00 T14:18:35Z......
128: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00 ................
144: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 .............*..
160: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36 .....45d95021396
176: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61 d2415e5c53ca2dea
192: 36 66 62 63 31 63 32 33 38 37 63 35 36 61 6fbc1c2387c56a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x6f696701
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
This is the OS information contained in the PA-TNC attributes
Jun 22 12:34:57 koala charon-systemd[12088]: operating system name is 'Ubuntu' from vendor Canonical Jun 22 12:34:57 koala charon-systemd[12088]: operating system version is '16.04 x86_64' Jun 22 12:34:57 koala charon-systemd[12088]: operating system numeric version is 16.4 Jun 22 12:34:57 koala charon-systemd[12088]: operational status: operational, result: successful Jun 22 12:34:57 koala charon-systemd[12088]: last boot: Jun 19 14:18:35 UTC 2017 Jun 22 12:34:57 koala charon-systemd[12088]: IPv4 forwarding is enabled Jun 22 12:34:57 koala charon-systemd[12088]: factory default password is disabled Jun 22 12:34:57 koala charon-systemd[12088]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a
The second PA-TNC message is of type IETF / Software and contains a PA-TNC segmentation contract request
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 28 bytes @ 0x7ff810005860
0: 01 00 00 00 19 74 B7 4E 00 00 55 97 00 00 00 21 .....t.N..U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x1974b74e
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
This is the decoded segmentation contract request
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xa41e0787
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 28 bytes @ 0x7ff810000a00
0: 01 00 00 00 A4 1E 07 87 00 00 55 97 00 00 00 22 ..........U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
The OS IMV also sends a segmentation contract request for PA message type IETF / Operating System
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001
maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes
The strongTNC policy manager assigns a session ID and issues a single SWIDT workitem
Jun 22 12:34:57 koala charon-systemd[12088]: assigned session ID 2 to Connection ID 1 Jun 22 12:34:57 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager start 2 Jun 22 12:34:57 koala charon-systemd[12088]: policy: imv_policy_manager start successful Jun 22 12:34:57 koala charon-systemd[12088]: SWIDT workitem 9
The OS IMV has not been assigned any work items by the policy manager and therefore terminates gracefully
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 has no workitems - no evaluation requested
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x916d188f
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 117 bytes @ 0x7ff810004f20
0: 01 00 00 00 91 6D 18 8F 00 00 00 00 00 00 00 09 .....m..........
16: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A ................
32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B
48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar
64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di
80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar
96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe
112: 74 73 02 65 6E ts.en
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 provides recommendation 'allow' and evaluation 'don't know'
The SWIMA IMV sends a segmentation contract request for PA message type IETF / Software as well
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
Sending IETF SW Request Attribute¶
The SWIMA IMV is responsible for the SWIDT workitem and issues an IETF / SW Request attribute
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 handles SWIDT workitem 9
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 issues sw request 9
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xeaeacdc3
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 52 bytes @ 0x7ff810005550
0: 01 00 00 00 EA EA CD C3 00 00 55 97 00 00 00 21 ..........U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00 ................
32: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 09 ........ .......
48: 00 00 00 00 ....
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
The first Server DATA batch is sent to the TNC Client
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working' Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1 Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes)
Receiving IETF SW Identity Inventory Attribute¶
A Client DATA batch has been received
Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (131056 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (131048 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 131024 bytes @ 0x7ff820090960
0: 01 00 00 00 AC 4D 42 7A 00 00 55 97 00 00 00 22 .....MBz..U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97 ..............U.
32: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00 ...#............
48: 00 00 00 12 00 02 88 84 00 00 08 01 00 00 00 09 ................
64: 3B 8A 77 A3 00 00 00 A1 00 00 0A CF 00 00 00 01 ;.w.............
80: 01 00 00 52 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Rstrongswan.o
96: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
112: 2D 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F -x86_64-a11y-pro
128: 66 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64 file-manager-ind
144: 69 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75 icator-0.1.10-0u
160: 62 75 6E 74 75 33 00 00 00 00 0A D0 00 00 00 01 buntu3..........
176: 01 00 00 58 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Xstrongswan.o
192: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
208: 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D -x86_64-account-
224: 70 6C 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D plugin-facebook-
240: 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30 0.12~16.04.20160
256: 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00 126-0ubuntu1....
272: 0A D1 00 00 00 01 01 00 00 56 73 74 72 6F 6E 67 .........Vstrong
288: 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 swan.org__Ubuntu
304: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63 _16.04-x86_64-ac
320: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69 count-plugin-fli
336: 63 6B 72 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32 ckr-0.12~16.04.2
352: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31 0160126-0ubuntu1
368: 00 00 00 00 0A D2 00 00 00 01 01 00 00 56 73 74 .............Vst
384: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
400: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
416: 34 2D 61 63 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 4-account-plugin
432: 2D 67 6F 6F 67 6C 65 2D 30 2E 31 32 7E 31 36 2E -google-0.12~16.
448: 30 34 2E 32 30 31 36 30 31 32 36 2D 30 75 62 75 04.20160126-0ubu
464: 6E 74 75 31 00 00 00 00 06 2E 00 00 00 01 01 00 ntu1............
...
130656: 00 00 00 01 01 00 00 4A 73 74 72 6F 6E 67 73 77 .......Jstrongsw
130672: 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 an.org__Ubuntu_1
130688: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 6.04-x86_64-prin
130704: 74 65 72 2D 64 72 69 76 65 72 2D 68 70 63 75 70 ter-driver-hpcup
130720: 73 2D 33 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 s-3.16.3~repack0
130736: 2D 31 00 00 00 00 0E D8 00 00 00 01 01 00 00 43 -1.............C
130752: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__
130768: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
130784: 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 _64-printer-driv
130800: 65 72 2D 6D 69 6E 31 32 78 78 77 2D 30 2E 30 2E er-min12xxw-0.0.
130816: 39 2D 39 00 00 00 00 0E D9 00 00 00 01 01 00 00 9-9.............
130832: 4F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Ostrongswan.org_
130848: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
130864: 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 6_64-printer-dri
130880: 76 65 72 2D 70 6E 6D 32 70 70 61 2D 31 2E 31 33 ver-pnm2ppa-1.13
130896: 7E 6E 6F 6E 64 62 73 2D 30 75 62 75 6E 74 75 35 ~nondbs-0ubuntu5
130912: 00 00 00 00 0E DA 00 00 00 01 01 00 00 51 73 74 .............Qst
130928: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
130944: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
130960: 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 65 72 4-printer-driver
130976: 2D 70 6F 73 74 73 63 72 69 70 74 2D 68 70 2D 33 -postscript-hp-3
130992: 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 2D 31 00 .16.3~repack0-1.
131008: 00 00 00 0E DB 00 00 00 01 01 00 00 3F 73 74 72 ............?str
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xac4d427a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
The SWIMA IMC accepted the segmentation contract
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
The first 128k segment of the IETF / Software Identifier Inventory attribute has been received
Jun 22 12:34:57 koala charon-systemd[12088]: received first segment for base attribute ID 1 (130980 bytes) Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012 Jun 22 12:34:57 koala charon-systemd[12088]: 3 bytes insufficient to parse 63 bytes of data
1646 complete software identifiers including their record ID were received in the first segment
Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 1625 items for request 9 at eid 161 of epoch 0x3b8a77a3, 424 items to follow Jun 22 12:34:57 koala charon-systemd[12088]: 2767: strongswan.org__Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3 Jun 22 12:34:57 koala charon-systemd[12088]: 2768: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1 Jun 22 12:34:57 koala charon-systemd[12088]: 2769: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1 Jun 22 12:34:57 koala charon-systemd[12088]: 2770: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1 ... Jun 22 12:34:57 koala charon-systemd[12088]: 3799: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-hpcups-3.16.3~repack0-1 Jun 22 12:34:57 koala charon-systemd[12088]: 3800: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-min12xxw-0.0.9-9 Jun 22 12:34:57 koala charon-systemd[12088]: 3801: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pnm2ppa-1.13~nondbs-0ubuntu5 Jun 22 12:34:57 koala charon-systemd[12088]: 3802: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-postscript-hp-3.16.3~repack0-1
Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC message with ID 0xeb46af13
Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024
Jun 13 14:47:16 koala charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7f2250158500
0: 01 00 00 00 EB 46 AF 13 00 00 55 97 00 00 00 24 .....F....U....$
16: 00 00 00 10 00 00 00 01 ........
Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling outbound connection
Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 13 14:47:16 koala charon-systemd[27680]: adding IETF/PB-PA message
Jun 13 14:47:16 koala charon-systemd[27680]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1
Jun 13 14:47:16 koala charon-systemd[27680]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes)
Jun 13 14:47:16 koala charon-systemd[27680]: received PT-TLS message #3 of type 'PB-TNC Batch' (32859 bytes)
Jun 13 14:47:16 koala charon-systemd[27680]: received TNCCS batch (32843 bytes)
Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling inbound connection
Jun 13 14:47:16 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 13 14:47:16 koala charon-systemd[27680]: processing IETF/PB-PA message (32835 bytes)
Jun 13 14:47:16 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 13 14:47:16 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 13 14:47:16 koala charon-systemd[27680]: => 32811 bytes @ 0x7f2270027540
0: 01 00 00 00 B7 BA 96 5B 00 00 55 97 00 00 00 23 .......[..U....#
16: 00 00 80 23 00 00 00 01 31 00 00 00 00 00 00 00 ...#....1.......
32: 00 00 01 01 00 00 48 73 74 72 6F 6E 67 73 77 61 ......Hstrongswa
48: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
64: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E 04-x86_64-python
80: 32 2E 37 2D 64 65 76 2D 32 2E 37 2E 31 32 2D 31 2.7-dev-2.7.12-1
96: 75 62 75 6E 74 75 30 7E 31 36 2E 30 34 2E 31 00 ubuntu0~16.04.1.
112: 00 00 00 00 00 00 00 00 01 01 00 00 4C 73 74 72 ............Lstr
128: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E ongswan.org_Ubun
144: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D tu_16.04-x86_64-
160: 70 79 74 68 6F 6E 32 2E 37 2D 6D 69 6E 69 6D 61 python2.7-minima
176: 6C 2D 32 2E 37 2E 31 32 2D 31 75 62 75 6E 74 75 l-2.7.12-1ubuntu
192: 30 7E 31 36 2E 30 34 2E 31 00 00 00 00 00 00 00 0~16.04.1.......
208: 00 00 01 01 00 00 32 73 74 72 6F 6E 67 73 77 61 ......2strongswa
224: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
240: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E 04-x86_64-python
256: 33 2D 33 2E 35 2E 31 2D 33 00 00 00 00 00 00 00 3-3.5.1-3.......
272: 00 00 01 01 00 00 43 73 74 72 6F 6E 67 73 77 61 ......Cstrongswa
288: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
304: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E 04-x86_64-python
320: 33 2D 61 70 70 6F 72 74 2D 32 2E 32 30 2E 31 2D 3-apport-2.20.1-
336: 30 75 62 75 6E 74 75 32 2E 36 00 00 00 00 00 00 0ubuntu2.6......
...
32448: 00 00 00 01 01 00 00 42 73 74 72 6F 6E 67 73 77 .......Bstrongsw
32464: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32480: 2E 30 34 2D 78 38 36 5F 36 34 2D 7A 65 6E 69 74 .04-x86_64-zenit
32496: 79 2D 63 6F 6D 6D 6F 6E 2D 33 2E 31 38 2E 31 2E y-common-3.18.1.
32512: 31 2D 31 75 62 75 6E 74 75 32 00 00 00 00 00 00 1-1ubuntu2......
32528: 00 00 00 01 01 00 00 2D 73 74 72 6F 6E 67 73 77 .......-strongsw
32544: 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32560: 2E 30 34 2D 78 38 36 5F 36 34 2D 7A 69 70 2D 33 .04-x86_64-zip-3
32576: 2E 30 2D 31 31 00 00 00 00 00 00 00 00 00 01 01 .0-11...........
32592: 00 00 41 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 ..Astrongswan.or
32608: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
32624: 38 36 5F 36 34 2D 7A 6C 69 62 31 67 2D 31 7E 31 86_64-zlib1g-1~1
32640: 2E 32 2E 38 2E 64 66 73 67 2D 32 75 62 75 6E 74 .2.8.dfsg-2ubunt
32656: 75 34 2E 31 00 00 00 00 00 00 00 00 00 01 01 00 u4.1............
32672: 00 45 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Estrongswan.org
32688: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
32704: 36 5F 36 34 2D 7A 6C 69 62 31 67 2D 64 65 76 2D 6_64-zlib1g-dev-
32720: 31 7E 31 2E 32 2E 38 2E 64 66 73 67 2D 32 75 62 1~1.2.8.dfsg-2ub
32736: 75 6E 74 75 34 2E 31 00 00 00 00 00 00 00 00 00 untu4.1.........
32752: 01 02 00 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E .....strongswan.
32768: 6F 72 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 org_strongSwan-5
32784: 2D 35 2D 33 00 15 2F 75 73 72 2F 73 68 61 72 65 -5-3../usr/share
32800: 2F 73 74 72 6F 6E 67 73 77 61 6E /strongswan
Jun 13 14:47:16 koala charon-systemd[27680]: processing PA-TNC message with ID 0xb7ba965b
Jun 13 14:47:16 koala charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
Jun 13 14:47:16 koala charon-systemd[27680]: received last segment for base attribute ID 1 (32787 bytes)
Jun 13 14:47:16 koala charon-systemd[27680]: received software identity inventory with 401 items for request 251 at eid 1 of epoch 0x11223344, 0 items to follow Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-python2.7-2.7.12-1ubuntu0~16.04.1 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-python2.7-dev-2.7.12-1ubuntu0~16.04.1 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-python2.7-minimal-2.7.12-1ubuntu0~16.04.1 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-python3-3.5.1-3 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-python3-apport-2.20.1-0ubuntu2.6 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zip-3.0-11 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
Sending IETF [Targeted] SW Request Attribute¶
un 13 14:47:16 koala charon-systemd[27680]: 12 SWID tag targets Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5dbus5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5gui5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5network5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5opengl5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5printsupport5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-sqlite-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5test5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5widgets5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5xml5-5.5.1~dfsg-16ubuntu7.5 Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC message with ID 0x5f558479
Jun 13 14:47:16 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 13 14:47:16 koala charon-systemd[27680]: created PA-TNC message: => 866 bytes @ 0x7f2270179190
0: 01 00 00 00 5F 55 84 79 00 00 00 00 00 00 00 11 ...._U.y........
16: 00 00 03 5A 00 00 00 0C 00 00 00 FB 00 00 00 00 ...Z............
32: 00 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Fstrongswan.org
48: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
64: 36 5F 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 6_64-libqt5core5
80: 61 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 a-5.5.1~dfsg-16u
96: 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6E 67 buntu7.5.Estrong
112: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
128: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
144: 71 74 35 64 62 75 73 35 2D 35 2E 35 2E 31 7E 64 qt5dbus5-5.5.1~d
160: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
176: 44 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Dstrongswan.org_
192: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
208: 5F 36 34 2D 6C 69 62 71 74 35 67 75 69 35 2D 35 _64-libqt5gui5-5
224: 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 6E .5.1~dfsg-16ubun
240: 74 75 37 2E 35 00 48 73 74 72 6F 6E 67 73 77 61 tu7.5.Hstrongswa
256: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
272: 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 74 35 04-x86_64-libqt5
288: 6E 65 74 77 6F 72 6B 35 2D 35 2E 35 2E 31 7E 64 network5-5.5.1~d
304: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
320: 47 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Gstrongswan.org_
336: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
352: 5F 36 34 2D 6C 69 62 71 74 35 6F 70 65 6E 67 6C _64-libqt5opengl
368: 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 5-5.5.1~dfsg-16u
384: 62 75 6E 74 75 37 2E 35 00 4D 73 74 72 6F 6E 67 buntu7.5.Mstrong
400: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
416: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
432: 71 74 35 70 72 69 6E 74 73 75 70 70 6F 72 74 35 qt5printsupport5
448: 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 -5.5.1~dfsg-16ub
464: 75 6E 74 75 37 2E 35 00 44 73 74 72 6F 6E 67 73 untu7.5.Dstrongs
480: 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 wan.org_Ubuntu_1
496: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 6.04-x86_64-libq
512: 74 35 73 71 6C 35 2D 35 2E 35 2E 31 7E 64 66 73 t5sql5-5.5.1~dfs
528: 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 4B 73 g-16ubuntu7.5.Ks
544: 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 trongswan.org_Ub
560: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
576: 34 2D 6C 69 62 71 74 35 73 71 6C 35 2D 73 71 6C 4-libqt5sql5-sql
592: 69 74 65 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 ite-5.5.1~dfsg-1
608: 36 75 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6ubuntu7.5.Estro
624: 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 ngswan.org_Ubunt
640: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C u_16.04-x86_64-l
656: 69 62 71 74 35 74 65 73 74 35 2D 35 2E 35 2E 31 ibqt5test5-5.5.1
672: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
688: 35 00 48 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5.Hstrongswan.or
704: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
720: 38 36 5F 36 34 2D 6C 69 62 71 74 35 77 69 64 67 86_64-libqt5widg
736: 65 74 73 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D ets5-5.5.1~dfsg-
752: 31 36 75 62 75 6E 74 75 37 2E 35 00 44 73 74 72 16ubuntu7.5.Dstr
768: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E ongswan.org_Ubun
784: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D tu_16.04-x86_64-
800: 6C 69 62 71 74 35 78 6D 6C 35 2D 35 2E 35 2E 31 libqt5xml5-5.5.1
816: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
832: 35 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5..strongswan.or
848: 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 g_strongSwan-5-5
864: 2D 33 -3
Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 13 14:47:16 koala charon-systemd[27680]: TNC server is handling outbound connection
Jun 13 14:47:16 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 13 14:47:16 koala charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 13 14:47:16 koala charon-systemd[27680]: adding IETF/PB-PA message
Jun 13 14:47:16 koala charon-systemd[27680]: sending PB-TNC SDATA batch (898 bytes) for Connection ID 1
Jun 13 14:47:16 koala charon-systemd[27680]: sending PT-TLS message #4 of type 'PB-TNC Batch' (914 bytes)
Receiving IETF SW Inventory Attribute¶
Jun 13 14:47:18 koala charon-systemd[27680]: received PT-TLS message #4 of type 'PB-TNC Batch' (6892 bytes)
Jun 13 14:47:18 koala charon-systemd[27680]: received TNCCS batch (6876 bytes)
Jun 13 14:47:18 koala charon-systemd[27680]: TNC server is handling inbound connection
Jun 13 14:47:18 koala charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 13 14:47:18 koala charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 13 14:47:18 koala charon-systemd[27680]: processing IETF/PB-PA message (6868 bytes)
Jun 13 14:47:18 koala charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 13 14:47:18 koala charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 13 14:47:18 koala charon-systemd[27680]: => 6844 bytes @ 0x7f226800cde0
0: 01 00 00 00 6D 84 09 75 00 00 00 00 00 00 00 14 ....m..u........
16: 00 00 1A B4 00 00 00 0C 00 00 00 FB 11 22 33 44 ............."3D
32: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 46 ...............F
48: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 strongswan.org_U
64: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F buntu_16.04-x86_
80: 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 61 2D 64-libqt5core5a-
96: 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 5.5.1~dfsg-16ubu
112: 6E 74 75 37 2E 35 00 00 00 00 01 EA 3C 3F 78 6D ntu7.5......<?xm
128: 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 l version="1.0"
144: 65 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 encoding="utf-8"
160: 3F 3E 3C 53 6F 66 74 77 61 72 65 49 64 65 6E 74 ?><SoftwareIdent
176: 69 74 79 20 6E 61 6D 65 3D 22 6C 69 62 71 74 35 ity name="libqt5
192: 63 6F 72 65 35 61 22 20 74 61 67 49 64 3D 22 55 core5a" tagId="U
208: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F buntu_16.04-x86_
224: 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 61 2D 64-libqt5core5a-
240: 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 5.5.1~dfsg-16ubu
256: 6E 74 75 37 2E 35 22 20 76 65 72 73 69 6F 6E 3D ntu7.5" version=
272: 22 35 2E 35 2E 31 2B 64 66 73 67 2D 31 36 75 62 "5.5.1+dfsg-16ub
288: 75 6E 74 75 37 2E 35 22 20 76 65 72 73 69 6F 6E untu7.5" version
304: 53 63 68 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D Scheme="alphanum
320: 65 72 69 63 22 20 78 6D 6C 6E 73 3D 22 68 74 74 eric" xmlns="htt
336: 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 p://standards.is
352: 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F o.org/iso/19770/
368: 2D 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 -2/2015/schema.x
384: 73 64 22 20 78 6D 6C 6E 73 3A 6E 38 30 36 30 3D sd" xmlns:n8060=
400: 22 68 74 74 70 3A 2F 2F 63 73 72 63 2E 6E 69 73 "http://csrc.nis
416: 74 2E 67 6F 76 2F 73 63 68 65 6D 61 2F 73 77 69 t.gov/schema/swi
432: 64 2F 32 30 31 35 2D 65 78 74 65 6E 73 69 6F 6E d/2015-extension
448: 73 2F 73 77 69 64 2D 32 30 31 35 2D 65 78 74 65 s/swid-2015-exte
464: 6E 73 69 6F 6E 73 2D 31 2E 30 2E 78 73 64 22 3E nsions-1.0.xsd">
480: 3C 45 6E 74 69 74 79 20 6E 61 6D 65 3D 22 73 74 <Entity name="st
496: 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 63 74 rongSwan Project
512: 22 20 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73 " regid="strongs
528: 77 61 6E 2E 6F 72 67 22 20 72 6F 6C 65 3D 22 74 wan.org" role="t
544: 61 67 43 72 65 61 74 6F 72 22 20 2F 3E 3C 4D 65 agCreator" /><Me
560: 74 61 20 70 72 6F 64 75 63 74 3D 22 55 62 75 6E ta product="Ubun
576: 74 75 20 31 36 2E 30 34 20 78 38 36 5F 36 34 22 tu 16.04 x86_64"
592: 20 2F 3E 3C 2F 53 6F 66 74 77 61 72 65 49 64 65 /></SoftwareIde
608: 6E 74 69 74 79 3E 00 00 00 00 00 00 00 01 01 00 ntity>..........
...
6416: 74 69 74 79 3E 00 00 00 00 00 00 00 01 02 00 00 tity>...........
6432: 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F .strongswan.org_
6448: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D 33 strongSwan-5-5-3
6464: 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74 72 ../usr/share/str
6480: 6F 6E 67 73 77 61 6E 00 00 01 61 3C 3F 78 6D 6C ongswan...a<?xml
6496: 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 version="1.0" e
6512: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F ncoding="utf-8"?
6528: 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E >..<SoftwareIden
6544: 74 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 74 72 tity. name="str
6560: 6F 6E 67 53 77 61 6E 22 0A 20 20 74 61 67 49 64 ongSwan". tagId
6576: 3D 22 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 ="strongSwan-5-5
6592: 2D 33 22 0A 20 20 76 65 72 73 69 6F 6E 3D 22 35 -3". version="5
6608: 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E 53 63 68 .5.3" versionSch
6624: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D 65 72 69 eme="alphanumeri
6640: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70 c". xmlns="http
6656: 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F ://standards.iso
6672: 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D .org/iso/19770/-
6688: 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73 2/2015/schema.xs
6704: 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20 d">. <Entity.
6720: 20 20 6E 61 6D 65 3D 22 73 74 72 6F 6E 67 53 77 name="strongSw
6736: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20 an Project".
6752: 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73 77 61 regid="strongswa
6768: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 3D n.org". role=
6784: 22 73 6F 66 74 77 61 72 65 43 72 65 61 74 6F 72 "softwareCreator
6800: 20 6C 69 63 65 6E 73 6F 72 20 74 61 67 43 72 65 licensor tagCre
6816: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61 ator"/>.</Softwa
6832: 72 65 49 64 65 6E 74 69 74 79 3E 0A reIdentity>.
Jun 13 14:47:18 koala charon-systemd[27680]: processing PA-TNC message with ID 0x6d840975
Jun 13 14:47:18 koala charon-systemd[27680]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014
Jun 13 14:47:18 koala charon-systemd[27680]: received software inventory with 12 items for request 251 at eid 1 of epoch 0x11223344, 0 items to follow
Some XML-encoded ISO-17770-2:2015 SWID tags
Jun 13 14:47:18 koala charon-systemd[27680]: <?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="libqt5core5a"
tagId="Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5"
version="5.5.1+dfsg-16ubuntu7.5" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"
xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
<Entity
name="strongSwan Project"
regid="strongswan.org"
role="tagCreator" />
<Meta product="Ubuntu 16.04 x86_64" />
</SoftwareIdentity>
...
Jun 13 14:47:18 koala charon-systemd[27680]: <?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
tagId="strongSwan-5-5-3"
version="5.5.3" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
regid="strongswan.org"
role="softwareCreator licensor tagCreator"/>
</SoftwareIdentity>
Terminating PT-TLS Client Connection¶
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 handled SWIDT workitem 251: allow - received inventory of 2047 SWID tag IDs and 12 SWID tags
Jun 13 14:47:19 koala charon-systemd[27680]: creating PA-TNC message with ID 0x3837395a
Jun 13 14:47:19 koala charon-systemd[27680]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 13 14:47:19 koala charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7f2268000920
0: 01 00 00 00 38 37 39 5A 00 00 00 00 00 00 00 09 ....879Z........
16: 00 00 00 10 00 00 00 00 ........
Jun 13 14:47:19 koala charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 provides recommendation 'allow' and evaluation 'compliant'
Jun 13 14:47:19 koala charon-systemd[27680]: TNC server is handling outbound connection
Jun 13 14:47:19 koala charon-systemd[27680]: running policy script: 2>&1 ipsec imv_policy_manager stop 40
Jun 13 14:47:19 koala charon-systemd[27680]: policy: recommendation for access requestor 62.96.251.245 is allow
Jun 13 14:47:19 koala charon-systemd[27680]: policy: imv_policy_manager stop successful
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed'
Jun 13 14:47:19 koala charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Decided'
Jun 13 14:47:19 koala charon-systemd[27680]: creating PB-TNC RESULT batch
Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-PA message
Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-Assessment-Result message
Jun 13 14:47:19 koala charon-systemd[27680]: adding IETF/PB-Access-Recommendation message
Jun 13 14:47:19 koala charon-systemd[27680]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
Jun 13 14:47:19 koala charon-systemd[27680]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
Jun 13 14:47:19 koala charon-systemd[27680]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes)
Jun 13 14:47:19 koala charon-systemd[27680]: received TNCCS batch (8 bytes)
Jun 13 14:47:19 koala charon-systemd[27680]: TNC server is handling inbound connection
Jun 13 14:47:19 koala charon-systemd[27680]: processing PB-TNC CLOSE batch for Connection ID 1
Jun 13 14:47:19 koala charon-systemd[27680]: PB-TNC state transition from 'Decided' to 'End'
Jun 13 14:47:19 koala charon-systemd[27680]: final recommendation is 'allow' and evaluation is 'compliant'
Jun 13 14:47:19 koala charon-systemd[27680]: PT-TLS connection terminates
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 1 "OS" deleted the state of Connection ID 1
Jun 13 14:47:19 koala charon-systemd[27680]: IMV 2 "SWIMA" deleted the state of Connection ID 1
Jun 13 14:47:19 koala charon-systemd[27680]: removed TNCCS Connection ID 1
Jun 13 14:47:19 koala charon-systemd[27680]: sending TLS close notify
Stopping PT-TLS Daemon¶
The strongSwan PT-TLS server daemon can be stopped using the following systemd command
systemctl stop strongswan-swanctl
Jun 13 17:05:21 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... Jun 13 17:05:21 koala charon-systemd[27680]: SIGTERM received, shutting down Jun 13 17:05:21 koala charon-systemd[27680]: IMV 2 "SWIMA" terminated Jun 13 17:05:21 koala charon-systemd[27680]: IMV 1 "OS" terminated Jun 13 17:05:21 koala charon-systemd[27680]: removed IETF attributes Jun 13 17:05:21 koala charon-systemd[27680]: removed ITA-HSR attributes Jun 13 17:05:21 koala charon-systemd[27680]: removed PWG attributes Jun 13 17:05:21 koala charon-systemd[27680]: removed TCG attributes Jun 13 17:05:21 koala charon-systemd[27680]: libimcv terminated Jun 13 17:05:21 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.